3
gpg \(em encryption and signing tool
7
\fBgpg\fR [\-\-homedir \fBname\fR] [\-\-options \fBfile\fR] [\fBoptions\fR] \fBcommand\fR [\fBargs\fR]
11
\fBgpg\fR is the main program for the GnuPG system.
14
This man page only lists the commands and options available. For more
15
verbose documentation get the GNU Privacy Handbook (GPH) or one of the
16
other documents at http://www.gnupg.org/documentation/ .
18
Please remember that option parsing stops as soon as a non option is
19
encountered, you can explicitly stop option parsing by using the
20
special option "\-\-".
23
\fBgpg\fR may be run with no commands, in which case it will
24
perform a reasonable action depending on the type of file it is given
25
as input (an encrypted message is decrypted, a signature is verified,
26
a file containing keys is listed).
28
\fBgpg\fR recognizes these commands:
29
.IP "\-s, \-\-sign [\fBfile\fR]" 10
30
Make a signature. This command may be combined with \-\-encrypt (for a
31
signed and encrypted message), \-\-symmetric (for a signed and
32
symmetrically encrypted message), or \-\-encrypt and \-\-symmetric
33
together (for a signed message that may be decrypted via a secret key
35
.IP "\-\-clearsign [\fBfile\fR]" 10
36
Make a clear text signature. The content in a clear text signature is
37
readable without any special software. OpenPGP software is only
38
needed to verify the signature. Clear text signatures may modify
39
end-of-line whitespace for platform independence and are not intended
41
.IP "\-b, \-\-detach-sign [\fBfile\fR]" 10
42
Make a detached signature.
43
.IP "\-e, \-\-encrypt [\fBfile\fR]" 10
44
Encrypt data. This option may be combined with \-\-sign (for a signed
45
and encrypted message), \-\-symmetric (for a message that may be
46
decrypted via a secret key or a passphrase), or \-\-sign and \-\-symmetric
47
together (for a signed message that may be decrypted via a secret key
49
.IP "\-c, \-\-symmetric [\fBfile\fR]" 10
50
Encrypt with a symmetric cipher using a passphrase. The default
51
symmetric cipher used is CAST5, but may be chosen with the
52
\-\-cipher-algo option. This option may be combined with \-\-sign (for a
53
signed and symmetrically encrypted message), \-\-encrypt (for a message
54
that may be decrypted via a secret key or a passphrase), or \-\-sign and
55
\-\-encrypt together (for a signed message that may be decrypted via a
56
secret key or a passphrase).
57
.IP "\-\-store [\fBfile\fR]" 10
58
Store only (make a simple RFC1991 packet).
59
.IP "\-d, \-\-decrypt [\fBfile\fR]" 10
60
Decrypt \fBfile\fR (or stdin if no file is specified) and
61
write it to stdout (or the file specified with
62
\-\-output). If the decrypted file is signed, the
63
signature is also verified. This command differs
64
from the default operation, as it never writes to the
65
filename which is included in the file and it
66
rejects files which don't begin with an encrypted
68
.IP "\-\-verify [[\fBsigfile\fR] [\fBsigned-files\fR]]" 10
69
Assume that \fBsigfile\fR is a signature and verify it
70
without generating any output. With no arguments,
71
the signature packet is read from stdin. If
72
only a sigfile is given, it may be a complete
73
signature or a detached signature, in which case
74
the signed stuff is expected in a file without the
75
".sig" or ".asc" extension.
77
1 argument, the first should be a detached signature
78
and the remaining files are the signed stuff. To read the signed
79
stuff from stdin, use \fB-\fP as the second filename.
80
For security reasons a detached signature cannot read the signed
81
material from stdin without denoting it in the above way.
82
.IP "\-\-multifile" 10
83
This modifies certain other commands to accept multiple files for
84
processing on the command line or read from stdin with each filename
85
on a separate line. This allows for many files to be processed at
86
once. \-\-multifile may currently be used along with \-\-verify,
87
\-\-encrypt, and \-\-decrypt. Note that `\-\-multifile \-\-verify' may not be
88
used with detached signatures.
89
.IP "\-\-verify-files [\fBfiles\fR]" 10
90
Identical to `\-\-multifile \-\-verify'.
91
.IP "\-\-encrypt-files [\fBfiles\fR]" 10
92
Identical to `\-\-multifile \-\-encrypt'.
93
.IP "\-\-decrypt-files [\fBfiles\fR]" 10
94
Identical to `\-\-multifile \-\-decrypt'.
95
.IP "\-\-list-keys [\fBnames\fR]" 10
96
.IP "\-\-list-public-keys [\fBnames\fR]" 10
97
List all keys from the public keyrings, or just the ones given on the
100
Avoid using the output of this command in scripts or other programs as
101
it is likely to change as GnuPG changes. See \-\-with-colons for a
102
machine-parseable key listing command that is appropriate for use in
103
scripts and other programs.
104
.IP "\-K, \-\-list-secret-keys [\fBnames\fR]" 10
105
List all keys from the secret keyrings, or just the ones given on the
106
command line. A '#' after the letters 'sec' means that the secret key
107
is not usable (for example, if it was created via
108
\-\-export-secret-subkeys).
109
.IP "\-\-list-sigs [\fBnames\fR]" 10
110
Same as \-\-list-keys, but the signatures are listed too.
112
For each signature listed, there are several flags in between the
113
"sig" tag and keyid. These flags give additional information about
114
each signature. From left to right, they are the numbers 1-3 for
115
certificate check level (see \-\-ask-cert-level), "L" for a local or
116
non-exportable signature (see \-\-lsign-key), "R" for a nonRevocable
117
signature (see the \-\-edit-key command "nrsign"), "P" for a signature
118
that contains a policy URL (see \-\-cert-policy-url), "N" for a
119
signature that contains a notation (see \-\-cert-notation), "X" for an
120
eXpired signature (see \-\-ask-cert-expire), and the numbers 1-9 or "T"
121
for 10 and above to indicate trust signature levels (see the
122
\-\-edit-key command "tsign").
123
.IP "\-\-check-sigs [\fBnames\fR]" 10
124
Same as \-\-list-sigs, but the signatures are verified.
125
.IP "\-\-fingerprint [\fBnames\fR]" 10
126
List all keys with their fingerprints. This is the
127
same output as \-\-list-keys but with the additional output
128
of a line with the fingerprint. May also be combined
129
with \-\-list-sigs or \-\-check-sigs.
130
If this command is given twice, the fingerprints of all
131
secondary keys are listed too.
132
.IP "\-\-list-packets" 10
133
List only the sequence of packets. This is mainly
134
useful for debugging.
136
Generate a new key pair. This command is normally only used
139
There is an experimental feature which allows you to create keys
140
in batch mode. See the file \fBdoc/DETAILS\fP in the source distribution on how to use this.
141
.IP "\-\-edit-key \fBname\fR" 10
142
Present a menu which enables you to do all key
146
Make a signature on key of user \fBname\fR If the key is not yet
147
signed by the default user (or the users given with \-u), the program
148
displays the information of the key again, together with its
149
fingerprint and asks whether it should be signed. This question is
150
repeated for all users specified with
153
Same as "sign" but the signature is marked as non-exportable and will
154
therefore never be used by others. This may be used to make keys
155
valid only in the local environment.
157
Same as "sign" but the signature is marked as non-revocable and can
158
therefore never be revoked.
160
Make a trust signature. This is a signature that combines the notions
161
of certification (like a regular signature), and trust (like the
162
"trust" command). It is generally only useful in distinct communities
166
Note that "l" (for local / non-exportable), "nr" (for non-revocable,
167
and "t" (for trust) may be freely mixed and prefixed to "sign" to
168
create a signature of any type desired.
171
Revoke a signature. For every signature which has been generated by
172
one of the secret keys, GnuPG asks whether a revocation certificate
175
Change the owner trust value. This updates the
176
trust-db immediately and no save is required.
179
Disable or enable an entire key. A disabled key can not normally be
182
Create an alternate user id.
184
Create a photographic user id. This will prompt for a JPEG file that
185
will be embedded into the user ID. Note that a very large JPEG will
186
make for a very large key. Also note that some programs will display
187
your JPEG unchanged (GnuPG), and some programs will scale it to fit in
196
Add a subkey to this key.
198
Generate a key on a card and add it
201
Transfer the selected secret key (or the primary key if no key has
202
been selected) to a smartcard. The secret key in the keyring will be
203
replaced by a stub if the key could be stored successfully on the card
204
and you use the save command later. Only certain key types may be
205
transferred to the card. A sub menu allows you to select on what card
206
to store the key. Note that it is not possible to get that key back
207
from the card \- if the card gets broken your secret key will be lost
208
unless you have a backup somewhere.
209
.IP "bkuptocard \fBfile\fR" 10
210
Restore the given file to a card. This command
211
may be used to restore a backup key (as generated during card
212
initialization) to a new card. In almost all cases this will be the
213
encryption key. You should use this command only
214
with the corresponding public key and make sure that the file
215
given as argument is indeed the backup to restore. You should
216
then select 2 to restore as encryption key.
217
You will first be asked to enter the passphrase of the backup key and
218
then for the Admin PIN of the card.
221
.IP "addrevoker [sensitive]" 10
222
Add a designated revoker. This takes one optional argument:
223
"sensitive". If a designated revoker is marked as sensitive, it will
224
not be exported by default (see
229
Change the key expiration time. If a subkey is selected, the
230
expiration time of this subkey will be changed. With no selection,
231
the key expiration of the primary key is changed.
233
Change the passphrase of the secret key.
235
Flag the current user id as the primary one, removes the primary user
236
id flag from all other user ids and sets the timestamp of all affected
237
self-signatures one second ahead. Note that setting a photo user ID
238
as primary makes it primary over other photo user IDs, and setting a
239
regular user ID as primary makes it primary over other regular user
242
Toggle selection of user id with index \fBn\fR.
243
Use 0 to deselect all.
245
Toggle selection of subkey with index \fBn\fR.
246
Use 0 to deselect all.
248
Check all selected user ids.
250
Display the selected photographic user
253
List preferences from the selected user ID. This shows the actual
254
preferences, without including any implied preferences.
256
More verbose preferences listing for the selected user ID. This shows
257
the preferences in effect by including the implied preferences of 3DES
258
(cipher), SHA-1 (digest), and Uncompressed (compression) if they are
259
not already included in the preference list. In addition, the
260
preferred keyserver and signature notations (if any) are shown.
261
.IP "setpref \fBstring\fR" 10
262
Set the list of user ID preferences to \fBstring\fR for all (or just
263
the selected) user IDs. Calling setpref with no arguments sets the
264
preference list to the default (either built-in or set via
265
\-\-default-preference-list), and calling setpref with "none" as the
266
argument sets an empty preference list. Use "gpg \-\-version" to get a
267
list of available algorithms. Note that while you can change the
268
preferences on an attribute user ID (aka "photo ID"), GnuPG does not
269
select keys via attribute user IDs so these preferences will not be
272
Set a preferred keyserver for the specified user ID(s). This allows
273
other users to know where you prefer they get your key from. See
274
\-\-keyserver-options honor-keyserver-url for more on how this works.
275
Setting a value of "none" removes an existing preferred keyserver.
277
Set a name=value notation for the specified user ID(s). See
278
\-\-cert-notation for more on how this works. Setting a value of "none"
279
removes all notations, setting a notation prefixed with a minus sign
280
(\-) removes that notation, and setting a notation name (without the
281
=value) prefixed with a minus sign removes all notations with that
284
Toggle between public and secret key listing.
286
Compact (by removing all signatures except the selfsig) any user ID
287
that is no longer usable (e.g. revoked, or expired). Then, remove any
288
signatures that are not usable by the trust calculations.
289
Specifically, this removes any signature that does not validate, any
290
signature that is superseded by a later signature, revoked signatures,
291
and signatures issued by keys that are not present on the keyring.
293
Make the key as small as possible. This removes all signatures from
294
each user ID except for the most recent self-signature.
295
.IP "cross-certify" 10
296
Add cross-certification signatures to signing subkeys that may not
297
currently have them. Cross-certification signatures protect against a
298
subtle attack against signing subkeys. See
299
\-\-require-cross-certification.
301
Save all changes to the key rings and quit.
303
Quit the program without updating the
307
The listing shows you the key with its secondary
308
keys and all user ids. Selected keys or user ids
309
are indicated by an asterisk. The trust value is
310
displayed with the primary key: the first is the
311
assigned owner trust and the second is the calculated
312
trust value. Letters are used for the values:
315
No ownertrust assigned / not yet calculated.
318
calculation has failed; probably due to an expired key.
320
Not enough information for calculation.
322
Never trust this key.
330
.IP "\-\-card-edit" 10
331
Present a menu to work with a smartcard. The subcommand "help" provides
332
an overview on available commands. For a detailed description, please
333
see the Card HOWTO at
334
http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO .
335
.IP "\-\-card-status" 10
336
Show the content of the smart card.
337
.IP "\-\-change-pin" 10
338
Present a menu to allow changing the PIN of a smartcard. This
339
functionality is also available as the subcommand "passwd" with the
340
\-\-card-edit command.
341
.IP "\-\-sign-key \fBname\fR" 10
342
Signs a public key with your secret key. This is a shortcut version of
343
the subcommand "sign" from \-\-edit.
344
.IP "\-\-lsign-key \fBname\fR" 10
345
Signs a public key with your secret key but marks it as
346
non-exportable. This is a shortcut version of the subcommand "lsign"
348
.IP "\-\-delete-key \fBname\fR" 10
349
Remove key from the public keyring. In batch mode either \-\-yes is
350
required or the key must be specified by fingerprint. This is a
351
safeguard against accidental deletion of multiple keys.
352
.IP "\-\-delete-secret-key \fBname\fR" 10
353
Remove key from the secret and public keyring. In batch mode the key
354
must be specified by fingerprint.
355
.IP "\-\-delete-secret-and-public-key \fBname\fR" 10
356
Same as \-\-delete-key, but if a secret key exists, it will be removed
357
first. In batch mode the key must be specified by fingerprint.
358
.IP "\-\-gen-revoke \fBname\fR" 10
359
Generate a revocation certificate for the complete key. To revoke
360
a subkey or a signature, use the \-\-edit command.
361
.IP "\-\-desig-revoke \fBname\fR" 10
362
Generate a designated revocation certificate for a key. This allows a
363
user (with the permission of the keyholder) to revoke someone else's
365
.IP "\-\-export [\fBnames\fR]" 10
366
Either export all keys from all keyrings (default
367
keyrings and those registered via option \-\-keyring),
368
or if at least one name is given, those of the given
369
name. The new keyring is written to stdout or to
370
the file given with option "output". Use together
371
with \-\-armor to mail those keys.
372
.IP "\-\-send-keys [\fBnames\fR]" 10
373
Same as \-\-export but sends the keys to a keyserver.
374
Option \-\-keyserver must be used to give the name
375
of this keyserver. Don't send your complete keyring
376
to a keyserver \- select only those keys which are new
378
.IP "\-\-export-secret-keys [\fBnames\fR]" 10
379
.IP "\-\-export-secret-subkeys [\fBnames\fR]" 10
380
Same as \-\-export, but exports the secret keys instead.
381
This is normally not very useful and a security risk.
382
The second form of the command has the special property to
383
render the secret part of the primary key useless; this is
384
a GNU extension to OpenPGP and other implementations can
385
not be expected to successfully import such a key.
387
See the option \-\-simple-sk-checksum if you want to import such an
388
exported key with an older OpenPGP implementation.
389
.IP "\-\-import [\fBfiles\fR]" 10
390
.IP "\-\-fast-import [\fBfiles\fR]" 10
391
Import/merge keys. This adds the given keys to the
392
keyring. The fast version is currently just a synonym.
394
There are a few other options which control how this command works.
395
Most notable here is the \-\-keyserver-options merge-only option which
396
does not insert new keys but does only the merging of new signatures,
397
user-IDs and subkeys.
398
.IP "\-\-recv-keys \fBkey IDs\fR" 10
399
Import the keys with the given key IDs from a keyserver. Option
400
\-\-keyserver must be used to give the name of this keyserver.
401
.IP "\-\-refresh-keys [\fBkey IDs\fR]" 10
402
Request updates from a keyserver for keys that already exist on the
403
local keyring. This is useful for updating a key with the latest
404
signatures, user IDs, etc. Calling this with no arguments will
405
refresh the entire keyring. Option \-\-keyserver must be used to give
406
the name of the keyserver for all keys that do not have preferred
407
keyservers set (see \-\-keyserver-options honor-keyserver-url).
408
.IP "\-\-search-keys \fBnames\fR" 10
409
Search the keyserver for the given names. Multiple names given here
410
will be joined together to create the search string for the keyserver.
411
Option \-\-keyserver must be used to give the name of this keyserver.
412
Keyservers that support different search methods allow using the
413
syntax specified in "How to specify a user ID" below. Note that
414
different keyserver types support different search methods. Currently
415
only LDAP supports them all.
416
.IP "\-\-fetch-keys \fBURIs\fR" 10
417
Retrieve keys located at the specified URIs. Note that different
418
installations of GnuPG may support different protocols (HTTP, FTP,
420
.IP "\-\-update-trustdb" 10
421
Do trust database maintenance. This command iterates over all keys
422
and builds the Web of Trust. This is an interactive command because it
423
may have to ask for the "ownertrust" values for keys. The user has to
424
give an estimation of how far she trusts the owner of the displayed
425
key to correctly certify (sign) other keys. GnuPG only asks for the
426
ownertrust value if it has not yet been assigned to a key. Using the
427
\-\-edit-key menu, the assigned value can be changed at any time.
428
.IP "\-\-check-trustdb" 10
429
Do trust database maintenance without user interaction. From time to
430
time the trust database must be updated so that expired keys or
431
signatures and the resulting changes in the Web of Trust can be
432
tracked. Normally, GnuPG will calculate when this is required and do
433
it automatically unless \-\-no-auto-check-trustdb is set. This command
434
can be used to force a trust database check at any time. The
435
processing is identical to that of \-\-update-trustdb but it skips keys
436
with a not yet defined "ownertrust".
438
For use with cron jobs, this command can be used together with \-\-batch
439
in which case the trust database check is done only if a check is
440
needed. To force a run even in batch mode add the option \-\-yes.
441
.IP "\-\-export-ownertrust" 10
442
Send the ownertrust values to stdout. This is useful for backup
443
purposes as these values are the only ones which can't be re-created
444
from a corrupted trust DB.
445
.IP "\-\-import-ownertrust [\fBfiles\fR]" 10
446
Update the trustdb with the ownertrust values stored
447
in \fBfiles\fR (or stdin if not given); existing
448
values will be overwritten.
449
.IP "\-\-rebuild-keydb-caches" 10
450
When updating from version 1.0.6 to 1.0.7 this command should be used
451
to create signature caches in the keyring. It might be handy in other
453
.IP "\-\-print-md \fBalgo\fR [\fBfiles\fR]" 10
454
.IP "\-\-print-mds [\fBfiles\fR]" 10
455
Print message digest of algorithm ALGO for all given files or stdin.
456
With the second form (or a deprecated "*" as algo) digests for all
457
available algorithms are printed.
458
.IP "\-\-gen-random \fB0|1|2\fR [\fBcount\fR]" 10
459
Emit COUNT random bytes of the given quality level. If count is not given
460
or zero, an endless sequence of random bytes will be emitted.
461
PLEASE, don't use this command unless you know what you are doing; it may
462
remove precious entropy from the system!
463
.IP "\-\-gen-prime \fBmode\fR \fBbits\fR [\fBqbits\fR]" 10
464
Use the source, Luke :\-). The output format is still subject to change.
466
Print version information along with a list
467
of supported algorithms.
468
.IP "\-\-warranty" 10
469
Print warranty information.
470
.IP "\-h, \-\-help" 10
471
Print usage information. This is a really long list even though it
472
doesn't list all options. For every option, consult this manual.
475
Long options can be put in an options file (default
476
"~/.gnupg/gpg.conf"). Short option names will not work \- for example,
477
"armor" is a valid option for the options file, while "a" is not. Do
478
not write the 2 dashes, but simply the name of the option and any
479
required arguments. Lines with a hash ('#') as the first
480
non-white-space character are ignored. Commands may be put in this
481
file too, but that is not generally useful as the command will execute
482
automatically with every execution of gpg.
484
\fBgpg\fR recognizes these options:
485
.IP "\-a, \-\-armor" 10
486
Create ASCII armored output.
487
.IP "\-o, \-\-output \fBfile\fR" 10
488
Write output to \fBfile\fR.
489
.IP "\-\-max-output \fBn\fR" 10
490
This option sets a limit on the number of bytes that will be generated
491
when processing a file. Since OpenPGP supports various levels of
492
compression, it is possible that the plaintext of a given message may
493
be significantly larger than the original OpenPGP message. While
494
GnuPG works properly with such messages, there is often a desire to
495
set a maximum file size that will be generated before processing is
496
forced to stop by the OS limits. Defaults to 0, which means "no
498
.IP "\-\-mangle-dos-filenames" 10
499
.IP "\-\-no-mangle-dos-filenames" 10
500
Older version of Windows cannot handle filenames with more than one
501
dot. \-\-mangle-dos-filenames causes GnuPG to replace (rather than add
502
to) the extension of an output filename to avoid this problem. This
503
option is off by default and has no effect on non-Windows platforms.
504
.IP "\-u, \-\-local-user \fBname\fR" 10
505
Use \fBname\fR as the key to sign with. Note that this option
506
overrides \-\-default-key.
507
.IP "\-\-default-key \fBname\fR" 10
508
Use \fBname\fR as the default key to sign with. If this option is not
509
used, the default key is the first key found in the secret keyring.
510
Note that \-u or \-\-local-user overrides this option.
511
.IP "\-r, \-\-recipient \fBname\fR" 10
512
Encrypt for user id \fBname\fR. If this option or \-\-hidden-recipient
513
is not specified, GnuPG asks for the user-id unless
514
\-\-default-recipient is given.
515
.IP "\-R, \-\-hidden-recipient \fBname\fR" 10
516
Encrypt for user ID \fBname\fR, but hide the key ID of this user's
517
key. This option helps to hide the receiver of the message and is a
518
limited countermeasure against traffic analysis. If this option or
519
\-\-recipient is not specified, GnuPG asks for the user ID unless
520
\-\-default-recipient is given.
521
.IP "\-\-default-recipient \fBname\fR" 10
522
Use \fBname\fR as default recipient if option \-\-recipient is not used and
523
don't ask if this is a valid one. \fBname\fR must be non-empty.
524
.IP "\-\-default-recipient-self" 10
525
Use the default key as default recipient if option \-\-recipient is not used and
526
don't ask if this is a valid one. The default key is the first one from the
527
secret keyring or the one set with \-\-default-key.
528
.IP "\-\-no-default-recipient" 10
529
Reset \-\-default-recipient and \-\-default-recipient-self.
530
.IP "\-\-encrypt-to \fBname\fR" 10
531
Same as \-\-recipient but this one is intended for use
532
in the options file and may be used with
533
your own user-id as an "encrypt-to-self". These keys
534
are only used when there are other recipients given
535
either by use of \-\-recipient or by the asked user id.
536
No trust checking is performed for these user ids and
537
even disabled keys can be used.
538
.IP "\-\-hidden-encrypt-to \fBname\fR" 10
539
Same as \-\-hidden-recipient but this one is intended for use in the
540
options file and may be used with your own user-id as a hidden
541
"encrypt-to-self". These keys are only used when there are other
542
recipients given either by use of \-\-recipient or by the asked user id.
543
No trust checking is performed for these user ids and even disabled
545
.IP "\-\-no-encrypt-to" 10
546
Disable the use of all \-\-encrypt-to and \-\-hidden-encrypt-to keys.
547
.IP "\-v, \-\-verbose" 10
548
Give more information during processing. If used
549
twice, the input data is listed in detail.
550
.IP "\-q, \-\-quiet" 10
551
Try to be as quiet as possible.
553
.IP "\-\-compress-level \fBn\fR" 10
554
.IP "\-\-bzip2-compress-level \fBn\fR" 10
555
Set compression level to \fBn\fR for the ZIP and ZLIB compression
556
algorithms. The default is to use the default compression level of
557
zlib (normally 6). \-\-bzip2-compress-level sets the compression level
558
for the BZIP2 compression algorithm (defaulting to 6 as well). This
559
is a different option from \-\-compress-level since BZIP2 uses a
560
significant amount of memory for each additional compression level.
561
\-z sets both. A value of 0 for \fBn\fR disables compression.
562
.IP "\-\-bzip2-decompress-lowmem" 10
563
Use a different decompression method for BZIP2 compressed files. This
564
alternate method uses a bit more than half the memory, but also runs
565
at half the speed. This is useful under extreme low memory
566
circumstances when the file was originally compressed at a high
567
\-\-bzip2-compress-level.
568
.IP "\-t, \-\-textmode" 10
569
.IP "\-\-no-textmode" 10
570
Treat input files as text and store them in the OpenPGP canonical text
571
form with standard "CRLF" line endings. This also sets the necessary
572
flags to inform the recipient that the encrypted or signed data is
573
text and may need its line endings converted back to whatever the
574
local system uses. This option is useful when communicating between
575
two platforms that have different line ending conventions (UNIX-like
576
to Mac, Mac to Windows, etc). \-\-no-textmode disables this option, and
579
If \-t (but not \-\-textmode) is used together with armoring and signing,
580
this enables clearsigned messages. This kludge is needed for
581
command-line compatibility with command-line versions of PGP; normally
582
you would use \-\-sign or \-\-clearsign to select the type of the
584
.IP "\-n, \-\-dry-run" 10
585
Don't make any changes (this is not completely implemented).
586
.IP "\-i, \-\-interactive" 10
587
Prompt before overwriting any files.
589
.IP "\-\-no-batch" 10
590
Use batch mode. Never ask, do not allow interactive commands.
591
\-\-no-batch disables this option.
593
Make sure that the TTY (terminal) is never used for any output.
594
This option is needed in some cases because GnuPG sometimes prints
595
warnings to the TTY if \-\-batch is used.
597
Assume "yes" on most questions.
599
Assume "no" on most questions.
600
.IP "\-\-ask-cert-level" 10
601
.IP "\-\-no-ask-cert-level" 10
602
When making a key signature, prompt for a certification level. If
603
this option is not specified, the certification level used is set via
604
\-\-default-cert-level. See \-\-default-cert-level for information on the
605
specific levels and how they are used. \-\-no-ask-cert-level disables
606
this option. This option defaults to no.
607
.IP "\-\-default-cert-level \fBn\fR" 10
608
The default to use for the check level when signing a key.
610
0 means you make no particular claim as to how carefully you verified
613
1 means you believe the key is owned by the person who claims to own
614
it but you could not, or did not verify the key at all. This is
615
useful for a "persona" verification, where you sign the key of a
618
2 means you did casual verification of the key. For example, this
619
could mean that you verified that the key fingerprint and checked the
620
user ID on the key against a photo ID.
622
3 means you did extensive verification of the key. For example, this
623
could mean that you verified the key fingerprint with the owner of the
624
key in person, and that you checked, by means of a hard to forge
625
document with a photo ID (such as a passport) that the name of the key
626
owner matches the name in the user ID on the key, and finally that you
627
verified (by exchange of email) that the email address on the key
628
belongs to the key owner.
630
Note that the examples given above for levels 2 and 3 are just that:
631
examples. In the end, it is up to you to decide just what "casual"
632
and "extensive" mean to you.
634
This option defaults to 0 (no particular claim).
635
.IP "\-\-min-cert-level" 10
636
When building the trust database, treat any signatures with a
637
certification level below this as invalid. Defaults to 2, which
638
disregards level 1 signatures. Note that level 0 "no particular
639
claim" signatures are always accepted.
640
.IP "\-\-trusted-key \fBlong key ID\fR" 10
641
Assume that the specified key (which must be given
642
as a full 8 byte key ID) is as trustworthy as one of
643
your own secret keys. This option is useful if you
644
don't want to keep your secret keys (or one of them)
645
online but still want to be able to check the validity of a given
646
recipient's or signator's key.
647
.IP "\-\-trust-model \fBpgp|classic|direct|always|auto\fR" 10
648
Set what trust model GnuPG should follow. The models are:
652
This is the Web of Trust combined with trust signatures as used in PGP
653
5.x and later. This is the default trust model when creating a new
656
This is the standard Web of Trust as used in PGP 2.x and earlier.
658
Key validity is set directly by the user and not calculated via the
661
Skip key validation and assume that used keys are always fully
662
trusted. You generally won't use this unless you are using some
663
external validation scheme. This option also suppresses the
664
"[uncertain]" tag printed with signature checks when there is no
665
evidence that the user ID is bound to the key.
667
Select the trust model depending on whatever the internal trust
668
database says. This is the default model if such a database already
671
.IP "\-\-always-trust" 10
672
Identical to `\-\-trust-model always'. This option is deprecated.
673
.IP "\-\-auto-key-locate \fBparameters\fR" 10
674
.IP "\-\-no-auto-key-locate" 10
675
GnuPG can automatically locate and retrieve keys as needed using this
676
option. This happens when encrypting to an email address (in the
677
"user@example.com" form), and there are no user@example.com keys on
678
the local keyring. This option takes any number of the following
679
arguments, in the order they are to be tried:
683
locate a key using DNS CERT, as specified in 2538bis (currently in
684
draft): http://www.josefsson.org/rfc2538bis/
686
locate a key using DNS PKA.
688
locate a key using the PGP Universal method of checking
689
"ldap://keys.(thedomain)".
691
locate a key using whatever keyserver is defined using the \-\-keyserver
693
.IP "(keyserver URL)" 10
694
In addition, a keyserver URL as used in the \-\-keyserver option may be
695
used here to query that particular keyserver.
697
.IP "\-\-keyid-format \fBshort|0xshort|long|0xlong\fR" 10
698
Select how to display key IDs. "short" is the traditional 8-character
699
key ID. "long" is the more accurate (but less convenient)
700
16-character key ID. Add an "0x" to either to include an "0x" at the
701
beginning of the key ID, as in 0x99242560.
702
.IP "\-\-keyserver \fBname\fR [name=value1 value2 value3 ...]" 10
703
Use \fBname\fR as your keyserver. This is the server that
704
\-\-recv-keys, \-\-send-keys, and \-\-search-keys will communicate with to
705
receive keys from, send keys to, and search for keys on. The format
706
of the \fBname\fR is a URI: `scheme:[//]keyservername[:port]' The
707
scheme is the type of keyserver: "hkp" for the HTTP (or compatible)
708
keyservers, "ldap" for the LDAP keyservers, or "mailto" for the Graff
709
email keyserver. Note that your particular installation of GnuPG may
710
have other keyserver types available as well. Keyserver schemes are
711
case-insensitive. After the keyserver name, optional keyserver
712
configuration options may be provided. These are the same as the
713
global \-\-keyserver-options from below, but apply only to this
714
particular keyserver.
716
Most keyservers synchronize with each other, so there is generally no
717
need to send keys to more than one server. The keyserver
718
"hkp://subkeys.pgp.net" uses round robin DNS to give a different
719
keyserver each time you use it.
720
.IP "\-\-keyserver-options \fBname=value1 [value2 value3 ...]\fR" 10
721
This is a space or comma delimited string that gives options for the
722
keyserver. Options can be prepended with a `no-' to give the opposite
723
meaning. Valid import-options or export-options may be used here as
724
well to apply to importing (\-\-recv-key) or exporting (\-\-send-key) a
725
key from a keyserver. While not all options are available for all
726
keyserver types, some common options are:
728
.IP "include-revoked" 10
729
When searching for a key with \-\-search-keys, include keys that are
730
marked on the keyserver as revoked. Note that not all keyservers
731
differentiate between revoked and unrevoked keys, and for such
732
keyservers this option is meaningless. Note also that most keyservers
733
do not have cryptographic verification of key revocations, and so
734
turning this option off may result in skipping keys that are
735
incorrectly marked as revoked.
736
.IP "include-disabled" 10
737
When searching for a key with \-\-search-keys, include keys that are
738
marked on the keyserver as disabled. Note that this option is not
739
used with HKP keyservers.
740
.IP "auto-key-retrieve" 10
741
This option enables the automatic retrieving of keys from a keyserver
742
when verifying signatures made by keys that are not on the local
745
Note that this option makes a "web bug" like behavior possible.
746
Keyserver operators can see which keys you request, so by sending you
747
a message signed by a brand new key (which you naturally will not have
748
on your local keyring), the operator can tell both your IP address and
749
the time when you verified the signature.
750
.IP "honor-keyserver-url" 10
751
When using \-\-refresh-keys, if the key in question has a preferred
752
keyserver URL, then use that preferred keyserver to refresh the key
753
from. In addition, if auto-key-retrieve is set, and the signature
754
being verified has a preferred keyserver URL, then use that preferred
755
keyserver to fetch the key from. Defaults to yes.
756
.IP "honor-pka-record" 10
757
If auto-key-retrieve is set, and the signature being verified has a
758
PKA record, then use the PKA information to fetch the key. Defaults
760
.IP "include-subkeys" 10
761
When receiving a key, include subkeys as potential targets. Note that
762
this option is not used with HKP keyservers, as they do not support
763
retrieving keys by subkey id.
764
.IP "use-temp-files" 10
765
On most Unix-like platforms, GnuPG communicates with the keyserver
766
helper program via pipes, which is the most efficient method. This
767
option forces GnuPG to use temporary files to communicate. On some
768
platforms (such as Win32 and RISC OS), this option is always enabled.
769
.IP "keep-temp-files" 10
770
If using `use-temp-files', do not delete the temp files after using
771
them. This option is useful to learn the keyserver communication
772
protocol by reading the temporary files.
774
Tell the keyserver helper program to be more verbose. This option can
775
be repeated multiple times to increase the verbosity level.
776
.IP "timeout[=value]" 10
777
Tell the keyserver helper program how long (in seconds) to try and
778
perform a keyserver action before giving up. Note that performing
779
multiple actions at the same time uses this timeout value per action.
780
For example, when retrieving multiple keys via \-\-recv-keys, the
781
timeout applies separately to each key retrieval, and not to the
782
\-\-recv-keys command as a whole. Defaults to 30 seconds.
783
.IP "http-proxy[=value]" 10
784
For HTTP-like keyserver schemes that (such as HKP and HTTP itself),
785
try to access the keyserver over a proxy. If a \fBvalue\fR is
786
specified, use this as the HTTP proxy. If no \fBvalue\fR is
787
specified, the value of the environment variable "http_proxy", if any,
789
.IP "max-cert-size[=value]" 10
790
When retrieving a key via DNS CERT, only accept keys up to this size.
791
Defaults to 16384 bytes.
793
.IP "\-\-import-options \fBparameters\fR" 10
794
This is a space or comma delimited string that gives options for
795
importing keys. Options can be prepended with a `no-' to give the
796
opposite meaning. The options are:
798
.IP "import-local-sigs" 10
799
Allow importing key signatures marked as "local". This is not
800
generally useful unless a shared keyring scheme is being used.
802
.IP "repair-pks-subkey-bug" 10
803
During import, attempt to repair the damage caused by the PKS
804
keyserver bug (pre version 0.9.6) that mangles keys with multiple
805
subkeys. Note that this cannot completely repair the damaged key as
806
some crucial data is removed by the keyserver, but it does at least
807
give you back one subkey. Defaults to no for regular \-\-import and to
808
yes for keyserver \-\-recv-keys.
810
During import, allow key updates to existing keys, but do not allow
811
any new keys to be imported. Defaults to no.
812
.IP "import-clean" 10
813
After import, compact (remove all signatures except the
814
self-signature) any user IDs from the new key that are not usable.
815
Then, remove any signatures from the new key that are not usable.
816
This includes signatures that were issued by keys that are not present
817
on the keyring. This option is the same as running the \-\-edit-key
818
command "clean" after import. Defaults to no.
819
.IP "import-minimal" 10
820
Import the smallest key possible. This removes all signatures except
821
the most recent self-signature on each user ID. This option is the
822
same as running the \-\-edit-key command "minimize" after import.
825
.IP "\-\-export-options \fBparameters\fR" 10
826
This is a space or comma delimited string that gives options for
827
exporting keys. Options can be prepended with a `no-' to give the
828
opposite meaning. The options are:
830
.IP "export-local-sigs" 10
831
Allow exporting key signatures marked as "local". This is not
832
generally useful unless a shared keyring scheme is being used.
834
.IP "export-attributes" 10
835
Include attribute user IDs (photo IDs) while exporting. This is
836
useful to export keys if they are going to be used by an OpenPGP
837
program that does not accept attribute user IDs. Defaults to yes.
838
.IP "export-sensitive-revkeys" 10
839
Include designated revoker information that was marked as
840
"sensitive". Defaults to no.
841
.IP "export-reset-subkey-passwd" 10
842
When using the "\-\-export-secret-subkeys" command, this option resets
843
the passphrases for all exported subkeys to empty. This is useful
844
when the exported subkey is to be used on an unattended machine where
845
a passphrase doesn't necessarily make sense. Defaults to no.
846
.IP "export-clean" 10
847
Compact (remove all signatures from) user IDs on the key being
848
exported if the user IDs are not usable. Also, do not export any
849
signatures that are not usable. This includes signatures that were
850
issued by keys that are not present on the keyring. This option is
851
the same as running the \-\-edit-key command "clean" before export
852
except that the local copy of the key is not modified. Defaults to
854
.IP "export-minimal" 10
855
Export the smallest key possible. This removes all signatures except
856
the most recent self-signature on each user ID. This option is the
857
same as running the \-\-edit-key command "minimize" before export except
858
that the local copy of the key is not modified. Defaults to no.
860
.IP "\-\-list-options \fBparameters\fR" 10
861
This is a space or comma delimited string that gives options used when
862
listing keys and signatures (that is, \-\-list-keys, \-\-list-sigs,
863
\-\-list-public-keys, \-\-list-secret-keys, and the \-\-edit-key functions).
864
Options can be prepended with a `no-' to give the opposite meaning.
868
Causes \-\-list-keys, \-\-list-sigs, \-\-list-public-keys, and
869
\-\-list-secret-keys to display any photo IDs attached to the key.
870
Defaults to no. See also \-\-photo-viewer.
871
.IP "show-policy-urls" 10
872
Show policy URLs in the \-\-list-sigs or \-\-check-sigs listings.
874
.IP "show-notations" 10
875
.IP "show-std-notations" 10
876
.IP "show-user-notations" 10
877
Show all, IETF standard, or user-defined signature notations in the
878
\-\-list-sigs or \-\-check-sigs listings. Defaults to no.
879
.IP "show-keyserver-urls" 10
880
Show any preferred keyserver URL in the \-\-list-sigs or \-\-check-sigs
881
listings. Defaults to no.
882
.IP "show-uid-validity" 10
883
Display the calculated validity of user IDs during key listings.
885
.IP "show-unusable-uids" 10
886
Show revoked and expired user IDs in key listings. Defaults to no.
887
.IP "show-unusable-subkeys" 10
888
Show revoked and expired subkeys in key listings. Defaults to no.
889
.IP "show-keyring" 10
890
Display the keyring name at the head of key listings to show which
891
keyring a given key resides on. Defaults to no.
892
.IP "show-sig-expire" 10
893
Show signature expiration dates (if any) during \-\-list-sigs or
894
\-\-check-sigs listings. Defaults to no.
895
.IP "show-sig-subpackets" 10
896
Include signature subpackets in the key listing. This option can take
897
an optional argument list of the subpackets to list. If no argument
898
is passed, list all subpackets. Defaults to no. This option is only
899
meaningful when using \-\-with-colons along with \-\-list-sigs or
902
.IP "\-\-verify-options \fBparameters\fR" 10
903
This is a space or comma delimited string that gives options used when
904
verifying signatures. Options can be prepended with a `no-' to give
905
the opposite meaning. The options are:
908
Display any photo IDs present on the key that issued the signature.
909
Defaults to no. See also \-\-photo-viewer.
910
.IP "show-policy-urls" 10
911
Show policy URLs in the signature being verified. Defaults to no.
912
.IP "show-notations" 10
913
.IP "show-std-notations" 10
914
.IP "show-user-notations" 10
915
Show all, IETF standard, or user-defined signature notations in the
916
signature being verified. Defaults to IETF standard.
917
.IP "show-keyserver-urls" 10
918
Show any preferred keyserver URL in the signature being verified.
920
.IP "show-uid-validity" 10
921
Display the calculated validity of the user IDs on the key that issued
922
the signature. Defaults to no.
923
.IP "show-unusable-uids" 10
924
Show revoked and expired user IDs during signature verification.
927
Enable PKA lookups to verify sender addresses. Note that PKA is based
928
on DNS, and so enabling this option may disclose information on when
929
and what signatures are verified or to whom data is encrypted. This
930
is similar to the "web bug" described for the auto-key-retrieve
932
.IP "pka-trust-increase" 10
933
Raise the trust in a signature to full if the signature passes PKA
934
validation. This option is only meaningful if pka-lookups is set.
936
.IP "\-\-enable-dsa2" 10
937
.IP "\-\-disable-dsa2" 10
938
Enables new-style DSA keys which (unlike the old style) may be larger
939
than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note
940
that very few programs currently support these keys and signatures
942
.IP "\-\-show-photos" 10
943
.IP "\-\-no-show-photos" 10
944
Causes \-\-list-keys, \-\-list-sigs, \-\-list-public-keys,
945
\-\-list-secret-keys, and verifying a signature to also display the
946
photo ID attached to the key, if any. See also \-\-photo-viewer. These
947
options are deprecated. Use `\-\-list-options [no-]show-photos' and/or
948
`\-\-verify-options [no-]show-photos' instead.
949
.IP "\-\-photo-viewer \fBstring\fR" 10
950
This is the command line that should be run to view a photo ID. "%i"
951
will be expanded to a filename containing the photo. "%I" does the
952
same, except the file will not be deleted once the viewer exits.
953
Other flags are "%k" for the key ID, "%K" for the long key ID, "%f"
954
for the key fingerprint, "%t" for the extension of the image type
955
(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
956
and "%%" for an actual percent sign. If neither %i or %I are present,
957
then the photo will be supplied to the viewer on standard input.
959
The default viewer is "xloadimage \-fork \-quiet \-title 'KeyID 0x%k'
960
stdin". Note that if your image viewer program is not secure, then
961
executing it from GnuPG does not make it secure.
962
.IP "\-\-exec-path \fBstring\fR" 10
963
Sets a list of directories to search for photo viewers and keyserver
964
helpers. If not provided, keyserver helpers use the compiled-in
965
default directory, and photo viewers use the $PATH environment
967
Note, that on W32 system this value is ignored when searching for
969
.IP "\-\-show-keyring" 10
970
Display the keyring name at the head of key listings to show which
971
keyring a given key resides on. This option is deprecated: use
972
`\-\-list-options [no-]show-keyring' instead.
973
.IP "\-\-keyring \fBfile\fR" 10
974
Add \fBfile\fR to the current list of keyrings. If \fBfile\fR begins
975
with a tilde and a slash, these are replaced by the $HOME
976
directory. If the filename does not contain a slash, it is assumed to
977
be in the GnuPG home directory ("~/.gnupg" if \-\-homedir or $GNUPGHOME
980
Note that this adds a keyring to the current list. If the intent is
981
to use the specified keyring alone, use \-\-keyring along with
982
\-\-no-default-keyring.
983
.IP "\-\-secret-keyring \fBfile\fR" 10
984
Same as \-\-keyring but for the secret keyrings.
985
.IP "\-\-primary-keyring \fBfile\fR" 10
986
Designate \fBfile\fR as the primary public keyring. This means that
987
newly imported keys (via \-\-import or keyserver \-\-recv-from) will go to
989
.IP "\-\-trustdb-name \fBfile\fR" 10
990
Use \fBfile\fR instead of the default trustdb. If \fBfile\fR begins
991
with a tilde and a slash, these are replaced by the $HOME
992
directory. If the filename does not contain a slash, it is assumed to
993
be in the GnuPG home directory ("~/.gnupg" if \-\-homedir or $GNUPGHOME
995
.IP "\-\-homedir \fBdirectory\fR" 10
996
Set the name of the home directory to \fBdirectory\fR If this option is not
997
used it defaults to "~/.gnupg". It does not make sense to use this in
998
a options file. This also overrides the environment variable
1000
.IP "\-\-pcsc-driver \fBfile\fR" 10
1001
Use \fBfile\fR to access the smartcard reader. The current default is
1002
`libpcsclite.so.1' for GLIBC based systems,
1003
`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
1004
`winscard.dll' for Windows and `libpcsclite.so' for other systems.
1005
.IP "\-\-ctapi-driver \fBfile\fR" 10
1006
Use \fBfile\fR to access the smartcard reader. The current default
1007
is `libtowitoko.so'. Note that the use of this interface is
1008
deprecated; it may be removed in future releases.
1009
.IP "\-\-disable-ccid" 10
1010
Disable the integrated support for CCID compliant readers. This
1011
allows to fall back to one of the other drivers even if the internal
1012
CCID driver can handle the reader. Note, that CCID support is only
1013
available if libusb was available at build time.
1014
.IP "\-\-reader-port \fBnumber_or_string\fR" 10
1015
This option may be used to specify the port of the card terminal. A
1016
value of 0 refers to the first serial device; add 32768 to access USB
1017
devices. The default is 32768 (first USB device). PC/SC or CCID
1018
readers might need a string here; run the program in verbose mode to get
1019
a list of available readers. The default is then the first reader
1021
.IP "\-\-display-charset \fBname\fR" 10
1022
Set the name of the native character set. This is used to convert
1023
some informational strings like user IDs to the proper UTF-8 encoding.
1024
Note that this has nothing to do with the character set of data to be
1025
encrypted or signed; GnuPG does not recode user supplied data. If
1026
this option is not used, the default character set is determined from
1027
the current locale. A verbosity level of 3 shows the chosen set.
1028
Valid values for \fBname\fR are:
1031
This is the Latin 1 set.
1034
.IP "iso-8859-15" 10
1035
This is currently an alias for
1038
The usual Russian set (rfc1489).
1040
Bypass all translations and assume
1041
that the OS uses native UTF-8 encoding.
1043
.IP "\-\-utf8-strings" 10
1044
.IP "\-\-no-utf8-strings" 10
1045
Assume that command line arguments are given as UTF8 strings. The
1046
default (\-\-no-utf8-strings) is to assume that arguments are encoded in
1047
the character set as specified by \-\-display-charset. These options
1048
affect all following arguments. Both options may be used multiple
1050
.IP "\-\-options \fBfile\fR" 10
1051
Read options from \fBfile\fR and do not try to read
1052
them from the default options file in the homedir
1053
(see \-\-homedir). This option is ignored if used
1055
.IP "\-\-no-options" 10
1056
Shortcut for "\-\-options /dev/null". This option is
1057
detected before an attempt to open an option file.
1058
Using this option will also prevent the creation of a
1060
.IP "\-\-load-extension \fBname\fR" 10
1061
Load an extension module. If \fBname\fR does not contain a slash it is
1062
searched for in the directory configured when GnuPG was built
1063
(generally "/usr/local/lib/gnupg"). Extensions are not generally
1064
useful anymore, and the use of this option is deprecated.
1065
.IP "\-\-debug \fBflags\fR" 10
1066
Set debugging flags. All flags are or-ed and \fBflags\fR may
1067
be given in C syntax (e.g. 0x0042).
1068
.IP "\-\-debug-all" 10
1069
Set all useful debugging flags.
1070
.IP "\-\-debug-ccid-driver" 10
1071
Enable debug output from the included CCID driver for smartcards.
1072
Note that this option is only available on some system.
1073
.IP "\-\-enable-progress-filter" 10
1074
Enable certain PROGRESS status outputs. This option allows frontends
1075
to display a progress indicator while gpg is processing larger files.
1076
There is a slight performance overhead using it.
1077
.IP "\-\-status-fd \fBn\fR" 10
1078
Write special status strings to the file descriptor \fBn\fR.
1079
See the file DETAILS in the documentation for a listing of them.
1080
.IP "\-\-status-file \fBfile\fR" 10
1081
Same as \-\-status-fd, except the status data is written to file
1083
.IP "\-\-logger-fd \fBn\fR" 10
1084
Write log output to file descriptor \fBn\fR and not to stderr.
1085
.IP "\-\-logger-file \fBfile\fR" 10
1086
Same as \-\-logger-fd, except the logger data is written to file
1088
.IP "\-\-attribute-fd \fBn\fR" 10
1089
Write attribute subpackets to the file descriptor \fBn\fR. This is
1090
most useful for use with \-\-status-fd, since the status messages are
1091
needed to separate out the various subpackets from the stream
1092
delivered to the file descriptor.
1093
.IP "\-\-attribute-file \fBfile\fR" 10
1094
Same as \-\-attribute-fd, except the attribute data is written to file
1096
.IP "\-\-comment \fBstring\fR" 10
1097
.IP "\-\-no-comments" 10
1098
Use \fBstring\fR as a comment string in clear text signatures and
1099
ASCII armored messages or keys (see \-\-armor). The default behavior is
1100
not to use a comment string. \-\-comment may be repeated multiple times
1101
to get multiple comment strings. \-\-no-comments removes all comments.
1102
It is a good idea to keep the length of a single comment below 60
1103
characters to avoid problems with mail programs wrapping such lines.
1104
Note that comment lines, like all other header lines, are not
1105
protected by the signature.
1106
.IP "\-\-emit-version" 10
1107
.IP "\-\-no-emit-version" 10
1108
Force inclusion of the version string in ASCII armored output.
1109
\-\-no-emit-version disables this option.
1110
.IP "\-\-sig-notation \fBname=value\fR" 10
1111
.IP "\-\-cert-notation \fBname=value\fR" 10
1112
.IP "\-N, \-\-set-notation \fBname=value\fR" 10
1113
Put the name value pair into the signature as notation data.
1114
\fBname\fR must consist only of printable characters or spaces, and
1115
must contain a '@' character in the form keyname@domain.example.com
1116
(substituting the appropriate keyname and domain name, of course).
1117
This is to help prevent pollution of the IETF reserved notation
1118
namespace. The \-\-expert flag overrides the '@' check. \fBvalue\fR may be any printable string; it will be encoded in UTF8, so you should
1119
check that your \-\-display-charset is set correctly. If you prefix
1120
\fBname\fR with an exclamation mark (!), the notation data will be
1121
flagged as critical (rfc2440:5.2.3.15). \-\-sig-notation sets a
1122
notation for data signatures. \-\-cert-notation sets a notation for key
1123
signatures (certifications). \-\-set-notation sets both.
1125
There are special codes that may be used in notation names. "%k" will
1126
be expanded into the key ID of the key being signed, "%K" into the
1127
long key ID of the key being signed, "%f" into the fingerprint of the
1128
key being signed, "%s" into the key ID of the key making the
1129
signature, "%S" into the long key ID of the key making the signature,
1130
"%g" into the fingerprint of the key making the signature (which might
1131
be a subkey), "%p" into the fingerprint of the primary key of the key
1132
making the signature, "%c" into the signature count from the OpenPGP
1133
smartcard, and "%%" results in a single "%". %k, %K, and %f are only
1134
meaningful when making a key signature (certification), and %c is only
1135
meaningful when using the OpenPGP smartcard.
1136
.IP "\-\-show-notation" 10
1137
.IP "\-\-no-show-notation" 10
1138
Show signature notations in the \-\-list-sigs or \-\-check-sigs listings
1139
as well as when verifying a signature with a notation in it. These
1140
options are deprecated. Use `\-\-list-options [no-]show-notation'
1141
and/or `\-\-verify-options [no-]show-notation' instead.
1142
.IP "\-\-sig-policy-url \fBstring\fR" 10
1143
.IP "\-\-cert-policy-url \fBstring\fR" 10
1144
.IP "\-\-set-policy-url \fBstring\fR" 10
1145
Use \fBstring\fR as a Policy URL for signatures (rfc2440:5.2.3.19).
1146
If you prefix it with an exclamation mark (!), the policy URL packet
1147
will be flagged as critical. \-\-sig-policy-url sets a policy url for
1148
data signatures. \-\-cert-policy-url sets a policy url for key
1149
signatures (certifications). \-\-set-policy-url sets both.
1151
The same %\-expandos used for notation data are available here as well.
1152
.IP "\-\-show-policy-url" 10
1153
.IP "\-\-no-show-policy-url" 10
1154
Show policy URLs in the \-\-list-sigs or \-\-check-sigs listings as well
1155
as when verifying a signature with a policy URL in it. These options
1156
are deprecated. Use `\-\-list-options [no-]show-policy-url' and/or
1157
`\-\-verify-options [no-]show-policy-url' instead.
1158
.IP "\-\-sig-keyserver-url \fBstring\fR" 10
1159
Use \fBstring\fR as a preferred keyserver URL for data signatures. If
1160
you prefix it with an exclamation mark, the keyserver URL packet will
1161
be flagged as critical.
1163
The same %\-expandos used for notation data are available here as well.
1164
.IP "\-\-set-filename \fBstring\fR" 10
1165
Use \fBstring\fR as the filename which is stored inside messages.
1166
This overrides the default, which is to use the actual filename of the
1167
file being encrypted.
1168
.IP "\-\-for-your-eyes-only" 10
1169
.IP "\-\-no-for-your-eyes-only" 10
1170
Set the `for your eyes only' flag in the message. This causes GnuPG
1171
to refuse to save the file unless the \-\-output option is given, and
1172
PGP to use the "secure viewer" with a Tempest-resistant font to
1173
display the message. This option overrides \-\-set-filename.
1174
\-\-no-for-your-eyes-only disables this option.
1175
.IP "\-\-use-embedded-filename" 10
1176
.IP "\-\-no-use-embedded-filename" 10
1177
Try to create a file with a name as embedded in the data. This can be
1178
a dangerous option as it allows to overwrite files. Defaults to no.
1179
.IP "\-\-completes-needed \fBn\fR" 10
1180
Number of completely trusted users to introduce a new
1181
key signer (defaults to 1).
1182
.IP "\-\-marginals-needed \fBn\fR" 10
1183
Number of marginally trusted users to introduce a new
1184
key signer (defaults to 3)
1185
.IP "\-\-max-cert-depth \fBn\fR" 10
1186
Maximum depth of a certification chain (default is 5).
1187
.IP "\-\-cipher-algo \fBname\fR" 10
1188
Use \fBname\fR as cipher algorithm. Running the program with the
1189
command \-\-version yields a list of supported algorithms. If this is
1190
not used the cipher algorithm is selected from the preferences stored
1191
with the key. In general, you do not want to use this option as it
1192
allows you to violate the OpenPGP standard.
1193
\-\-personal-cipher-preferences is the safe way to accomplish the same
1195
.IP "\-\-digest-algo \fBname\fR" 10
1196
Use \fBname\fR as the message digest algorithm. Running the program
1197
with the command \-\-version yields a list of supported algorithms. In
1198
general, you do not want to use this option as it allows you to
1199
violate the OpenPGP standard. \-\-personal-digest-preferences is the
1200
safe way to accomplish the same thing.
1201
.IP "\-\-compress-algo \fBname\fR" 10
1202
Use compression algorithm \fBname\fR. "zlib" is RFC-1950 ZLIB
1203
compression. "zip" is RFC-1951 ZIP compression which is used by PGP.
1204
"bzip2" is a more modern compression scheme that can compress some
1205
things better than zip or zlib, but at the cost of more memory used
1206
during compression and decompression. "uncompressed" or "none"
1207
disables compression. If this option is not used, the default
1208
behavior is to examine the recipient key preferences to see which
1209
algorithms the recipient supports. If all else fails, ZIP is used for
1210
maximum compatibility.
1212
ZLIB may give better compression results than ZIP, as the compression
1213
window size is not limited to 8k. BZIP2 may give even better
1214
compression results than that, but will use a significantly larger
1215
amount of memory while compressing and decompressing. This may be
1216
significant in low memory situations. Note, however, that PGP (all
1217
versions) only supports ZIP compression. Using any algorithm other
1218
than ZIP or "none" will make the message unreadable with PGP. In
1219
general, you do not want to use this option as it allows you to
1220
violate the OpenPGP standard. \-\-personal-compress-preferences is the
1221
safe way to accomplish the same thing.
1222
.IP "\-\-cert-digest-algo \fBname\fR" 10
1223
Use \fBname\fR as the message digest algorithm used when signing a
1224
key. Running the program with the command \-\-version yields a list of
1225
supported algorithms. Be aware that if you choose an algorithm that
1226
GnuPG supports but other OpenPGP implementations do not, then some
1227
users will not be able to use the key signatures you make, or quite
1228
possibly your entire key.
1229
.IP "\-\-s2k-cipher-algo \fBname\fR" 10
1230
Use \fBname\fR as the cipher algorithm used to protect secret keys.
1231
The default cipher is CAST5. This cipher is also used for
1232
conventional encryption if \-\-personal-cipher-preferences and
1233
\-\-cipher-algo is not given.
1234
.IP "\-\-s2k-digest-algo \fBname\fR" 10
1235
Use \fBname\fR as the digest algorithm used to mangle the passphrases.
1236
The default algorithm is SHA-1.
1237
.IP "\-\-s2k-mode \fBn\fR" 10
1238
Selects how passphrases are mangled. If \fBn\fR is 0 a plain
1239
passphrase (which is not recommended) will be used, a 1 adds a salt to
1240
the passphrase and a 3 (the default) iterates the whole process a
1241
couple of times. Unless \-\-rfc1991 is used, this mode is also used for
1242
conventional encryption.
1243
.IP "\-\-simple-sk-checksum" 10
1244
Secret keys are integrity protected by using a SHA-1 checksum. This
1245
method is part of the upcoming enhanced OpenPGP specification but
1246
GnuPG already uses it as a countermeasure against certain attacks.
1247
Old applications don't understand this new format, so this option may
1248
be used to switch back to the old behaviour. Using this option bears
1249
a security risk. Note that using this option only takes effect when
1250
the secret key is encrypted \- the simplest way to make this happen is
1251
to change the passphrase on the key (even changing it to the same
1252
value is acceptable).
1253
.IP "\-\-disable-cipher-algo \fBname\fR" 10
1254
Never allow the use of \fBname\fR as cipher algorithm.
1255
The given name will not be checked so that a later loaded algorithm
1256
will still get disabled.
1257
.IP "\-\-disable-pubkey-algo \fBname\fR" 10
1258
Never allow the use of \fBname\fR as public key algorithm.
1259
The given name will not be checked so that a later loaded algorithm
1260
will still get disabled.
1261
.IP "\-\-no-sig-cache" 10
1262
Do not cache the verification status of key signatures.
1263
Caching gives a much better performance in key listings. However, if
1264
you suspect that your public keyring is not save against write
1265
modifications, you can use this option to disable the caching. It
1266
probably does not make sense to disable it because all kind of damage
1267
can be done if someone else has write access to your public keyring.
1268
.IP "\-\-no-sig-create-check" 10
1269
GnuPG normally verifies each signature right after creation to protect
1270
against bugs and hardware malfunctions which could leak out bits from
1271
the secret key. This extra verification needs some time (about 115%
1272
for DSA keys), and so this option can be used to disable it.
1273
However, due to the fact that the signature creation needs manual
1274
interaction, this performance penalty does not matter in most settings.
1275
.IP "\-\-auto-check-trustdb" 10
1276
.IP "\-\-no-auto-check-trustdb" 10
1277
If GnuPG feels that its information about the Web of Trust has to be
1278
updated, it automatically runs the \-\-check-trustdb command internally.
1279
This may be a time consuming process. \-\-no-auto-check-trustdb
1280
disables this option.
1281
.IP "\-\-throw-keyids" 10
1282
.IP "\-\-no-throw-keyids" 10
1283
Do not put the recipient key IDs into encrypted messages. This helps
1284
to hide the receivers of the message and is a limited countermeasure
1285
against traffic analysis. On the receiving side, it may slow down the
1286
decryption process because all available secret keys must be tried.
1287
\-\-no-throw-keyids disables this option. This option is essentially
1288
the same as using \-\-hidden-recipient for all recipients.
1289
.IP "\-\-not-dash-escaped" 10
1290
This option changes the behavior of cleartext signatures
1291
so that they can be used for patch files. You should not
1292
send such an armored file via email because all spaces
1293
and line endings are hashed too. You can not use this
1294
option for data which has 5 dashes at the beginning of a
1295
line, patch files don't have this. A special armor header
1296
line tells GnuPG about this cleartext signature option.
1297
.IP "\-\-escape-from-lines" 10
1298
.IP "\-\-no-escape-from-lines" 10
1299
Because some mailers change lines starting with "From " to ">From
1300
" it is good to handle such lines in a special way when creating
1301
cleartext signatures to prevent the mail system from breaking the
1302
signature. Note that all other PGP versions do it this way too.
1303
Enabled by default. \-\-no-escape-from-lines disables this option.
1304
.IP "\-\-passphrase-fd \fBn\fR" 10
1305
Read the passphrase from file descriptor \fBn\fR. Only the first line
1306
will be read from file descriptor \fBn\fR. If you use 0 for \fBn\fR,
1307
the passphrase will be read from stdin. This can only be used if only
1308
one passphrase is supplied.
1309
.IP "\-\-passphrase-file \fBfile\fR" 10
1310
Read the passphrase from file \fBfile\fR. Only the first line will
1311
be read from file \fBfile\fR. This can only be used if only one
1312
passphrase is supplied. Obviously, a passphrase stored in a file is
1313
of questionable security if other users can read this file. Don't use
1314
this option if you can avoid it.
1315
.IP "\-\-passphrase \fBstring\fR" 10
1316
Use \fBstring\fR as the passphrase. This can only be used if only one
1317
passphrase is supplied. Obviously, this is of very questionable
1318
security on a multi-user system. Don't use this option if you can
1320
.IP "\-\-command-fd \fBn\fR" 10
1321
This is a replacement for the deprecated shared-memory IPC mode.
1322
If this option is enabled, user input on questions is not expected
1323
from the TTY but from the given file descriptor. It should be used
1324
together with \-\-status-fd. See the file doc/DETAILS in the source
1325
distribution for details on how to use it.
1326
.IP "\-\-command-file \fBfile\fR" 10
1327
Same as \-\-command-fd, except the commands are read out of file
1329
.IP "\-\-use-agent" 10
1330
.IP "\-\-no-use-agent" 10
1331
Try to use the GnuPG-Agent. Please note that this agent is still under
1332
development. With this option, GnuPG first tries to connect to the
1333
agent before it asks for a passphrase. \-\-no-use-agent disables this
1335
.IP "\-\-gpg-agent-info" 10
1336
Override the value of the environment variable
1337
\fBGPG_AGENT_INFO\fP. This is only used when \-\-use-agent has been given
1338
.IP "Compliance options" 10
1339
These options control what GnuPG is compliant to. Only one of these
1340
options may be active at a time. Note that the default setting of
1341
this is nearly always the correct one. See the INTEROPERABILITY WITH
1342
OTHER OPENPGP PROGRAMS section below before using one of these
1346
Use standard GnuPG behavior. This is essentially OpenPGP behavior
1347
(see \-\-openpgp), but with some additional workarounds for common
1348
compatibility problems in different versions of PGP. This is the
1349
default option, so it is not generally needed, but it may be useful to
1350
override a different compliance option in the gpg.conf file.
1351
.IP "\-\-openpgp" 10
1352
Reset all packet, cipher and digest options to strict OpenPGP
1353
behavior. Use this option to reset all previous options like
1354
\-\-rfc1991, \-\-force-v3-sigs, \-\-s2k-*, \-\-cipher-algo, \-\-digest-algo and
1355
\-\-compress-algo to OpenPGP compliant values. All PGP workarounds are
1357
.IP "\-\-rfc2440" 10
1358
Reset all packet, cipher and digest options to strict RFC-2440
1359
behavior. Note that this is currently the same thing as \-\-openpgp.
1360
.IP "\-\-rfc1991" 10
1361
Try to be more RFC-1991 (PGP 2.x) compliant.
1363
Set up all options to be as PGP 2.x compliant as possible, and warn if
1364
an action is taken (e.g. encrypting to a non-RSA key) that will create
1365
a message that PGP 2.x will not be able to handle. Note that `PGP
1366
2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
1367
available, but the MIT release is a good common baseline.
1369
This option implies `\-\-rfc1991 \-\-disable-mdc \-\-no-force-v4-certs
1370
\-\-no-sk-comment \-\-escape-from-lines \-\-force-v3-sigs
1371
\-\-no-ask-sig-expire \-\-no-ask-cert-expire \-\-cipher-algo IDEA
1372
\-\-digest-algo MD5 \-\-compress-algo 1'. It also disables \-\-textmode
1375
Set up all options to be as PGP 6 compliant as possible. This
1376
restricts you to the ciphers IDEA (if the IDEA plugin is installed),
1377
3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the
1378
compression algorithms none and ZIP. This also disables
1379
\-\-throw-keyids, and making signatures with signing subkeys as PGP 6
1380
does not understand signatures made by signing subkeys.
1382
This option implies `\-\-disable-mdc \-\-no-sk-comment \-\-escape-from-lines
1383
\-\-force-v3-sigs \-\-no-ask-sig-expire'
1385
Set up all options to be as PGP 7 compliant as possible. This is
1386
identical to \-\-pgp6 except that MDCs are not disabled, and the list of
1387
allowable ciphers is expanded to add AES128, AES192, AES256, and
1390
Set up all options to be as PGP 8 compliant as possible. PGP 8 is a
1391
lot closer to the OpenPGP standard than previous versions of PGP, so
1392
all this does is disable \-\-throw-keyids and set \-\-escape-from-lines.
1393
All algorithms are allowed except for the SHA224, SHA384, and SHA512
1396
.IP "\-\-force-v3-sigs" 10
1397
.IP "\-\-no-force-v3-sigs" 10
1398
OpenPGP states that an implementation should generate v4 signatures
1399
but PGP versions 5 through 7 only recognize v4 signatures on key
1400
material. This option forces v3 signatures for signatures on data.
1401
Note that this option overrides \-\-ask-sig-expire, as v3 signatures
1402
cannot have expiration dates. \-\-no-force-v3-sigs disables this
1404
.IP "\-\-force-v4-certs" 10
1405
.IP "\-\-no-force-v4-certs" 10
1406
Always use v4 key signatures even on v3 keys. This option also
1407
changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
1408
\-\-no-force-v4-certs disables this option.
1409
.IP "\-\-force-mdc" 10
1410
Force the use of encryption with a modification detection code. This
1411
is always used with the newer ciphers (those with a blocksize greater
1412
than 64 bits), or if all of the recipient keys indicate MDC support in
1413
their feature flags.
1414
.IP "\-\-disable-mdc" 10
1415
Disable the use of the modification detection code. Note that by
1416
using this option, the encrypted message becomes vulnerable to a
1417
message modification attack.
1418
.IP "\-\-allow-non-selfsigned-uid" 10
1419
.IP "\-\-no-allow-non-selfsigned-uid" 10
1420
Allow the import and use of keys with user IDs which are not
1421
self-signed. This is not recommended, as a non self-signed user ID is
1422
trivial to forge. \-\-no-allow-non-selfsigned-uid disables.
1423
.IP "\-\-allow-freeform-uid" 10
1424
Disable all checks on the form of the user ID while generating a new
1425
one. This option should only be used in very special environments as
1426
it does not ensure the de-facto standard format of user IDs.
1427
.IP "\-\-ignore-time-conflict" 10
1428
GnuPG normally checks that the timestamps associated with keys and
1429
signatures have plausible values. However, sometimes a signature
1430
seems to be older than the key due to clock problems. This option
1431
makes these checks just a warning. See also \-\-ignore-valid-from for
1432
timestamp issues on subkeys.
1433
.IP "\-\-ignore-valid-from" 10
1434
GnuPG normally does not select and use subkeys created in the future.
1435
This option allows the use of such keys and thus exhibits the
1436
pre-1.0.7 behaviour. You should not use this option unless you there
1437
is some clock problem. See also \-\-ignore-time-conflict for timestamp
1438
issues with signatures.
1439
.IP "\-\-ignore-crc-error" 10
1440
The ASCII armor used by OpenPGP is protected by a CRC checksum against
1441
transmission errors. Occasionally the CRC gets mangled somewhere on
1442
the transmission channel but the actual content (which is protected by
1443
the OpenPGP protocol anyway) is still okay. This option allows GnuPG
1444
to ignore CRC errors.
1445
.IP "\-\-ignore-mdc-error" 10
1446
This option changes a MDC integrity protection failure into a warning.
1447
This can be useful if a message is partially corrupt, but it is
1448
necessary to get as much data as possible out of the corrupt message.
1449
However, be aware that a MDC protection failure may also mean that the
1450
message was tampered with intentionally by an attacker.
1451
.IP "\-\-lock-once" 10
1452
Lock the databases the first time a lock is requested
1453
and do not release the lock until the process
1455
.IP "\-\-lock-multiple" 10
1456
Release the locks every time a lock is no longer
1457
needed. Use this to override a previous \-\-lock-once
1459
.IP "\-\-lock-never" 10
1460
Disable locking entirely. This option should be used only in very
1461
special environments, where it can be assured that only one process
1462
is accessing those files. A bootable floppy with a stand-alone
1463
encryption system will probably use this. Improper usage of this
1464
option may lead to data and key corruption.
1465
.IP "\-\-exit-on-status-write-error" 10
1466
This option will cause write errors on the status FD to immediately
1467
terminate the process. That should in fact be the default but it
1468
never worked this way and thus we need an option to enable this, so
1469
that the change won't break applications which close their end of a
1470
status fd connected pipe too early. Using this option along with
1471
\-\-enable-progress-filter may be used to cleanly cancel long running
1473
.IP "\-\-limit-card-insert-tries \fBn\fR" 10
1474
With \fBn\fR greater than 0 the number of prompts asking to insert a
1475
smartcard gets limited to N-1. Thus with a value of 1 gpg won't at
1476
all ask to insert a card if none has been inserted at startup. This
1477
option is useful in the configuration file in case an application does
1478
not know about the smartcard support and waits ad infinitum for an
1480
.IP "\-\-no-random-seed-file" 10
1481
GnuPG uses a file to store its internal random pool over invocations.
1482
This makes random generation faster; however sometimes write operations
1483
are not desired. This option can be used to achieve that with the cost of
1484
slower random generation.
1485
.IP "\-\-no-verbose" 10
1486
Reset verbose level to 0.
1487
.IP "\-\-no-greeting" 10
1488
Suppress the initial copyright message.
1489
.IP "\-\-no-secmem-warning" 10
1490
Suppress the warning about "using insecure memory".
1491
.IP "\-\-no-permission-warning" 10
1492
Suppress the warning about unsafe file and home directory (\-\-homedir)
1493
permissions. Note that the permission checks that GnuPG performs are
1494
not intended to be authoritative, but rather they simply warn about
1495
certain common permission problems. Do not assume that the lack of a
1496
warning means that your system is secure.
1498
Note that the warning for unsafe \-\-homedir permissions cannot be
1499
suppressed in the gpg.conf file, as this would allow an attacker to
1500
place an unsafe gpg.conf file in place, and use this file to suppress
1501
warnings about itself. The \-\-homedir permissions warning may only be
1502
suppressed on the command line.
1503
.IP "\-\-no-mdc-warning" 10
1504
Suppress the warning about missing MDC integrity protection.
1505
.IP "\-\-require-secmem" 10
1506
.IP "\-\-no-require-secmem" 10
1507
Refuse to run if GnuPG cannot get secure memory. Defaults to no
1508
(i.e. run, but give a warning).
1509
.IP "\-\-no-armor" 10
1510
Assume the input data is not in ASCII armored format.
1511
.IP "\-\-no-default-keyring" 10
1512
Do not add the default keyrings to the list of keyrings. Note that
1513
GnuPG will not operate without any keyrings, so if you use this option
1514
and do not provide alternate keyrings via \-\-keyring or
1515
\-\-secret-keyring, then GnuPG will still use the default public or
1517
.IP "\-\-skip-verify" 10
1518
Skip the signature verification step. This may be
1519
used to make the decryption faster if the signature
1520
verification is not needed.
1521
.IP "\-\-with-colons" 10
1522
Print key listings delimited by colons. Note that the output will be
1523
encoded in UTF-8 regardless of any \-\-display-charset setting. This
1524
format is useful when GnuPG is called from scripts and other programs
1525
as it is easily machine parsed. The details of this format are
1526
documented in the file doc/DETAILS, which is included in the GnuPG
1527
source distribution.
1528
.IP "\-\-with-key-data" 10
1529
Print key listings delimited by colons (like \-\-with-colons) and print the public key data.
1530
.IP "\-\-with-fingerprint" 10
1531
Same as the command \-\-fingerprint but changes only the format of the output
1532
and may be used together with another command.
1533
.IP "\-\-fast-list-mode" 10
1534
Changes the output of the list commands to work faster; this is achieved
1535
by leaving some parts empty. Some applications don't need the user ID and
1536
the trust information given in the listings. By using this options they
1537
can get a faster listing. The exact behaviour of this option may change
1539
.IP "\-\-fixed-list-mode" 10
1540
Do not merge primary user ID and primary key in \-\-with-colon listing
1541
mode and print all timestamps as seconds since 1970-01-01.
1542
.IP "\-\-list-only" 10
1543
Changes the behaviour of some commands. This is like \-\-dry-run but
1544
different in some cases. The semantic of this command may be extended in
1545
the future. Currently it only skips the actual decryption pass and
1546
therefore enables a fast listing of the encryption keys.
1547
.IP "\-\-no-literal" 10
1548
This is not for normal use. Use the source to see for what it might be useful.
1549
.IP "\-\-set-filesize" 10
1550
This is not for normal use. Use the source to see for what it might be useful.
1551
.IP "\-\-show-session-key" 10
1552
Display the session key used for one message. See \-\-override-session-key
1553
for the counterpart of this option.
1555
We think that Key Escrow is a Bad Thing; however the user should have
1556
the freedom to decide whether to go to prison or to reveal the content
1557
of one specific message without compromising all messages ever
1558
encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY
1560
.IP "\-\-override-session-key \fBstring\fR" 10
1561
Don't use the public key but the session key \fBstring\fR. The format of this
1562
string is the same as the one printed by \-\-show-session-key. This option
1563
is normally not used but comes handy in case someone forces you to reveal the
1564
content of an encrypted message; using this option you can do this without
1565
handing out the secret key.
1566
.IP "\-\-require-cross-certification" 10
1567
.IP "\-\-no-require-certification" 10
1568
When verifying a signature made from a subkey, ensure that the cross
1569
certification "back signature" on the subkey is present and valid.
1570
This protects against a subtle attack against subkeys that can sign.
1571
Currently defaults to \-\-no-require-cross-certification, but will be
1572
changed to \-\-require-cross-certification in the future.
1573
.IP "\-\-ask-sig-expire" 10
1574
.IP "\-\-no-ask-sig-expire" 10
1575
When making a data signature, prompt for an expiration time. If this
1576
option is not specified, the expiration time set via
1577
\-\-default-sig-expire is used. \-\-no-ask-sig-expire disables this
1578
option. Note that by default, \-\-force-v3-sigs is set which also
1579
disables this option. If you want signature expiration, you must set
1580
\-\-no-force-v3-sigs as well as turning \-\-ask-sig-expire on.
1581
.IP "\-\-default-sig-expire" 10
1582
The default expiration time to use for signature expiration. Valid
1583
values are "0" for no expiration, a number followed by the letter d
1584
(for days), w (for weeks), m (for months), or y (for years) (for
1585
example "2m" for two months, or "5y" for five years), or an absolute
1586
date in the form YYYY-MM-DD. Defaults to "0".
1587
.IP "\-\-ask-cert-expire" 10
1588
.IP "\-\-no-ask-cert-expire" 10
1589
When making a key signature, prompt for an expiration time. If this
1590
option is not specified, the expiration time set via
1591
\-\-default-cert-expire is used. \-\-no-ask-cert-expire disables this
1593
.IP "\-\-default-cert-expire" 10
1594
The default expiration time to use for key signature expiration.
1595
Valid values are "0" for no expiration, a number followed by the
1596
letter d (for days), w (for weeks), m (for months), or y (for years)
1597
(for example "2m" for two months, or "5y" for five years), or an
1598
absolute date in the form YYYY-MM-DD. Defaults to "0".
1600
.IP "\-\-no-expert" 10
1601
Allow the user to do certain nonsensical or "silly" things like
1602
signing an expired or revoked key, or certain potentially incompatible
1603
things like generating unusual key types. This also disables certain
1604
warning messages about potentially incompatible actions. As the name
1605
implies, this option is for experts only. If you don't fully
1606
understand the implications of what it allows you to do, leave this
1607
off. \-\-no-expert disables this option.
1608
.IP "\-\-allow-secret-key-import" 10
1609
This is an obsolete option and is not used anywhere.
1610
.IP "\-\-try-all-secrets" 10
1611
Don't look at the key ID as stored in the message but try all secret
1612
keys in turn to find the right decryption key. This option forces the
1613
behaviour as used by anonymous recipients (created by using
1614
\-\-throw-keyids) and might come handy in case where an encrypted
1615
message contains a bogus key ID.
1616
.IP "\-\-allow-multisig-verification" 10
1617
Allow verification of concatenated signed messages. This will run a
1618
signature verification for each data+signature block. There are some
1619
security issues with this option and thus it is off by default. Note
1620
that versions of GPG prior to version 1.4.3 implicitly allowed this.
1621
.IP "\-\-enable-special-filenames" 10
1622
This options enables a mode in which filenames of the form
1623
\fB-&n\fP, where n is a non-negative decimal number,
1624
refer to the file descriptor n and not to a file with that name.
1625
.IP "\-\-no-expensive-trust-checks" 10
1626
Experimental use only.
1627
.IP "\-\-group \fBname=value1 [value2 value3 ...]\fR" 10
1628
Sets up a named group, which is similar to aliases in email programs.
1629
Any time the group name is a recipient (\-r or \-\-recipient), it will be
1630
expanded to the values specified. Multiple groups with the same name
1631
are automatically merged into a single group.
1633
The values are \fBkey IDs\fR or fingerprints, but any key description
1634
is accepted. Note that a value with spaces in it will be treated as
1635
two different values. Note also there is only one level of expansion
1636
\- you cannot make an group that points to another group. When used
1637
from the command line, it may be necessary to quote the argument to
1638
this option to prevent the shell from treating it as multiple
1640
.IP "\-\-ungroup \fBname\fR" 10
1641
Remove a given entry from the \-\-group list.
1642
.IP "\-\-no-groups" 10
1643
Remove all entries from the \-\-group list.
1644
.IP "\-\-preserve-permissions" 10
1645
Don't change the permissions of a secret keyring back to user
1646
read/write only. Use this option only if you really know what you are doing.
1647
.IP "\-\-personal-cipher-preferences \fBstring\fR" 10
1648
Set the list of personal cipher preferences to \fBstring\fR, this list
1649
should be a string similar to the one printed by the command "pref" in
1650
the edit menu. This allows the user to factor in their own preferred
1651
algorithms when algorithms are chosen via recipient key preferences.
1652
The most highly ranked cipher in this list is also used for the
1653
\-\-symmetric encryption command.
1654
.IP "\-\-personal-digest-preferences \fBstring\fR" 10
1655
Set the list of personal digest preferences to \fBstring\fR, this list
1656
should be a string similar to the one printed by the command "pref" in
1657
the edit menu. This allows the user to factor in their own preferred
1658
algorithms when algorithms are chosen via recipient key preferences.
1659
The most highly ranked digest algorithm in this list is algo used when
1660
signing without encryption (e.g. \-\-clearsign or \-\-sign). The default
1662
.IP "\-\-personal-compress-preferences \fBstring\fR" 10
1663
Set the list of personal compression preferences to \fBstring\fR, this
1664
list should be a string similar to the one printed by the command
1665
"pref" in the edit menu. This allows the user to factor in their own
1666
preferred algorithms when algorithms are chosen via recipient key
1667
preferences. The most highly ranked algorithm in this list is also
1668
used when there are no recipient keys to consider (e.g. \-\-symmetric).
1669
.IP "\-\-default-preference-list \fBstring\fR" 10
1670
Set the list of default preferences to \fBstring\fR. This preference
1671
list is used for new keys and becomes the default for "setpref" in the
1673
.IP "\-\-default-keyserver-url \fBname\fR" 10
1674
Set the default keyserver URL to \fBname\fR. This keyserver will be
1675
used as the keyserver URL when writing a new self-signature on a key,
1676
which includes key generation and changing preferences.
1677
.IP "\-\-list-config [\fBnames\fR]" 10
1678
Display various internal configuration parameters of GnuPG. This
1679
option is intended for external programs that call GnuPG to perform
1680
tasks, and is thus not generally useful. See the file
1681
\fBdoc/DETAILS\fP in the source distribution for the
1682
details of which configuration items may be listed. \-\-list-config is
1683
only usable with \-\-with-colons set.
1684
.SH "How to specify a user ID"
1686
There are different ways to specify a user ID to GnuPG; here are some
1694
Here the key ID is given in the usual short form.
1695
.IP "234AABBCC34567C4" 10
1696
.IP "0F323456784E56EAB" 10
1697
.IP "01AB3FED1347A5612" 10
1698
.IP "0x234AABBCC34567C4" 10
1699
Here the key ID is given in the long form as used by OpenPGP
1700
(you can get the long key ID using the option \-\-with-colons).
1701
.IP "1234343434343434C434343434343434" 10
1702
.IP "123434343434343C3434343434343734349A3434" 10
1703
.IP "0E12343434343434343434EAB3484343434343434" 10
1704
.IP "0xE12343434343434343434EAB3484343434343434" 10
1705
The best way to specify a key ID is by using the fingerprint of
1706
the key. This avoids any ambiguities in case that there are duplicated
1707
key IDs (which are really rare for the long key IDs).
1708
.IP "=Heinrich Heine <heinrichh@uni-duesseldorf.de>" 10
1709
Using an exact to match string. The equal sign indicates this.
1710
.IP "<heinrichh@uni-duesseldorf.de>" 10
1711
Using the email address part which must match exactly. The left angle bracket
1712
indicates this email address mode.
1714
Match within the <email.address> part of a user ID. The at sign
1715
indicates this email address mode.
1718
By case insensitive substring matching. This is the default mode but
1719
applications may want to explicitly indicate this by putting the asterisk
1722
Note that you can append an exclamation mark (!) to key IDs or
1723
fingerprints. This flag tells GnuPG to use the specified primary or
1724
secondary key and not to try and calculate which primary or secondary
1729
The program returns 0 if everything was fine, 1 if at least
1730
a signature was bad, and other error codes for fatal errors.
1733
.IP "gpg \-se \-r \fBBob\fR \fBfile\fR" 10
1734
sign and encrypt for user Bob
1735
.IP "gpg \-\-clearsign \fBfile\fR" 10
1736
make a clear text signature
1737
.IP "gpg \-sb \fBfile\fR" 10
1738
make a detached signature
1739
.IP "gpg \-\-list-keys \fBuser_ID\fR" 10
1741
.IP "gpg \-\-fingerprint \fBuser_ID\fR" 10
1743
.IP "gpg \-\-verify \fBpgpfile\fR" 10
1744
.IP "gpg \-\-verify \fBsigfile\fR [\fBfiles\fR]" 10
1745
Verify the signature of the file but do not output the data. The
1746
second form is used for detached signatures, where \fBsigfile\fR is the detached signature (either ASCII armored or binary) and
1747
[\fBfiles\fR] are the signed data; if this is not given, the name of
1748
the file holding the signed data is constructed by cutting off the
1749
extension (".asc" or ".sig") of \fBsigfile\fR or by asking the
1750
user for the filename.
1753
Used to locate the default home directory.
1755
If set directory used instead of "~/.gnupg".
1756
.IP "GPG_AGENT_INFO" 10
1757
Used to locate the gpg-agent; only honored when
1758
\-\-use-agent is set. The value consists of 3 colon delimited fields:
1759
The first is the path to the Unix Domain Socket, the second the PID of
1760
the gpg-agent and the protocol version which should be set to 1. When
1761
starting the gpg-agent as described in its documentation, this
1762
variable is set to the correct value. The option \-\-gpg-agent-info can
1763
be used to override it.
1766
Used to size some displays to the full size of the screen.
1768
.IP "~/.gnupg/secring.gpg" 10
1770
.IP "~/.gnupg/secring.gpg.lock" 10
1772
.IP "~/.gnupg/pubring.gpg" 10
1774
.IP "~/.gnupg/pubring.gpg.lock" 10
1776
.IP "~/.gnupg/trustdb.gpg" 10
1778
.IP "~/.gnupg/trustdb.gpg.lock" 10
1780
.IP "~/.gnupg/random_seed" 10
1781
used to preserve the internal random pool
1782
.IP "~/.gnupg/gpg.conf" 10
1783
Default configuration file
1784
.IP "~/.gnupg/options" 10
1785
Old style configuration file; only used when gpg.conf
1787
.IP "/usr[/local]/share/gnupg/options.skel" 10
1788
Skeleton options file
1789
.IP "/usr[/local]/lib/gnupg/" 10
1790
Default location for extensions
1793
Use a *good* password for your user account and a *good* passphrase
1794
to protect your secret key. This passphrase is the weakest part of the
1795
whole system. Programs to do dictionary attacks on your secret keyring
1796
are very easy to write and so you should protect your "~/.gnupg/"
1797
directory very well.
1799
Keep in mind that, if this program is used over a network (telnet), it
1800
is *very* easy to spy out your passphrase!
1802
If you are going to verify detached signatures, make sure that the
1803
program knows about it; either give both filenames on the command line
1804
or use \fB-\fP to specify stdin.
1805
.SH "INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS"
1807
GnuPG tries to be a very flexible implementation of the OpenPGP
1808
standard. In particular, GnuPG implements many of the optional parts
1809
of the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
1810
compression algorithms. It is important to be aware that not all
1811
OpenPGP programs implement these optional algorithms and that by
1812
forcing their use via the \-\-cipher-algo, \-\-digest-algo,
1813
\-\-cert-digest-algo, or \-\-compress-algo options in GnuPG, it is
1814
possible to create a perfectly valid OpenPGP message, but one that
1815
cannot be read by the intended recipient.
1817
There are dozens of variations of OpenPGP programs available, and each
1818
supports a slightly different subset of these optional algorithms.
1819
For example, until recently, no (unhacked) version of PGP supported
1820
the BLOWFISH cipher algorithm. A message using BLOWFISH simply could
1821
not be read by a PGP user. By default, GnuPG uses the standard
1822
OpenPGP preferences system that will always do the right thing and
1823
create messages that are usable by all recipients, regardless of which
1824
OpenPGP program they use. Only override this safe default if you
1825
really know what you are doing.
1827
If you absolutely must override the safe default, or if the
1828
preferences on a given key are invalid for some reason, you are far
1829
better off using the \-\-pgp6, \-\-pgp7, or \-\-pgp8 options. These options
1830
are safe as they do not force any particular algorithms in violation
1831
of OpenPGP, but rather reduce the available algorithms to a "PGP-safe"
1835
On many systems this program should be installed as setuid(root). This
1836
is necessary to lock memory pages. Locking memory pages prevents the
1837
operating system from writing memory pages (which may contain
1838
passphrases or other sensitive material) to disk. If you get no
1839
warning message about insecure memory your operating system supports
1840
locking without being root. The program drops root privileges as soon
1841
as locked memory is allocated.
1842
.\" created by instant / docbook-to-man, Sun 25 Jun 2006, 13:22