aboutsummaryrefslogtreecommitdiff
path: root/DETAILS
diff options
context:
space:
mode:
Diffstat (limited to 'DETAILS')
-rw-r--r--DETAILS1226
1 files changed, 1226 insertions, 0 deletions
diff --git a/DETAILS b/DETAILS
new file mode 100644
index 0000000..03af065
--- /dev/null
+++ b/DETAILS
@@ -0,0 +1,1226 @@
+ -*- text -*-
+Format of colon listings
+========================
+First an example:
+
+$ gpg --fixed-list-mode --with-colons --list-keys \
+ --with-fingerprint --with-fingerprint wk@gnupg.org
+
+pub:f:1024:17:6C7EE1B8621CC013:899817715:1055898235::m:::scESC:
+fpr:::::::::ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013:
+uid:f::::::::Werner Koch <wk@g10code.com>:
+uid:f::::::::Werner Koch <wk@gnupg.org>:
+sub:f:1536:16:06AD222CADF6A6E1:919537416:1036177416:::::e:
+fpr:::::::::CF8BCC4B18DE08FCD8A1615906AD222CADF6A6E1:
+sub:r:1536:20:5CE086B5B5A18FF4:899817788:1025961788:::::esc:
+fpr:::::::::AB059359A3B81F410FCFF97F5CE086B5B5A18FF4:
+
+The double --with-fingerprint prints the fingerprint for the subkeys
+too, --fixed-list-mode is themodern listing way printing dates in
+seconds since Epoch and does not merge the first userID with the pub
+record.
+
+
+ 1. Field: Type of record
+ pub = public key
+ crt = X.509 certificate
+ crs = X.509 certificate and private key available
+ sub = subkey (secondary key)
+ sec = secret key
+ ssb = secret subkey (secondary key)
+ uid = user id (only field 10 is used).
+ uat = user attribute (same as user id except for field 10).
+ sig = signature
+ rev = revocation signature
+ fpr = fingerprint: (fingerprint is in field 10)
+ pkd = public key data (special field format, see below)
+ grp = reserved for gpgsm
+ rvk = revocation key
+ tru = trust database information
+ spk = signature subpacket
+
+ 2. Field: A letter describing the calculated trust. This is a single
+ letter, but be prepared that additional information may follow
+ in some future versions. (not used for secret keys)
+ o = Unknown (this key is new to the system)
+ i = The key is invalid (e.g. due to a missing self-signature)
+ d = The key has been disabled
+ (deprecated - use the 'D' in field 12 instead)
+ r = The key has been revoked
+ e = The key has expired
+ - = Unknown trust (i.e. no value assigned)
+ q = Undefined trust
+ '-' and 'q' may safely be treated as the same
+ value for most purposes
+ n = Don't trust this key at all
+ m = There is marginal trust in this key
+ f = The key is fully trusted
+ u = The key is ultimately trusted. This often means
+ that the secret key is available, but any key may
+ be marked as ultimately trusted.
+ 3. Field: length of key in bits.
+ 4. Field: Algorithm: 1 = RSA
+ 16 = Elgamal (encrypt only)
+ 17 = DSA (sometimes called DH, sign only)
+ 20 = Elgamal (sign and encrypt - don't use them!)
+ (for other id's see include/cipher.h)
+ 5. Field: KeyID
+ 6. Field: Creation Date (in UTC). For UID and UAT records, this is the
+ self-signature date. Note that the dae is usally printed
+ in seconds since epoch, however, we are migrating to an ISO
+ 8601 format (e.g. "19660205T091500"). This is currently
+ only relevant for X.509, A simple way to detect the format
+ is be scannning for the 'T'.
+ 7. Field: Key or user ID/user attribute expiration date or empty if none.
+ 8. Field: Used for serial number in crt records (used to be the Local-ID).
+ For UID and UAT records, this is a hash of the user ID contents
+ used to represent that exact user ID. For trust signatures,
+ this is the trust depth seperated by the trust value by a
+ space.
+ 9. Field: Ownertrust (primary public keys only)
+ This is a single letter, but be prepared that additional
+ information may follow in some future versions. For trust
+ signatures with a regular expression, this is the regular
+ expression value, quoted as in field 10.
+10. Field: User-ID. The value is quoted like a C string to avoid
+ control characters (the colon is quoted "\x3a").
+ This is not used with --fixed-list-mode in gpg.
+ A UAT record puts the attribute subpacket count here, a
+ space, and then the total attribute subpacket size.
+ In gpgsm the issuer name comes here
+ An FPR record stores the fingerprint here.
+ The fingerprint of an revocation key is stored here.
+11. Field: Signature class. This is a 2 digit hexnumber followed by
+ either the letter 'x' for an exportable signature or the
+ letter 'l' for a local-only signature.
+ The class byte of an revocation key is also given here,
+ 'x' and 'l' ist used the same way.
+12. Field: Key capabilities:
+ e = encrypt
+ s = sign
+ c = certify
+ a = authentication
+ A key may have any combination of them in any order. In
+ addition to these letters, the primary key has uppercase
+ versions of the letters to denote the _usable_
+ capabilities of the entire key, and a potential letter 'D'
+ to indicate a disabled key.
+13. Field: Used in FPR records for S/MIME keys to store the fingerprint of
+ the issuer certificate. This is useful to build the
+ certificate path based on certificates stored in the local
+ keyDB; it is only filled if the issue certificate is
+ available. The advantage of using this value is that it is
+ guaranteed to have been been build by the same lookup
+ algorithm as gpgsm uses.
+ For "uid" recods this lists the preferences n the sameway the
+ -edit menu does.
+ For "sig" records, this is the fingerprint of the key that
+ issued the signature. Note that this is only filled in if
+ the signature verified correctly. Note also that for
+ various technical reasons, this fingerprint is only
+ available if --no-sig-cache is used.
+
+14. Field Flag field used in the --edit menu output:
+
+15. Field Used in sec/sbb to print the serial number of a token
+ (internal protect mode 1002) or a '#' if that key is a
+ simple stub (internal protect mode 1001)
+
+All dates are displayed in the format yyyy-mm-dd unless you use the
+option --fixed-list-mode in which case they are displayed as seconds
+since Epoch. More fields may be added later, so parsers should be
+prepared for this. When parsing a number the parser should stop at the
+first non-number character so that additional information can later be
+added.
+
+If field 1 has the tag "pkd", a listing looks like this:
+pkd:0:1024:B665B1435F4C2 .... FF26ABB:
+ ! ! !-- the value
+ ! !------ for information number of bits in the value
+ !--------- index (eg. DSA goes from 0 to 3: p,q,g,y)
+
+
+The "tru" trust database records have the fields:
+
+ 2: Reason for staleness of trust. If this field is empty, then the
+ trustdb is not stale. This field may have multiple flags in it:
+
+ o: Trustdb is old
+ t: Trustdb was built with a different trust model than the one we
+ are using now.
+
+ 3: Trust model:
+ 0: Classic trust model, as used in PGP 2.x.
+ 1: PGP trust model, as used in PGP 6 and later. This is the same
+ as the classic trust model, except for the addition of trust
+ signatures.
+
+ GnuPG before version 1.4 used the classic trust model by default.
+ GnuPG 1.4 and later uses the PGP trust model by default.
+
+ 4: Date trustdb was created in seconds since 1/1/1970.
+ 5: Date trustdb will expire in seconds since 1/1/1970.
+
+The "spk" signature subpacket records have the fields:
+
+ 2: Subpacket number as per RFC-2440 and later.
+ 3: Flags in hex. Currently the only two bits assigned are 1, to
+ indicate that the subpacket came from the hashed part of the
+ signature, and 2, to indicate the subpacket was marked critical.
+ 4: Length of the subpacket. Note that this is the length of the
+ subpacket, and not the length of field 5 below. Due to the need
+ for %-encoding, the length of field 5 may be up to 3x this value.
+ 5: The subpacket data. Printable ASCII is shown as ASCII, but other
+ values are rendered as %XX where XX is the hex value for the byte.
+
+
+Format of the "--status-fd" output
+==================================
+Every line is prefixed with "[GNUPG:] ", followed by a keyword with
+the type of the status line and a some arguments depending on the
+type (maybe none); an application should always be prepared to see
+more arguments in future versions.
+
+
+ NEWSIG
+ May be issued right before a signature verification starts. This
+ is useful to define a context for parsing ERROR status
+ messages. No arguments are currently defined.
+
+ GOODSIG <long keyid> <username>
+ The signature with the keyid is good. For each signature only
+ one of the three codes GOODSIG, BADSIG or ERRSIG will be
+ emitted and they may be used as a marker for a new signature.
+ The username is the primary one encoded in UTF-8 and %XX
+ escaped.
+
+ EXPSIG <long keyid> <username>
+ The signature with the keyid is good, but the signature is
+ expired. The username is the primary one encoded in UTF-8 and
+ %XX escaped.
+
+ EXPKEYSIG <long keyid> <username>
+ The signature with the keyid is good, but the signature was
+ made by an expired key. The username is the primary one
+ encoded in UTF-8 and %XX escaped.
+
+ REVKEYSIG <long keyid> <username>
+ The signature with the keyid is good, but the signature was
+ made by a revoked key. The username is the primary one
+ encoded in UTF-8 and %XX escaped.
+
+ BADSIG <long keyid> <username>
+ The signature with the keyid has not been verified okay.
+ The username is the primary one encoded in UTF-8 and %XX
+ escaped.
+
+ ERRSIG <long keyid> <pubkey_algo> <hash_algo> \
+ <sig_class> <timestamp> <rc>
+ It was not possible to check the signature. This may be
+ caused by a missing public key or an unsupported algorithm.
+ A RC of 4 indicates unknown algorithm, a 9 indicates a missing
+ public key. The other fields give more information about
+ this signature. sig_class is a 2 byte hex-value.
+
+ Note, that TIMESTAMP may either be a number with seconds since
+ epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp>
+ <expire-timestamp> <sig-version> <reserved> <pubkey-algo>
+ <hash-algo> <sig-class> <primary-key-fpr>
+
+ The signature with the keyid is good. This is the same as
+ GOODSIG but has the fingerprint as the argument. Both status
+ lines are emitted for a good signature. All arguments here
+ are on one long line. sig-timestamp is the signature creation
+ time in seconds after the epoch. expire-timestamp is the
+ signature expiration time in seconds after the epoch (zero
+ means "does not expire"). sig-version, pubkey-algo, hash-algo,
+ and sig-class (a 2-byte hex value) are all straight from the
+ signature packet. PRIMARY-KEY-FPR is the fingerprint of the
+ primary key or identical to the first argument. This is
+ useful to get back to the primary key without running gpg
+ again for this purpose.
+
+ Note, that *-TIMESTAMP may either be a number with seconds
+ since epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
+ This is emitted only for signatures of class 0 or 1 which
+ have been verified okay. The string is a signature id
+ and may be used in applications to detect replay attacks
+ of signed messages. Note that only DLP algorithms give
+ unique ids - others may yield duplicated ones when they
+ have been created in the same second.
+
+ Note, that SIG-TIMESTAMP may either be a number with seconds
+ since epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+
+ ENC_TO <long keyid> <keytype> <keylength>
+ The message is encrypted to this keyid.
+ keytype is the numerical value of the public key algorithm,
+ keylength is the length of the key or 0 if it is not known
+ (which is currently always the case).
+
+ NODATA <what>
+ No data has been found. Codes for what are:
+ 1 - No armored data.
+ 2 - Expected a packet but did not found one.
+ 3 - Invalid packet found, this may indicate a non OpenPGP message.
+ You may see more than one of these status lines.
+
+ UNEXPECTED <what>
+ Unexpected data has been encountered
+ 0 - not further specified 1
+
+
+ TRUST_UNDEFINED <error token>
+ TRUST_NEVER <error token>
+ TRUST_MARGINAL
+ TRUST_FULLY
+ TRUST_ULTIMATE
+ For good signatures one of these status lines are emitted
+ to indicate how trustworthy the signature is. The error token
+ values are currently only emiited by gpgsm.
+
+ SIGEXPIRED
+ This is deprecated in favor of KEYEXPIRED.
+
+ KEYEXPIRED <expire-timestamp>
+ The key has expired. expire-timestamp is the expiration time
+ in seconds after the epoch.
+
+ Note, that TIMESTAMP may either be a number with seconds since
+ epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ KEYREVOKED
+ The used key has been revoked by its owner. No arguments yet.
+
+ BADARMOR
+ The ASCII armor is corrupted. No arguments yet.
+
+ RSA_OR_IDEA
+ The IDEA algorithms has been used in the data. A
+ program might want to fallback to another program to handle
+ the data if GnuPG failed. This status message used to be emitted
+ also for RSA but this has been dropped after the RSA patent expired.
+ However we can't change the name of the message.
+
+ SHM_INFO
+ SHM_GET
+ SHM_GET_BOOL
+ SHM_GET_HIDDEN
+
+ GET_BOOL
+ GET_LINE
+ GET_HIDDEN
+ GOT_IT
+
+ NEED_PASSPHRASE <long main keyid> <long keyid> <keytype> <keylength>
+ Issued whenever a passphrase is needed.
+ keytype is the numerical value of the public key algorithm
+ or 0 if this is not applicable, keylength is the length
+ of the key or 0 if it is not known (this is currently always the case).
+
+ NEED_PASSPHRASE_SYM <cipher_algo> <s2k_mode> <s2k_hash>
+ Issued whenever a passphrase for symmetric encryption is needed.
+
+ NEED_PASSPHRASE_PIN <card_type> <chvno>
+ Issued whenever a PIN is requested to unlock a card.
+
+ MISSING_PASSPHRASE
+ No passphrase was supplied. An application which encounters this
+ message may want to stop parsing immediately because the next message
+ will probably be a BAD_PASSPHRASE. However, if the application
+ is a wrapper around the key edit menu functionality it might not
+ make sense to stop parsing but simply ignoring the following
+ BAD_PASSPHRASE.
+
+ BAD_PASSPHRASE <long keyid>
+ The supplied passphrase was wrong or not given. In the latter case
+ you may have seen a MISSING_PASSPHRASE.
+
+ GOOD_PASSPHRASE
+ The supplied passphrase was good and the secret key material
+ is therefore usable.
+
+ BAD_PASSPHRASE_PIN
+ Reserved for future use.
+
+ DECRYPTION_FAILED
+ The symmetric decryption failed - one reason could be a wrong
+ passphrase for a symmetrical encrypted message.
+
+ DECRYPTION_OKAY
+ The decryption process succeeded. This means, that either the
+ correct secret key has been used or the correct passphrase
+ for a conventional encrypted message was given. The program
+ itself may return an errorcode because it may not be possible to
+ verify a signature for some reasons.
+
+ NO_PUBKEY <long keyid>
+ NO_SECKEY <long keyid>
+ The key is not available
+
+ IMPORT_CHECK <long keyid> <fingerprint> <user ID>
+ This status is emitted in interactive mode right before
+ the "import.okay" prompt.
+
+ IMPORTED <long keyid> <username>
+ The keyid and name of the signature just imported
+
+ IMPORT_OK <reason> [<fingerprint>]
+ The key with the primary key's FINGERPRINT has been imported.
+ Reason flags:
+ 0 := Not actually changed
+ 1 := Entirely new key.
+ 2 := New user IDs
+ 4 := New signatures
+ 8 := New subkeys
+ 16 := Contains private key.
+ The flags may be ORed.
+
+ IMPORT_PROBLEM <reason> [<fingerprint>]
+ Issued for each import failure. Reason codes are:
+ 0 := "No specific reason given".
+ 1 := "Invalid Certificate".
+ 2 := "Issuer Certificate missing".
+ 3 := "Certificate Chain too long".
+ 4 := "Error storing certificate".
+
+ IMPORT_RES <count> <no_user_id> <imported> <imported_rsa> <unchanged>
+ <n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported> <sec_dups> <not_imported>
+ Final statistics on import process (this is one long line)
+
+ FILE_START <what> <filename>
+ Start processing a file <filename>. <what> indicates the performed
+ operation:
+ 1 - verify
+ 2 - encrypt
+ 3 - decrypt
+
+ FILE_DONE
+ Marks the end of a file processing which has been started
+ by FILE_START.
+
+ BEGIN_DECRYPTION
+ END_DECRYPTION
+ Mark the start and end of the actual decryption process. These
+ are also emitted when in --list-only mode.
+
+ BEGIN_ENCRYPTION <mdc_method> <sym_algo>
+ END_ENCRYPTION
+ Mark the start and end of the actual encryption process.
+
+ DELETE_PROBLEM reason_code
+ Deleting a key failed. Reason codes are:
+ 1 - No such key
+ 2 - Must delete secret key first
+ 3 - Ambigious specification
+
+ PROGRESS what char cur total
+ Used by the primegen and Public key functions to indicate progress.
+ "char" is the character displayed with no --status-fd enabled, with
+ the linefeed replaced by an 'X'. "cur" is the current amount
+ done and "total" is amount to be done; a "total" of 0 indicates that
+ the total amount is not known. 100/100 may be used to detect the
+ end of operation.
+ Well known values for WHAT:
+ "pk_dsa" - DSA key generation
+ "pk_elg" - Elgamal key generation
+ "primegen" - Prime generation
+ "need_entropy" - Waiting for new entropy in the RNG
+ "file:XXX" - processing file XXX
+ (note that current gpg versions leave out the
+ "file:" prefix).
+ "tick" - generic tick without any special meaning - useful
+ for letting clients know that the server is
+ still working.
+ "starting_agent" - A gpg-agent was started because it is not
+ running as a daemon.
+
+
+ SIG_CREATED <type> <pubkey algo> <hash algo> <class> <timestamp> <key fpr>
+ A signature has been created using these parameters.
+ type: 'D' = detached
+ 'C' = cleartext
+ 'S' = standard
+ (only the first character should be checked)
+ class: 2 hex digits with the signature class
+
+ Note, that TIMESTAMP may either be a number with seconds since
+ epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ KEY_CREATED <type> <fingerprint> [<handle>]
+ A key has been created
+ type: 'B' = primary and subkey
+ 'P' = primary
+ 'S' = subkey
+ The fingerprint is one of the primary key for type B and P and
+ the one of the subkey for S. Handle is an arbitrary
+ non-whitespace string used to match key parameters from batch
+ key creation run.
+
+ KEY_NOT_CREATED [<handle>]
+ The key from batch run has not been created due to errors.
+
+
+ SESSION_KEY <algo>:<hexdigits>
+ The session key used to decrypt the message. This message will
+ only be emitted when the special option --show-session-key
+ is used. The format is suitable to be passed to the option
+ --override-session-key
+
+ NOTATION_NAME <name>
+ NOTATION_DATA <string>
+ name and string are %XX escaped; the data may be splitted
+ among several notation_data lines.
+
+ USERID_HINT <long main keyid> <string>
+ Give a hint about the user ID for a certain keyID.
+
+ POLICY_URL <string>
+ string is %XX escaped
+
+ BEGIN_STREAM
+ END_STREAM
+ Issued by pipemode.
+
+ INV_RECP <reason> <requested_recipient>
+ Issued for each unusable recipient. The reasons codes
+ currently in use are:
+ 0 := "No specific reason given".
+ 1 := "Not Found"
+ 2 := "Ambigious specification"
+ 3 := "Wrong key usage"
+ 4 := "Key revoked"
+ 5 := "Key expired"
+ 6 := "No CRL known"
+ 7 := "CRL too old"
+ 8 := "Policy mismatch"
+ 9 := "Not a secret key"
+ 10 := "Key not trusted"
+
+ Note that this status is also used for gpgsm's SIGNER command
+ where it relates to signer's of course.
+
+ NO_RECP <reserved>
+ Issued when no recipients are usable.
+
+ ALREADY_SIGNED <long-keyid>
+ Warning: This is experimental and might be removed at any time.
+
+ TRUNCATED <maxno>
+ The output was truncated to MAXNO items. This status code is issued
+ for certain external requests
+
+ ERROR <error location> <error code>
+
+ This is a generic error status message, it might be followed
+ by error location specific data. <error token> and
+ <error_location> should not contain a space. The error code
+ is a either a string commencing with a letter or such string
+ prefix with a numerical error code and an underscore; e.g.:
+ "151011327_EOF"
+
+ ATTRIBUTE <fpr> <octets> <type> <index> <count>
+ <timestamp> <expiredate> <flags>
+ This is one long line issued for each attribute subpacket when
+ an attribute packet is seen during key listing. <fpr> is the
+ fingerprint of the key. <octets> is the length of the
+ attribute subpacket. <type> is the attribute type
+ (1==image). <index>/<count> indicates that this is the Nth
+ indexed subpacket of count total subpackets in this attribute
+ packet. <timestamp> and <expiredate> are from the
+ self-signature on the attribute packet. If the attribute
+ packet does not have a valid self-signature, then the
+ timestamp is 0. <flags> are a bitwise OR of:
+ 0x01 = this attribute packet is a primary uid
+ 0x02 = this attribute packet is revoked
+ 0x04 = this attribute packet is expired
+
+ CARDCTRL <what> [<serialno>]
+ This is used to control smartcard operations.
+ Defined values for WHAT are:
+ 1 = Request insertion of a card. Serialnumber may be given
+ to request a specific card.
+ 2 = Request removal of a card.
+ 3 = Card with serialnumber detected
+ 4 = No card available.
+
+
+ PLAINTEXT <format> <timestamp>
+ This indicates the format of the plaintext that is about to be
+ written. The format is a 1 byte hex code that shows the
+ format of the plaintext: 62 ('b') is binary data, 74 ('t') is
+ text data with no character set specified, and 75 ('u') is
+ text data encoded in the UTF-8 character set. The timestamp
+ is in seconds since the epoch.
+
+ PLAINTEXT_LENGTH <length>
+ This indicates the length of the plaintext that is about to be
+ written. Note that if the plaintext packet has partial length
+ encoding it is not possible to know the length ahead of time.
+ In that case, this status tag does not appear.
+
+ SIG_SUBPACKET <type> <flags> <len> <data>
+ This indicates that a signature subpacket was seen. The
+ format is the same as the "spk" record above.
+
+ SC_OP_FAILURE
+ An operation on a smartcard definitely failed. Currently
+ there is no indication of the actual error code, but
+ application should be prepared to later accept more arguments.
+
+ SC_OP_SUCCESS
+ A smart card operaion succeeded. This status is only printed
+ for certain operation and is mostly useful to check whether a
+ PIN change really worked.
+
+ BACKUP_KEY_CREATED fingerprint fname
+ A backup key named FNAME has been created for the key wityh
+ KEYID.
+
+
+Format of the "--attribute-fd" output
+=====================================
+
+When --attribute-fd is set, during key listings (--list-keys,
+--list-secret-keys) GnuPG dumps each attribute packet to the file
+descriptor specified. --attribute-fd is intended for use with
+--status-fd as part of the required information is carried on the
+ATTRIBUTE status tag (see above).
+
+The contents of the attribute data is specified by 2440bis, but for
+convenience, here is the Photo ID format, as it is currently the only
+attribute defined:
+
+ Byte 0-1: The length of the image header. Due to a historical
+ accident (i.e. oops!) back in the NAI PGP days, this is
+ a little-endian number. Currently 16 (0x10 0x00).
+
+ Byte 2: The image header version. Currently 0x01.
+
+ Byte 3: Encoding format. 0x01 == JPEG.
+
+ Byte 4-15: Reserved, and currently unused.
+
+ All other data after this header is raw image (JPEG) data.
+
+
+Format of the "--list-config" output
+====================================
+
+--list-config outputs information about the GnuPG configuration for
+the benefit of frontends or other programs that call GnuPG. There are
+several list-config items, all colon delimited like the rest of the
+--with-colons output. The first field is always "cfg" to indicate
+configuration information. The second field is one of (with
+examples):
+
+version: the third field contains the version of GnuPG.
+
+ cfg:version:1.3.5
+
+pubkey: the third field contains the public key algorithmdcaiphers
+ this version of GnuPG supports, separated by semicolons. The
+ algorithm numbers are as specified in RFC-2440.
+
+ cfg:pubkey:1;2;3;16;17
+
+cipher: the third field contains the symmetric ciphers this version of
+ GnuPG supports, separated by semicolons. The cipher numbers
+ are as specified in RFC-2440.
+
+ cfg:cipher:2;3;4;7;8;9;10
+
+digest: the third field contains the digest (hash) algorithms this
+ version of GnuPG supports, separated by semicolons. The
+ digest numbers are as specified in RFC-2440.
+
+ cfg:digest:1;2;3;8;9;10
+
+compress: the third field contains the compression algorithms this
+ version of GnuPG supports, separated by semicolons. The
+ algorithm numbers are as specified in RFC-2440.
+
+ cfg:compress:0;1;2;3
+
+group: the third field contains the name of the group, and the fourth
+ field contains the values that the group expands to, separated
+ by semicolons.
+
+For example, a group of:
+ group mynames = paige 0x12345678 joe patti
+
+would result in:
+ cfg:group:mynames:patti;joe;0x12345678;paige
+
+
+Key generation
+==============
+ Key generation shows progress by printing different characters to
+ stderr:
+ "." Last 10 Miller-Rabin tests failed
+ "+" Miller-Rabin test succeeded
+ "!" Reloading the pool with fresh prime numbers
+ "^" Checking a new value for the generator
+ "<" Size of one factor decreased
+ ">" Size of one factor increased
+
+ The prime number for Elgamal is generated this way:
+
+ 1) Make a prime number q of 160, 200, 240 bits (depending on the keysize)
+ 2) Select the length of the other prime factors to be at least the size
+ of q and calculate the number of prime factors needed
+ 3) Make a pool of prime numbers, each of the length determined in step 2
+ 4) Get a new permutation out of the pool or continue with step 3
+ if we have tested all permutations.
+ 5) Calculate a candidate prime p = 2 * q * p[1] * ... * p[n] + 1
+ 6) Check that this prime has the correct length (this may change q if
+ it seems not to be possible to make a prime of the desired length)
+ 7) Check whether this is a prime using trial divisions and the
+ Miller-Rabin test.
+ 8) Continue with step 4 if we did not find a prime in step 7.
+ 9) Find a generator for that prime.
+
+ This algorithm is based on Lim and Lee's suggestion from the
+ Crypto '97 proceedings p. 260.
+
+
+Unattended key generation
+=========================
+This feature allows unattended generation of keys controlled by a
+parameter file. To use this feature, you use --gen-key together with
+--batch and feed the parameters either from stdin or from a file given
+on the commandline.
+
+The format of this file is as follows:
+ o Text only, line length is limited to about 1000 chars.
+ o You must use UTF-8 encoding to specify non-ascii characters.
+ o Empty lines are ignored.
+ o Leading and trailing spaces are ignored.
+ o A hash sign as the first non white space character indicates a comment line.
+ o Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+ o Parameters are specified by a keyword, followed by a colon. Arguments
+ are separated by white space.
+ o The first parameter must be "Key-Type", control statements
+ may be placed anywhere.
+ o Key generation takes place when either the end of the parameter file
+ is reached, the next "Key-Type" parameter is encountered or at the
+ control statement "%commit"
+ o Control statements:
+ %echo <text>
+ Print <text>.
+ %dry-run
+ Suppress actual key generation (useful for syntax checking).
+ %commit
+ Perform the key generation. An implicit commit is done
+ at the next "Key-Type" parameter.
+ %pubring <filename>
+ %secring <filename>
+ Do not write the key to the default or commandline given
+ keyring but to <filename>. This must be given before the first
+ commit to take place, duplicate specification of the same filename
+ is ignored, the last filename before a commit is used.
+ The filename is used until a new filename is used (at commit points)
+ and all keys are written to that file. If a new filename is given,
+ this file is created (and overwrites an existing one).
+ Both control statements must be given.
+ o The order of the parameters does not matter except for "Key-Type"
+ which must be the first parameter. The parameters are only for the
+ generated keyblock and parameters from previous key generations are not
+ used. Some syntactically checks may be performed.
+ The currently defined parameters are:
+ Key-Type: <algo-number>|<algo-string>
+ Starts a new parameter block by giving the type of the
+ primary key. The algorithm must be capable of signing.
+ This is a required parameter.
+ Key-Length: <length-in-bits>
+ Length of the key in bits. Default is 1024.
+ Key-Usage: <usage-list>
+ Space or comma delimited list of key usage, allowed values are
+ "encrypt" and "sign". This is used to generate the key flags.
+ Please make sure that the algorithm is capable of this usage.
+ Subkey-Type: <algo-number>|<algo-string>
+ This generates a secondary key. Currently only one subkey
+ can be handled.
+ Subkey-Length: <length-in-bits>
+ Length of the subkey in bits. Default is 1024.
+ Subkey-Usage: <usage-list>
+ Similar to Key-Usage.
+ Passphrase: <string>
+ If you want to specify a passphrase for the secret key,
+ enter it here. Default is not to use any passphrase.
+ Name-Real: <string>
+ Name-Comment: <string>
+ Name-Email: <string>
+ The 3 parts of a key. Remember to use UTF-8 here.
+ If you don't give any of them, no user ID is created.
+ Expire-Date: <iso-date>|(<number>[d|w|m|y])
+ Set the expiration date for the key (and the subkey). It
+ may either be entered in ISO date format (2000-08-15) or as
+ number of days, weeks, month or years. Without a letter days
+ are assumed.
+ Preferences: <string>
+ Set the cipher, hash, and compression preference values for
+ this key. This expects the same type of string as "setpref"
+ in the --edit menu.
+ Revoker: <algo>:<fpr> [sensitive]
+ Add a designated revoker to the generated key. Algo is the
+ public key algorithm of the designated revoker (i.e. RSA=1,
+ DSA=17, etc.) Fpr is the fingerprint of the designated
+ revoker. The optional "sensitive" flag marks the designated
+ revoker as sensitive information. Only v4 keys may be
+ designated revokers.
+ Handle: <string>
+ This is an optional parameter only used with the status lines
+ KEY_CREATED and KEY_NOT_CREATED. STRING may be up to 100
+ characters and should not contauin spaces. It is useful for
+ batch key generation to associate a key parameter block with a
+ status line.
+
+
+Here is an example:
+$ cat >foo <<EOF
+ %echo Generating a standard key
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 1024
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+EOF
+$ gpg --batch --gen-key foo
+ [...]
+$ gpg --no-default-keyring --secret-keyring ./foo.sec \
+ --keyring ./foo.pub --list-secret-keys
+/home/wk/work/gnupg-stable/scratch/foo.sec
+------------------------------------------
+sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
+ssb 1024g/8F70E2C0 2000-03-09
+
+
+
+Layout of the TrustDB
+=====================
+The TrustDB is built from fixed length records, where the first byte
+describes the record type. All numeric values are stored in network
+byte order. The length of each record is 40 bytes. The first record of
+the DB is always of type 1 and this is the only record of this type.
+
+FIXME: The layout changed, document it here.
+
+ Record type 0:
+ --------------
+ Unused record, can be reused for any purpose.
+
+ Record type 1:
+ --------------
+ Version information for this TrustDB. This is always the first
+ record of the DB and the only one with type 1.
+ 1 byte value 1
+ 3 bytes 'gpg' magic value
+ 1 byte Version of the TrustDB (2)
+ 1 byte marginals needed
+ 1 byte completes needed
+ 1 byte max_cert_depth
+ The three items are used to check whether the cached
+ validity value from the dir record can be used.
+ 1 u32 locked flags [not used]
+ 1 u32 timestamp of trustdb creation
+ 1 u32 timestamp of last modification which may affect the validity
+ of keys in the trustdb. This value is checked against the
+ validity timestamp in the dir records.
+ 1 u32 timestamp of last validation [currently not used]
+ (Used to keep track of the time, when this TrustDB was checked
+ against the pubring)
+ 1 u32 record number of keyhashtable [currently not used]
+ 1 u32 first free record
+ 1 u32 record number of shadow directory hash table [currently not used]
+ It does not make sense to combine this table with the key table
+ because the keyid is not in every case a part of the fingerprint.
+ 1 u32 record number of the trusthashtbale
+
+
+ Record type 2: (directory record)
+ --------------
+ Informations about a public key certificate.
+ These are static values which are never changed without user interaction.
+
+ 1 byte value 2
+ 1 byte reserved
+ 1 u32 LID . (This is simply the record number of this record.)
+ 1 u32 List of key-records (the first one is the primary key)
+ 1 u32 List of uid-records
+ 1 u32 cache record
+ 1 byte ownertrust
+ 1 byte dirflag
+ 1 byte maximum validity of all the user ids
+ 1 u32 time of last validity check.
+ 1 u32 Must check when this time has been reached.
+ (0 = no check required)
+
+
+ Record type 3: (key record)
+ --------------
+ Informations about a primary public key.
+ (This is mainly used to lookup a trust record)
+
+ 1 byte value 3
+ 1 byte reserved
+ 1 u32 LID
+ 1 u32 next - next key record
+ 7 bytes reserved
+ 1 byte keyflags
+ 1 byte pubkey algorithm
+ 1 byte length of the fingerprint (in bytes)
+ 20 bytes fingerprint of the public key
+ (This is the value we use to identify a key)
+
+ Record type 4: (uid record)
+ --------------
+ Informations about a userid
+ We do not store the userid but the hash value of the userid because that
+ is sufficient.
+
+ 1 byte value 4
+ 1 byte reserved
+ 1 u32 LID points to the directory record.
+ 1 u32 next next userid
+ 1 u32 pointer to preference record
+ 1 u32 siglist list of valid signatures
+ 1 byte uidflags
+ 1 byte validity of the key calculated over this user id
+ 20 bytes ripemd160 hash of the username.
+
+
+ Record type 5: (pref record)
+ --------------
+ This record type is not anymore used.
+
+ 1 byte value 5
+ 1 byte reserved
+ 1 u32 LID; points to the directory record (and not to the uid record!).
+ (or 0 for standard preference record)
+ 1 u32 next
+ 30 byte preference data
+
+ Record type 6 (sigrec)
+ -------------
+ Used to keep track of key signatures. Self-signatures are not
+ stored. If a public key is not in the DB, the signature points to
+ a shadow dir record, which in turn has a list of records which
+ might be interested in this key (and the signature record here
+ is one).
+
+ 1 byte value 6
+ 1 byte reserved
+ 1 u32 LID points back to the dir record
+ 1 u32 next next sigrec of this uid or 0 to indicate the
+ last sigrec.
+ 6 times
+ 1 u32 Local_id of signatures dir or shadow dir record
+ 1 byte Flag: Bit 0 = checked: Bit 1 is valid (we have a real
+ directory record for this)
+ 1 = valid is set (but may be revoked)
+
+
+
+ Record type 8: (shadow directory record)
+ --------------
+ This record is used to reserve a LID for a public key. We
+ need this to create the sig records of other keys, even if we
+ do not yet have the public key of the signature.
+ This record (the record number to be more precise) will be reused
+ as the dir record when we import the real public key.
+
+ 1 byte value 8
+ 1 byte reserved
+ 1 u32 LID (This is simply the record number of this record.)
+ 2 u32 keyid
+ 1 byte pubkey algorithm
+ 3 byte reserved
+ 1 u32 hintlist A list of records which have references to
+ this key. This is used for fast access to
+ signature records which are not yet checked.
+ Note, that this is only a hint and the actual records
+ may not anymore hold signature records for that key
+ but that the code cares about this.
+ 18 byte reserved
+
+
+
+ Record Type 10 (hash table)
+ --------------
+ Due to the fact that we use fingerprints to lookup keys, we can
+ implement quick access by some simple hash methods, and avoid
+ the overhead of gdbm. A property of fingerprints is that they can be
+ used directly as hash values. (They can be considered as strong
+ random numbers.)
+ What we use is a dynamic multilevel architecture, which combines
+ hashtables, record lists, and linked lists.
+
+ This record is a hashtable of 256 entries; a special property
+ is that all these records are stored consecutively to make one
+ big table. The hash value is simple the 1st, 2nd, ... byte of
+ the fingerprint (depending on the indirection level).
+
+ When used to hash shadow directory records, a different table is used
+ and indexed by the keyid.
+
+ 1 byte value 10
+ 1 byte reserved
+ n u32 recnum; n depends on the record length:
+ n = (reclen-2)/4 which yields 9 for the current record length
+ of 40 bytes.
+
+ the total number of such record which makes up the table is:
+ m = (256+n-1) / n
+ which is 29 for a record length of 40.
+
+ To look up a key we use the first byte of the fingerprint to get
+ the recnum from this hashtable and look up the addressed record:
+ - If this record is another hashtable, we use 2nd byte
+ to index this hash table and so on.
+ - if this record is a hashlist, we walk all entries
+ until we found one a matching one.
+ - if this record is a key record, we compare the
+ fingerprint and to decide whether it is the requested key;
+
+
+ Record type 11 (hash list)
+ --------------
+ see hash table for an explanation.
+ This is also used for other purposes.
+
+ 1 byte value 11
+ 1 byte reserved
+ 1 u32 next next hash list record
+ n times n = (reclen-5)/5
+ 1 u32 recnum
+
+ For the current record length of 40, n is 7
+
+
+
+ Record type 254 (free record)
+ ---------------
+ All these records form a linked list of unused records.
+ 1 byte value 254
+ 1 byte reserved (0)
+ 1 u32 next_free
+
+
+
+Packet Headers
+===============
+
+GNUPG uses PGP 2 packet headers and also understands OpenPGP packet header.
+There is one enhancement used with the old style packet headers:
+
+ CTB bits 10, the "packet-length length bits", have values listed in
+ the following table:
+
+ 00 - 1-byte packet-length field
+ 01 - 2-byte packet-length field
+ 10 - 4-byte packet-length field
+ 11 - no packet length supplied, unknown packet length
+
+ As indicated in this table, depending on the packet-length length
+ bits, the remaining 1, 2, 4, or 0 bytes of the packet structure field
+ are a "packet-length field". The packet-length field is a whole
+ number field. The value of the packet-length field is defined to be
+ the value of the whole number field.
+
+ A value of 11 is currently used in one place: on compressed data.
+ That is, a compressed data block currently looks like <A3 01 . . .>,
+ where <A3>, binary 10 1000 11, is an indefinite-length packet. The
+ proper interpretation is "until the end of the enclosing structure",
+ although it should never appear outermost (where the enclosing
+ structure is a file).
+
++ This will be changed with another version, where the new meaning of
++ the value 11 (see below) will also take place.
++
++ A value of 11 for other packets enables a special length encoding,
++ which is used in case, where the length of the following packet can
++ not be determined prior to writing the packet; especially this will
++ be used if large amounts of data are processed in filter mode.
++
++ It works like this: After the CTB (with a length field of 11) a
++ marker field is used, which gives the length of the following datablock.
++ This is a simple 2 byte field (MSB first) containing the amount of data
++ following this field, not including this length field. After this datablock
++ another length field follows, which gives the size of the next datablock.
++ A value of 0 indicates the end of the packet. The maximum size of a
++ data block is limited to 65534, thereby reserving a value of 0xffff for
++ future extensions. These length markers must be inserted into the data
++ stream just before writing the data out.
++
++ This 2 byte field is large enough, because the application must buffer
++ this amount of data to prepend the length marker before writing it out.
++ Data block sizes larger than about 32k doesn't make any sense. Note
++ that this may also be used for compressed data streams, but we must use
++ another packet version to tell the application that it can not assume,
++ that this is the last packet.
+
+
+GNU extensions to the S2K algorithm
+===================================
+S2K mode 101 is used to identify these extensions.
+After the hash algorithm the 3 bytes "GNU" are used to make
+clear that these are extensions for GNU, the next bytes gives the
+GNU protection mode - 1000. Defined modes are:
+ 1001 - do not store the secret part at all
+ 1002 - a stub to access smartcards (not used in 1.2.x)
+
+
+Pipemode
+========
+NOTE: This is deprecated and will be removed in future versions.
+
+This mode can be used to perform multiple operations with one call to
+gpg. It comes handy in cases where you have to verify a lot of
+signatures. Currently we support only detached signatures. This mode
+is a kludge to avoid running gpg n daemon mode and using Unix Domain
+Sockets to pass the data to it. There is no easy portable way to do
+this under Windows, so we use plain old pipes which do work well under
+Windows. Because there is no way to signal multiple EOFs in a pipe we
+have to embed control commands in the data stream: We distinguish
+between a data state and a control state. Initially the system is in
+data state but it won't accept any data. Instead it waits for
+transition to control state which is done by sending a single '@'
+character. While in control state the control command os expected and
+this command is just a single byte after which the system falls back
+to data state (but does not necesary accept data now). The simplest
+control command is a '@' which just inserts this character into the
+data stream.
+
+Here is the format we use for detached signatures:
+"@<" - Begin of new stream
+"@B" - Detached signature follows.
+ This emits a control packet (1,'B')
+<detached_signature>
+"@t" - Signed text follows.
+ This emits the control packet (2, 'B')
+<signed_text>
+"@." - End of operation. The final control packet forces signature
+ verification
+"@>" - End of stream
+
+
+
+
+
+
+Other Notes
+===========
+ * For packet version 3 we calculate the keyids this way:
+ RSA := low 64 bits of n
+ ELGAMAL := build a v3 pubkey packet (with CTB 0x99) and calculate
+ a rmd160 hash value from it. This is used as the
+ fingerprint and the low 64 bits are the keyid.
+
+ * Revocation certificates consist only of the signature packet;
+ "import" knows how to handle this. The rationale behind it is
+ to keep them small.
+
+
+
+
+
+
+
+Keyserver Message Format
+=========================
+
+The keyserver may be contacted by a Unix Domain socket or via TCP.
+
+The format of a request is:
+
+====
+command-tag
+"Content-length:" digits
+CRLF
+=======
+
+Where command-tag is
+
+NOOP
+GET <user-name>
+PUT
+DELETE <user-name>
+
+
+The format of a response is:
+
+======
+"GNUPG/1.0" status-code status-text
+"Content-length:" digits
+CRLF
+============
+followed by <digits> bytes of data
+
+
+Status codes are:
+
+ o 1xx: Informational - Request received, continuing process
+
+ o 2xx: Success - The action was successfully received, understood,
+ and accepted
+
+ o 4xx: Client Error - The request contains bad syntax or cannot be
+ fulfilled
+
+ o 5xx: Server Error - The server failed to fulfill an apparently
+ valid request
+
+
+
+Documentation on HKP (the http keyserver protocol):
+
+A minimalistic HTTP server on port 11371 recognizes a GET for /pks/lookup.
+The standard http URL encoded query parameters are this (always key=value):
+
+- op=index (like pgp -kv), op=vindex (like pgp -kvv) and op=get (like
+ pgp -kxa)
+
+- search=<stringlist>. This is a list of words that must occur in the key.
+ The words are delimited with space, points, @ and so on. The delimiters
+ are not searched for and the order of the words doesn't matter (but see
+ next option).
+
+- exact=on. This switch tells the hkp server to only report exact matching
+ keys back. In this case the order and the "delimiters" are important.
+
+- fingerprint=on. Also reports the fingerprints when used with 'index' or
+ 'vindex'
+
+The keyserver also recognizes http-POSTs to /pks/add. Use this to upload
+keys.
+
+
+A better way to do this would be a request like:
+
+ /pks/lookup/<gnupg_formatierte_user_id>?op=<operation>
+
+This can be implemented using Hurd's translator mechanism.
+However, I think the whole key server stuff has to be re-thought;
+I have some ideas and probably create a white paper.
+