1999-06-16 18:25:37 +00:00
|
|
|
<!-- gpg.sgml - the man page for GnuPG
|
2001-04-28 18:53:00 +00:00
|
|
|
Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
|
1999-06-16 18:25:37 +00:00
|
|
|
|
|
|
|
This file is part of GnuPG.
|
|
|
|
|
|
|
|
GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
GnuPG is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
|
|
|
-->
|
|
|
|
<!-- This file should be processed by docbook-to-man to
|
1999-08-31 15:30:12 +00:00
|
|
|
create a manual page. This program has currently the bug
|
1999-06-16 18:25:37 +00:00
|
|
|
not to remove leading white space. So this source file does
|
|
|
|
not look very pretty
|
|
|
|
|
|
|
|
FIXME: generated a file with entity (e.g. pathnames) from the
|
|
|
|
configure scripts and include it here
|
|
|
|
-->
|
|
|
|
|
|
|
|
|
2000-01-14 17:26:00 +00:00
|
|
|
<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [
|
1999-06-16 18:25:37 +00:00
|
|
|
<!entity ParmDir "<parameter>directory</parameter>">
|
|
|
|
<!entity ParmFile "<parameter>file</parameter>">
|
|
|
|
<!entity OptParmFile "<optional>&ParmFile;</optional>">
|
|
|
|
<!entity ParmFiles "<parameter>files</parameter>">
|
|
|
|
<!entity OptParmFiles "<optional>&ParmFiles;</optional>">
|
|
|
|
<!entity ParmNames "<parameter>names</parameter>">
|
|
|
|
<!entity OptParmNames "<optional>&ParmNames;</optional>">
|
|
|
|
<!entity ParmName "<parameter>name</parameter>">
|
|
|
|
<!entity OptParmName "<optional>&ParmName;</optional>">
|
|
|
|
<!entity ParmKeyIDs "<parameter>key IDs</parameter>">
|
|
|
|
<!entity ParmN "<parameter>n</parameter>">
|
|
|
|
<!entity ParmFlags "<parameter>flags</parameter>">
|
|
|
|
<!entity ParmString "<parameter>string</parameter>">
|
|
|
|
<!entity ParmValue "<parameter>value</parameter>">
|
|
|
|
<!entity ParmNameValue "<parameter>name=value</parameter>">
|
|
|
|
]>
|
|
|
|
|
|
|
|
<refentry id="gpg">
|
|
|
|
<refmeta>
|
|
|
|
<refentrytitle>gpg</refentrytitle>
|
|
|
|
<manvolnum>1</manvolnum>
|
|
|
|
<refmiscinfo class="gnu">GNU Tools</refmiscinfo>
|
|
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
|
|
<refname/gpg/
|
|
|
|
<refpurpose>encryption and signing tool</>
|
|
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
|
|
<synopsis>
|
|
|
|
<command>gpg</>
|
|
|
|
<optional>--homedir <parameter/name/</optional>
|
|
|
|
<optional>--options <parameter/file/</optional>
|
|
|
|
<optional><parameter/options/</optional>
|
|
|
|
<parameter>command</>
|
|
|
|
<optional><parameter/args/</optional>
|
|
|
|
</synopsis>
|
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>DESCRIPTION</title>
|
|
|
|
<para>
|
|
|
|
<command/gpg/ is the main program for the GnuPG system.
|
|
|
|
</para>
|
2000-07-12 11:35:30 +00:00
|
|
|
<para>
|
2001-04-02 17:22:17 +00:00
|
|
|
This man page only lists the commands and options available.
|
2000-07-12 11:35:30 +00:00
|
|
|
For a more verbose documentation get the GNU Privacy Handbook (GPH), which is
|
|
|
|
available at http://www.gnupg.org/gph/ .
|
|
|
|
You will find a list of HOWTO documents at http://www.gnupg.org/docs.html .
|
|
|
|
</para>
|
1999-06-16 18:25:37 +00:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>COMMANDS</title>
|
|
|
|
<para>
|
|
|
|
<command/gpg/ recognizes these commands:
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-s, --sign</term>
|
|
|
|
<listitem><para>
|
|
|
|
Make a signature. This command may be combined
|
|
|
|
with --encrypt.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--clearsign</term>
|
|
|
|
<listitem><para>
|
|
|
|
Make a clear text signature.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-b, --detach-sign</term>
|
|
|
|
<listitem><para>
|
|
|
|
Make a detached signature.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-e, --encrypt</term>
|
|
|
|
<listitem><para>
|
|
|
|
Encrypt data. This option may be combined with --sign.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-c, --symmetric</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
Encrypt with symmetric cipher only.
|
1999-06-16 18:25:37 +00:00
|
|
|
This command asks for a passphrase.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--store</term>
|
|
|
|
<listitem><para>
|
|
|
|
Store only (make a simple RFC1991 packet).
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--decrypt &OptParmFile;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Decrypt &ParmFile; (or stdin if no file is specified) and
|
|
|
|
write it to stdout (or the file specified with
|
|
|
|
--output). If the decrypted file is signed, the
|
|
|
|
signature is also verified. This command differs
|
|
|
|
from the default operation, as it never writes to the
|
|
|
|
filename which is included in the file and it
|
|
|
|
rejects files which don't begin with an encrypted
|
|
|
|
message.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--verify <optional><optional><parameter/sigfile/</optional>
|
|
|
|
<optional><parameter/signed-files/</optional></optional></term>
|
|
|
|
<listitem><para>
|
|
|
|
Assume that <parameter/sigfile/ is a signature and verify it
|
|
|
|
without generating any output. With no arguments,
|
2000-11-30 12:08:36 +00:00
|
|
|
the signature packet is read from stdin. If
|
1999-06-16 18:25:37 +00:00
|
|
|
only a sigfile is given, it may be a complete
|
|
|
|
signature or a detached signature, in which case
|
|
|
|
the signed stuff is expected in a file without the
|
2000-11-30 12:08:36 +00:00
|
|
|
".sig" or ".asc" extension.
|
|
|
|
With more than
|
1999-06-16 18:25:37 +00:00
|
|
|
1 argument, the first should be a detached signature
|
2000-11-30 12:08:36 +00:00
|
|
|
and the remaining files are the signed stuff. To read the signed
|
|
|
|
stuff from stdin, use <literal>-</literal> as the second filename.
|
|
|
|
For security reasons a detached signature cannot read the signed
|
|
|
|
material from stdin without denoting it in the above way.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-09-20 10:25:21 +00:00
|
|
|
<varlistentry>
|
2000-01-14 17:26:00 +00:00
|
|
|
<term>--verify-files <optional><parameter/files/</optional></term>
|
1999-09-20 10:25:21 +00:00
|
|
|
<listitem><para>
|
|
|
|
This is a special version of the --verify command which does not work with
|
2000-11-30 12:08:36 +00:00
|
|
|
detached signatures. The command expects the files to be verified either
|
2001-04-02 17:22:17 +00:00
|
|
|
on the command line or reads the filenames from stdin; each name must be on
|
1999-09-20 10:25:21 +00:00
|
|
|
separate line. The command is intended for quick checking of many files.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<!--
|
|
|
|
B<-k> [I<username>] [I<keyring>]
|
|
|
|
Kludge to be somewhat compatible with PGP.
|
|
|
|
Without arguments, all public keyrings are listed.
|
|
|
|
With one argument, only I<keyring> is listed.
|
|
|
|
Special combinations are also allowed, but they may
|
|
|
|
give strange results when combined with more options.
|
|
|
|
B<-kv> Same as B<-k>
|
|
|
|
B<-kvv> List the signatures with every key.
|
|
|
|
B<-kvvv> Additionally check all signatures.
|
|
|
|
B<-kvc> List fingerprints
|
|
|
|
B<-kvvc> List fingerprints and signatures
|
|
|
|
|
|
|
|
B<This command may be removed in the future!>
|
|
|
|
-->
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--list-keys &OptParmNames;</term>
|
|
|
|
<term>--list-public-keys &OptParmNames;</term>
|
|
|
|
<listitem><para>
|
|
|
|
List all keys from the public keyrings, or just the
|
|
|
|
ones given on the command line.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--list-secret-keys &OptParmNames;</term>
|
|
|
|
<listitem><para>
|
|
|
|
List all keys from the secret keyrings, or just the
|
|
|
|
ones given on the command line.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--list-sigs &OptParmNames;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Same as --list-keys, but the signatures are listed too.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
1999-06-26 10:23:06 +00:00
|
|
|
<term>--check-sigs &OptParmNames;</term>
|
1999-06-16 18:25:37 +00:00
|
|
|
<listitem><para>
|
|
|
|
Same as --list-sigs, but the signatures are verified.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--fingerprint &OptParmNames;</term>
|
|
|
|
<listitem><para>
|
|
|
|
List all keys with their fingerprints. This is the
|
|
|
|
same output as --list-keys but with the additional output
|
|
|
|
of a line with the fingerprint. May also be combined
|
|
|
|
with --list-sigs or --check-sigs.
|
|
|
|
If this command is given twice, the fingerprints of all
|
|
|
|
secondary keys are listed too.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--list-packets</term>
|
|
|
|
<listitem><para>
|
|
|
|
List only the sequence of packets. This is mainly
|
|
|
|
useful for debugging.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--gen-key</term>
|
|
|
|
<listitem><para>
|
2000-03-09 14:23:16 +00:00
|
|
|
Generate a new key pair. This command is normally only used
|
2001-04-02 17:22:17 +00:00
|
|
|
interactively.
|
2000-03-09 14:23:16 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2001-04-02 17:22:17 +00:00
|
|
|
There is an experimental feature which allows you to create keys
|
2000-03-09 14:23:16 +00:00
|
|
|
in batch mode. See the file <filename>doc/DETAILS</filename>
|
|
|
|
in the source distribution on how to use this.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--edit-key &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Present a menu which enables you to do all key
|
|
|
|
related tasks:</para>
|
|
|
|
<variablelist>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>sign</term>
|
|
|
|
<listitem><para>
|
|
|
|
Make a signature on key of user &ParmName;
|
|
|
|
If the key is not yet signed by the default
|
|
|
|
user (or the users given with -u), the
|
|
|
|
program displays the information of the key
|
|
|
|
again, together with its fingerprint and
|
|
|
|
asks whether it should be signed. This
|
|
|
|
question is repeated for all users specified
|
|
|
|
with -u.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>lsign</term>
|
|
|
|
<listitem><para>
|
|
|
|
Same as --sign but the signature is marked as
|
1999-09-06 18:10:27 +00:00
|
|
|
non-exportable and will therefore never be used
|
1999-06-16 18:25:37 +00:00
|
|
|
by others. This may be used to make keys valid
|
|
|
|
only in the local environment.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>revsig</term>
|
|
|
|
<listitem><para>
|
|
|
|
Revoke a signature. GnuPG asks for every
|
1999-09-28 19:00:49 +00:00
|
|
|
signature which has been done by one of
|
1999-06-16 18:25:37 +00:00
|
|
|
the secret keys, whether a revocation
|
|
|
|
certificate should be generated.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>trust</term>
|
|
|
|
<listitem><para>
|
|
|
|
Change the owner trust value. This updates the
|
|
|
|
trust-db immediately and no save is required.</para></listitem></varlistentry>
|
1999-07-01 10:53:35 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>disable</term>
|
|
|
|
<term>enable</term>
|
|
|
|
<listitem><para>
|
|
|
|
Disable or enable an entire key. A disabled key can normally not be used
|
|
|
|
for encryption.</para></listitem></varlistentry>
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>adduid</term>
|
|
|
|
<listitem><para>
|
|
|
|
Create an alternate user id.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>deluid</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
Delete a user id.</para></listitem></varlistentry>
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>addkey</term>
|
|
|
|
<listitem><para>
|
|
|
|
Add a subkey to this key.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>delkey</term>
|
|
|
|
<listitem><para>
|
|
|
|
Remove a subkey.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>revkey</term>
|
|
|
|
<listitem><para>
|
|
|
|
Revoke a subkey.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>expire</term>
|
|
|
|
<listitem><para>
|
|
|
|
Change the key expiration time. If a key is
|
|
|
|
selected, the time of this key will be changed.
|
|
|
|
With no selection the key expiration of the
|
|
|
|
primary key is changed.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>passwd</term>
|
|
|
|
<listitem><para>
|
|
|
|
Change the passphrase of the secret key.</para></listitem></varlistentry>
|
2001-08-09 13:11:51 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>primary</term>
|
|
|
|
<listitem><para>
|
|
|
|
Flag the current user id as the primary one, removes the primary user
|
|
|
|
id flag from all other user ids and sets the timestamp of all
|
|
|
|
affected self-signatures one second ahead.</para></listitem></varlistentry>
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>uid &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Toggle selection of user id with index &ParmN;.
|
|
|
|
Use 0 to deselect all.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>key &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Toggle selection of subkey with index &ParmN;.
|
|
|
|
Use 0 to deselect all.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>check</term>
|
|
|
|
<listitem><para>
|
|
|
|
Check all selected user ids.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>pref</term>
|
|
|
|
<listitem><para>
|
|
|
|
List preferences.</para></listitem></varlistentry>
|
2001-04-25 10:05:33 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>showpref</term>
|
|
|
|
<listitem><para>
|
|
|
|
More verbose preferences listing.</para></listitem></varlistentry>
|
2001-08-10 14:04:32 +00:00
|
|
|
<varlistentry>
|
2001-08-09 13:11:51 +00:00
|
|
|
<term>setpref &ParmString;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Set the list of user ID preferences to &ParmString;, this should be
|
|
|
|
a string similar to the one printed by "pref". Using an empty string
|
|
|
|
will set the default preference string, using "none" will set the
|
|
|
|
preferences to nil. Only available algorithms are allowed. This
|
|
|
|
command just initializes an internal list and does not change anything
|
|
|
|
unless another command which changes the self-signatures is used.
|
|
|
|
</para></listitem></varlistentry>
|
2001-08-10 14:04:32 +00:00
|
|
|
<varlistentry>
|
2001-08-09 13:11:51 +00:00
|
|
|
<term>updpref</term>
|
|
|
|
<listitem><para>
|
|
|
|
Change the preferences of all user IDs (or just of the selected ones
|
|
|
|
to the current list of preferences. The timestamp of all affected
|
|
|
|
self-signatures fill be advanced by one second.
|
|
|
|
</para></listitem></varlistentry>
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>toggle</term>
|
|
|
|
<listitem><para>
|
|
|
|
Toggle between public and secret key listing.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>save</term>
|
|
|
|
<listitem><para>
|
|
|
|
Save all changes to the key rings and quit.</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>quit</term>
|
|
|
|
<listitem><para>
|
|
|
|
Quit the program without updating the
|
|
|
|
key rings.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
<para>
|
|
|
|
The listing shows you the key with its secondary
|
|
|
|
keys and all user ids. Selected keys or user ids
|
|
|
|
are indicated by an asterisk. The trust value is
|
|
|
|
displayed with the primary key: the first is the
|
|
|
|
assigned owner trust and the second is the calculated
|
|
|
|
trust value. Letters are used for the values:</para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry><term>-</term><listitem><para>No ownertrust assigned / not yet calculated.</para></listitem></varlistentry>
|
2001-04-20 12:21:23 +00:00
|
|
|
<varlistentry><term>e</term><listitem><para>Trust
|
|
|
|
calculation has failed; probably due to an expired key.</para></listitem></varlistentry>
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry><term>q</term><listitem><para>Not enough information for calculation.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>n</term><listitem><para>Never trust this key.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>m</term><listitem><para>Marginally trusted.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>f</term><listitem><para>Fully trusted.</para></listitem></varlistentry>
|
|
|
|
<varlistentry><term>u</term><listitem><para>Ultimately trusted.</para></listitem></varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</listitem></varlistentry>
|
|
|
|
|
1999-07-12 16:49:22 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--sign-key &ParmName;</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
Sign a public key with your secret key. This is a shortcut version
|
1999-08-04 08:45:27 +00:00
|
|
|
of the subcommand "sign" from --edit.
|
1999-07-12 16:49:22 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--lsign-key &ParmName;</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
Sign a public key with your secret key but mark it as non-exportable.
|
1999-08-04 08:45:27 +00:00
|
|
|
This is a shortcut version of the subcommand "lsign" from --edit.
|
1999-07-12 16:49:22 +00:00
|
|
|
</para></listitem></varlistentry>
|
1999-06-16 18:25:37 +00:00
|
|
|
|
2000-09-06 12:51:58 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--trusted-key <parameter>long key ID</parameter></term>
|
|
|
|
<listitem><para>
|
|
|
|
Assume that the specified key (which must be given
|
|
|
|
as a full 8 byte key ID) is as trustworthy as one of
|
|
|
|
your own secret keys. This option is useful if you
|
|
|
|
don't want to keep your secret keys (or one of them)
|
2001-04-02 17:22:17 +00:00
|
|
|
online but still want to be able to check the validity of a given
|
2000-09-06 12:51:58 +00:00
|
|
|
recipient's or signator's key.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--delete-key &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Remove key from the public keyring
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--delete-secret-key &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Remove key from the secret and public keyring
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2001-01-23 13:56:30 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--delete-secret-and-public-key &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Same as --delete-key, but if a secret key exists, it will be removed first.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--gen-revoke</term>
|
|
|
|
<listitem><para>
|
|
|
|
Generate a revocation certificate for the complete key. To revoke
|
|
|
|
a subkey or a signature, use the --edit command.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--export &OptParmNames;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Either export all keys from all keyrings (default
|
|
|
|
keyrings and those registered via option --keyring),
|
|
|
|
or if at least one name is given, those of the given
|
|
|
|
name. The new keyring is written to stdout or to
|
|
|
|
the file given with option "output". Use together
|
|
|
|
with --armor to mail those keys.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--send-keys &OptParmNames;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Same as --export but sends the keys to a keyserver.
|
|
|
|
Option --keyserver must be used to give the name
|
|
|
|
of this keyserver. Don't send your complete keyring
|
|
|
|
to a keyserver - select only those keys which are new
|
|
|
|
or changed by you.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--export-all &OptParmNames;</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
Same as --export, but also exports keys which
|
|
|
|
are not compatible with OpenPGP.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--export-secret-keys &OptParmNames;</term>
|
2000-01-14 17:26:00 +00:00
|
|
|
<term>--export-secret-subkeys &OptParmNames;</term>
|
1999-06-16 18:25:37 +00:00
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
Same as --export, but exports the secret keys instead.
|
1999-06-16 18:25:37 +00:00
|
|
|
This is normally not very useful and a security risk.
|
2001-04-02 17:22:17 +00:00
|
|
|
The second form of the command has the special property to
|
2000-01-14 17:26:00 +00:00
|
|
|
render the secret part of the primary key useless; this is
|
|
|
|
a GNU extension to OpenPGP and other implementations can
|
2001-04-02 17:22:17 +00:00
|
|
|
not be expected to successfully import such a key.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--import &OptParmFiles;</term>
|
|
|
|
<term>--fast-import &OptParmFiles;</term>
|
|
|
|
<listitem><para>
|
1999-08-04 08:45:27 +00:00
|
|
|
Import/merge keys. This adds the given keys to the
|
|
|
|
keyring.
|
|
|
|
The fast version does not build
|
1999-06-16 18:25:37 +00:00
|
|
|
the trustdb; this can be done at any time with the
|
|
|
|
command --update-trustdb.
|
2000-07-27 15:33:37 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
There are a few other options which control how this command works.
|
2001-04-02 17:22:17 +00:00
|
|
|
Most notable here is the --merge-only option which does not insert new keys
|
2000-07-27 15:33:37 +00:00
|
|
|
but does only the merging of new signatures, user-IDs and subkeys.
|
2000-12-07 10:55:10 +00:00
|
|
|
See also the option --allow-secret-key-import.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--recv-keys &ParmKeyIDs;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Import the keys with the given key IDs from a HKP
|
|
|
|
keyserver. Option --keyserver must be used to
|
|
|
|
give the name of this keyserver.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--export-ownertrust</term>
|
|
|
|
<listitem><para>
|
|
|
|
List the assigned ownertrust values in ASCII format
|
2001-04-02 17:22:17 +00:00
|
|
|
for backup purposes.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--import-ownertrust &OptParmFiles;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Update the trustdb with the ownertrust values stored
|
|
|
|
in &ParmFiles; (or stdin if not given); existing
|
|
|
|
values will be overwritten.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
1999-07-13 15:41:14 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--print-md <parameter>algo</parameter> &OptParmFiles;</term>
|
2001-08-08 12:34:00 +00:00
|
|
|
<term>--print-mds &OptParmFiles;</term>
|
1999-07-13 15:41:14 +00:00
|
|
|
<listitem><para>
|
2001-08-08 12:34:00 +00:00
|
|
|
Print message digest of algorithm ALGO for all given files or stdin.
|
|
|
|
With the second form (or a deprecated "*" as algo) digests for all
|
|
|
|
available algorithms are printed.
|
1999-07-13 15:41:14 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--gen-random <parameter>0|1|2</parameter>
|
|
|
|
<optional><parameter>count</parameter></optional></term>
|
|
|
|
<listitem><para>
|
|
|
|
Emit COUNT random bytes of the given quality level. If count is not given
|
1999-08-31 15:30:12 +00:00
|
|
|
or zero, an endless sequence of random bytes will be emitted.
|
2001-04-02 17:22:17 +00:00
|
|
|
PLEASE, don't use this command unless you know what you are doing; it may
|
1999-07-13 15:41:14 +00:00
|
|
|
remove precious entropy from the system!
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--gen-prime <parameter>mode</parameter>
|
|
|
|
<parameter>bits</parameter>
|
|
|
|
<optional><parameter>qbits</parameter></optional></term>
|
|
|
|
<listitem><para>
|
|
|
|
Use the source, Luke :-). The output format is still subject to change.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--version</term>
|
|
|
|
<listitem><para>
|
|
|
|
Print version information along with a list
|
|
|
|
of supported algorithms.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--warranty</term>
|
|
|
|
<listitem><para>
|
|
|
|
Print warranty information.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-h, --help</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
Print usage information. This is a really long list even though it doesn't list
|
|
|
|
all options.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>OPTIONS</title>
|
|
|
|
<para>
|
|
|
|
Long options can be put in an options file (default "~/.gnupg/options").
|
|
|
|
Do not write the 2 dashes, but simply the name of the option and any
|
|
|
|
required arguments. Lines with a hash as the first non-white-space
|
|
|
|
character are ignored. Commands may be put in this file too, but that
|
|
|
|
does not make sense.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
<command/gpg/ recognizes these options:
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-a, --armor</term>
|
|
|
|
<listitem><para>
|
|
|
|
Create ASCII armored output.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-o, --output &ParmFile;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Write output to &ParmFile;.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-u, --local-user &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmName as the user ID to sign.
|
|
|
|
This option is silently ignored for the list commands,
|
|
|
|
so that it can be used in an options file.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--default-key &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmName; as default user ID for signatures. If this
|
|
|
|
is not used the default user ID is the first user ID
|
|
|
|
found in the secret keyring.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-r, --recipient &ParmName;</term>
|
|
|
|
<term></term>
|
|
|
|
<listitem><para>
|
|
|
|
Encrypt for user id &ParmName;. If this option is not
|
1999-07-13 15:41:14 +00:00
|
|
|
specified, GnuPG asks for the user-id unless --default-recipient is given
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-07-13 15:41:14 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--default-recipient &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmName; as default recipient if option --recipient is not used and
|
2001-04-02 17:22:17 +00:00
|
|
|
don't ask if this is a valid one. &ParmName; must be non-empty.
|
1999-07-13 15:41:14 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--default-recipient-self</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use the default key as default recipient if option --recipient is not used and
|
|
|
|
don't ask if this is a valid one. The default key is the first one from the
|
|
|
|
secret keyring or the one set with --default-key.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-default-recipient</term>
|
|
|
|
<listitem><para>
|
|
|
|
Reset --default-recipient and --default-recipient-self.
|
|
|
|
</para></listitem></varlistentry>
|
1999-06-16 18:25:37 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--encrypt-to &ParmName;</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
Same as --recipient but this one is intended for use
|
|
|
|
in the options file and may be used with
|
|
|
|
your own user-id as an "encrypt-to-self". These keys
|
1999-06-16 18:25:37 +00:00
|
|
|
are only used when there are other recipients given
|
|
|
|
either by use of --recipient or by the asked user id.
|
1999-07-01 10:53:35 +00:00
|
|
|
No trust checking is performed for these user ids and
|
|
|
|
even disabled keys can be used.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-encrypt-to</term>
|
|
|
|
<listitem><para>
|
|
|
|
Disable the use of all --encrypt-to keys.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-v, --verbose</term>
|
|
|
|
<listitem><para>
|
|
|
|
Give more information during processing. If used
|
|
|
|
twice, the input data is listed in detail.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-q, --quiet</term>
|
|
|
|
<listitem><para>
|
|
|
|
Try to be as quiet as possible.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-z &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Set compression level to &ParmN;. A value of 0 for &ParmN;
|
|
|
|
disables compression. Default is to use the default
|
|
|
|
compression level of zlib (normally 6).
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-t, --textmode</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use canonical text mode. If -t (but not
|
|
|
|
--textmode) is used together with armoring
|
|
|
|
and signing, this enables clearsigned messages.
|
|
|
|
This kludge is needed for PGP compatibility;
|
|
|
|
normally you would use --sign or --clearsign
|
|
|
|
to selected the type of the signature.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-n, --dry-run</term>
|
|
|
|
<listitem><para>
|
|
|
|
Don't make any changes (this is not completely implemented).
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-i, --interactive</term>
|
|
|
|
<listitem><para>
|
|
|
|
Prompt before overwriting any files.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--batch</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use batch mode. Never ask, do not allow interactive
|
|
|
|
commands.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-05-12 11:59:49 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--no-tty</term>
|
|
|
|
<listitem><para>
|
|
|
|
Make sure that the TTY (terminal) is never used for any output.
|
|
|
|
This option is needed in some cases because GnuPG sometimes prints
|
2001-04-02 17:22:17 +00:00
|
|
|
warnings to the TTY if --batch is used.
|
2000-05-12 11:59:49 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-batch</term>
|
|
|
|
<listitem><para>
|
|
|
|
Disable batch mode. This may be of use if --batch
|
|
|
|
is enabled from an options file.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--yes</term>
|
|
|
|
<listitem><para>
|
|
|
|
Assume "yes" on most questions.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no</term>
|
|
|
|
<listitem><para>
|
|
|
|
Assume "no" on most questions.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-07-22 18:11:55 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--always-trust</term>
|
|
|
|
<listitem><para>
|
|
|
|
Skip key validation and assume that used keys are always fully trusted.
|
|
|
|
You won't use this unless you have installed some external validation scheme.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--keyserver &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmName to lookup keys which are not yet in
|
|
|
|
your keyring. This is only done while verifying
|
|
|
|
messages with signatures. The option is also
|
|
|
|
required for the command --send-keys to
|
|
|
|
specify the keyserver to where the keys should
|
|
|
|
be send. All keyservers synchronize with each
|
|
|
|
other - so there is no need to send keys to more
|
|
|
|
than one server. Using the command
|
|
|
|
"host -l pgp.net | grep wwwkeys" gives you a
|
|
|
|
list of keyservers. Because there is load
|
|
|
|
balancing using round-robin DNS you may notice
|
|
|
|
that you get different key servers.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-06-09 07:56:49 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-auto-key-retrieve</term>
|
|
|
|
<listitem><para>
|
|
|
|
This option disables the automatic retrieving of keys from a keyserver
|
2001-04-02 17:22:17 +00:00
|
|
|
while verifying signatures. This option allows you to keep a keyserver in
|
|
|
|
the options file for the --send-keys and --recv-keys commands.
|
2000-06-09 07:56:49 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
1999-10-08 18:34:56 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--honor-http-proxy</term>
|
|
|
|
<listitem><para>
|
|
|
|
Try to access the keyserver over the proxy set with the variable
|
|
|
|
"http_proxy".
|
|
|
|
</para></listitem></varlistentry>
|
1999-06-16 18:25:37 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--keyring &ParmFile;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Add &ParmFile to the list of keyrings.
|
|
|
|
If &ParmFile begins with a tilde and a slash, these
|
|
|
|
are replaced by the HOME directory. If the filename
|
|
|
|
does not contain a slash, it is assumed to be in the
|
|
|
|
home-directory ("~/.gnupg" if --homedir is not used).
|
|
|
|
The filename may be prefixed with a scheme:</para>
|
|
|
|
<para>"gnupg-ring:" is the default one.</para>
|
2000-04-19 08:54:37 +00:00
|
|
|
<para>"gnupg-gdbm:" may be used for a GDBM ring. Note that GDBM
|
|
|
|
is experimental and likely to be removed in future versions.</para>
|
1999-06-16 18:25:37 +00:00
|
|
|
<para>It might make sense to use it together with --no-default-keyring.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--secret-keyring &ParmFile;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Same as --keyring but for the secret keyrings.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--homedir &ParmDir;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Set the name of the home directory to &ParmDir; If this
|
|
|
|
option is not used it defaults to "~/.gnupg". It does
|
|
|
|
not make sense to use this in a options file. This
|
|
|
|
also overrides the environment variable "GNUPGHOME".
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--charset &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Set the name of the native character set. This is used
|
|
|
|
to convert some strings to proper UTF-8 encoding.
|
|
|
|
Valid values for &ParmName; are:</para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term>iso-8859-1</term><listitem><para>This is the default Latin 1 set.</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>iso-8859-2</term><listitem><para>The Latin 2 set.</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>koi8-r</term><listitem><para>The usual Russian set (rfc1489).</para></listitem>
|
|
|
|
</varlistentry>
|
2001-04-20 12:21:23 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>utf-8</term><listitem><para>Bypass all translations and assume
|
|
|
|
that the OS uses native UTF-8 encoding.</para></listitem>
|
|
|
|
</varlistentry>
|
1999-06-16 18:25:37 +00:00
|
|
|
</variablelist>
|
|
|
|
</listitem></varlistentry>
|
|
|
|
|
|
|
|
|
1999-07-01 10:53:35 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--utf8-strings</term>
|
|
|
|
<term>--no-utf8-strings</term>
|
|
|
|
<listitem><para>
|
|
|
|
Assume that the arguments are already given as UTF8 strings. The default
|
|
|
|
(--no-utf8-strings)
|
|
|
|
is to assume that arguments are encoded in the character set as specified
|
2001-04-02 17:22:17 +00:00
|
|
|
by --charset. These options affect all following arguments. Both options may
|
|
|
|
be used multiple times.
|
1999-07-01 10:53:35 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--options &ParmFile;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Read options from &ParmFile; and do not try to read
|
|
|
|
them from the default options file in the homedir
|
|
|
|
(see --homedir). This option is ignored if used
|
|
|
|
in an options file.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-options</term>
|
|
|
|
<listitem><para>
|
|
|
|
Shortcut for "--options /dev/null". This option is
|
|
|
|
detected before an attempt to open an option file.
|
2001-08-07 15:35:13 +00:00
|
|
|
Using this option will also prevent the creation of a
|
|
|
|
"~./gnupg" homedir.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--load-extension &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Load an extension module. If &ParmName; does not
|
|
|
|
contain a slash it is searched in "/usr/local/lib/gnupg"
|
|
|
|
See the manual for more information about extensions.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--debug &ParmFlags;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Set debugging flags. All flags are or-ed and &ParmFlags; may
|
|
|
|
be given in C syntax (e.g. 0x0042).
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--debug-all</term>
|
|
|
|
<listitem><para>
|
|
|
|
Set all useful debugging flags.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--status-fd &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Write special status strings to the file descriptor &ParmN;.
|
|
|
|
See the file DETAILS in the documentation for a listing of them.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--logger-fd &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Write log output to file descriptor &ParmN; and not to stderr.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-comment</term>
|
|
|
|
<listitem><para>
|
|
|
|
Do not write comment packets. This option affects only
|
2000-07-27 08:02:59 +00:00
|
|
|
the generation of secret keys. Please note, that this has nothing
|
|
|
|
to do with the comments in clear text signatures.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--comment &ParmString;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmString; as comment string in clear text signatures.
|
2001-08-07 15:35:13 +00:00
|
|
|
The default is not do write a comment string.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--default-comment</term>
|
|
|
|
<listitem><para>
|
|
|
|
Force to write the standard comment string in clear
|
|
|
|
text signatures. Use this to overwrite a --comment
|
2001-08-07 15:35:13 +00:00
|
|
|
from a config file. This option is now obsolete because there is no
|
|
|
|
default comment string anymore.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-version</term>
|
|
|
|
<listitem><para>
|
|
|
|
Omit the version string in clear text signatures.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--emit-version</term>
|
|
|
|
<listitem><para>
|
|
|
|
Force to write the version string in clear text
|
|
|
|
signatures. Use this to overwrite a previous
|
|
|
|
--no-version from a config file.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>-N, --notation-data &ParmNameValue;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Put the name value pair into the signature as notation data.
|
2001-04-02 17:22:17 +00:00
|
|
|
&ParmName; must consist only of alphanumeric characters, digits
|
1999-06-16 18:25:37 +00:00
|
|
|
or the underscore; the first character must not be a digit.
|
2001-04-02 17:22:17 +00:00
|
|
|
&ParmValue; may be any printable string; it will be encoded in UTF8,
|
|
|
|
so you should check that your --charset is set correctly.
|
1999-06-16 18:25:37 +00:00
|
|
|
If you prefix &ParmName; with an exclamation mark, the notation
|
|
|
|
data will be flagged as critical (rfc2440:5.2.3.15).
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--set-policy-url &ParmString;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmString; as Policy URL for signatures (rfc2440:5.2.3.19).
|
|
|
|
If you prefix it with an exclamation mark, the policy URL
|
|
|
|
packet will be flagged as critical.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--set-filename &ParmString;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmString; as the name of file which is stored in
|
|
|
|
messages.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-08-31 15:30:12 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--use-embedded-filename</term>
|
|
|
|
<listitem><para>
|
|
|
|
Try to create a file with a name as embedded in the data.
|
|
|
|
This can be a dangerous option as it allows to overwrite files.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--completes-needed &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Number of completely trusted users to introduce a new
|
|
|
|
key signer (defaults to 1).
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--marginals-needed &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Number of marginally trusted users to introduce a new
|
|
|
|
key signer (defaults to 3)
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--max-cert-depth &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Maximum depth of a certification chain (default is 5).
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--cipher-algo &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmName; as cipher algorithm. Running the program
|
|
|
|
with the command --version yields a list of supported
|
|
|
|
algorithms. If this is not used the cipher algorithm is
|
|
|
|
selected from the preferences stored with the key.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
1999-07-15 08:16:46 +00:00
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--digest-algo &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmName; as message digest algorithm. Running the
|
|
|
|
program with the command --version yields a list of
|
|
|
|
supported algorithms. Please note that using this
|
|
|
|
option may violate the OpenPGP requirement, that a
|
|
|
|
160 bit hash is to be used for DSA.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--s2k-cipher-algo &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmName; as the cipher algorithm used to protect secret
|
|
|
|
keys. The default cipher is BLOWFISH. This cipher is
|
|
|
|
also used for conventional encryption if --cipher-algo
|
|
|
|
is not given.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--s2k-digest-algo &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use &ParmName; as the digest algorithm used to mangle the
|
|
|
|
passphrases. The default algorithm is RIPE-MD-160.
|
|
|
|
This digest algorithm is also used for conventional
|
|
|
|
encryption if --digest-algo is not given.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--s2k-mode &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Selects how passphrases are mangled. If &ParmN; is 0
|
|
|
|
a plain passphrase (which is not recommended) will be used,
|
|
|
|
a 1 (default) adds a salt to the passphrase and
|
|
|
|
a 3 iterates the whole process a couple of times.
|
|
|
|
Unless --rfc1991 is used, this mode is also used
|
|
|
|
for conventional encryption.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--compress-algo &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Use compress algorithm &ParmN;. Default is 2 which is
|
2000-08-25 14:00:15 +00:00
|
|
|
RFC1950 compression. You may use 1 to use the old zlib
|
|
|
|
version (RFC1951) which is used by PGP. The default algorithm may
|
1999-06-16 18:25:37 +00:00
|
|
|
give better results because the window size is not limited
|
|
|
|
to 8K. If this is not used the OpenPGP behavior is used,
|
|
|
|
i.e. the compression algorithm is selected from the
|
|
|
|
preferences; note, that this can't be done if you do
|
|
|
|
not encrypt the data.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
1999-07-15 08:16:46 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--disable-cipher-algo &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Never allow the use of &ParmName; as cipher algorithm.
|
|
|
|
The given name will not be checked so that a later loaded algorithm
|
|
|
|
will still get disabled.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--disable-pubkey-algo &ParmName;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Never allow the use of &ParmName; as public key algorithm.
|
|
|
|
The given name will not be checked so that a later loaded algorithm
|
|
|
|
will still get disabled.
|
1999-08-04 08:45:27 +00:00
|
|
|
</para></listitem></varlistentry>
|
2001-03-27 18:13:44 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-sig-cache</term>
|
|
|
|
<listitem><para>
|
2001-04-17 16:20:32 +00:00
|
|
|
Do not cache the verification status of key signatures.
|
|
|
|
Caching gives a much better performance in key listings. However, if
|
|
|
|
you suspect that your public keyring is not save against write
|
2001-03-27 18:13:44 +00:00
|
|
|
modifications, you can use this option to disable the caching. It
|
2001-04-02 17:22:17 +00:00
|
|
|
probably does not make sense to disable it because all kind of damage
|
2001-03-27 18:13:44 +00:00
|
|
|
can be done if someone else has write access to your public keyring.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
|
|
|
|
<term>--no-sig-create-check</term>
|
|
|
|
<listitem><para>
|
|
|
|
GnuPG normally verifies each signature right after creation to protect
|
2001-04-02 17:22:17 +00:00
|
|
|
against bugs and hardware malfunctions which could leak out bits from
|
2001-03-27 18:13:44 +00:00
|
|
|
the secret key. This extra verification needs some time (about 115%
|
2001-04-17 16:20:32 +00:00
|
|
|
for DSA keys), and so this option can be used to disable it.
|
2001-03-27 18:13:44 +00:00
|
|
|
However, due to the fact that the signature creation needs manual
|
2001-04-17 16:20:32 +00:00
|
|
|
interaction, this performance penalty does not matter in most settings.
|
2001-03-27 18:13:44 +00:00
|
|
|
</para></listitem></varlistentry>
|
1999-07-15 08:16:46 +00:00
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--throw-keyid</term>
|
|
|
|
<listitem><para>
|
|
|
|
Do not put the keyid into encrypted packets. This option
|
|
|
|
hides the receiver of the message and is a countermeasure
|
|
|
|
against traffic analysis. It may slow down the decryption
|
|
|
|
process because all available secret keys are tried.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--not-dash-escaped</term>
|
|
|
|
<listitem><para>
|
|
|
|
This option changes the behavior of cleartext signatures
|
|
|
|
so that they can be used for patch files. You should not
|
|
|
|
send such an armored file via email because all spaces
|
|
|
|
and line endings are hashed too. You can not use this
|
|
|
|
option for data which has 5 dashes at the beginning of a
|
|
|
|
line, patch files don't have this. A special armor header
|
|
|
|
line tells GnuPG about this cleartext signature option.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--escape-from-lines</term>
|
|
|
|
<listitem><para>
|
|
|
|
Because some mailers change lines starting with "From "
|
|
|
|
to "<From " it is good to handle such lines in a special
|
|
|
|
way when creating cleartext signatures. All other PGP
|
|
|
|
versions do it this way too. This option is not enabled
|
|
|
|
by default because it would violate rfc2440.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--passphrase-fd &ParmN;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Read the passphrase from file descriptor &ParmN;. If you use
|
|
|
|
0 for &ParmN;, the passphrase will be read from stdin. This
|
|
|
|
can only be used if only one passphrase is supplied.
|
|
|
|
<!--fixme: make this print strong-->
|
|
|
|
Don't use this option if you can avoid it.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-05-18 09:30:29 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--command-fd &ParmN;</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
This is a replacement for the deprecated shared-memory IPC mode.
|
2000-05-18 09:30:29 +00:00
|
|
|
If this option is enabled, user input on questions is not expected
|
|
|
|
from the TTY but from the given file descriptor. It should be used
|
|
|
|
together with --status-fd. See the file doc/DETAILS in the source
|
|
|
|
distribution for details on how to use it.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2001-04-28 18:53:00 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--use-agent</term>
|
|
|
|
<listitem><para>
|
|
|
|
Try to use the GnuPG-Agent. Please note that this agent is still under
|
|
|
|
development. With this option, GnuPG first tries to connect to the
|
|
|
|
agent before it asks for a passphrase.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--rfc1991</term>
|
|
|
|
<listitem><para>
|
|
|
|
Try to be more RFC1991 (PGP 2.x) compliant.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--openpgp</term>
|
|
|
|
<listitem><para>
|
|
|
|
Reset all packet, cipher and digest options to OpenPGP
|
|
|
|
behavior. Use this option to reset all previous
|
|
|
|
options like --rfc1991, --force-v3-sigs, --s2k-*,
|
|
|
|
--cipher-algo, --digest-algo and --compress-algo to
|
2000-01-05 10:46:34 +00:00
|
|
|
OpenPGP compliant values. All PGP workarounds are also
|
|
|
|
disabled.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--force-v3-sigs</term>
|
|
|
|
<listitem><para>
|
|
|
|
OpenPGP states that an implementation should generate
|
|
|
|
v4 signatures but PGP 5.x recognizes v4 signatures only
|
2001-04-02 17:22:17 +00:00
|
|
|
on key material. This option forces v3 signatures for
|
1999-06-16 18:25:37 +00:00
|
|
|
signatures on data.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--force-mdc</term>
|
|
|
|
<listitem><para>
|
|
|
|
Force the use of encryption with appended manipulation
|
2001-04-02 17:22:17 +00:00
|
|
|
code. This is always used with the newer ciphers (those
|
1999-06-16 18:25:37 +00:00
|
|
|
with a blocksize greater than 64 bit).
|
1999-08-04 08:45:27 +00:00
|
|
|
This option might not be implemented yet.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-07-22 18:11:55 +00:00
|
|
|
<varlistentry>
|
1999-08-04 08:45:27 +00:00
|
|
|
<term>--allow-non-selfsigned-uid</term>
|
1999-07-22 18:11:55 +00:00
|
|
|
<listitem><para>
|
2000-10-19 16:01:37 +00:00
|
|
|
Allow the import of keys with user IDs which are not self-signed, but
|
|
|
|
have at least one signature.
|
|
|
|
This only allows the import - key validation will fail and you
|
1999-07-22 18:11:55 +00:00
|
|
|
have to check the validity of the key my other means. This hack is
|
|
|
|
needed for some German keys generated with pgp 2.6.3in. You should really
|
|
|
|
avoid using it, because OpenPGP has better mechanics to do separate signing
|
|
|
|
and encryption keys.
|
|
|
|
</para></listitem></varlistentry>
|
2000-08-23 17:47:49 +00:00
|
|
|
<varlistentry>
|
|
|
|
|
|
|
|
<term>--allow-freeform-uid</term>
|
|
|
|
<listitem><para>
|
|
|
|
Disable all checks on the form of the user ID while generating a new
|
|
|
|
one. This option should only be used in very special environments as
|
|
|
|
it does not ensure the de-facto standard format of user IDs.
|
|
|
|
</para></listitem></varlistentry>
|
1999-07-22 18:11:55 +00:00
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
|
2000-02-09 14:35:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--ignore-time-conflict</term>
|
|
|
|
<listitem><para>
|
|
|
|
GnuPG normally checks that the timestamps associated with keys and
|
|
|
|
signatures have plausible values. However, sometimes a signature seems to
|
|
|
|
be older than the key due to clock problems. This option makes these
|
|
|
|
checks just a warning.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2001-08-01 10:30:24 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--ignore-valid-from</term>
|
|
|
|
<listitem><para>
|
|
|
|
GnuPG normally does not select and use subkeys created in the future. This
|
|
|
|
option allows the use of such keys and thus exhibits the pre-1.0.7
|
|
|
|
behaviour. You should not use this option unless you there is some
|
|
|
|
clock problem.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-10-19 16:01:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--ignore-crc-error</term>
|
|
|
|
<listitem><para>
|
|
|
|
The ASCII armor used by OpenPG is protected by a CRC checksum against
|
|
|
|
transmission errors. Sometimes it happens that the CRC gets mangled
|
|
|
|
somewhere on the transmission channel
|
|
|
|
but the actual content (which is anyway protected by
|
2001-04-02 17:22:17 +00:00
|
|
|
the OpenPGP protocol) is still okay. This option will let gpg ignore
|
2000-10-19 16:01:37 +00:00
|
|
|
CRC errors.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-02-09 14:35:37 +00:00
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--lock-once</term>
|
|
|
|
<listitem><para>
|
|
|
|
Lock the databases the first time a lock is requested
|
|
|
|
and do not release the lock until the process
|
|
|
|
terminates.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--lock-multiple</term>
|
|
|
|
<listitem><para>
|
|
|
|
Release the locks every time a lock is no longer
|
|
|
|
needed. Use this to override a previous --lock-once
|
|
|
|
from a config file.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-04-14 17:34:30 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--lock-never</term>
|
|
|
|
<listitem><para>
|
|
|
|
Disable locking entirely. This option should be used only in very
|
|
|
|
special environments, where it can be assured that only one process
|
2001-04-02 17:22:17 +00:00
|
|
|
is accessing those files. A bootable floppy with a stand-alone
|
2000-04-14 17:34:30 +00:00
|
|
|
encryption system will probably use this. Improper usage of this
|
|
|
|
option may lead to data and key corruption.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-02-11 16:48:22 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--no-random-seed-file</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
GnuPG uses a file to store its internal random pool over invocations.
|
2000-02-11 16:48:22 +00:00
|
|
|
This makes random generation faster; however sometimes write operations
|
2001-04-02 17:22:17 +00:00
|
|
|
are not desired. This option can be used to achieve that with the cost of
|
2000-02-11 16:48:22 +00:00
|
|
|
slower random generation.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-verbose</term>
|
|
|
|
<listitem><para>
|
|
|
|
Reset verbose level to 0.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-greeting</term>
|
|
|
|
<listitem><para>
|
|
|
|
Suppress the initial copyright message but do not
|
|
|
|
enter batch mode.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-08-04 08:45:27 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--no-secmem-warning</term>
|
|
|
|
<listitem><para>
|
|
|
|
Suppress the warning about "using insecure memory".
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-armor</term>
|
|
|
|
<listitem><para>
|
|
|
|
Assume the input data is not in ASCII armored format.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--no-default-keyring</term>
|
|
|
|
<listitem><para>
|
|
|
|
Do not add the default keyrings to the list of
|
|
|
|
keyrings.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--skip-verify</term>
|
|
|
|
<listitem><para>
|
|
|
|
Skip the signature verification step. This may be
|
1999-08-04 08:45:27 +00:00
|
|
|
used to make the decryption faster if the signature
|
1999-06-16 18:25:37 +00:00
|
|
|
verification is not needed.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--with-colons</term>
|
|
|
|
<listitem><para>
|
2001-08-08 12:34:00 +00:00
|
|
|
Print key listings delimited by colons. Note, that the output will be
|
|
|
|
encoded in UTF-8 regardless of any --charset setting.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--with-key-data</term>
|
|
|
|
<listitem><para>
|
|
|
|
Print key listings delimited by colons and print the public key data.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-07-08 14:24:35 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--with-fingerprint</term>
|
|
|
|
<listitem><para>
|
|
|
|
Same as the command --fingerprint but changes only the format of the output
|
|
|
|
and may be used together with another command.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-11-29 20:44:31 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--fast-list-mode</term>
|
|
|
|
<listitem><para>
|
|
|
|
Changes the output of the list commands to work faster; this is achieved
|
|
|
|
by leaving some parts empty. Some applications don't need the user ID and
|
|
|
|
the trust information given in the listings. By using this options they
|
2001-04-02 17:22:17 +00:00
|
|
|
can get a faster listing. The exact behaviour of this option may change
|
1999-11-29 20:44:31 +00:00
|
|
|
in future versions.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2001-03-14 06:56:11 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--fixed-list-mode</term>
|
|
|
|
<listitem><para>
|
2001-04-19 11:40:45 +00:00
|
|
|
Do not merge user ID and primary key in --with-colon listing mode and
|
|
|
|
print all timestamps as seconds since 1970-01-01.
|
2001-03-14 06:56:11 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-01-05 10:46:34 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--list-only</term>
|
|
|
|
<listitem><para>
|
|
|
|
Changes the behaviour of some commands. This is like --dry-run but
|
|
|
|
different in some cases. The semantic of this command may be extended in
|
2001-04-02 17:22:17 +00:00
|
|
|
the future. Currently it only skips the actual decryption pass and
|
2000-01-05 10:46:34 +00:00
|
|
|
therefore enables a fast listing of the encryption keys.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-07-26 07:44:46 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--no-literal</term>
|
|
|
|
<listitem><para>
|
1999-08-04 08:45:27 +00:00
|
|
|
This is not for normal use. Use the source to see for what it might be useful.
|
1999-07-26 07:44:46 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--set-filesize</term>
|
|
|
|
<listitem><para>
|
1999-08-04 08:45:27 +00:00
|
|
|
This is not for normal use. Use the source to see for what it might be useful.
|
1999-07-26 07:44:46 +00:00
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-06-05 21:28:41 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--emulate-md-encode-bug</term>
|
|
|
|
<listitem><para>
|
2001-04-02 17:22:17 +00:00
|
|
|
GnuPG versions prior to 1.0.2 had a bug in the way a signature was encoded.
|
2000-06-05 21:28:41 +00:00
|
|
|
This options enables a workaround by checking faulty signatures again with
|
|
|
|
the encoding used in old versions. This may only happen for ElGamal signatures
|
|
|
|
which are not widely used.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-07-27 10:01:27 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--show-session-key</term>
|
|
|
|
<listitem><para>
|
|
|
|
Display the session key used for one message. See --override-session-key
|
|
|
|
for the counterpart of this option.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
We think that Key-Escrow is a Bad Thing; however the user should
|
|
|
|
have the freedom to decide whether to go to prison or to reveal the content of
|
|
|
|
one specific message without compromising all messages ever encrypted for one
|
|
|
|
secret key. DON'T USE IT UNLESS YOU ARE REALLY FORCED TO DO SO.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>--override-session-key &ParmString; </term>
|
|
|
|
<listitem><para>
|
|
|
|
Don't use the public key but the session key &ParmString;. The format of this
|
|
|
|
string is the same as the one printed by --show-session-key. This option
|
|
|
|
is normally not used but comes handy in case someone forces you to reveal the
|
|
|
|
content of an encrypted message; using this option you can do this without
|
|
|
|
handing out the secret key.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-07-27 15:33:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--merge-only</term>
|
|
|
|
<listitem><para>
|
|
|
|
Don't insert new keys into the keyrings while doing an import.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-12-07 10:55:10 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--allow-secret-key-import</term>
|
|
|
|
<listitem><para>
|
|
|
|
Allow import of secret keys. The import command normally skips secret
|
|
|
|
keys because a secret key can otherwise be used to attack the trust
|
|
|
|
calculation.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-08-01 18:06:27 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--try-all-secrets</term>
|
|
|
|
<listitem><para>
|
|
|
|
Don't look at the key ID as stored in the message but try all secret keys in
|
|
|
|
turn to find the right decryption key. This option forces the behaviour as
|
|
|
|
used by anonymous recipients (created by using --throw-keyid) and might come
|
|
|
|
handy in case where an encrypted message contains a bogus key ID.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2000-11-11 17:17:52 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--enable-special-filenames</term>
|
|
|
|
<listitem><para>
|
|
|
|
This options enables a mode in which filenames of the form
|
2001-04-28 18:53:00 +00:00
|
|
|
<filename>-&n</>, where n is a non-negative decimal number,
|
2000-11-11 17:17:52 +00:00
|
|
|
refer to the file descriptor n and not to a file with that name.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2001-04-28 18:53:00 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--no-expensive-trust-checks</term>
|
|
|
|
<listitem><para>
|
|
|
|
Experimental use only.
|
|
|
|
</para></listitem></varlistentry>
|
1999-07-08 14:24:35 +00:00
|
|
|
|
2001-07-26 09:37:47 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--preserve-permissions</term>
|
|
|
|
<listitem><para>
|
|
|
|
Don't change the permissions of a secret keyring back to user
|
|
|
|
read/write only. Use this option only if you really know what you are doing.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2001-08-09 13:11:51 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>--preference-list &ParmString</term>
|
|
|
|
<listitem><para>
|
|
|
|
Set the list of preferences to &ParmString;, this list should be
|
|
|
|
a string similar to the one printed by the command "pref" in the edit
|
|
|
|
menu.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
2001-07-26 09:37:47 +00:00
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
|
1999-12-04 11:33:45 +00:00
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>How to specify a user ID</title>
|
|
|
|
<para>
|
|
|
|
There are different ways on how to specify a user ID to GnuPG;
|
|
|
|
here are some examples:
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term></term>
|
2001-04-02 17:22:17 +00:00
|
|
|
<listitem><para></para></listitem>
|
1999-12-04 11:33:45 +00:00
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>234567C4</term>
|
|
|
|
<term>0F34E556E</term>
|
|
|
|
<term>01347A56A</term>
|
|
|
|
<term>0xAB123456</term>
|
|
|
|
<listitem><para>
|
|
|
|
Here the key ID is given in the usual short form.
|
|
|
|
</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>234AABBCC34567C4</term>
|
|
|
|
<term>0F323456784E56EAB</term>
|
|
|
|
<term>01AB3FED1347A5612</term>
|
|
|
|
<term>0x234AABBCC34567C4</term>
|
|
|
|
<listitem><para>
|
|
|
|
Here the key ID is given in the long form as used by OpenPGP.
|
|
|
|
</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>1234343434343434C434343434343434</term>
|
|
|
|
<term>123434343434343C3434343434343734349A3434</term>
|
|
|
|
<term>0E12343434343434343434EAB3484343434343434</term>
|
|
|
|
<term>0xE12343434343434343434EAB3484343434343434</term>
|
|
|
|
<listitem><para>
|
|
|
|
The best way to specify a key ID is by using the fingerprint of
|
|
|
|
the key. This avoids any ambiguities in case that there are duplicated
|
2000-02-09 14:35:37 +00:00
|
|
|
key IDs (which are really rare for the long key IDs).
|
1999-12-04 11:33:45 +00:00
|
|
|
</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2001-04-28 18:53:00 +00:00
|
|
|
<term>=Heinrich Heine <heinrichh@uni-duesseldorf.de></term>
|
1999-12-04 11:33:45 +00:00
|
|
|
<listitem><para>
|
|
|
|
Using an exact to match string. The equal sign indicates this.
|
|
|
|
</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2001-04-28 18:53:00 +00:00
|
|
|
<term><heinrichh@uni-duesseldorf.de></term>
|
1999-12-04 11:33:45 +00:00
|
|
|
<listitem><para>
|
|
|
|
Using the email address part which must match exactly. The left angle bracket
|
|
|
|
indicates this email address mode.
|
|
|
|
</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>+Heinrich Heine duesseldorf</term>
|
|
|
|
<listitem><para>
|
|
|
|
All words must match exactly (not case sensitive) but can appear in
|
|
|
|
any order in the user ID. Words are any sequences of letters,
|
|
|
|
digits, the underscore and all characters with bit 7 set.
|
|
|
|
</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>#34</term>
|
|
|
|
<listitem><para>
|
|
|
|
Using the Local ID. This is a very low level method and should
|
|
|
|
only be used by applications which really need it. The hash character
|
|
|
|
indicates this method. An application should not assume that this is
|
|
|
|
only a number.
|
|
|
|
</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>Heine</term>
|
|
|
|
<term>*Heine</term>
|
|
|
|
<listitem><para>
|
|
|
|
By case insensitive substring matching. This is the default mode but
|
2001-04-02 17:22:17 +00:00
|
|
|
applications may want to explicitly indicate this by putting the asterisk
|
1999-12-04 11:33:45 +00:00
|
|
|
in front.
|
|
|
|
</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
</variablelist>
|
|
|
|
|
2001-03-03 16:17:55 +00:00
|
|
|
<para>
|
|
|
|
Note that you can append an exclamation mark to key IDs or
|
|
|
|
fingerprints. This flag which tells GnuPG to use exactly
|
|
|
|
that primary or secondary key and don't try to figure out which
|
|
|
|
secondary or primary key to use.
|
|
|
|
</para>
|
|
|
|
|
1999-12-04 11:33:45 +00:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<refsect1>
|
|
|
|
<title>RETURN VALUE</title>
|
|
|
|
<para>
|
|
|
|
The program returns 0 if everything was fine, 1 if at least
|
|
|
|
a signature was bad, and other error codes for fatal errors.
|
|
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>EXAMPLES</title>
|
|
|
|
<variablelist>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>gpg -se -r <parameter/Bob/ &ParmFile;</term>
|
|
|
|
<listitem><para>sign and encrypt for user Bob</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>gpg --clearsign &ParmFile;</term>
|
|
|
|
<listitem><para>make a clear text signature</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>gpg -sb &ParmFile;</term>
|
|
|
|
<listitem><para>make a detached signature</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>gpg --list-keys <parameter/user_ID/</term>
|
|
|
|
<listitem><para>show keys</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>gpg --fingerprint <parameter/user_ID/</term>
|
|
|
|
<listitem><para>show fingerprint</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
1999-08-04 08:45:27 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>gpg --verify <parameter/pgpfile/</term>
|
|
|
|
<term>gpg --verify <parameter/sigfile/ &OptParmFiles;</term>
|
|
|
|
<listitem><para>
|
|
|
|
Verify the signature of the file but do not output the data. The second form
|
|
|
|
is used for detached signatures, where <parameter/sigfile/ is the detached
|
|
|
|
signature (either ASCII armored of binary) and &OptParmFiles are the signed
|
|
|
|
data; if this is not given the name of the file holding the signed data is
|
|
|
|
constructed by cutting off the extension (".asc" or ".sig") of
|
|
|
|
<parameter/sigfile/ or by asking the user for the filename.
|
|
|
|
</para></listitem></varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>ENVIRONMENT</title>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term>HOME</term>
|
|
|
|
<listitem><para>Used to locate the default home directory.</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>GNUPGHOME</term>
|
|
|
|
<listitem><para>If set directory used instead of "~/.gnupg".</para></listitem>
|
1999-10-08 18:34:56 +00:00
|
|
|
</varlistentry>
|
2000-01-14 17:26:00 +00:00
|
|
|
<varlistentry>
|
1999-10-08 18:34:56 +00:00
|
|
|
<term>http_proxy</term>
|
|
|
|
<listitem><para>Only honored when the option --honor-http-proxy is set.</para></listitem>
|
1999-06-16 18:25:37 +00:00
|
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>FILES</title>
|
|
|
|
<variablelist>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>~/.gnupg/secring.gpg</term>
|
|
|
|
<listitem><para>The secret keyring</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>~/.gnupg/secring.gpg.lock</term>
|
|
|
|
<listitem><para>and the lock file</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>~/.gnupg/pubring.gpg</term>
|
|
|
|
<listitem><para>The public keyring</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>~/.gnupg/pubring.gpg.lock</term>
|
|
|
|
<listitem><para>and the lock file</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>~/.gnupg/trustdb.gpg</term>
|
|
|
|
<listitem><para>The trust database</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>~/.gnupg/trustdb.gpg.lock</term>
|
|
|
|
<listitem><para>and the lock file</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2000-02-11 16:48:22 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>~/.gnupg/random_seed</term>
|
|
|
|
<listitem><para>used to preserve the internal random pool</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
1999-06-16 18:25:37 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>~/.gnupg/options</term>
|
|
|
|
<listitem><para>May contain options</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>/usr[/local]/share/gnupg/options.skel</term>
|
|
|
|
<listitem><para>Skeleton options file</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>/usr[/local]/lib/gnupg/</term>
|
|
|
|
<listitem><para>Default location for extensions</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<!-- SEE ALSO not yet needed-->
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>WARNINGS</title>
|
|
|
|
<para>
|
|
|
|
Use a *good* password for your user account and a *good* passphrase
|
|
|
|
to protect your secret key. This passphrase is the weakest part of the
|
|
|
|
whole system. Programs to do dictionary attacks on your secret keyring
|
|
|
|
are very easy to write and so you should protect your "~/.gnupg/"
|
|
|
|
directory very well.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Keep in mind that, if this program is used over a network (telnet), it
|
|
|
|
is *very* easy to spy out your passphrase!
|
|
|
|
</para>
|
2000-11-30 12:08:36 +00:00
|
|
|
<para>
|
|
|
|
If you are going to verify detached signatures, make sure that the
|
2001-08-08 12:34:00 +00:00
|
|
|
program knows about it; either be giving both filenames on the
|
2000-11-30 12:08:36 +00:00
|
|
|
commandline or using <literal>-</literal> to specify stdin.
|
|
|
|
</para>
|
1999-06-16 18:25:37 +00:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>BUGS</title>
|
|
|
|
<para>
|
|
|
|
On many systems this program should be installed as setuid(root). This
|
|
|
|
is necessary to lock memory pages. Locking memory pages prevents the
|
|
|
|
operating system from writing memory pages to disk. If you get no
|
2001-04-02 17:22:17 +00:00
|
|
|
warning message about insecure memory your operating system supports
|
1999-06-16 18:25:37 +00:00
|
|
|
locking without being root. The program drops root privileges as soon
|
2000-02-09 14:35:37 +00:00
|
|
|
as locked memory is allocated.
|
1999-06-16 18:25:37 +00:00
|
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
</refentry>
|
|
|
|
|