diff options
author | James Crayne <jim.crayne@gmail.com> | 2015-06-23 20:12:26 -0400 |
---|---|---|
committer | James Crayne <jim.crayne@gmail.com> | 2015-06-23 20:12:26 -0400 |
commit | 317fd83c64e207974a0b8a0d2943b3b49800d6bb (patch) | |
tree | 2180089f2980b0cc5b66bc08cb776c8a7a3b1493 /kiki.hs | |
parent | be560ff09484e5c806d8c18bd922b014885d115b (diff) |
Improved documentation for sync-secret
Diffstat (limited to 'kiki.hs')
-rw-r--r-- | kiki.hs | 56 |
1 files changed, 46 insertions, 10 deletions
@@ -511,21 +511,38 @@ kiki_usage bSecret cmd = putStr $ | |||
511 | ,"kiki sync-secret FLAGS [--keypairs KEYSPEC ...] [--keyrings FILE ...] [--hosts FILE ...]" | 511 | ,"kiki sync-secret FLAGS [--keypairs KEYSPEC ...] [--keyrings FILE ...] [--hosts FILE ...]" |
512 | ," [--wallets FILE ...]" | 512 | ," [--wallets FILE ...]" |
513 | ,"" | 513 | ,"" |
514 | ," sync-secret merges a set of key files into a combined database and then" | 514 | ," sync-secret syncs the information inside your OpenGPG keyring with information" |
515 | ," uses the database to update all the input files, those inside and outside of" | 515 | ," in other files. Information flows both in and out of your keyring." |
516 | ," of the home directory (see --homedir), to have the most complete information." | 516 | ,"" |
517 | ," sync-secret works by first creating a combined database containing all information" | ||
518 | ," and then updating all files (including OpenGPG files, as well as files specified as" | ||
519 | ," arguments to the options --keyrings, --wallets, and --hosts) with information from" | ||
520 | ," from the combined database." | ||
521 | ,"" | ||
522 | ," Master keys in keyring files are fleshed out with all known subkeys" | ||
523 | ," in any file in which they appear. Ordinarily, if a file does not contain the master key" | ||
524 | ," already, it will not be added. However, in the case of --import or --import-if-authentic" | ||
525 | ," new master keys may be added to your OpenGPG keyring." | ||
526 | ,"" | ||
527 | ," Cryptocoin keys in wallet files are fleshed out with all CryptoCoin subkeys of the working" | ||
528 | ," key. The working key is updated with new CryptoCoin subkeys from all specified wallets." | ||
529 | ," Ordinarily, only one wallet is specified on the command line. If multiple wallets are" | ||
530 | ," specified, they will all have the same keys after the the operation completes." | ||
531 | ,"" | ||
532 | ," The --hosts option is experimental and may be removed in the future. Any files given" | ||
533 | ," as arguments to this option will be assumed to be in the format /etc/hosts, and will" | ||
534 | ," be updated with any hostname information currently stored within your OpenGPG keyring." | ||
535 | ," Additionally, if the file has hostnames for the ip corresponding to a master key, then" | ||
536 | ," then the mastekey is updated with unsigned annotations recording the additional hostnames." | ||
537 | ," Warning: this effects all master keys, regardless of whether they have secret key" | ||
538 | ," information, hence the annotations being unsigned." | ||
517 | ,"" | 539 | ,"" |
518 | ," The files pubring.gpg and secring.gpg in the directory specified by the" | 540 | ," The files pubring.gpg and secring.gpg in the directory specified by the" |
519 | ," --homedir option are implicitly included in the keyring set even if they" | 541 | ," --homedir option are implicitly included in the keyring set even if they" |
520 | ," are not included after the --keyrings option." | 542 | ," are not included after the --keyrings option." |
521 | ,"" | 543 | ,"" |
522 | ," Subkeys that are imported with kiki are given an annotation \"usage@\" which" | 544 | ," If KEYSPEC arguments appear prior to any of --keyrings, --wallets, or --hosts," |
523 | ," indicates what the key is for. This tag can be used as a SPEC to select a" | 545 | ," then they are interpretted as if arguments to --keypairs." |
524 | ," particular key. Master keys may be specified by using fingerprints or by" | ||
525 | ," specifying a substring of an associated UID." | ||
526 | ,"" | ||
527 | ," If no \"INPUT FILE\" options (documented below) are specified, then arguments" | ||
528 | ," are implicitly interpreted as being KEYSPECs for the --keypairs option." | ||
529 | ,"" | 546 | ,"" |
530 | ,"FLAGS" | 547 | ,"FLAGS" |
531 | ," --help Gives usage information" | 548 | ," --help Gives usage information" |
@@ -557,6 +574,25 @@ kiki_usage bSecret cmd = putStr $ | |||
557 | ," --keypairs [KEYSPEC ...]" | 574 | ," --keypairs [KEYSPEC ...]" |
558 | ," KEYSPEC := tag '=' file '{' <shell command to create key file> '}'" | 575 | ," KEYSPEC := tag '=' file '{' <shell command to create key file> '}'" |
559 | ," | tag '=' file" | 576 | ," | tag '=' file" |
577 | |||
578 | ," Specify the paths of private PEM files which either currently contain" | ||
579 | ," keys to be imported, or lack keys to be exported. If your working key" | ||
580 | ," has no subkey with the given tag, and the file is empty or does not exist," | ||
581 | ," and a shell command is specified in braces, then the shell command will be " | ||
582 | ," executed in a modified environment with the expectation of creating the PEM" | ||
583 | ," file for import." | ||
584 | ,"" | ||
585 | ," Subkeys that are imported with kiki are given an annotation \"usage@\" which" | ||
586 | ," indicates what the key is for. This tag can be used as a SPEC to select a" | ||
587 | ," particular key. If a specifed PEM file contains a novel key for an existing" | ||
588 | ," tag, it will import the new key and you will have multiple keys with the same" | ||
589 | ," tag." | ||
590 | ,"" | ||
591 | ," Your OpenGPG keyring contains time stamps for each subkey. Timestamps of newly" | ||
592 | ," imported keys will reflect the mtimes of the files from which they were imported." | ||
593 | ," In the case that the key already exists in your OpenGPG keyring as well as in one" | ||
594 | ," of the specified files, the timestamp in your OpenGPG keyring is not updated." | ||
595 | ,"" | ||
560 | ," Note that this option is implicit if no options documented in this section" | 596 | ," Note that this option is implicit if no options documented in this section" |
561 | ," were specified. See 'kiki help spec' for more information." | 597 | ," were specified. See 'kiki help spec' for more information." |
562 | ,"" | 598 | ,"" |