Page Menu
Home
GnuPG
Search
Configure Global Search
Log In
Files
F36623170
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Size
16 KB
Subscribers
None
View Options
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 826ea3d16..1feda1bca 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,353 +1,358 @@
+2007-02-05 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Common Problems): Tell how to export a private
+ key without a certificate.
+
2007-01-30 Werner Koch <wk@g10code.com>
* com-certs.pem: Added the current root certifcates of D-Trust and
S-Trust.
2007-01-18 David Shaw <dshaw@jabberwocky.com>
* gpg.texi, specify-user-id.texi: Only some of the mentions of
exclamation marks have an example. Give examples to the rest.
2007-01-17 David Shaw <dshaw@jabberwocky.com>
* gpg.texi (GPG Configuration Options): Make http_proxy option
documentation match reality.
(BUGS): Warn about hibernate/safe-sleep/etc writing main RAM to
disk, despite locking.
2006-12-08 Werner Koch <wk@g10code.com>
* gnupg.texi (direntry): Rename gpg to gpg2.
2006-12-04 Werner Koch <wk@g10code.com>
* gpgv.texi: New.
* tools.texi: Include new file.
2006-12-02 David Shaw <dshaw@jabberwocky.com>
* gpg.texi (GPG Esoteric Options): Document --passphrase-repeat.
2006-11-14 Werner Koch <wk@g10code.com>
* gpgsm.texi (GPGSM EXPORT): Document changes.
2006-11-11 Werner Koch <wk@g10code.com>
* gnupg.texi (Top): Move gpg-agent part before gpg.
2006-11-05 David Shaw <dshaw@jabberwocky.com>
* gpg.texi: Reference to --s2k-count in --s2k-mode.
2006-10-30 Werner Koch <wk@g10code.com>
* faq.raw: Minor corrections.
2006-10-12 Werner Koch <wk@g10code.com>
* Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict
with gpg1.
2006-10-12 David Shaw <dshaw@jabberwocky.com>
* gpg.texi: Document --s2k-count.
2006-09-25 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Examples): Add markup to all options. This is
required to have the double dashs printed correclty.
2006-09-22 Werner Koch <wk@g10code.com>
* instguide.texi (Installation): New.
* assuan.texi (Assuan): Removed. Use the libassuan manual instead.
* gnupg.texi: Reflect these changes.
* gpg.texi: Make some parts depend on the "gpgone" set
command. This allows us to use the same source for gpg1 and gpg2.
* yat2m.c (parse_file): Better parsing of @ifset and ifclear.
(main): Allow definition of "-D gpgone".
(parse_file): Allow macro definitions.
(proc_texi_cmd): Expand macros.
(proc_texi_buffer): Process commands terminated by the closing
brace of the enclosing command.
2006-09-20 Werner Koch <wk@g10code.com>
* texi.css: New. Note that the current vesion of makeinfo has a
bug while copying the @import directive. A pacth has been send to
upstream.
2006-09-19 Werner Koch <wk@g10code.com>
* gpg.texi: Some restructuring.
* Makefile.am (online): New target.
2006-09-18 Werner Koch <wk@g10code.com>
* com-certs.pem: New.
2006-09-13 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Esoteric Options): Fixed typo in
--require-cross-certification and made it the default.
2006-09-11 Werner Koch <wk@g10code.com>
* HACKING: Cleaned up.
2006-09-08 Werner Koch <wk@g10code.com>
* yat2m.c (parse_file): Ignore @node lines immediately.
(proc_texi_cmd): No special @end ifset processing anymore.
* specify-user-id.texi: New. Factored out of gpg.texi and ../README.
2006-09-07 Werner Koch <wk@g10code.com>
* scdaemon.texi (Scdaemon Configuration): New.
* examples/scd-event: Event handler for sdaemon.
* examples/: New directory
2006-08-22 Werner Koch <wk@g10code.com>
* yat2m.c (parse_file): Added code to skip a line after @mansect.
* gnupg7.texi: New.
2006-08-21 Werner Koch <wk@g10code.com>
* Makefile.am: Added other doc files from gpg 1.4.
2006-08-17 Werner Koch <wk@g10code.com>
* Makefile.am: Added rules to build man pages.
* yat2m.c: New.
2006-02-14 Werner Koch <wk@gnupg.org>
* gpgsm.texi (GPGSM Configuration): New section.
2005-11-14 Werner Koch <wk@g10code.com>
* qualified.txt: Added real information.
2005-11-13 Werner Koch <wk@g10code.com>
* qualified.txt: New.
* Makefile.am (dist_pkgdata_DATA): New.
2005-08-16 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Agent Options): Note default file name for
--write-env-file.
2005-06-03 Werner Koch <wk@g10code.com>
* debugging.texi (Architecture Details): New section, mostly empty.
* gnupg-card-architecture.fig: New.
* Makefile.am: Rules to build png and eps versions.
* gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
2005-05-17 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Agent Options): Removed --disable-pth.
2005-04-27 Werner Koch <wk@g10code.com>
* tools.texi (symcryptrun): Added.
* scdaemon.texi: Removed OpenSC specific options.
2005-04-20 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Agent Configuration): New section.
2005-02-24 Werner Koch <wk@g10code.com>
* tools.texi (gpg-connect-agent): New.
2005-02-14 Werner Koch <wk@g10code.com>
* gpgsm.texi (Certificate Management): Document --import.
2005-01-27 Moritz Schulte <moritz@g10code.com>
* gpg-agent.texi: Document ssh-agent emulation layer.
2005-01-04 Werner Koch <wk@g10code.com>
* gnupg.texi: Updated to use @copying.
2004-12-22 Werner Koch <wk@g10code.com>
* gnupg.texi: Reordered.
* contrib.texi: Updated.
2004-12-21 Werner Koch <wk@g10code.com>
* tools.texi (gpg-preset-passphrase): New section.
* gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New
* gnupg.texi: Add a logo.
* sysnotes.texi: New.
2004-11-05 Werner Koch <wk@g10code.com>
* debugging.texi (Common Problems): Curses pinentry problem.
2004-10-22 Werner Koch <wk@g10code.com>
* tools.texi (Helper Tools): Document gpgsm-gencert.sh.
2004-10-05 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Invoking GPG-AGENT): Tell that GPG_TTY needs to
be set in all cases.
2004-09-30 Werner Koch <wk@g10code.com>
* gpg.texi: New.
* gnupg.texi: Include gpg.texi
* tools.texi: Add a few @command markups.
* gpgsm.texi: Ditto
* gpg-agent.texi: Ditto.
* scdaemon.texi: Ditto.
2004-09-30 Marcus Brinkmann <marcus@g10code.de>
* tools.texi (Changing options): Add documentation for gpgconf.
* contrib.texi (Contributors): Add two missing periods.
2004-09-29 Werner Koch <wk@g10code.com>
* gpgsm.texi (Configuration Options): Add --log-file.
* gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the
expected pinentry filename.
Changed license of the manual stuff to GPL.
* gnupg.texi (Top): New menu item Helper Tools.
* tools.texi (Helper Tools): New.
* Makefile.am (gnupg_TEXINFOS): Add tools.texi.
2004-08-05 Werner Koch <wk@g10code.de>
* scdaemon.texi (Card applications): New section.
2004-06-22 Werner Koch <wk@g10code.com>
* glossary.texi: New.
2004-06-18 Werner Koch <wk@gnupg.org>
* debugging.texi: New.
* gnupg.texi: Include it.
2004-05-11 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Esoteric Options): Add --debug-allow-core-dump.
2004-05-03 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent Options): Add --allow-mark-trusted.
2004-02-03 Werner Koch <wk@gnupg.org>
* contrib.texi (Contributors): Updated from the gpg 1.2.3 thanks
list.
* gpgsm.texi, gpg-agent.texi, scdaemon.texi: Language cleanups.
2003-12-01 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp.
2003-11-17 Werner Koch <wk@gnupg.org>
* scdaemon.texi (Scdaemon Options): Added --allow-admin and
--deny-admin.
2003-10-27 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent GET_CONFIRMATION): New.
2002-12-04 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent Signals): New.
2002-12-03 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Operational Commands): Add --passwd and
--call-protect-tool.
* gpg-agent.texi (Agent PASSWD): New
2002-11-13 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Invoking GPG-AGENT): Tell about GPG_TTY.
2002-11-12 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Operational Commands): Add --call-dirmngr.
2002-09-25 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent Options): Add --keep-tty and --keep-display.
2002-09-12 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Invoking GPG-AGENT): Explained how to start only
one instance.
2002-08-28 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent Options): Explained more options.
* scdaemon.texi (Scdaemon Options): Ditto.
2002-08-09 Werner Koch <wk@gnupg.org>
* Makefile.am (gnupg_TEXINFOS): Include contrib.texi.
2002-08-06 Werner Koch <wk@gnupg.org>
* gpgsm.texi: Added more options.
2002-07-26 Werner Koch <wk@gnupg.org>
* assuan.texi: New.
* gpgsm.texi, scdaemon.texi, gpg-agent.texi: Documented the Assuan
protocol used.
2002-07-22 Werner Koch <wk@gnupg.org>
* gnupg.texi, scdaemon.texi, gpg-agent.texi: New.
* contrib.texi, gpl.texi, fdl.texi: New.
* gpgsm.texi: Made this an include file for gnupg.texi.
* Makefile.am: Build gnupg.info instead of gpgsm.info.
2002-06-04 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Invocation): Described the various debug flags.
2002-05-14 Werner Koch <wk@gnupg.org>
* Makefile.am, gpgsm.texi: New.
Copyright 2002, 2004, 2005 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/doc/debugging.texi b/doc/debugging.texi
index 82c1550b6..63d0961b2 100644
--- a/doc/debugging.texi
+++ b/doc/debugging.texi
@@ -1,154 +1,194 @@
@c Copyright (C) 2004 Free Software Foundation, Inc.
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@node Debugging
@chapter How to solve problems
Everyone knows that software often does not do what it should do and thus
there is a need to track down problems. We call this debugging in a
reminiscent to the moth jamming a relay in a Mark II box back in 1947.
Most of the problems a merely configuration and user problems but
nevertheless there are the most annoying ones and reponsible for many
gray hairs. We try to give some guidelines here on how to identify and
solve the problem at hand.
@menu
* Debugging Tools:: Description of some useful tools
* Common Problems:: Commonly seen problems.
* Architecture Details:: How the whole thing works internally.
@end menu
@node Debugging Tools
@section Debugging Tools
The GnuPG distribution comes with a couple of tools, useful to help find
and solving problems.
@menu
* kbxutil:: Scrutinizing a keybox file.
@end menu
@node kbxutil
@subsection Scrutinizing a keybox file
A keybox is a file fomat used to store public keys along with meta
information and indices. The commonly used one is the file
@file{pubring.kbx} in the @file{.gnupg} directory. It contains all
X.509 certificates as well as OpenPGP keys@footnote{Well, OpenPGP keys
are not implemented, @command{gpg} still used the keyring file
@file{pubring.gpg}} .
@noindent
When called the standard way, e.g.:
@samp{kbxutil ~/.gnupg/pubring.kbx}
@noindent
it lists all records (called @acronym{blobs}) with there meta-information
in a human readable format.
@noindent
To see statistics on the keybox in question, run it using
@samp{kbxutil --stats ~/.gnupg/pubring.kbx}
@noindent
and you get an output like:
@example
Total number of blobs: 99
header: 1
empty: 0
openpgp: 0
x509: 98
non flagged: 81
secret flagged: 0
ephemeral flagged: 17
@end example
In this example you see that the keybox does not have any OpenPGP keys
but contains 98 X.509 cerificates and a total of 17 keys or certificates
are flagges as ephemeral, meaning that they are only temporary stored
(cached) in the keybox and won't get listed using the usual commands
provided by @command{gpgsm} or @command{gpg}. 81 certifcates are stored
in a standard way and directly available from @command{gpgsm}.
@node Common Problems
@section Commonly Seen Problems
@itemize @bullet
@item Error code @samp{Not supported} from Dirmngr
Most likely the option @option{enable-ocsp} is active for gpgsm
but Dirmngr's OCSP feature has not been enabled using
@option{allow-ocsp} in @file{dirmngr.conf}.
@item The Curses based Pinentry does not work
The far most common reason for this is that the environment variable
@code{GPG_TTY} has not been set correctly. Make sure that it has been
set to a real tty devce and not just to @samp{/dev/tty};
i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is
@samp{GPG_TTY=`tty`} --- note the back ticks. Also make sure that
this environment variable gets exported, that is you should follow up
the setting with an @samp{export GPG_TTY} (assuming a Bourne style
shell). Even for GUI based Pinentries; you should have set
@code{GPG_TTY}. See the section on installing the @command{gpg-agent}
on how to do it.
@item SSH hangs while a popping up pinentry was expected
SSH has no way to tell the gpg-agent what terminal or X display it is
running on. So when remotely logging into a box where a gpg-agent with
SSH support is running, the pinentry will get popped up on whatever
display t he gpg-agent has been started. To solve this problem you may
issue the command
@smallexample
echo UPDATESTARTUPTTY | gpg-connect-agent
@end smallexample
and the next pinentry will pop up on your display or screen. However,
you need to kill the running pinentry first because only one pinentry
may be running at once. If you plan to use ssh on a new display you
should issue the above command before invoking ssh or any other service
making use of ssh.
+@item Exporting a secret key without a certificate
+
+I may happen that you have created a certificate request using
+@command{gpgsm} but not yet received and imported the certificate from
+the CA. However, you want to export the secret key to another machine
+right now to import the certificate over there then. You can do this
+with a little trick but it requires that you know the approximate time
+you created the signing request. By running the command
+
+@smallexample
+ ls -ltr ~/.gnupg/private-keys-v1.d
+@end smallexample
+
+you get a listing of all private keys under control of @command{gpg-agent}.
+Pick the key which best matches the creation time and run the command
+
+@smallexample
+ /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12
+@end smallexample
+
+(Please adjust the path to @command{gpg-protect-tool} to the approriate
+location). @var{foo} is the name of the key file you picked (it should
+have the suffix @file{.key}). A Pinentry box will pop up and ask you
+for the current passphrase of the key and a new passphrase to protect it
+in the pkcs#12 file.
+
+To import the created file on the machine you use this command:
+
+@smallexample
+ /usr/local/libexec/gpg-protect-tool --p12-import --store @var{foo}.p12
+@end smallexample
+
+You will be asked for the pkcs#12 passphrase and a new passphrase to
+protect the imported private key at its new location.
+
+Note that there is no easy way to match existing certificates with
+stored private keys because some private keys are used for Secure Shell
+or other purposes and don't have a corresponding certificate.
+
+
@end itemize
@c ********************************************
@c *** Architecture Details *****************
@c ********************************************
@node Architecture Details
@section How the whole thing works internally.
@menu
* gpg 1.4 vs. 1.9:: Relationship between the two branches.
@end menu
@node gpg 1.4 vs. 1.9
@subsection Relationship between the two branches.
Here is a little picture showing how the components work together:
@image{gnupg-card-architecture, 10cm}
@noindent
Lets try to explain it:
TO BE DONE.
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Thu, Feb 26, 6:41 PM (15 h, 58 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
db/51/efd2d7e7c56b0115b665fb818e9c
Attached To
rG GnuPG
Event Timeline
Log In to Comment