diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2017-10-14 14:37:01 +1300 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2017-10-14 14:39:56 +1300 |
commit | 79dd92c2eefe13b064f81e9622e12228e586d616 (patch) | |
tree | a9a35bba08d548cb8ecfb710e97cb40985bbc1fc /bin | |
parent | Bump version number (diff) | |
download | Mail-Run-Crypt-79dd92c2eefe13b064f81e9622e12228e586d616.tar.gz Mail-Run-Crypt-79dd92c2eefe13b064f81e9622e12228e586d616.zip |
Documentation corrections
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/runcrypt | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/bin/runcrypt b/bin/runcrypt index 6dedd11..2f16dac 100755 --- a/bin/runcrypt +++ b/bin/runcrypt @@ -155,31 +155,42 @@ The arguments beyond the options are used as the command name to run: =over 4 -=item C<--sign> +=item C<--mailto> -Whether to sign the output. This defaults to 0. An ID and passphrase file will -need to be provided for signing to work. +The recipient address for the encryption portion of the email. This defaults to +the value of the environment variable C<RUNCRYPT_MAILTO> if that is set, or +C<MAILTO> failing that, to make it suitable for use in a B<crontab(5)> file. =item C<--encrypt> Whether to encrypt the output to the recipient. This defaults to 1. -=item C<--keyid> +=item C<--sign> -The GnuPG key ID that should be used to encrypt the messages. This is required -for signing. It can be any means of identifying the key acceptable to GnuPG; -the key's 16-byte ("long") hexadecimal ID prefixed with C<0x> is probably the -best way. This defaults to the value of the environment variable -C<RUNCRYPT_KEYID>. +Whether to sign the output. This defaults to 0. An ID and passphrase file will +need to be provided for signing to work. It is I<strongly> recommended that a dedicated key and passphrase be used for signatures if this is needed. You should carefully consider the consequences of a compromised key. +=item C<--keyid> + +The GnuPG key ID that should be used to sign messages. This is required for +signing, and has no effect if C<--sign> is not given. It can be any means of +identifying the key acceptable to GnuPG; the key's 16-byte ("long") hexadecimal +ID prefixed with C<0x> is probably the best way. + +This defaults to the value of the environment variable C<RUNCRYPT_KEYID>. + =item C<--passfile> Path to a filename that should be read to get the key passphrase for signing. This defaults to the value of the environment variable C<RUNCRYPT_PASSFILE>. +This is required for signing, and has no effect if C<--sign> is not given. + +One trailing newline will be removed from the file contents with +L<C<chomp>|perlfunc/"chomp VARIABLE"> if present. It is I<strongly> recommended, but not enforced by this program, that this file have strict permissions (not group or world-readable). @@ -187,12 +198,6 @@ have strict permissions (not group or world-readable). By design, there is no way to specify the passphrase directly as an argument. This has too many negative security implications. -=item C<--mailto> - -The recipient address for the encryption portion of the email. This defaults to -the value of the environment variable C<RUNCRYPT_MAILTO> if that is set, or -C<MAILTO> failing that, to make it suitable for use in a B<crontab(5)> file. - =item C<--name> The name for this instance of the module, which will be used as the first word |