| | 215 | .TP |
|---|
| | 216 | .B GPG_NO_OPTIONS |
|---|
| | 217 | Make sure that GnuPG does not reference any options file when decrypting incoming |
|---|
| | 218 | SPA packets that have been encrypted with GnuPG by the fwknop client. |
|---|
| | 219 | .TP |
|---|
| | 220 | .B GPG_NO_REQUIRE_PREFIX |
|---|
| | 221 | This option controls whether the GnuPG 'hQ' prefix is added before base64 decoding |
|---|
| | 222 | and decrypting. Normally this option is not needed, but if there appear to be |
|---|
| | 223 | communications issues between the fwknop client and the fwknopd server in GnuPG |
|---|
| | 224 | mode, then this option can be useful to ensure that encrypted SPA data is sent |
|---|
| | 225 | through the GnuPG decryption routine. The 'hQ' prefix is a heuristic derived from |
|---|
| | 226 | the file 'magic' database for describing data encrypted with GnuPG, and the fwknop |
|---|
| | 227 | client normally strips this data from outgoing SPA packets (unless the |
|---|
| | 228 | --Include-gpg-prefix option is used). |
|---|
| | 229 | .TP |
|---|
| | 230 | .B GPG_PATH: <path> |
|---|
| | 231 | Specify a path to the gpg binary (commonly at /usr/bin/gpg). This can be used to |
|---|
| | 232 | switch between gpg vs. gpg2, or provide a path to a custom compiled version of gpg |
|---|
| | 233 | for testing purposes. |
|---|
