1998-02-26 17:56:31 +01:00
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
gpg - GNU Privacy Guard
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
B<gpg> [--homedir name] [--options file] [options] command [args]
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
1998-04-14 19:51:16 +02:00
|
|
|
This is the main program for the GNUPG system.
|
1998-02-26 17:56:31 +01:00
|
|
|
|
|
|
|
=head1 COMMANDS
|
|
|
|
|
|
|
|
B<gpg> recognizes these commands:
|
|
|
|
|
|
|
|
B<-s>, B<--sign>
|
1998-04-14 19:51:16 +02:00
|
|
|
Make a signature. This option may be combined
|
1998-02-26 17:56:31 +01:00
|
|
|
with B<--encrypt>.
|
|
|
|
|
|
|
|
B<--clearsign>
|
|
|
|
Make a clear text signature.
|
|
|
|
|
|
|
|
B<-b>, B<--detach-sign>
|
|
|
|
Make a detached signature.
|
|
|
|
|
|
|
|
B<-e>, B<--encrypt>
|
|
|
|
Encrypt data. This option may be combined with B<--sign>.
|
|
|
|
|
|
|
|
B<-c>, B<--symmetric>
|
1998-04-14 19:51:16 +02:00
|
|
|
Encrypt with symmetric cipher only
|
1998-02-26 17:56:31 +01:00
|
|
|
This command asks for a passphrase.
|
|
|
|
|
|
|
|
B<--store>
|
1998-03-09 22:44:06 +01:00
|
|
|
store only (make a simple RFC1991 packet).
|
|
|
|
|
|
|
|
B<--decrypt> [I<file>]
|
|
|
|
Decrypt file (or stdin if no file is specified) and
|
|
|
|
write it to stdout (or the file specified with
|
|
|
|
B<--output>). If the decrypted file is signed, the
|
|
|
|
signature is also verified. This command differs
|
1998-04-14 19:51:16 +02:00
|
|
|
from the default operation, as it never writes to the
|
|
|
|
filename which is included in the file and it
|
1998-03-09 22:44:06 +01:00
|
|
|
rejects files which don't begin with an encrypted
|
|
|
|
message.
|
|
|
|
|
|
|
|
B<--verify> [[I<sigfile>] {I<signed-files>}]
|
|
|
|
Assume that I<filename> is a signature and verify it
|
|
|
|
without generating any output. With no arguments,
|
|
|
|
the signature packet is read from stdin (it may be a
|
|
|
|
detached signature when not used in batch mode). If
|
1998-04-14 19:51:16 +02:00
|
|
|
only a sigfile is given, it may be a complete signature
|
|
|
|
or a detached signature, in which case the signed stuff
|
1998-03-09 22:44:06 +01:00
|
|
|
is expected from stdin. With more than 1 argument, the
|
|
|
|
first should be a detached signature and the remaining
|
|
|
|
files are the signed stuff.
|
|
|
|
|
|
|
|
B<-k> [I<username>] [I<keyring>]
|
1998-04-14 19:51:16 +02:00
|
|
|
Kludge to be somewhat compatible with PGP.
|
|
|
|
Without arguments, all public key-rings are listed.
|
|
|
|
With one argument, only I<keyring> is listed.
|
1998-02-26 17:56:31 +01:00
|
|
|
Special combinations are also allowed, but it may
|
1998-04-14 19:51:16 +02:00
|
|
|
give strange results when combined with more options.
|
1998-02-26 17:56:31 +01:00
|
|
|
B<-kv> Same as B<-k>
|
|
|
|
B<-kvv> List the signatures with every key.
|
1998-04-14 19:51:16 +02:00
|
|
|
B<-kvvv> Additionally check all signatures.
|
1998-02-26 17:56:31 +01:00
|
|
|
B<-kvc> List fingerprints
|
|
|
|
B<-kvvc> List fingerprints and signatures
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--list-keys> [I<names>]
|
1998-04-14 19:51:16 +02:00
|
|
|
List all keys from the default public keyring, or just the ones
|
|
|
|
given on the command line.
|
1998-02-26 17:56:31 +01:00
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--list-sigs> [I<names>]
|
|
|
|
Same as B<--list-keys>, but the signatures are listed too.
|
1998-02-26 17:56:31 +01:00
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--check-sigs> [I<names>]
|
|
|
|
Same as B<--list-sigs>, but the signatures are verified.
|
|
|
|
|
|
|
|
B<--fingerprint> [I<names>]
|
|
|
|
List all keys with their fingerprints. This is the
|
|
|
|
same output as B<list-keys> but with the additonal output
|
|
|
|
of a line with the fingerprint. May also be combined
|
|
|
|
with B<--list-sigs> or B<--check-sigs>.
|
1998-02-26 17:56:31 +01:00
|
|
|
|
|
|
|
B<--list-packets>
|
|
|
|
List only the sequence of packets. This is mainly
|
|
|
|
useful for debugging.
|
|
|
|
|
|
|
|
B<--gen-key>
|
|
|
|
Generate a new key pair. This command can only be
|
|
|
|
used interactive.
|
|
|
|
|
|
|
|
B<--sign-key> I<name>
|
|
|
|
Make a signature on key of user I<name>.
|
|
|
|
This looks for the key, displays the key and checks
|
|
|
|
all existing signatures of this key. If the key is
|
|
|
|
not yet signed by the default user (or the users given
|
|
|
|
with B<-u>), the program displays the information of
|
1998-04-14 19:51:16 +02:00
|
|
|
the key again, together with its fingerprint and
|
|
|
|
asks whether it should be signed. This question
|
1998-02-26 17:56:31 +01:00
|
|
|
is repeated for all users specified with B<-u>.
|
|
|
|
The key is then signed and the keyring which
|
|
|
|
contains the key is updated.
|
|
|
|
|
|
|
|
|
|
|
|
B<--delete-key>
|
|
|
|
Remove key from the public keyring
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--delete-secret-key>
|
|
|
|
Remove key from the secret and public keyring
|
|
|
|
|
|
|
|
B<--edit-key>
|
1998-02-26 17:56:31 +01:00
|
|
|
Edit/remove a key signature.
|
|
|
|
|
|
|
|
B<--change-passphrase>
|
|
|
|
Change the passphrase of your secret keyring
|
|
|
|
|
|
|
|
B<--gen-revoke>
|
|
|
|
Generate a revocation certificate.
|
|
|
|
|
|
|
|
B<--export> [I<names>]
|
|
|
|
Either export all keys from all key-rings (default
|
1998-04-14 19:51:16 +02:00
|
|
|
key-rings and those registered via option B<--keyring>),
|
1998-02-26 17:56:31 +01:00
|
|
|
or if at least one name is given, those of the given
|
|
|
|
name. The new keyring is written to F<stdout> or to
|
|
|
|
the file given with option "output". Use together
|
|
|
|
with B<-a> to mail those keys.
|
|
|
|
|
|
|
|
B<--import>
|
|
|
|
import/merge keys
|
|
|
|
|
|
|
|
|
|
|
|
=head1 OPTIONS
|
|
|
|
|
|
|
|
Long options can be put in an options file (default F<~/.gnupg/options>);
|
|
|
|
do not write the 2 dashes, but simply the name of the option and any
|
1998-04-30 16:06:01 +02:00
|
|
|
arguments if required. Lines with a hash as the first non-white-space
|
1998-04-14 19:51:16 +02:00
|
|
|
character are ignored. Commands may be put in this file too, but that
|
1998-02-26 17:56:31 +01:00
|
|
|
does not make sense.
|
|
|
|
|
|
|
|
B<gpg> recognizes these options:
|
|
|
|
|
|
|
|
|
|
|
|
B<-a>, B<--armor>
|
|
|
|
Create ASCII armored output.
|
|
|
|
|
|
|
|
B<-o> I<file>, B<--output> I<file>
|
|
|
|
Write output to I<file>.
|
|
|
|
|
|
|
|
B<-u> I<name>, B<--local-user> I<name>
|
|
|
|
Use I<name> as the user-id to sign.
|
1998-03-09 22:44:06 +01:00
|
|
|
This option is silently ignored for the list commands,
|
|
|
|
so that it can be used in an options file.
|
1998-02-26 17:56:31 +01:00
|
|
|
|
|
|
|
B<-r> I<name>, B<--remote-user> I<name>
|
1998-03-09 22:44:06 +01:00
|
|
|
Use I<name> as the user-id for encryption.
|
|
|
|
This option is silently ignored for the list commands,
|
|
|
|
so that it can be used in an options file.
|
1998-02-26 17:56:31 +01:00
|
|
|
|
|
|
|
B<-v>, B<--verbose>
|
1998-04-14 19:51:16 +02:00
|
|
|
Give more information during processing. If used
|
|
|
|
twice, the input data is listed in detail.
|
1998-02-26 17:56:31 +01:00
|
|
|
|
|
|
|
|
|
|
|
B<-z> I<n>
|
|
|
|
Set compress level to I<n>. A value of 0 for I<n>
|
|
|
|
disables compression. Default is to use the default
|
|
|
|
compression level of zlib (which is 6).
|
|
|
|
|
|
|
|
B<-t>, B<--textmode>
|
|
|
|
Use canonical text mode. Used to make clear-text
|
|
|
|
signatures.
|
|
|
|
|
|
|
|
B<-n>, B<--dry-run>
|
|
|
|
Don't make any changes (not yet implemented).
|
|
|
|
|
|
|
|
B<--batch>
|
|
|
|
Batch mode; never ask, do not allow interactive
|
|
|
|
commands.
|
|
|
|
|
|
|
|
B<--no-batch>
|
|
|
|
Disable batch mode; this may be used if B<batch>
|
|
|
|
is used in the options file.
|
|
|
|
|
|
|
|
B<--yes>
|
|
|
|
Assume yes on most questions.
|
|
|
|
|
|
|
|
B<--no>
|
|
|
|
Assume no on most questions.
|
|
|
|
|
|
|
|
B<--keyring> I<file>
|
|
|
|
Add I<file> to the list of key-rings.
|
|
|
|
If I<file> begins with a tilde and a slash, these
|
|
|
|
are replaced by the HOME directory. If the filename
|
|
|
|
does not contain a slash, it is assumed to be in the
|
|
|
|
home-directory (F<~/.gnupg> if B<--homedir>) is not used.
|
|
|
|
|
|
|
|
B<--secret-keyring> I<file>
|
|
|
|
Same as B<--keyring> but for secret key-rings.
|
|
|
|
|
|
|
|
B<--homedir> I<dir>
|
|
|
|
Set the name of the home directory to I<dir>. If this
|
|
|
|
option is not used it defaults to F<~/.gnupg>. It does
|
1998-02-27 18:51:28 +01:00
|
|
|
not make sense to use this in a options file. This
|
|
|
|
also overrides the environment variable C<GNUPGHOME>.
|
1998-02-26 17:56:31 +01:00
|
|
|
|
|
|
|
B<--options> I<file>
|
|
|
|
Read options from I<file> and do not try to read
|
|
|
|
them from the default options file in the homedir
|
|
|
|
(see B<--homedir>). This option is ignored when used
|
|
|
|
in an options file.
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--no-options>
|
1998-02-26 17:56:31 +01:00
|
|
|
Shortcut for B<--options> I</dev/null>. This option is
|
|
|
|
detected before an attempt to open an option file.
|
|
|
|
|
|
|
|
B<--debug> I<flags>
|
|
|
|
Set debugging flags. All flags are or-ed and I<flags> may
|
|
|
|
be given in C syntax (e.g. 0x0042).
|
|
|
|
|
|
|
|
B<--debug-all>
|
|
|
|
Set all useful debugging flags.
|
|
|
|
|
|
|
|
B<--status-fd> I<n>
|
|
|
|
Write special status strings to the file descriptor I<n>.
|
|
|
|
|
|
|
|
B<--no-comment>
|
|
|
|
Do not write comment packets.
|
|
|
|
|
|
|
|
B<--completes-needed> I<n>
|
1998-04-14 19:51:16 +02:00
|
|
|
Number of completely trusted users to introduce a new
|
1998-02-26 17:56:31 +01:00
|
|
|
key signator (defaults to 1).
|
|
|
|
|
|
|
|
B<--marginals-needed> I<n>
|
|
|
|
Number of marginally trusted users to introduce a new
|
|
|
|
key signator (defaults to 3)
|
|
|
|
|
|
|
|
B<--cipher-algo> I<name>
|
|
|
|
Use I<name> as cipher algorithm. Running the program
|
1998-04-14 19:51:16 +02:00
|
|
|
with the option B<--verbose> yields a list of supported
|
1998-02-26 17:56:31 +01:00
|
|
|
algorithms.
|
|
|
|
|
|
|
|
B<--pubkey-algo> I<name>
|
|
|
|
Use I<name> as puplic key algorithm. Running the program
|
1998-04-14 19:51:16 +02:00
|
|
|
with the option B<--verbose> yields a list of supported
|
1998-02-26 17:56:31 +01:00
|
|
|
algorithms.
|
|
|
|
|
|
|
|
B<--digest-algo> I<name>
|
|
|
|
Use I<name> as message digest algorithm. Running the
|
1998-04-14 19:51:16 +02:00
|
|
|
program with the option B<--verbose> yields a list of
|
1998-02-26 17:56:31 +01:00
|
|
|
supported algorithms.
|
|
|
|
|
|
|
|
B<--passphrase-fd> I<n>
|
|
|
|
Read the passphrase from file descriptor I<n>. If you use
|
|
|
|
0 for I<n>, the passphrase will be read from stdin. This
|
|
|
|
can only be used if only one passphrase is supplied.
|
|
|
|
B<Don't use this option if you can avoid it>
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--no-verbose>
|
1998-02-26 17:56:31 +01:00
|
|
|
Reset verbose level to 0.
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--no-greeting>
|
1998-02-26 17:56:31 +01:00
|
|
|
Suppress the initial copyright message but do not
|
|
|
|
enter batch mode.
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--no-armor>
|
1998-02-26 17:56:31 +01:00
|
|
|
Assume the input data is not in ASCCI armored format.
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--no-default-keyring>
|
1998-02-26 17:56:31 +01:00
|
|
|
Do not add the default key-rings to the list of
|
|
|
|
key-rings.
|
|
|
|
|
1998-04-30 16:06:01 +02:00
|
|
|
B<--skip-verify>
|
|
|
|
Skip the signature verification step. This may be used to
|
|
|
|
make the encryption faster if the signature verification
|
|
|
|
is not needed.
|
|
|
|
|
1998-02-26 17:56:31 +01:00
|
|
|
B<--version>
|
|
|
|
Print version information along with a list
|
|
|
|
of supported algorithms.
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
B<--with-colons>
|
|
|
|
Print key listings delimited by colons.
|
|
|
|
|
1998-02-26 17:56:31 +01:00
|
|
|
B<--warranty>
|
|
|
|
Print warranty information.
|
|
|
|
|
|
|
|
B<-h>, B<--help>
|
|
|
|
Print usage information.
|
|
|
|
|
|
|
|
|
|
|
|
=head1 RETURN VALUE
|
|
|
|
|
|
|
|
The Program returns 0 if everything was fine, 1 if at least
|
|
|
|
a signature was bad and other errorcode for fatal errors.
|
|
|
|
|
|
|
|
=head1 EXAMPLES
|
|
|
|
|
|
|
|
-se -r Bob [file] sign and encrypt for user Bob
|
|
|
|
-sat [file] make a clear text signature
|
|
|
|
-sb [file] make a detached signature
|
|
|
|
-k [userid] show keys
|
|
|
|
-kc [userid] show fingerprint
|
|
|
|
|
|
|
|
=head1 ENVIRONMENT
|
|
|
|
|
1998-02-27 18:51:28 +01:00
|
|
|
C<HOME> Used to locate the default home directory.
|
|
|
|
C<GNUPGHOME> If set, direcory used instead of F<~/.gnupg>.
|
1998-02-26 17:56:31 +01:00
|
|
|
|
|
|
|
=head1 FILES
|
|
|
|
|
|
|
|
F<~/.gnupg/secring.gpg> The secret key-ring
|
|
|
|
|
|
|
|
F<~/.gnupg/pubring.gpg> The public key-ring
|
|
|
|
|
|
|
|
F<~/.gnupg/trustdb.gpg> The trust database
|
|
|
|
|
|
|
|
F<~/.gnupg/gnupg.gpg> Signature of GNUPG files.
|
|
|
|
|
|
|
|
F<~/.gnupg/options> May contain options
|
|
|
|
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
gpgm(1) gpgk(1)
|
|
|
|
|
|
|
|
|
|
|
|
=head1 WARNINGS
|
|
|
|
|
|
|
|
Use a B<good> password for your user account and a non-simple passphrase
|
|
|
|
to protect your secret key.
|
|
|
|
|
|
|
|
Keep in mind that, if this program is used over a network (telnet), it
|
|
|
|
is B<very> easy to spy out your passphrase!
|
|
|
|
|
|
|
|
|