mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
576 lines
19 KiB
Plaintext
576 lines
19 KiB
Plaintext
=head1 NAME
|
|
|
|
gpg, gpgm - GNU Privacy Guard
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<gpg> [--homedir name] [--options file] [options] command [args]
|
|
|
|
B<gpgm> [--homedir name] [--options file] [options] command [args]
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
B<gpg> is the main program for the GnuPG system. B<gpgm> is a maintenance
|
|
tool which has some commands B<gpg> does not have; it is there because
|
|
it does not handle sensitive data and therefore has no need to allocate
|
|
secure memory.
|
|
|
|
=head1 COMMANDS
|
|
|
|
B<gpg> recognizes these commands:
|
|
|
|
B<-s>, B<--sign>
|
|
Make a signature. This option may be combined
|
|
with B<--encrypt>.
|
|
|
|
B<--clearsign>
|
|
Make a clear text signature.
|
|
|
|
B<-b>, B<--detach-sign>
|
|
Make a detached signature.
|
|
|
|
B<-e>, B<--encrypt>
|
|
Encrypt data. This option may be combined with B<--sign>.
|
|
|
|
B<-c>, B<--symmetric>
|
|
Encrypt with symmetric cipher only
|
|
This command asks for a passphrase.
|
|
|
|
B<--store>
|
|
store only (make a simple RFC1991 packet).
|
|
|
|
B<--decrypt> [I<file>]
|
|
Decrypt file (or stdin if no file is specified) and
|
|
write it to stdout (or the file specified with
|
|
B<--output>). If the decrypted file is signed, the
|
|
signature is also verified. This command differs
|
|
from the default operation, as it never writes to the
|
|
filename which is included in the file and it
|
|
rejects files which don't begin with an encrypted
|
|
message.
|
|
|
|
B<--verify> [[I<sigfile>] {I<signed-files>}]
|
|
Assume that I<filename> is a signature and verify it
|
|
without generating any output. With no arguments,
|
|
the signature packet is read from stdin (it may be a
|
|
detached signature when not used in batch mode). If
|
|
only a sigfile is given, it may be a complete
|
|
signature or a detached signature, in which case
|
|
the signed stuff is expected in a file without the
|
|
I<.sig> or I<.asc> extension (if such a file does
|
|
not exist it is expected at stdin - use B<-> as
|
|
filename to force a read from stdin). With more than
|
|
1 argument, the first should be a detached signature
|
|
and the remaining files are the signed stuff.
|
|
|
|
B<-k> [I<username>] [I<keyring>]
|
|
Kludge to be somewhat compatible with PGP.
|
|
Without arguments, all public keyrings are listed.
|
|
With one argument, only I<keyring> is listed.
|
|
Special combinations are also allowed, but they may
|
|
give strange results when combined with more options.
|
|
B<-kv> Same as B<-k>
|
|
B<-kvv> List the signatures with every key.
|
|
B<-kvvv> Additionally check all signatures.
|
|
B<-kvc> List fingerprints
|
|
B<-kvvc> List fingerprints and signatures
|
|
|
|
B<--list-keys> [I<names>]
|
|
List all keys from the public keyrings, or just the
|
|
ones given on the command line.
|
|
|
|
B<--list-secret-keys> [I<names>]
|
|
List all keys from the secret keyrings, or just the
|
|
ones given on the command line.
|
|
|
|
B<--list-sigs> [I<names>]
|
|
Same as B<--list-keys>, but the signatures are listed
|
|
too.
|
|
|
|
B<--check-sigs> [I<names>]
|
|
Same as B<--list-sigs>, but the signatures are verified.
|
|
|
|
B<--fingerprint> [I<names>]
|
|
List all keys with their fingerprints. This is the
|
|
same output as B<list-keys> but with the additional output
|
|
of a line with the fingerprint. May also be combined
|
|
with B<--list-sigs> or B<--check-sigs>.
|
|
|
|
B<--list-packets>
|
|
List only the sequence of packets. This is mainly
|
|
useful for debugging.
|
|
|
|
B<--gen-key>
|
|
Generate a new key pair. This command can only be
|
|
used interactive.
|
|
|
|
|
|
B<--edit-key> I<name>
|
|
Present a menu which enables you to do all key
|
|
related tasks:
|
|
B<sign>
|
|
Make a signature on key of user I<name>.
|
|
If the key is not yet signed by the default
|
|
user (or the users given with B<-u>), the
|
|
program displays the information of the key
|
|
again, together with its fingerprint and
|
|
asks whether it should be signed. This
|
|
question is repeated for all users specified
|
|
with B<-u>.
|
|
B<trust>
|
|
Change the owner trust value. This updates the
|
|
trust-db immediately and no save is required.
|
|
B<adduid>
|
|
Create an alternate user id.
|
|
B<deluid>
|
|
Delete an user id.
|
|
B<addkey>
|
|
Add a subkey to this key.
|
|
B<delkey>
|
|
Remove a subkey.
|
|
B<expire>
|
|
Change the key expiration time. If a key is
|
|
selected, the time of this key will be changed.
|
|
With no selection the key expiration of the
|
|
primary key is changed.
|
|
B<passwd>
|
|
Change the passphrase of the secret key.
|
|
B<uid> I<n>
|
|
Toggle selection of user id with index I<n>.
|
|
Use 0 to deselect all.
|
|
B<key> I<n>
|
|
Toggle selection of subkey with index I<n>.
|
|
Use 0 to deselect all.
|
|
B<check>
|
|
Check all selected user ids.
|
|
B<pref>
|
|
List preferences.
|
|
B<toggle>
|
|
Toggle between public and secret key listing.
|
|
B<save>
|
|
Save all changes to the key rings and quit.
|
|
B<quit>
|
|
Quit the program without updating the
|
|
key rings.
|
|
The listing shows you the key with its secondary
|
|
keys and all user ids. Selected keys or user ids
|
|
are indicated by an asterisk. The trust value is
|
|
displayed with the primary key: the first is the
|
|
assigned owner trust and the second is the calculated
|
|
trust value. Letters are used for the values:
|
|
B<-> No ownertrust assigned / not yet calculated.
|
|
B<e> Trust calculation has failed.
|
|
B<q> Not enough information for calculation.
|
|
B<n> Never trust this key.
|
|
B<m> Marginally trusted.
|
|
B<f> Fully trusted.
|
|
B<u> Ultimately trusted
|
|
|
|
|
|
B<--delete-key>
|
|
Remove key from the public keyring
|
|
|
|
B<--delete-secret-key>
|
|
Remove key from the secret and public keyring
|
|
|
|
B<--gen-revoke>
|
|
Generate a revocation certificate.
|
|
|
|
B<--export> [I<names>]
|
|
Either export all keys from all keyrings (default
|
|
keyrings and those registered via option B<--keyring>),
|
|
or if at least one name is given, those of the given
|
|
name. The new keyring is written to F<stdout> or to
|
|
the file given with option "output". Use together
|
|
with B<-a> to mail those keys.
|
|
|
|
B<--send-keys> [I<names>]
|
|
Same as B<--export> but sends the keys to a keyserver.
|
|
Option B<--keyserver> must be used to give the name
|
|
of this keyserver. Don't send your complete keyring
|
|
to a keyserver - select only those keys which are new
|
|
or changed by you.
|
|
|
|
B<--export-all> [I<names>]
|
|
Same as B<--export> but does also export keys which
|
|
are not compatible to OpenPGP.
|
|
|
|
B<--export-secret-keys> [I<names>]
|
|
Same as B<--export>, but does export the secret keys.
|
|
This is normally not very useful.
|
|
|
|
B<--import>, B<--fast-import>
|
|
Import/merge keys. The fast version does not build
|
|
the trustdb; this can be done at any time with the
|
|
command B<--update-trustdb>.
|
|
|
|
B<--export-ownertrust>
|
|
List the assigned ownertrust values in ASCII format
|
|
for backup purposes [B<gpgm> only].
|
|
|
|
B<--import-ownertrust> [I<filename>]
|
|
Update the trustdb with the ownertrust values stored
|
|
in I<filename> (or stdin if not given); existing
|
|
values will be overwritten. [B<gpgm> only].
|
|
|
|
=head1 OPTIONS
|
|
|
|
Long options can be put in an options file (default F<~/.gnupg/options>).
|
|
Do not write the 2 dashes, but simply the name of the option and any
|
|
required arguments. Lines with a hash as the first non-white-space
|
|
character are ignored. Commands may be put in this file too, but that
|
|
does not make sense.
|
|
|
|
B<gpg> recognizes these options:
|
|
|
|
|
|
B<-a>, B<--armor>
|
|
Create ASCII armored output.
|
|
|
|
B<-o> I<file>, B<--output> I<file>
|
|
Write output to I<file>.
|
|
|
|
B<-u> I<name>, B<--local-user> I<name>
|
|
Use I<name> as the user-id to sign.
|
|
This option is silently ignored for the list commands,
|
|
so that it can be used in an options file.
|
|
|
|
B<--default-key> I<name>
|
|
Use I<name> as default user-id for signatures. If this
|
|
is not used the default user-id is the first user-id
|
|
from the secret keyring.
|
|
|
|
B<--trusted-key> I<keyid>
|
|
Assume that the key with the I<keyid> (which must be
|
|
a full (8 byte) keyid) is as trustworthy as one of
|
|
your own secret keys. This may be used to make keys
|
|
valid which are not directly certified by you but
|
|
by a CA you trust. The advantage of this option is
|
|
that it shortens the path of certification.
|
|
|
|
You may also use this option to skip the verification
|
|
of your own secret keys which is normally done every
|
|
time GnuPG starts up by using the I<keyid> of
|
|
your key.
|
|
|
|
B<-r> I<name>, B<--recipient> I<name>
|
|
Encrypt for user id I<name>. If this option is not
|
|
specified, GnuPG asks for the user id.
|
|
|
|
B<--encrypt-to> I<name>
|
|
Same as B<--recipient> but this one is intended for
|
|
in the options file and may be used together with
|
|
an own user-id as an "encrypt-to-self". These keys
|
|
are only used when there are other recipients given
|
|
either by use of --recipient or by the asked user id.
|
|
No trust checking is performed for these user ids.
|
|
|
|
B<--no-encrypt-to>
|
|
Disable the use of all B<--encrypt-to> keys.
|
|
|
|
B<-v>, B<--verbose>
|
|
Give more information during processing. If used
|
|
twice, the input data is listed in detail.
|
|
|
|
B<-q>, B<--quiet>
|
|
Be somewhat more quiet in some cases.
|
|
|
|
B<-z> I<n>
|
|
Set compress level to I<n>. A value of 0 for I<n>
|
|
disables compression. Default is to use the default
|
|
compression level of zlib (normally 6).
|
|
|
|
B<-t>, B<--textmode>
|
|
Use canonical text mode. If B<-t> (but not
|
|
B<--textmode>) is used together with armoring
|
|
and signing, this enables clearsigned messages.
|
|
This kludge is needed for PGP compatibility;
|
|
normally you would use B<--sign> or B<--clearsign>
|
|
to selected the type of the signature.
|
|
|
|
B<-n>, B<--dry-run>
|
|
Don't make any changes (not yet implemented).
|
|
|
|
B<--batch>
|
|
Use batch mode. Never ask, do not allow interactive
|
|
commands.
|
|
|
|
B<--no-batch>
|
|
Disable batch mode. This may be used if B<batch>
|
|
is used in the options file.
|
|
|
|
B<--yes>
|
|
Assume "yes" on most questions.
|
|
|
|
B<--no>
|
|
Assume "no" on most questions.
|
|
|
|
B<--keyserver> I<name>
|
|
Use I<name> to lookup keys which are not yet in
|
|
your keyring. This is only done while verifying
|
|
messages with signatures. The option is also
|
|
required for the command B<--send-keys> to
|
|
specify the keyserver to where the keys should
|
|
be send. All keyservers synchronize with each
|
|
other - so there is no need to send keys to more
|
|
than one server. Using the command
|
|
"host -l pgp.net | grep wwwkeys" gives you a
|
|
list of keyservers. Because there is load
|
|
balancing using round-robin-dns you may notice
|
|
that you get different key servers.
|
|
|
|
B<--keyring> I<file>
|
|
Add I<file> to the list of keyrings.
|
|
If I<file> begins with a tilde and a slash, these
|
|
are replaced by the HOME directory. If the filename
|
|
does not contain a slash, it is assumed to be in the
|
|
home-directory (F<~/.gnupg> if B<--homedir>) is not used.
|
|
The filename may be prefixed with a scheme:
|
|
"gnupg-ring:" is the default one.
|
|
"gnupg-gdbm:" may be used for a GDBM ring.
|
|
|
|
B<--secret-keyring> I<file>
|
|
Same as B<--keyring> but for secret keyrings.
|
|
|
|
B<--homedir> I<dir>
|
|
Set the name of the home directory to I<dir>. If this
|
|
option is not used it defaults to F<~/.gnupg>. It does
|
|
not make sense to use this in a options file. This
|
|
also overrides the environment variable C<GNUPGHOME>.
|
|
|
|
B<--charset> I<name>
|
|
Set the name of the native character set. This is used
|
|
to convert some strings to proper UTF-8 encoding.
|
|
Valid values for I<name> are:
|
|
B<iso-8859-1> This is the default.
|
|
B<koi8-r> The usual Russian set (rfc1489).
|
|
|
|
B<--options> I<file>
|
|
Read options from I<file> and do not try to read
|
|
them from the default options file in the homedir
|
|
(see B<--homedir>). This option is ignored when used
|
|
in an options file.
|
|
|
|
B<--no-options>
|
|
Shortcut for B<--options> I</dev/null>. This option is
|
|
detected before an attempt to open an option file.
|
|
|
|
B<--load-extension> I<modulename>
|
|
Load an extension module. If I<modulename> does not
|
|
contain a slash it is searched in B</usr/local/lib/gnupg>
|
|
See the manual for more information about extensions.
|
|
|
|
B<--debug> I<flags>
|
|
Set debugging flags. All flags are or-ed and I<flags> may
|
|
be given in C syntax (e.g. 0x0042).
|
|
|
|
B<--debug-all>
|
|
Set all useful debugging flags.
|
|
|
|
B<--status-fd> I<n>
|
|
Write special status strings to the file descriptor I<n>.
|
|
|
|
B<--no-comment>
|
|
Do not write comment packets. This option affects only
|
|
the generation of secret keys. Output of option packets
|
|
is disabled since version 0.4.2.
|
|
|
|
B<--comment> I<string>
|
|
Use I<string> as comment string in clear text signatures.
|
|
|
|
B<--set-filename> I<string>
|
|
Use I<string> as the name of file which is stored in
|
|
messages.
|
|
|
|
B<--completes-needed> I<n>
|
|
Number of completely trusted users to introduce a new
|
|
key signer (defaults to 1).
|
|
|
|
B<--marginals-needed> I<n>
|
|
Number of marginally trusted users to introduce a new
|
|
key signer (defaults to 3)
|
|
|
|
B<--max-cert-depth> I<n>
|
|
Maximum depth of a certification chain (default is 5).
|
|
|
|
B<--cipher-algo> I<name>
|
|
Use I<name> as cipher algorithm. Running the program
|
|
with the command B<--version> yields a list of supported
|
|
algorithms. If this is not used the cipher algorithm is
|
|
selected from the preferences stored with the key.
|
|
|
|
B<--digest-algo> I<name>
|
|
Use I<name> as message digest algorithm. Running the
|
|
program with the command B<--version> yields a list of
|
|
supported algorithms. Please note that using this
|
|
option may violate the OpenPGP requirement, that a
|
|
160 bit hash is to be used for DSA.
|
|
|
|
B<--s2k-cipher-algo> I<name>
|
|
Use I<name> as the cipher algorithm used to protect secret
|
|
keys. The default cipher is BLOWFISH. This cipher is
|
|
also used for conventional encryption if B<--cipher-algo>
|
|
is not given.
|
|
|
|
B<--s2k-digest-algo> I<name>
|
|
Use I<name> as the digest algorithm used to mangle the
|
|
passphrases. The default algorithm is RIPE-MD-160.
|
|
This digest algorithm is also used for conventional
|
|
encryption if B<--digest-algo> is not given.
|
|
|
|
B<--s2k-mode> I<number>
|
|
Selects how passphrases are mangled. A number of I<0>
|
|
uses the plain passphrase (which is not recommended),
|
|
a I<1> (default) adds a salt to the passphrase and
|
|
I<3> iterates the whole process a couple of times.
|
|
Unless -B<--rfc1991> is used, this mode is also used
|
|
for conventional encryption.
|
|
|
|
B<--compress-algo> I<number>
|
|
Use compress algorithm I<number>. Default is I<2> which is
|
|
RFC1950 compression. You may use I<1> to use the old zlib
|
|
version which is used by PGP. The default algorithm may
|
|
give better results because the window size is not limited
|
|
to 8K. If this is not used the OpenPGP behavior is used,
|
|
i.e. the compression algorithm is selected from the
|
|
preferences.
|
|
|
|
B<--digest-algo> I<name>
|
|
Use I<name> as message digest algorithm. Running the
|
|
program with the command B<--version> yields a list of
|
|
supported algorithms.
|
|
|
|
|
|
B<--throw-keyid>
|
|
Do not put the keyid into encrypted packets. This option
|
|
hides the receiver of the message and is a countermeasure
|
|
against traffic analysis. It may slow down the decryption
|
|
process because all available secret keys are tried.
|
|
|
|
B<--not-dash-escaped>
|
|
This option changes the behavior of cleartext signatures
|
|
so that they can be used for patch files. You should not
|
|
send such an armored file via email because all spaces
|
|
and line endings are hashed too. You can not use this
|
|
option for data which has 5 dashes at the beginning of a
|
|
line, patch files don't have this. A special armor header
|
|
line tells GnuPG about this cleartext signature option.
|
|
|
|
B<--escape-from-lines>
|
|
Because some mailers change lines starting with "From "
|
|
to ">From " it is good to handle such lines in a special
|
|
way when creating cleartext signatures. All other PGP
|
|
versions do it this way too. This option is not enabled
|
|
by default because it would violate rfc2440.
|
|
|
|
B<--passphrase-fd> I<n>
|
|
Read the passphrase from file descriptor I<n>. If you use
|
|
0 for I<n>, the passphrase will be read from stdin. This
|
|
can only be used if only one passphrase is supplied.
|
|
B<Don't use this option if you can avoid it>
|
|
|
|
B<--rfc1991>
|
|
Try to be more RFC1991 (PGP 2.x) compliant.
|
|
|
|
B<--force-v3-sigs>
|
|
OpenPGP states that an implementation should generate
|
|
v4 signatures but PGP 5.x recognizes v4 signatures only
|
|
on key material. This options forces v3 signatures for
|
|
signatures on data.
|
|
|
|
B<--lock-once>
|
|
Lock the file the first time a lock is requested
|
|
and do not release the lock until the process
|
|
terminates.
|
|
|
|
B<--no-verbose>
|
|
Reset verbose level to 0.
|
|
|
|
B<--no-greeting>
|
|
Suppress the initial copyright message but do not
|
|
enter batch mode.
|
|
|
|
B<--no-armor>
|
|
Assume the input data is not in ASCII armored format.
|
|
|
|
B<--no-default-keyring>
|
|
Do not add the default keyrings to the list of
|
|
keyrings.
|
|
|
|
B<--skip-verify>
|
|
Skip the signature verification step. This may be
|
|
used to make the encryption faster if the signature
|
|
verification is not needed.
|
|
|
|
B<--version>
|
|
Print version information along with a list
|
|
of supported algorithms.
|
|
|
|
B<--with-colons>
|
|
Print key listings delimited by colons.
|
|
|
|
B<--warranty>
|
|
Print warranty information.
|
|
|
|
B<-h>, B<--help>
|
|
Print usage information.
|
|
|
|
|
|
=head1 RETURN VALUE
|
|
|
|
The Program returns 0 if everything was fine, 1 if at least
|
|
a signature was bad, and other error codes for fatal errors.
|
|
|
|
=head1 EXAMPLES
|
|
|
|
-se -r Bob [file] sign and encrypt for user Bob
|
|
-sat [file] make a clear text signature
|
|
-sb [file] make a detached signature
|
|
-k [userid] show keys
|
|
-kc [userid] show fingerprint
|
|
|
|
=head1 ENVIRONMENT
|
|
|
|
C<HOME> Used to locate the default home directory.
|
|
C<GNUPGHOME> If set directory used instead of F<~/.gnupg>.
|
|
|
|
=head1 FILES
|
|
|
|
F<~/.gnupg/secring.gpg> The secret keyring
|
|
F<~/.gnupg/secring.gpg.lock> and the lock file
|
|
|
|
F<~/.gnupg/pubring.gpg> The public keyring
|
|
F<~/.gnupg/pubring.gpg.lock> and the lock file
|
|
|
|
F<~/.gnupg/trustdb.gpg> The trust database
|
|
F<~/.gnupg/trustdb.gpg.lock> and the lock file
|
|
|
|
F<~/.gnupg/options> May contain options
|
|
F</usr[/local]/share/gnupg/options.skel> Skeleton file
|
|
|
|
F</usr[/local]/lib/gnupg/> Default location for extensions
|
|
|
|
=head1 SEE ALSO
|
|
|
|
gpg(1) gpgm(1)
|
|
|
|
|
|
=head1 WARNINGS
|
|
|
|
Use a B<good> password for your user account and a B<good> passphrase
|
|
to protect your secret key. This passphrase is the weakest part of the
|
|
whole system. Programs to do dictionary attacks on your secret keyring
|
|
are very easy to write and so you should protect your B<~/.gnupg/>
|
|
directory very well.
|
|
|
|
Keep in mind that, if this program is used over a network (telnet), it
|
|
is B<very> easy to spy out your passphrase!
|
|
|
|
=head1 BUGS
|
|
|
|
On many systems this program should be installed as setuid(root). This
|
|
is necessary to lock memory pages. If you get no warning message about
|
|
insecure memory your OS kernel supports locking without being root.
|
|
The program drops root privileges as soon as locked memory is allocated.
|
|
|