gnupg: Esoteric Options
5.2.5 Doing things one usually do not want to do
------------------------------------------------
'--extra-digest-algo NAME'
Sometimes signatures are broken in that they announce a different
digest algorithm than actually used. 'gpgsm' uses a one-pass data
processing model and thus needs to rely on the announced digest
algorithms to properly hash the data. As a workaround this option
may be used to tell 'gpgsm' to also hash the data using the
algorithm NAME; this slows processing down a little bit but allows
verification of such broken signatures. If 'gpgsm' prints an error
like "digest algo 8 has not been enabled" you may want to try this
option, with 'SHA256' for NAME.
'--faked-system-time EPOCH'
This option is only useful for testing; it sets the system time
back or forth to EPOCH which is the number of seconds elapsed since
the year 1970. Alternatively EPOCH may be given as a full ISO time
string (e.g. "20070924T154812").
'--with-ephemeral-keys'
Include ephemeral flagged keys in the output of key listings. Note
that they are included anyway if the key specification for a
listing is given as fingerprint or keygrip.
'--debug-level LEVEL'
Select the debug level for investigating problems. LEVEL may be a
numeric value or by a keyword:
'none'
No debugging at all. A value of less than 1 may be used
instead of the keyword.
'basic'
Some basic debug messages. A value between 1 and 2 may be
used instead of the keyword.
'advanced'
More verbose debug messages. A value between 3 and 5 may be
used instead of the keyword.
'expert'
Even more detailed messages. A value between 6 and 8 may be
used instead of the keyword.
'guru'
All of the debug messages you can get. A value greater than 8
may be used instead of the keyword. The creation of hash
tracing files is only enabled if the keyword is used.
How these messages are mapped to the actual debugging flags is not
specified and may change with newer releases of this program. They
are however carefully selected to best aid in debugging.
'--debug FLAGS'
This option is only useful for debugging and the behaviour may
change at any time without notice; using '--debug-levels' is the
preferred method to select the debug verbosity. FLAGS are bit
encoded and may be given in usual C-Syntax. The currently defined
bits are:
'0 (1)'
X.509 or OpenPGP protocol related data
'1 (2)'
values of big number integers
'2 (4)'
low level crypto operations
'5 (32)'
memory allocation
'6 (64)'
caching
'7 (128)'
show memory statistics
'9 (512)'
write hashed data to files named 'dbgmd-000*'
'10 (1024)'
trace Assuan protocol
Note, that all flags set using this option may get overridden by
'--debug-level'.
'--debug-all'
Same as '--debug=0xffffffff'
'--debug-allow-core-dump'
Usually 'gpgsm' tries to avoid dumping core by well written code
and by disabling core dumps for security reasons. However, bugs
are pretty durable beasts and to squash them it is sometimes useful
to have a core dump. This option enables core dumps unless the Bad
Thing happened before the option parsing.
'--debug-no-chain-validation'
This is actually not a debugging option but only useful as such.
It lets 'gpgsm' bypass all certificate chain validation checks.
'--debug-ignore-expiration'
This is actually not a debugging option but only useful as such.
It lets 'gpgsm' ignore all notAfter dates, this is used by the
regression tests.
'--passphrase-fd n'
Read the passphrase from file descriptor 'n'. Only the first line
will be read from file descriptor 'n'. If you use 0 for 'n', the
passphrase will be read from STDIN. This can only be used if only
one passphrase is supplied.
Note that this passphrase is only used if the option '--batch' has
also been given.
'--pinentry-mode mode'
Set the pinentry mode to 'mode'. Allowed values for 'mode' are:
default
Use the default of the agent, which is 'ask'.
ask
Force the use of the Pinentry.
cancel
Emulate use of Pinentry's cancel button.
error
Return a Pinentry error ("No Pinentry").
loopback
Redirect Pinentry queries to the caller. Note that in
contrast to Pinentry the user is not prompted again if he
enters a bad password.
'--request-origin ORIGIN'
Tell gpgsm to assume that the operation ultimately originated at
ORIGIN. Depending on the origin certain restrictions are applied
and the Pinentry may include an extra note on the origin.
Supported values for ORIGIN are: 'local' which is the default,
'remote' to indicate a remote origin or 'browser' for an operation
requested by a web browser.
'--no-common-certs-import'
Suppress the import of common certificates on keybox creation.
All the long options may also be given in the configuration file
after stripping off the two leading dashes.
Info Catalog
gnupg: CMS Options
gnupg: GPGSM Options