head	1.6;
access;
symbols;
locks; strict;
comment	@# @;


1.6
date	2000.08.01.12.24.40;	author jashley;	state Exp;
branches;
next	1.5;

1.5
date	2000.07.18.18.40.01;	author jashley;	state Exp;
branches;
next	1.4;

1.4
date	2000.05.27.12.47.31;	author jashley;	state Exp;
branches;
next	1.3;

1.3
date	2000.05.27.12.45.38;	author jashley;	state Exp;
branches;
next	1.2;

1.2
date	2000.02.26.13.26.38;	author jashley;	state Exp;
branches;
next	1.1;

1.1
date	2000.02.07.10.44.47;	author wkoch;	state Exp;
branches;
next	;


desc
@@


1.6
log
@- applied patch from Eric Hanchrow
- culled reference sections since they add little in their current form
@
text
@- consider including a compressed gzip file of the HTML pages when we
  distribute.
- pick up comments on passphrase mangling and salting from mailing list
  archives.  thread started by horacio around last week of January.
- need to integrate "gnupg documentation project" with the documentation
  page at http://www.gnupg.org and try to consolidate some of the random
  docs floating around.  should also use the consolidated documentation
  to build a minimal doc set for the distribution.
- need a FAQ of some sort for fast-find that may be just pointers to the
  right place in the manual
   - how do i use keyservers?
   - what's a valid key specifier?
- digital signature section improvements
   - the odds of two documents hashing to the same value is pretty low
   - a document's hash value is sometimes called its message digest
   - the section is in general difficult to understand; need pictures
     to explain the algorithms like the ones in the talk.
- add example in --print-md reference page of using print-md to check
  integrity of files
- add a description of the procedure one uses to revoke a public key and
  the consequences of doing so.  In particular, it needs to be explained that
  you are revoking the *private* key, so while noone can encrypt to that key,
  it doesn't stop someone from making signatures using the compromised 
  private key.  what protects you is that signatures made after the revocation
  date will be flagged invalid.
- need to explain what "ultimately" trusted means somewhere since it is
  used in the reference page for edit-key.
- add explanation of cryptic symbols you get when you display preferences.

#define CIPHER_ALGO_NONE         0
#define CIPHER_ALGO_IDEA         1
#define CIPHER_ALGO_3DES         2
#define CIPHER_ALGO_CAST5        3
#define CIPHER_ALGO_BLOWFISH     4  /* blowfish 128 bit key */
#define CIPHER_ALGO_SAFER_SK128  5
#define CIPHER_ALGO_DES_SK       6
#define CIPHER_ALGO_TWOFISH     10  /* twofish 256 bit */
#define CIPHER_ALGO_SKIPJACK   101  /* experimental: skipjack */
#define CIPHER_ALGO_TWOFISH_OLD 102 /* experimental: twofish 128 bit */
#define CIPHER_ALGO_DUMMY      110  /* no encryption at all */

- check on this
  On Sun, 27 Feb 2000, chimera wrote:
  >    On page 40, section 4.1.1 there is a paragraph starting with "ElGamal
  > keys". It seems to suggest that the computational cost of encrypting and
  > decrypting are exponential in time (when the key is known). I believe
  > (IMMHO) that it is exponential only when the key is unknown. When the
  > key is known, it is merely polynomial (I don't know the degree)
  > otherwise. Alternatively, the paragraph could be stating the case when
  > the key is unknown, but it is unclear and does not fit in with the rest
  > of the paragraph.

  >    I have actually used the gen-random command-line option. I discovered
  > that while the man page said there were levels 0|1|2 of randomness, it
  > didn't specify the most random. I had to devel into the source code for
  > that information (2 is the most random). I have thus noticed that the
  > manual doesn't state the information either. Maybe the manual (as well
  > as the man page) could include that tidbit of information.


- notes from chimera about his contribution on salting and mangling.
> Thanks a bunch!  I looked it over, and it all made sense, but I don't
> understand how the salt is obtained or how the system comes up with
> the same salt in order to check a passphrase.  Do you know the details
> on this?
   You understand it!!! Wow. :)

   Yeah, I know how the salt is obtained. It should be a random or
cryptographically random sequence of bits. Now Bob knows which salt to
use as the salt is actually transmitted clear-text as part of the
message. That is, the salt is not secret at all and Eve can obtain it
without difficulty. Hence, the benefit of a salt is that two cryptotext
with exactly the same plaintext and key, but different salt look
entirely different as far as Eve can tell.

> I will.  When this is integrated, I intend to add you to the credit
> list.  What name should I use?
``chimera'', I'll stay relatively anonymous for the moment.

x another patch
From offby1@@blarg.net Sat May 27 07:49:05 2000
Date: 18 Apr 2000 18:36:20 -0700
From: Eric Hanchrow <offby1@@blarg.net>
To: jashley@@acm.org
Subject: Suggestions for GPG manual

[...]
x fix index.html page to eliminate comment that figure is not printing
x many postscript interpreters blow on the page with the botched figure.
  some workaround is needed.
     Kenneth Geisshirt <kneth@@sslug.dk>:
     The way it translated way the following. First I translated the SGML
     source into TeX. I then edited by hand the TeX file to it include
     signature.eps instead of signature.jpg. The file signature.jpg was
     converted into EPS by convert. Finally I ran jadetex on the TeX file and
     used dvips to get a PS file. It can probably be done automatically since
     it's basically a search and replace.
x pgp2.x notes need to be updated with fact that you cannot both sign
  and encrypt at the same time to a pgp 2.x user
x add --passphrase-fd option description
x reference sections need to be completed

@


1.5
log
@- minor updates and typo fixes
@
text
@d80 1
a80 1
- another patch
d87 1
a87 161
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Most of these are corrections of typos and spelling mistakes, but in a
very few cases I've changed some wording.

- --- c1.sgml~	Sun Dec 12 11:58:07 1999
+++ ./c1.sgml	Tue Apr 18 17:21:14 2000
@@@@ -270,7 +270,7 @@@@
 <link linkend="optionsfile">configuration file</link>.
 </para>
 </footnote>
- -that that 
+that 
 causes output to be generated in an ASCII-armored format similar to
 uuencoded documents.
 In general, any output from &gnupg;, &eg;, keys, encrypted documents, and
@@@@ -412,8 +412,8 @@@@
 To encrypt a document the option 
 <link linkend="encrypt"><option>--encrypt</option></link> is used.
 You must have the public keys of the intended recipients.
- -The software expects the name of the document to encrypt as input or, if
- -omitted, on standard input.
+The software expects the name of the document to encrypt as input; if
+omitted, it reads standard input.
 The encrypted result is placed on standard output or as specified using
 the option <option>--output</option>.
 The document is compressed for additional security in addition to
@@@@ -452,7 +452,7 @@@@
 
 <para>
 Documents may also be encrypted without using public-key cryptography.
- -Instead, only a symmetric cipher is used to encrypt the document.
+Instead, you use a symmetric cipher to encrypt the document.
 The key used to drive the symmetric cipher is derived from a passphrase
 supplied when the document is encrypted, and for good security, it
 should not be the same passphrase that you use to protect your private key.
@@@@ -515,7 +515,7 @@@@
 Enter passphrase: 
 </screen>
 
- -The document is compressed before signed, and the output is in binary
+The document is compressed before being signed, and the output is in binary
 format.
 </para>
 
@@@@ -586,7 +586,7 @@@@
 version, and even with clearsigned documents, the signed document
 must be edited to recover the original.
 Therefore, there is a third method for signing a document that
- -creates a detached signature.
+creates a detached signature, which is a separate file.
 A detached signature is created using the 
 <link linkend="detach-signature"><option>--detach-sig</option></link>
 option.
- --- c2.sgml~	Tue Apr 18 16:40:55 2000
+++ ./c2.sgml	Tue Apr 18 18:31:33 2000
@@@@ -75,7 +75,7 @@@@
 <para>
 Britain used machines to guess keys during World War 2.
 The German Enigma had a very large key space, but the British built
- -speciailzed computing engines, the Bombes, to mechanically try 
+specialized computing engines, the Bombes, to mechanically try 
 keys until the day's key was found.
 This meant that sometimes they found the day's key within hours of
 the new key's use, but it also meant that on some days they never
@@@@ -125,7 +125,7 @@@@
 <!-- inlineequation -->
 <emphasis>n(n-1)/2</emphasis> keys
 are needed for each pair of people to communicate privately.
- -This may be ok for a small number of people but quickly becomes unwieldly
+This may be OK for a small number of people but quickly becomes unwieldy
 for large groups of people.
 </para>
 
@@@@ -330,7 +330,7 @@@@
 An algorithm that does work is to use a public key algorithm to
 encrypt only the signature.
 In particular, the hash value is encrypted using the signer's private
- -key, and anbody can check the signature using the public key.
+key, and anybody can check the signature using the public key.
 The signed document can be sent using any other encryption algorithm
 including none if it is a public document.
 If the document is modified the signature check will fail, but this
- --- c3.sgml~	Tue Apr 18 17:45:29 2000
+++ ./c3.sgml	Tue Apr 18 18:30:45 2000
@@@@ -494,7 +494,7 @@@@
 </term>
 <listitem>
 <para>
- -Nothing is known about the owner's judgement in key signing.
+Nothing is known about the owner's judgment in key signing.
 Keys on your public keyring that you do not own initially have
 this trust level.
 </para>
- --- c4.sgml~	Tue Apr 18 18:25:13 2000
+++ ./c4.sgml	Tue Apr 18 18:29:38 2000
@@@@ -87,7 +87,7 @@@@
 encrypted messages.
 Protecting your private key prevents an attacker from simply using your
 private key to decrypt encrypted messages and sign messages in your name.
- -Correctly managing your web of trust prevents attackers from masquarading
+Correctly managing your web of trust prevents attackers from masquerading
 as people with whom you communicate.
 Ultimately, addressing these issues with respect to your own security
 needs is how you balance the extra work required to use &gnupg; with
@@@@ -471,7 +471,7 @@@@
 You must rely on the signatures of others and hope to find a chain
 of signatures leading from the key in question back to your own.
 To have any chance of finding a chain, you must take the initiative
- -and get your key signed by others outside of your intitial web of trust.
+and get your key signed by others outside of your initial web of trust.
 An effective way to accomplish this is to participate in key
 signing parties.
 If you are going to a conference look ahead of time for a key
- --- c5.sgml~	Sat Oct  2 04:54:12 1999
+++ ./c5.sgml	Tue Apr 18 18:27:21 2000
@@@@ -59,9 +59,9 @@@@
 As a user interface designer, you should try to make it clear at 
 all times when one of the two keys is being used.
 You could also use wizards or other common GUI techniques for
- -guiding the user through common tasks such as key generation where
- -extra steps such as generating a key revocation certification and 
- -making a backup are all but essential for using &gnupg; correctly.
+guiding the user through common tasks, such as key generation, where
+extra steps, such as generating a key revocation certification and 
+making a backup, are all but essential for using &gnupg; correctly.
 Other comments from the paper include the following.
 <itemizedlist>
 <listitem>
- --- manual.sgml~	Sat Oct  2 04:40:35 1999
+++ ./manual.sgml	Tue Apr 18 18:32:47 2000
@@@@ -46,7 +46,7 @@@@
 </copyright>
 <abstract>
 <para>
- -Please direct questions, bug reports, or suggesstions concerning
+Please direct questions, bug reports, or suggestions concerning
 this manual to the maintainer, Mike Ashley (<email>jashley@@acm.org</email>).
 Contributors to this manual also include Matthew Copeland, Joergen Grahn, 
 and David A. Wheeler.  J Horacio MG has translated the manual to Spanish.

- -- 
PGP Fingerprint: 3E7B A3F3 96CA 8958 ACC5  C8BD 6337 0041 C01C 5276
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQE4/Q2KYzcAQcAcUnYRAoO8AKC2UY1ZQpKosKr/YAXJWUngHuCVYQCgrLwb
abNgjs+1tH1YEOBLtKfq+6Q=
=C9aY
-----END PGP SIGNATURE-----








@


1.4
log
@- reminder to make sure Chimera is acknowledged if his stuff survives in
the translated version.
@
text
@d1 2
@


1.3
log
@- queued a patch for typos and suggested changes.  might as well wait until
  we translate the revised German version back to English before rolling
  these in.
@
text
@d59 20
@


1.2
log
@- added a few things to do that were suggested by readers.
@
text
@d40 184
@


1.1
log
@init directory structure
@
text
@d1 56
@

