On 03/02/16 21:12, Robert J. Hansen wrote: > Beyond that, if there's anything > you've always thought the FAQ should mention, now's a great time to > suggest it. :)
I just notice section 8.19. It says to verify a download: > gpg foo.zip.asc As became clear in this[1] discussion, you should always specify the file to be verified, as in "gpg foo.zip.asc foo.zip". Section 8.20 supposes GnuPG <2.1, by the way, since it plays around with the fact that --export uses the same format as a keyring. I think it should be rephrased to use --import instead of using the output of --export as a keyring. Furthermore, I think a reasonably often asked question is "Why can't I provide the password in a pipe to GnuPG anymore?". Old 1.4 allowed this, but 2.0 is incapable of it and 2.1 needs a loopback pinentry. But of course, the answer could instead say that it is very unlikely that it is more secure than just not using a passphrase. I don't have time right now to actually supply the text to use for these things, sorry. HTH, Peter. [1] https://lists.gnupg.org/pipermail/gnupg-users/2014-November/051333.html -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
