33
33
together (for a signed message that may be decrypted via a secret key
35
35
.IP "\-\-clearsign [\fBfile\fR]" 10
36
Make a clear text signature.
36
Make a clear text signature. The content in a clear text signature is
37
readable without any special software. OpenPGP software is only
38
needed to verify the signature. Clear text signatures may modify
39
end-of-line whitespace for platform independence and are not intended
37
41
.IP "\-b, \-\-detach-sign [\fBfile\fR]" 10
38
42
Make a detached signature.
39
43
.IP "\-e, \-\-encrypt [\fBfile\fR]" 10
283
287
that is no longer usable (e.g. revoked, or expired). Then, remove any
284
288
signatures that are not usable by the trust calculations.
285
289
Specifically, this removes any signature that does not validate, any
286
signature that is superceded by a later signature, revoked signatures,
290
signature that is superseded by a later signature, revoked signatures,
287
291
and signatures issued by keys that are not present on the keyring.
288
292
.IP "minimize" 10
289
293
Make the key as small as possible. This removes all signatures from
929
933
Raise the trust in a signature to full if the signature passes PKA
930
934
validation. This option is only meaningful if pka-lookups is set.
936
.IP "\-\-enable-dsa2" 10
937
.IP "\-\-disable-dsa2" 10
938
Enables new-style DSA keys which (unlike the old style) may be larger
939
than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note
940
that very few programs currently support these keys and signatures
932
942
.IP "\-\-show-photos" 10
933
943
.IP "\-\-no-show-photos" 10
934
944
Causes \-\-list-keys, \-\-list-sigs, \-\-list-public-keys,
1175
1185
.IP "\-\-max-cert-depth \fBn\fR" 10
1176
1186
Maximum depth of a certification chain (default is 5).
1177
1187
.IP "\-\-cipher-algo \fBname\fR" 10
1178
Use \fBname\fR as cipher algorithm. Running the program
1179
with the command \-\-version yields a list of supported
1180
algorithms. If this is not used the cipher algorithm is
1181
selected from the preferences stored with the key.
1188
Use \fBname\fR as cipher algorithm. Running the program with the
1189
command \-\-version yields a list of supported algorithms. If this is
1190
not used the cipher algorithm is selected from the preferences stored
1191
with the key. In general, you do not want to use this option as it
1192
allows you to violate the OpenPGP standard.
1193
\-\-personal-cipher-preferences is the safe way to accomplish the same
1182
1195
.IP "\-\-digest-algo \fBname\fR" 10
1183
1196
Use \fBname\fR as the message digest algorithm. Running the program
1184
with the command \-\-version yields a list of supported algorithms.
1197
with the command \-\-version yields a list of supported algorithms. In
1198
general, you do not want to use this option as it allows you to
1199
violate the OpenPGP standard. \-\-personal-digest-preferences is the
1200
safe way to accomplish the same thing.
1185
1201
.IP "\-\-compress-algo \fBname\fR" 10
1186
1202
Use compression algorithm \fBname\fR. "zlib" is RFC-1950 ZLIB
1187
1203
compression. "zip" is RFC-1951 ZIP compression which is used by PGP.
1199
1215
amount of memory while compressing and decompressing. This may be
1200
1216
significant in low memory situations. Note, however, that PGP (all
1201
1217
versions) only supports ZIP compression. Using any algorithm other
1202
than ZIP or "none" will make the message unreadable with PGP.
1218
than ZIP or "none" will make the message unreadable with PGP. In
1219
general, you do not want to use this option as it allows you to
1220
violate the OpenPGP standard. \-\-personal-compress-preferences is the
1221
safe way to accomplish the same thing.
1203
1222
.IP "\-\-cert-digest-algo \fBname\fR" 10
1204
1223
Use \fBname\fR as the message digest algorithm used when signing a
1205
1224
key. Running the program with the command \-\-version yields a list of
1283
1302
signature. Note that all other PGP versions do it this way too.
1284
1303
Enabled by default. \-\-no-escape-from-lines disables this option.
1285
1304
.IP "\-\-passphrase-fd \fBn\fR" 10
1286
Read the passphrase from file descriptor \fBn\fR. If you use 0 for
1287
\fBn\fR, the passphrase will be read from stdin. This can only be
1288
used if only one passphrase is supplied.
1305
Read the passphrase from file descriptor \fBn\fR. Only the first line
1306
will be read from file descriptor \fBn\fR. If you use 0 for \fBn\fR,
1307
the passphrase will be read from stdin. This can only be used if only
1308
one passphrase is supplied.
1289
1309
.IP "\-\-passphrase-file \fBfile\fR" 10
1290
Read the passphrase from file \fBfile\fR. This can only be used if
1291
only one passphrase is supplied. Obviously, a passphrase stored in a
1292
file is of questionable security if other users can read this file.
1293
Don't use this option if you can avoid it.
1310
Read the passphrase from file \fBfile\fR. Only the first line will
1311
be read from file \fBfile\fR. This can only be used if only one
1312
passphrase is supplied. Obviously, a passphrase stored in a file is
1313
of questionable security if other users can read this file. Don't use
1314
this option if you can avoid it.
1294
1315
.IP "\-\-passphrase \fBstring\fR" 10
1295
1316
Use \fBstring\fR as the passphrase. This can only be used if only one
1296
1317
passphrase is supplied. Obviously, this is of very questionable
1369
1390
Set up all options to be as PGP 8 compliant as possible. PGP 8 is a
1370
1391
lot closer to the OpenPGP standard than previous versions of PGP, so
1371
1392
all this does is disable \-\-throw-keyids and set \-\-escape-from-lines.
1372
All algorithms are allowed except for the SHA384 and SHA512 digests.
1393
All algorithms are allowed except for the SHA224, SHA384, and SHA512
1374
1396
.IP "\-\-force-v3-sigs" 10
1375
1397
.IP "\-\-no-force-v3-sigs" 10
1474
1496
warning means that your system is secure.
1476
1498
Note that the warning for unsafe \-\-homedir permissions cannot be
1477
supressed in the gpg.conf file, as this would allow an attacker to
1478
place an unsafe gpg.conf file in place, and use this file to supress
1499
suppressed in the gpg.conf file, as this would allow an attacker to
1500
place an unsafe gpg.conf file in place, and use this file to suppress
1479
1501
warnings about itself. The \-\-homedir permissions warning may only be
1480
supressed on the command line.
1502
suppressed on the command line.
1481
1503
.IP "\-\-no-mdc-warning" 10
1482
1504
Suppress the warning about missing MDC integrity protection.
1483
1505
.IP "\-\-require-secmem" 10
1594
1616
.IP "\-\-allow-multisig-verification" 10
1595
1617
Allow verification of concatenated signed messages. This will run a
1596
1618
signature verification for each data+signature block. There are some
1597
security issues with this option thus it is off by default. Note that
1598
versions of gpg rpior to version 1.4.3 implicityly allowed for this.
1619
security issues with this option and thus it is off by default. Note
1620
that versions of GPG prior to version 1.4.3 implicitly allowed this.
1599
1621
.IP "\-\-enable-special-filenames" 10
1600
1622
This options enables a mode in which filenames of the form
1601
1623
\fB-&n\fP, where n is a non-negative decimal number,
1648
1670
Set the list of default preferences to \fBstring\fR. This preference
1649
1671
list is used for new keys and becomes the default for "setpref" in the
1673
.IP "\-\-default-keyserver-url \fBname\fR" 10
1674
Set the default keyserver URL to \fBname\fR. This keyserver will be
1675
used as the keyserver URL when writing a new self-signature on a key,
1676
which includes key generation and changing preferences.
1651
1677
.IP "\-\-list-config [\fBnames\fR]" 10
1652
1678
Display various internal configuration parameters of GnuPG. This
1653
1679
option is intended for external programs that call GnuPG to perform
1813
1839
warning message about insecure memory your operating system supports
1814
1840
locking without being root. The program drops root privileges as soon
1815
1841
as locked memory is allocated.
1816
.\" created by instant / docbook-to-man, Mon 03 Apr 2006, 10:38
1842
.\" created by instant / docbook-to-man, Sun 25 Jun 2006, 13:22