7 files changed, 76 insertions, 7 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 63415c4da..b01d3b179 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,14 @@
+2007-12-13  Werner Koch  <wk@g10code.com>
+
+	* qualified.txt: Add 2 root certs from S-Trust for 2008-2012.
+	* examples/trustlist.txt: Ditto.
+
+	* gpgsm.texi (Esoteric Options): Document --extra-digest-algo.
+
+2007-12-12  Werner Koch  <wk@g10code.com>
+
+	* gpg.texi: Typo fixes.  From Christer Andersson.
+
 2007-12-04  Werner Koch  <wk@g10code.com>
 
 	* help.txt: New online help file.
diff --git a/doc/debugging.texi b/doc/debugging.texi
index fb27b2710..242d601cb 100644
--- a/doc/debugging.texi
+++ b/doc/debugging.texi
@@ -182,7 +182,12 @@ such a certificate.  You may use the @code{relax} flag in
 fingerprint and this flag may only be added manually to
 @file{trustlist.txt}.
 
+@item Error message: ``digest algorithm N has not been enabled''
 
+The signature is broken.  You may try the option
+@option{--extra-digest-algo SHA256} to workaround the problem.  The
+number N is the internal algorighm indentifier; for example 8 refers to
+SHA-256.
 
 @end itemize
 
diff --git a/doc/examples/trustlist.txt b/doc/examples/trustlist.txt
index 1fcae4106..fa80ed4fc 100644
--- a/doc/examples/trustlist.txt
+++ b/doc/examples/trustlist.txt
@@ -38,6 +38,17 @@ DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B  S
 #       Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
 A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D  S
 
+#          S/N: 00B3963E0E6C2D65125853E970665402E5
+#       Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA  S
+
+#          S/N: 00C4216083F35C54F67B09A80C3C55FE7D
+#       Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B  S
+
+
 #Serial number: 00
 #       Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.
 #               cacert.org/O=Root CA/EMail=support@cacert.org
diff --git a/doc/gpg.texi b/doc/gpg.texi
index f7b7df856..cc048b1db 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -113,7 +113,7 @@ Developer information:
 @node GPG Commands
 @section Commands
 
-Commands are not distinguished from options execpt for the fact that
+Commands are not distinguished from options except for the fact that
 only one command is allowed.
 
 @command{@gpgname} may be run with no commands, in which case it will
@@ -876,7 +876,7 @@ encountered, you can explicitly stop parsing by using the special option
 @node GPG Configuration Options
 @subsection How to change the configuration
 
-These options are used to change the configuraton and are usually found
+These options are used to change the configuration and are usually found
 in the option file.
 
 @table @gnupgtabopt
@@ -2456,13 +2456,13 @@ listed. @option{--list-config} is only usable with
 
 @item --gpgconf-list
 @opindex gpgconf-list
-This command is simliar to @option{--list-config} but in general only
+This command is similar to @option{--list-config} but in general only
 internally used by the @command{gpgconf} tool.
 
 @item --gpgconf-test
 @opindex gpgconf-test
 This is more or less dummy action.  However it parses the configuration
-file and returns with failure if the configuraion file would prevent
+file and returns with failure if the configuration file would prevent
 @command{gpg} from startup.  Thus it may be used to run a syntax check
 on the configuration file.
 
@@ -2560,7 +2560,7 @@ For existing users the a small
 helper script is provided to create these files (@pxref{addgnupghome}).
 @end ifclear
 
-For internal purposes @command{@gpgname} creates and maintaines a few other
+For internal purposes @command{@gpgname} creates and maintains a few other
 files; They all live in in the current home directory (@pxref{option
 --homedir}).  Only the @command{@gpgname} may modify these files.
 
@@ -2686,7 +2686,7 @@ user for the filename.
 @include specify-user-id.texi
 @end ifset
 
-@mansect return vaue
+@mansect return value
 @chapheading RETURN VALUE
 
 The program returns 0 if everything was fine, 1 if at least
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index e5ae1688c..12f882e09 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -569,6 +569,19 @@ encryption.  For convenience the strings @code{3DES}, @code{AES} and
 
 @table @gnupgtabopt
 
+@item --extra-digest-algo @var{name}
+@opindex extra-digest-algo
+Sometimes signatures are broken in that they announce a different digest
+algorithm than actually used.  @command{gpgsm} uses a one-pass data
+processing model and thus needs to rely on the announcde digest
+algorithms to properly hash the data.  As a workaround this option may
+be used to tell gpg to also hash the data using the algorithm
+@var{name}; this slows processing down a little bit but allows to verify
+such broken signatures.  If @command{gpgsm} prints an error like
+``digest algo 8 has not been enabled'' you may want to try this option,
+with @samp{SHA256} for @var{name}.
+
+
 @item --faked-system-time @var{epoch}
 @opindex faked-system-time
 This option is only useful for testing; it sets the system time back or
diff --git a/doc/qualified.txt b/doc/qualified.txt
index f6a54d66e..ddd77972b 100644
--- a/doc/qualified.txt
+++ b/doc/qualified.txt
@@ -180,6 +180,35 @@ E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C  de
 7A:3C:1B:60:2E:BD:A4:A1:E0:EB:AD:7A:BA:4F:D1:43:69:A9:39:FC  de
 
 
+#           ID: 0xA8FEA3CA
+#          S/N: 00B3963E0E6C2D65125853E970665402E5
+#       Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+#      Subject: /CN=S-TRUST Qualified Root CA 2008-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+#     validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-12-13 via received ZIP file with qualified signature from 
+#         /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
+#         /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg]
+C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA
+
+#           ID: 0x3A7D979B
+#          S/N: 00C4216083F35C54F67B09A80C3C55FE7D
+#       Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+#      Subject: /CN=S-TRUST Qualified Root CA 2008-002:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+#     validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-12-13 via received ZIP file with qualified signature from 
+#         /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
+#         /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"]
+D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B
 
 
 #*******************************************
diff --git a/doc/specify-user-id.texi b/doc/specify-user-id.texi
index 0929a10f8..7d23ed86f 100644
--- a/doc/specify-user-id.texi
+++ b/doc/specify-user-id.texi
@@ -121,7 +121,7 @@ This should return the Root cert of the issuer.  See note above.
 
 
 @item By exact match on serial number and issuer's DN.
-This is indicated by a hash mark, followed by the hexadecmal
+This is indicated by a hash mark, followed by the hexadecimal
 representation of the serial number, then followed by a slash and the
 RFC-2253 encoded DN of the issuer. See note above.