manpagez: man pages & more
info gnupg
Home | html | info | man

File: gnupg.info,  Node: Compliance Options,  Next: GPG Esoteric Options,  Prev: OpenPGP Options,  Up: GPG Options

4.2.5 Compliance options
------------------------

These options control what GnuPG is compliant to.  Only one of these
options may be active at a time.  Note that the default setting of this
is nearly always the correct one.  See the INTEROPERABILITY WITH OTHER
OPENPGP PROGRAMS section below before using one of these options.

'--gnupg'
     Use standard GnuPG behavior.  This is essentially OpenPGP behavior
     (see '--openpgp'), but with extension from the proposed update to
     OpenPGP and with some additional workarounds for common
     compatibility problems in different versions of PGP. This is the
     default option, so it is not generally needed, but it may be useful
     to override a different compliance option in the gpg.conf file.

'--openpgp'
     Reset all packet, cipher and digest options to strict OpenPGP
     behavior.  This option implies '--allow-old-cipher-algos'.  Use
     this option to reset all previous options like '--s2k-*',
     '--cipher-algo', '--digest-algo' and '--compress-algo' to OpenPGP
     compliant values.  All PGP workarounds are disabled.

'--rfc4880'
     Reset all packet, cipher and digest options to strict RFC-4880
     behavior.  This option implies '--allow-old-cipher-algos'.  Note
     that this is currently the same thing as '--openpgp'.

'--rfc4880bis'
     Reset all packet, cipher and digest options to strict according to
     the proposed updates of RFC-4880.

'--rfc2440'
     Reset all packet, cipher and digest options to strict RFC-2440
     behavior.  Note that by using this option encryption packets are
     created in a legacy mode without MDC protection.  This is dangerous
     and should thus only be used for experiments.  This option implies
     '--allow-old-cipher-algos'.  See also option '--ignore-mdc-error'.

'--pgp6'
     This option is obsolete; it is handled as an alias for '--pgp7'

'--pgp7'
     Set up all options to be as PGP 7 compliant as possible.  This
     allowed the ciphers IDEA, 3DES, CAST5,AES128, AES192, AES256, and
     TWOFISH., the hashes MD5, SHA1 and RIPEMD160, and the compression
     algorithms none and ZIP. This option implies '--escape-from-lines'
     and disables '--throw-keyids',

'--pgp8'
     Set up all options to be as PGP 8 compliant as possible.  PGP 8 is
     a lot closer to the OpenPGP standard than previous versions of PGP,
     so all this does is disable '--throw-keyids' and set
     '--escape-from-lines'.  All algorithms are allowed except for the
     SHA224, SHA384, and SHA512 digests.

'--compliance STRING'
     This option can be used instead of one of the options above.  Valid
     values for STRING are the above option names (without the double
     dash) and possibly others as shown when using "help" for STRING.

'--min-rsa-length N'
     This option adjusts the compliance mode "de-vs" for stricter key
     size requirements.  For example, a value of 3000 turns rsa2048 and
     dsa2048 keys into non-VS-NfD compliant keys.

'--require-compliance'
     To check that data has been encrypted according to the rules of the
     current compliance mode, a gpg user needs to evaluate the status
     lines.  This is allows frontends to handle compliance check in a
     more flexible way.  However, for scripted use the required
     evaluation of the status-line requires quite some effort; this
     option can be used instead to make sure that the gpg process exits
     with a failure if the compliance rules are not fulfilled.  Note
     that this option has currently an effect only in "de-vs" mode.

© manpagez.com 2000-2024
Individual documents may contain additional copyright information.