1
This is gpg.info, produced by makeinfo version 4.8 from gpg.texi.
5
* gpg: (gpg). GnuPG encryption and signing tool.
9
File: gpg.info, Node: Top, Up: (dir)
17
gpg -- encryption and signing tool
32
`gpg' is the main program for the GnuPG system.
34
This man page only lists the commands and options available. For more
35
verbose documentation get the GNU Privacy Handbook (GPH) or one of the
36
other documents at http://www.gnupg.org/documentation/ .
38
Please remember that option parsing stops as soon as a non option is
39
encountered, you can explicitly stop option parsing by using the
45
`gpg' may be run with no commands, in which case it will perform a
46
reasonable action depending on the type of file it is given as input
47
(an encrypted message is decrypted, a signature is verified, a file
48
containing keys is listed).
50
`gpg' recognizes these commands:
53
Make a signature. This command may be combined with -encrypt (for a
54
signed and encrypted message), -symmetric (for a signed and
55
symmetrically encrypted message), or -encrypt and -symmetric
56
together (for a signed message that may be decrypted via a secret
60
Make a clear text signature. The content in a clear text signature
61
is readable without any special software. OpenPGP software is only
62
needed to verify the signature. Clear text signatures may modify
63
end-of-line whitespace for platform independence and are not
64
intended to be reversible.
67
Make a detached signature.
70
Encrypt data. This option may be combined with -sign (for a signed
71
and encrypted message), -symmetric (for a message that may be
72
decrypted via a secret key or a passphrase), or -sign and
73
-symmetric together (for a signed message that may be decrypted
74
via a secret key or a passphrase).
77
Encrypt with a symmetric cipher using a passphrase. The default
78
symmetric cipher used is CAST5, but may be chosen with the
79
-cipher-algo option. This option may be combined with -sign (for a
80
signed and symmetrically encrypted message), -encrypt (for a
81
message that may be decrypted via a secret key or a passphrase),
82
or -sign and -encrypt together (for a signed message that may be
83
decrypted via a secret key or a passphrase).
86
Store only (make a simple RFC1991 packet).
89
Decrypt `file' (or stdin if no file is specified) and write it to
90
stdout (or the file specified with -output). If the decrypted file
91
is signed, the signature is also verified. This command differs
92
from the default operation, as it never writes to the filename
93
which is included in the file and it rejects files which don't
94
begin with an encrypted message.
97
Assume that `sigfile' is a signature and verify it without
98
generating any output. With no arguments, the signature packet is
99
read from stdin. If only a sigfile is given, it may be a complete
100
signature or a detached signature, in which case the signed stuff
101
is expected in a file without the ".sig" or ".asc" extension.
102
With more than 1 argument, the first should be a detached signature
103
and the remaining files are the signed stuff. To read the signed
104
stuff from stdin, use `-' as the second filename. For security
105
reasons a detached signature cannot read the signed material from
106
stdin without denoting it in the above way.
109
This modifies certain other commands to accept multiple files for
110
processing on the command line or read from stdin with each
111
filename on a separate line. This allows for many files to be
112
processed at once. -multifile may currently be used along with
113
-verify, -encrypt, and -decrypt. Note that `-multifile -verify'
114
may not be used with detached signatures.
117
Identical to `-multifile -verify'.
120
Identical to `-multifile -encrypt'.
123
Identical to `-multifile -decrypt'.
127
List all keys from the public keyrings, or just the ones given on
130
Avoid using the output of this command in scripts or other
131
programs as it is likely to change as GnuPG changes. See
132
-with-colons for a machine-parseable key listing command that is
133
appropriate for use in scripts and other programs.
135
-K, -list-secret-keys
136
List all keys from the secret keyrings, or just the ones given on
137
the command line. A '#' after the letters 'sec' means that the
138
secret key is not usable (for example, if it was created via
139
-export-secret-subkeys).
142
Same as -list-keys, but the signatures are listed too.
144
For each signature listed, there are several flags in between the
145
"sig" tag and keyid. These flags give additional information about
146
each signature. From left to right, they are the numbers 1-3 for
147
certificate check level (see -ask-cert-level), "L" for a local or
148
non-exportable signature (see -lsign-key), "R" for a nonRevocable
149
signature (see the -edit-key command "nrsign"), "P" for a signature
150
that contains a policy URL (see -cert-policy-url), "N" for a
151
signature that contains a notation (see -cert-notation), "X" for an
152
eXpired signature (see -ask-cert-expire), and the numbers 1-9 or
153
"T" for 10 and above to indicate trust signature levels (see the
154
-edit-key command "tsign").
157
Same as -list-sigs, but the signatures are verified.
160
List all keys with their fingerprints. This is the same output as
161
-list-keys but with the additional output of a line with the
162
fingerprint. May also be combined with -list-sigs or -check-sigs.
163
If this command is given twice, the fingerprints of all secondary
167
List only the sequence of packets. This is mainly useful for
171
Generate a new key pair. This command is normally only used
174
There is an experimental feature which allows you to create keys
175
in batch mode. See the file `doc/DETAILS' in the source
176
distribution on how to use this.
179
Present a menu which enables you to do all key related tasks:
182
Make a signature on key of user `name' If the key is not yet
183
signed by the default user (or the users given with -u), the
184
program displays the information of the key again, together
185
with its fingerprint and asks whether it should be signed.
186
This question is repeated for all users specified with -u.
189
Same as "sign" but the signature is marked as non-exportable
190
and will therefore never be used by others. This may be used
191
to make keys valid only in the local environment.
194
Same as "sign" but the signature is marked as non-revocable
195
and can therefore never be revoked.
198
Make a trust signature. This is a signature that combines the
199
notions of certification (like a regular signature), and
200
trust (like the "trust" command). It is generally only useful
201
in distinct communities or groups.
203
Note that "l" (for local / non-exportable), "nr" (for
204
non-revocable, and "t" (for trust) may be freely mixed and
205
prefixed to "sign" to create a signature of any type desired.
208
Revoke a signature. For every signature which has been
209
generated by one of the secret keys, GnuPG asks whether a
210
revocation certificate should be generated.
213
Change the owner trust value. This updates the trust-db
214
immediately and no save is required.
218
Disable or enable an entire key. A disabled key can not
219
normally be used for encryption.
222
Create an alternate user id.
225
Create a photographic user id. This will prompt for a JPEG
226
file that will be embedded into the user ID. Note that a very
227
large JPEG will make for a very large key. Also note that
228
some programs will display your JPEG unchanged (GnuPG), and
229
some programs will scale it to fit in a dialog box (PGP).
241
Add a subkey to this key.
244
Generate a key on a card and add it to this key.
247
Transfer the selected secret key (or the primary key if no
248
key has been selected) to a smartcard. The secret key in the
249
keyring will be replaced by a stub if the key could be stored
250
successfully on the card and you use the save command later.
251
Only certain key types may be transferred to the card. A sub
252
menu allows you to select on what card to store the key. Note
253
that it is not possible to get that key back from the card -
254
if the card gets broken your secret key will be lost unless
255
you have a backup somewhere.
258
Restore the given file to a card. This command may be used to
259
restore a backup key (as generated during card
260
initialization) to a new card. In almost all cases this will
261
be the encryption key. You should use this command only with
262
the corresponding public key and make sure that the file
263
given as argument is indeed the backup to restore. You should
264
then select 2 to restore as encryption key. You will first
265
be asked to enter the passphrase of the backup key and then
266
for the Admin PIN of the card.
272
Add a designated revoker. This takes one optional argument:
273
"sensitive". If a designated revoker is marked as sensitive,
274
it will not be exported by default (see export-options).
280
Change the key expiration time. If a subkey is selected, the
281
expiration time of this subkey will be changed. With no
282
selection, the key expiration of the primary key is changed.
285
Change the passphrase of the secret key.
288
Flag the current user id as the primary one, removes the
289
primary user id flag from all other user ids and sets the
290
timestamp of all affected self-signatures one second ahead.
291
Note that setting a photo user ID as primary makes it primary
292
over other photo user IDs, and setting a regular user ID as
293
primary makes it primary over other regular user IDs.
296
Toggle selection of user id with index `n'. Use 0 to
300
Toggle selection of subkey with index `n'. Use 0 to deselect
304
Check all selected user ids.
307
Display the selected photographic user id.
310
List preferences from the selected user ID. This shows the
311
actual preferences, without including any implied preferences.
314
More verbose preferences listing for the selected user ID.
315
This shows the preferences in effect by including the implied
316
preferences of 3DES (cipher), SHA-1 (digest), and
317
Uncompressed (compression) if they are not already included
318
in the preference list. In addition, the preferred keyserver
319
and signature notations (if any) are shown.
322
Set the list of user ID preferences to `string' for all (or
323
just the selected) user IDs. Calling setpref with no
324
arguments sets the preference list to the default (either
325
built-in or set via -default-preference-list), and calling
326
setpref with "none" as the argument sets an empty preference
327
list. Use "gpg -version" to get a list of available
328
algorithms. Note that while you can change the preferences on
329
an attribute user ID (aka "photo ID"), GnuPG does not select
330
keys via attribute user IDs so these preferences will not be
334
Set a preferred keyserver for the specified user ID(s). This
335
allows other users to know where you prefer they get your key
336
from. See -keyserver-options honor-keyserver-url for more on
337
how this works. Setting a value of "none" removes an
338
existing preferred keyserver.
341
Set a name=value notation for the specified user ID(s). See
342
-cert-notation for more on how this works. Setting a value of
343
"none" removes all notations, setting a notation prefixed
344
with a minus sign (-) removes that notation, and setting a
345
notation name (without the =value) prefixed with a minus sign
346
removes all notations with that name.
349
Toggle between public and secret key listing.
352
Compact (by removing all signatures except the selfsig) any
353
user ID that is no longer usable (e.g. revoked, or expired).
354
Then, remove any signatures that are not usable by the trust
355
calculations. Specifically, this removes any signature that
356
does not validate, any signature that is superseded by a
357
later signature, revoked signatures, and signatures issued by
358
keys that are not present on the keyring.
361
Make the key as small as possible. This removes all
362
signatures from each user ID except for the most recent
366
Add cross-certification signatures to signing subkeys that
367
may not currently have them. Cross-certification signatures
368
protect against a subtle attack against signing subkeys. See
369
-require-cross-certification.
372
Save all changes to the key rings and quit.
375
Quit the program without updating the key rings.
377
The listing shows you the key with its secondary keys and all user
378
ids. Selected keys or user ids are indicated by an asterisk. The
379
trust value is displayed with the primary key: the first is the
380
assigned owner trust and the second is the calculated trust value.
381
Letters are used for the values:
384
No ownertrust assigned / not yet calculated.
387
Trust calculation has failed; probably due to an expired key.
390
Not enough information for calculation.
393
Never trust this key.
405
Present a menu to work with a smartcard. The subcommand "help"
406
provides an overview on available commands. For a detailed
407
description, please see the Card HOWTO at
408
http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO .
411
Show the content of the smart card.
414
Present a menu to allow changing the PIN of a smartcard. This
415
functionality is also available as the subcommand "passwd" with the
419
Signs a public key with your secret key. This is a shortcut
420
version of the subcommand "sign" from -edit.
423
Signs a public key with your secret key but marks it as
424
non-exportable. This is a shortcut version of the subcommand
428
Remove key from the public keyring. In batch mode either -yes is
429
required or the key must be specified by fingerprint. This is a
430
safeguard against accidental deletion of multiple keys.
432
-delete-secret-key `name'
433
Remove key from the secret and public keyring. In batch mode the
434
key must be specified by fingerprint.
436
-delete-secret-and-public-key `name'
437
Same as -delete-key, but if a secret key exists, it will be removed
438
first. In batch mode the key must be specified by fingerprint.
441
Generate a revocation certificate for the complete key. To revoke
442
a subkey or a signature, use the -edit command.
445
Generate a designated revocation certificate for a key. This
446
allows a user (with the permission of the keyholder) to revoke
450
Either export all keys from all keyrings (default keyrings and
451
those registered via option -keyring), or if at least one name is
452
given, those of the given name. The new keyring is written to
453
stdout or to the file given with option "output". Use together
454
with -armor to mail those keys.
457
Same as -export but sends the keys to a keyserver. Option
458
-keyserver must be used to give the name of this keyserver. Don't
459
send your complete keyring to a keyserver - select only those keys
460
which are new or changed by you.
463
-export-secret-subkeys
464
Same as -export, but exports the secret keys instead. This is
465
normally not very useful and a security risk. The second form of
466
the command has the special property to render the secret part of
467
the primary key useless; this is a GNU extension to OpenPGP and
468
other implementations can not be expected to successfully import
469
such a key. See the option -simple-sk-checksum if you want to
470
import such an exported key with an older OpenPGP implementation.
474
Import/merge keys. This adds the given keys to the keyring. The
475
fast version is currently just a synonym.
477
There are a few other options which control how this command works.
478
Most notable here is the -keyserver-options merge-only option which
479
does not insert new keys but does only the merging of new
480
signatures, user-IDs and subkeys.
483
Import the keys with the given key IDs from a keyserver. Option
484
-keyserver must be used to give the name of this keyserver.
487
Request updates from a keyserver for keys that already exist on the
488
local keyring. This is useful for updating a key with the latest
489
signatures, user IDs, etc. Calling this with no arguments will
490
refresh the entire keyring. Option -keyserver must be used to give
491
the name of the keyserver for all keys that do not have preferred
492
keyservers set (see -keyserver-options honor-keyserver-url).
495
Search the keyserver for the given names. Multiple names given here
496
will be joined together to create the search string for the
497
keyserver. Option -keyserver must be used to give the name of
498
this keyserver. Keyservers that support different search methods
499
allow using the syntax specified in "How to specify a user ID"
500
below. Note that different keyserver types support different
501
search methods. Currently only LDAP supports them all.
504
Retrieve keys located at the specified URIs. Note that different
505
installations of GnuPG may support different protocols (HTTP, FTP,
509
Do trust database maintenance. This command iterates over all keys
510
and builds the Web of Trust. This is an interactive command
511
because it may have to ask for the "ownertrust" values for keys.
512
The user has to give an estimation of how far she trusts the owner
513
of the displayed key to correctly certify (sign) other keys. GnuPG
514
only asks for the ownertrust value if it has not yet been assigned
515
to a key. Using the -edit-key menu, the assigned value can be
519
Do trust database maintenance without user interaction. From time
520
to time the trust database must be updated so that expired keys or
521
signatures and the resulting changes in the Web of Trust can be
522
tracked. Normally, GnuPG will calculate when this is required and
523
do it automatically unless -no-auto-check-trustdb is set. This
524
command can be used to force a trust database check at any time.
525
The processing is identical to that of -update-trustdb but it
526
skips keys with a not yet defined "ownertrust".
528
For use with cron jobs, this command can be used together with
529
-batch in which case the trust database check is done only if a
530
check is needed. To force a run even in batch mode add the option
534
Send the ownertrust values to stdout. This is useful for backup
535
purposes as these values are the only ones which can't be
536
re-created from a corrupted trust DB.
539
Update the trustdb with the ownertrust values stored in `files'
540
(or stdin if not given); existing values will be overwritten.
542
-rebuild-keydb-caches
543
When updating from version 1.0.6 to 1.0.7 this command should be
544
used to create signature caches in the keyring. It might be handy
545
in other situations too.
549
Print message digest of algorithm ALGO for all given files or
550
stdin. With the second form (or a deprecated "*" as algo) digests
551
for all available algorithms are printed.
554
Emit COUNT random bytes of the given quality level. If count is
555
not given or zero, an endless sequence of random bytes will be
556
emitted. PLEASE, don't use this command unless you know what you
557
are doing; it may remove precious entropy from the system!
559
-gen-prime `mode' `bits'
560
Use the source, Luke :-). The output format is still subject to
564
Print version information along with a list of supported
568
Print warranty information.
571
Print usage information. This is a really long list even though it
572
doesn't list all options. For every option, consult this manual.
577
Long options can be put in an options file (default
578
"~/.gnupg/gpg.conf"). Short option names will not work - for example,
579
"armor" is a valid option for the options file, while "a" is not. Do
580
not write the 2 dashes, but simply the name of the option and any
581
required arguments. Lines with a hash ('#') as the first
582
non-white-space character are ignored. Commands may be put in this file
583
too, but that is not generally useful as the command will execute
584
automatically with every execution of gpg.
586
`gpg' recognizes these options:
589
Create ASCII armored output.
592
Write output to `file'.
595
This option sets a limit on the number of bytes that will be
596
generated when processing a file. Since OpenPGP supports various
597
levels of compression, it is possible that the plaintext of a
598
given message may be significantly larger than the original
599
OpenPGP message. While GnuPG works properly with such messages,
600
there is often a desire to set a maximum file size that will be
601
generated before processing is forced to stop by the OS limits.
602
Defaults to 0, which means "no limit".
604
-mangle-dos-filenames
605
-no-mangle-dos-filenames
606
Older version of Windows cannot handle filenames with more than one
607
dot. -mangle-dos-filenames causes GnuPG to replace (rather than add
608
to) the extension of an output filename to avoid this problem. This
609
option is off by default and has no effect on non-Windows
612
-u, -local-user `name'
613
Use `name' as the key to sign with. Note that this option
614
overrides -default-key.
617
Use `name' as the default key to sign with. If this option is not
618
used, the default key is the first key found in the secret keyring.
619
Note that -u or -local-user overrides this option.
621
-r, -recipient `name'
622
Encrypt for user id `name'. If this option or -hidden-recipient is
623
not specified, GnuPG asks for the user-id unless
624
-default-recipient is given.
626
-R, -hidden-recipient `name'
627
Encrypt for user ID `name', but hide the key ID of this user's
628
key. This option helps to hide the receiver of the message and is a
629
limited countermeasure against traffic analysis. If this option or
630
-recipient is not specified, GnuPG asks for the user ID unless
631
-default-recipient is given.
633
-default-recipient `name'
634
Use `name' as default recipient if option -recipient is not used
635
and don't ask if this is a valid one. `name' must be non-empty.
637
-default-recipient-self
638
Use the default key as default recipient if option -recipient is
639
not used and don't ask if this is a valid one. The default key is
640
the first one from the secret keyring or the one set with
643
-no-default-recipient
644
Reset -default-recipient and -default-recipient-self.
647
Same as -recipient but this one is intended for use in the options
648
file and may be used with your own user-id as an
649
"encrypt-to-self". These keys are only used when there are other
650
recipients given either by use of -recipient or by the asked user
651
id. No trust checking is performed for these user ids and even
652
disabled keys can be used.
654
-hidden-encrypt-to `name'
655
Same as -hidden-recipient but this one is intended for use in the
656
options file and may be used with your own user-id as a hidden
657
"encrypt-to-self". These keys are only used when there are other
658
recipients given either by use of -recipient or by the asked user
659
id. No trust checking is performed for these user ids and even
660
disabled keys can be used.
663
Disable the use of all -encrypt-to and -hidden-encrypt-to keys.
666
Give more information during processing. If used twice, the input
667
data is listed in detail.
670
Try to be as quiet as possible.
674
-bzip2-compress-level `n'
675
Set compression level to `n' for the ZIP and ZLIB compression
676
algorithms. The default is to use the default compression level of
677
zlib (normally 6). -bzip2-compress-level sets the compression level
678
for the BZIP2 compression algorithm (defaulting to 6 as well). This
679
is a different option from -compress-level since BZIP2 uses a
680
significant amount of memory for each additional compression level.
681
-z sets both. A value of 0 for `n' disables compression.
683
-bzip2-decompress-lowmem
684
Use a different decompression method for BZIP2 compressed files.
685
This alternate method uses a bit more than half the memory, but
686
also runs at half the speed. This is useful under extreme low
687
memory circumstances when the file was originally compressed at a
688
high -bzip2-compress-level.
692
Treat input files as text and store them in the OpenPGP canonical
693
text form with standard "CRLF" line endings. This also sets the
694
necessary flags to inform the recipient that the encrypted or
695
signed data is text and may need its line endings converted back
696
to whatever the local system uses. This option is useful when
697
communicating between two platforms that have different line
698
ending conventions (UNIX-like to Mac, Mac to Windows, etc).
699
-no-textmode disables this option, and is the default.
701
If -t (but not -textmode) is used together with armoring and
702
signing, this enables clearsigned messages. This kludge is needed
703
for command-line compatibility with command-line versions of PGP;
704
normally you would use -sign or -clearsign to select the type of
708
Don't make any changes (this is not completely implemented).
711
Prompt before overwriting any files.
715
Use batch mode. Never ask, do not allow interactive commands.
716
-no-batch disables this option.
719
Make sure that the TTY (terminal) is never used for any output.
720
This option is needed in some cases because GnuPG sometimes prints
721
warnings to the TTY if -batch is used.
724
Assume "yes" on most questions.
727
Assume "no" on most questions.
731
When making a key signature, prompt for a certification level. If
732
this option is not specified, the certification level used is set
733
via -default-cert-level. See -default-cert-level for information
734
on the specific levels and how they are used. -no-ask-cert-level
735
disables this option. This option defaults to no.
737
-default-cert-level `n'
738
The default to use for the check level when signing a key.
740
0 means you make no particular claim as to how carefully you
743
1 means you believe the key is owned by the person who claims to
744
own it but you could not, or did not verify the key at all. This is
745
useful for a "persona" verification, where you sign the key of a
748
2 means you did casual verification of the key. For example, this
749
could mean that you verified that the key fingerprint and checked
750
the user ID on the key against a photo ID.
752
3 means you did extensive verification of the key. For example,
753
this could mean that you verified the key fingerprint with the
754
owner of the key in person, and that you checked, by means of a
755
hard to forge document with a photo ID (such as a passport) that
756
the name of the key owner matches the name in the user ID on the
757
key, and finally that you verified (by exchange of email) that the
758
email address on the key belongs to the key owner.
760
Note that the examples given above for levels 2 and 3 are just
761
that: examples. In the end, it is up to you to decide just what
762
"casual" and "extensive" mean to you.
764
This option defaults to 0 (no particular claim).
767
When building the trust database, treat any signatures with a
768
certification level below this as invalid. Defaults to 2, which
769
disregards level 1 signatures. Note that level 0 "no particular
770
claim" signatures are always accepted.
772
-trusted-key `long key ID'
773
Assume that the specified key (which must be given as a full 8
774
byte key ID) is as trustworthy as one of your own secret keys.
775
This option is useful if you don't want to keep your secret keys
776
(or one of them) online but still want to be able to check the
777
validity of a given recipient's or signator's key.
779
-trust-model `pgp|classic|direct|always|auto'
780
Set what trust model GnuPG should follow. The models are:
783
This is the Web of Trust combined with trust signatures as
784
used in PGP 5.x and later. This is the default trust model
785
when creating a new trust database.
788
This is the standard Web of Trust as used in PGP 2.x and
792
Key validity is set directly by the user and not calculated
793
via the Web of Trust.
796
Skip key validation and assume that used keys are always fully
797
trusted. You generally won't use this unless you are using
798
some external validation scheme. This option also suppresses
799
the "[uncertain]" tag printed with signature checks when
800
there is no evidence that the user ID is bound to the key.
803
Select the trust model depending on whatever the internal
804
trust database says. This is the default model if such a
805
database already exists.
808
Identical to `-trust-model always'. This option is deprecated.
810
-auto-key-locate `parameters'
812
GnuPG can automatically locate and retrieve keys as needed using
813
this option. This happens when encrypting to an email address (in
814
the "user@example.com" form), and there are no user@example.com
815
keys on the local keyring. This option takes any number of the
816
following arguments, in the order they are to be tried:
819
locate a key using DNS CERT, as specified in 2538bis
820
(currently in draft): http://www.josefsson.org/rfc2538bis/
823
locate a key using DNS PKA.
826
locate a key using the PGP Universal method of checking
827
"ldap://keys.(thedomain)".
830
locate a key using whatever keyserver is defined using the
834
In addition, a keyserver URL as used in the -keyserver option
835
may be used here to query that particular keyserver.
837
-keyid-format `short|0xshort|long|0xlong'
838
Select how to display key IDs. "short" is the traditional
839
8-character key ID. "long" is the more accurate (but less
840
convenient) 16-character key ID. Add an "0x" to either to include
841
an "0x" at the beginning of the key ID, as in 0x99242560.
844
Use `name' as your keyserver. This is the server that -recv-keys,
845
-send-keys, and -search-keys will communicate with to receive keys
846
from, send keys to, and search for keys on. The format of the
847
`name' is a URI: `scheme:[//]keyservername[:port]' The scheme is
848
the type of keyserver: "hkp" for the HTTP (or compatible)
849
keyservers, "ldap" for the LDAP keyservers, or "mailto" for the
850
Graff email keyserver. Note that your particular installation of
851
GnuPG may have other keyserver types available as well. Keyserver
852
schemes are case-insensitive. After the keyserver name, optional
853
keyserver configuration options may be provided. These are the
854
same as the global -keyserver-options from below, but apply only
855
to this particular keyserver.
857
Most keyservers synchronize with each other, so there is generally
858
no need to send keys to more than one server. The keyserver
859
"hkp://subkeys.pgp.net" uses round robin DNS to give a different
860
keyserver each time you use it.
862
-keyserver-options `name=value1 '
863
This is a space or comma delimited string that gives options for
864
the keyserver. Options can be prepended with a `no-' to give the
865
opposite meaning. Valid import-options or export-options may be
866
used here as well to apply to importing (-recv-key) or exporting
867
(-send-key) a key from a keyserver. While not all options are
868
available for all keyserver types, some common options are:
871
When searching for a key with -search-keys, include keys that
872
are marked on the keyserver as revoked. Note that not all
873
keyservers differentiate between revoked and unrevoked keys,
874
and for such keyservers this option is meaningless. Note also
875
that most keyservers do not have cryptographic verification
876
of key revocations, and so turning this option off may result
877
in skipping keys that are incorrectly marked as revoked.
880
When searching for a key with -search-keys, include keys that
881
are marked on the keyserver as disabled. Note that this
882
option is not used with HKP keyservers.
885
This option enables the automatic retrieving of keys from a
886
keyserver when verifying signatures made by keys that are not
887
on the local keyring.
889
Note that this option makes a "web bug" like behavior
890
possible. Keyserver operators can see which keys you
891
request, so by sending you a message signed by a brand new
892
key (which you naturally will not have on your local
893
keyring), the operator can tell both your IP address and the
894
time when you verified the signature.
897
When using -refresh-keys, if the key in question has a
898
preferred keyserver URL, then use that preferred keyserver to
899
refresh the key from. In addition, if auto-key-retrieve is
900
set, and the signature being verified has a preferred
901
keyserver URL, then use that preferred keyserver to fetch the
902
key from. Defaults to yes.
905
If auto-key-retrieve is set, and the signature being verified
906
has a PKA record, then use the PKA information to fetch the
907
key. Defaults to yes.
910
When receiving a key, include subkeys as potential targets.
911
Note that this option is not used with HKP keyservers, as
912
they do not support retrieving keys by subkey id.
915
On most Unix-like platforms, GnuPG communicates with the
916
keyserver helper program via pipes, which is the most
917
efficient method. This option forces GnuPG to use temporary
918
files to communicate. On some platforms (such as Win32 and
919
RISC OS), this option is always enabled.
922
If using `use-temp-files', do not delete the temp files after
923
using them. This option is useful to learn the keyserver
924
communication protocol by reading the temporary files.
927
Tell the keyserver helper program to be more verbose. This
928
option can be repeated multiple times to increase the
932
Tell the keyserver helper program how long (in seconds) to
933
try and perform a keyserver action before giving up. Note
934
that performing multiple actions at the same time uses this
935
timeout value per action. For example, when retrieving
936
multiple keys via -recv-keys, the timeout applies separately
937
to each key retrieval, and not to the -recv-keys command as a
938
whole. Defaults to 30 seconds.
941
For HTTP-like keyserver schemes that (such as HKP and HTTP
942
itself), try to access the keyserver over a proxy. If a
943
`value' is specified, use this as the HTTP proxy. If no
944
`value' is specified, the value of the environment variable
945
"http_proxy", if any, will be used.
948
When retrieving a key via DNS CERT, only accept keys up to
949
this size. Defaults to 16384 bytes.
951
-import-options `parameters'
952
This is a space or comma delimited string that gives options for
953
importing keys. Options can be prepended with a `no-' to give the
954
opposite meaning. The options are:
957
Allow importing key signatures marked as "local". This is not
958
generally useful unless a shared keyring scheme is being used.
961
repair-pks-subkey-bug
962
During import, attempt to repair the damage caused by the PKS
963
keyserver bug (pre version 0.9.6) that mangles keys with
964
multiple subkeys. Note that this cannot completely repair the
965
damaged key as some crucial data is removed by the keyserver,
966
but it does at least give you back one subkey. Defaults to no
967
for regular -import and to yes for keyserver -recv-keys.
970
During import, allow key updates to existing keys, but do not
971
allow any new keys to be imported. Defaults to no.
974
After import, compact (remove all signatures except the
975
self-signature) any user IDs from the new key that are not
976
usable. Then, remove any signatures from the new key that
977
are not usable. This includes signatures that were issued by
978
keys that are not present on the keyring. This option is the
979
same as running the -edit-key command "clean" after import.
983
Import the smallest key possible. This removes all signatures
984
except the most recent self-signature on each user ID. This
985
option is the same as running the -edit-key command
986
"minimize" after import. Defaults to no.
988
-export-options `parameters'
989
This is a space or comma delimited string that gives options for
990
exporting keys. Options can be prepended with a `no-' to give the
991
opposite meaning. The options are:
994
Allow exporting key signatures marked as "local". This is not
995
generally useful unless a shared keyring scheme is being used.
999
Include attribute user IDs (photo IDs) while exporting. This
1000
is useful to export keys if they are going to be used by an
1001
OpenPGP program that does not accept attribute user IDs.
1004
export-sensitive-revkeys
1005
Include designated revoker information that was marked as
1006
"sensitive". Defaults to no.
1008
export-reset-subkey-passwd
1009
When using the "-export-secret-subkeys" command, this option
1010
resets the passphrases for all exported subkeys to empty.
1011
This is useful when the exported subkey is to be used on an
1012
unattended machine where a passphrase doesn't necessarily
1013
make sense. Defaults to no.
1016
Compact (remove all signatures from) user IDs on the key being
1017
exported if the user IDs are not usable. Also, do not export
1018
any signatures that are not usable. This includes signatures
1019
that were issued by keys that are not present on the keyring.
1020
This option is the same as running the -edit-key command
1021
"clean" before export except that the local copy of the key
1022
is not modified. Defaults to no.
1025
Export the smallest key possible. This removes all signatures
1026
except the most recent self-signature on each user ID. This
1027
option is the same as running the -edit-key command
1028
"minimize" before export except that the local copy of the
1029
key is not modified. Defaults to no.
1031
-list-options `parameters'
1032
This is a space or comma delimited string that gives options used
1033
when listing keys and signatures (that is, -list-keys, -list-sigs,
1034
-list-public-keys, -list-secret-keys, and the -edit-key functions).
1035
Options can be prepended with a `no-' to give the opposite meaning.
1039
Causes -list-keys, -list-sigs, -list-public-keys, and
1040
-list-secret-keys to display any photo IDs attached to the
1041
key. Defaults to no. See also -photo-viewer.
1044
Show policy URLs in the -list-sigs or -check-sigs listings.
1050
Show all, IETF standard, or user-defined signature notations
1051
in the -list-sigs or -check-sigs listings. Defaults to no.
1054
Show any preferred keyserver URL in the -list-sigs or
1055
-check-sigs listings. Defaults to no.
1058
Display the calculated validity of user IDs during key
1059
listings. Defaults to no.
1062
Show revoked and expired user IDs in key listings. Defaults
1065
show-unusable-subkeys
1066
Show revoked and expired subkeys in key listings. Defaults to
1070
Display the keyring name at the head of key listings to show
1071
which keyring a given key resides on. Defaults to no.
1074
Show signature expiration dates (if any) during -list-sigs or
1075
-check-sigs listings. Defaults to no.
1078
Include signature subpackets in the key listing. This option
1079
can take an optional argument list of the subpackets to list.
1080
If no argument is passed, list all subpackets. Defaults to
1081
no. This option is only meaningful when using -with-colons
1082
along with -list-sigs or -check-sigs.
1084
-verify-options `parameters'
1085
This is a space or comma delimited string that gives options used
1086
when verifying signatures. Options can be prepended with a `no-'
1087
to give the opposite meaning. The options are:
1090
Display any photo IDs present on the key that issued the
1091
signature. Defaults to no. See also -photo-viewer.
1094
Show policy URLs in the signature being verified. Defaults to
1100
Show all, IETF standard, or user-defined signature notations
1101
in the signature being verified. Defaults to IETF standard.
1104
Show any preferred keyserver URL in the signature being
1105
verified. Defaults to no.
1108
Display the calculated validity of the user IDs on the key
1109
that issued the signature. Defaults to no.
1112
Show revoked and expired user IDs during signature
1113
verification. Defaults to no.
1116
Enable PKA lookups to verify sender addresses. Note that PKA
1117
is based on DNS, and so enabling this option may disclose
1118
information on when and what signatures are verified or to
1119
whom data is encrypted. This is similar to the "web bug"
1120
described for the auto-key-retrieve feature.
1123
Raise the trust in a signature to full if the signature
1124
passes PKA validation. This option is only meaningful if
1129
Enables new-style DSA keys which (unlike the old style) may be
1130
larger than 1024 bit and use hashes other than SHA-1 and
1131
RIPEMD/160. Note that very few programs currently support these
1132
keys and signatures from them.
1136
Causes -list-keys, -list-sigs, -list-public-keys,
1137
-list-secret-keys, and verifying a signature to also display the
1138
photo ID attached to the key, if any. See also -photo-viewer. These
1139
options are deprecated. Use `-list-options [no-]show-photos' and/or
1140
`-verify-options [no-]show-photos' instead.
1142
-photo-viewer `string'
1143
This is the command line that should be run to view a photo ID.
1144
"%i" will be expanded to a filename containing the photo. "%I"
1145
does the same, except the file will not be deleted once the viewer
1146
exits. Other flags are "%k" for the key ID, "%K" for the long key
1147
ID, "%f" for the key fingerprint, "%t" for the extension of the
1148
image type (e.g. "jpg"), "%T" for the MIME type of the image (e.g.
1149
"image/jpeg"), and "%%" for an actual percent sign. If neither %i
1150
or %I are present, then the photo will be supplied to the viewer
1153
The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
1154
stdin". Note that if your image viewer program is not secure, then
1155
executing it from GnuPG does not make it secure.
1158
Sets a list of directories to search for photo viewers and
1159
keyserver helpers. If not provided, keyserver helpers use the
1160
compiled-in default directory, and photo viewers use the $PATH
1161
environment variable. Note, that on W32 system this value is
1162
ignored when searching for keyserver helpers.
1165
Display the keyring name at the head of key listings to show which
1166
keyring a given key resides on. This option is deprecated: use
1167
`-list-options [no-]show-keyring' instead.
1170
Add `file' to the current list of keyrings. If `file' begins with
1171
a tilde and a slash, these are replaced by the $HOME directory. If
1172
the filename does not contain a slash, it is assumed to be in the
1173
GnuPG home directory ("~/.gnupg" if -homedir or $GNUPGHOME is not
1176
Note that this adds a keyring to the current list. If the intent is
1177
to use the specified keyring alone, use -keyring along with
1178
-no-default-keyring.
1180
-secret-keyring `file'
1181
Same as -keyring but for the secret keyrings.
1183
-primary-keyring `file'
1184
Designate `file' as the primary public keyring. This means that
1185
newly imported keys (via -import or keyserver -recv-from) will go
1188
-trustdb-name `file'
1189
Use `file' instead of the default trustdb. If `file' begins with a
1190
tilde and a slash, these are replaced by the $HOME directory. If
1191
the filename does not contain a slash, it is assumed to be in the
1192
GnuPG home directory ("~/.gnupg" if -homedir or $GNUPGHOME is not
1195
-homedir `directory'
1196
Set the name of the home directory to `directory' If this option
1197
is not used it defaults to "~/.gnupg". It does not make sense to
1198
use this in a options file. This also overrides the environment
1199
variable $GNUPGHOME.
1202
Use `file' to access the smartcard reader. The current default is
1203
`libpcsclite.so.1' for GLIBC based systems,
1204
`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
1205
`winscard.dll' for Windows and `libpcsclite.so' for other systems.
1207
-ctapi-driver `file'
1208
Use `file' to access the smartcard reader. The current default is
1209
`libtowitoko.so'. Note that the use of this interface is
1210
deprecated; it may be removed in future releases.
1213
Disable the integrated support for CCID compliant readers. This
1214
allows to fall back to one of the other drivers even if the
1215
internal CCID driver can handle the reader. Note, that CCID
1216
support is only available if libusb was available at build time.
1218
-reader-port `number_or_string'
1219
This option may be used to specify the port of the card terminal. A
1220
value of 0 refers to the first serial device; add 32768 to access
1221
USB devices. The default is 32768 (first USB device). PC/SC or CCID
1222
readers might need a string here; run the program in verbose mode
1223
to get a list of available readers. The default is then the first
1226
-display-charset `name'
1227
Set the name of the native character set. This is used to convert
1228
some informational strings like user IDs to the proper UTF-8
1229
encoding. Note that this has nothing to do with the character set
1230
of data to be encrypted or signed; GnuPG does not recode user
1231
supplied data. If this option is not used, the default character
1232
set is determined from the current locale. A verbosity level of 3
1233
shows the chosen set. Valid values for `name' are:
1236
This is the Latin 1 set.
1242
This is currently an alias for the Latin 1 set.
1245
The usual Russian set (rfc1489).
1248
Bypass all translations and assume that the OS uses native
1253
Assume that command line arguments are given as UTF8 strings. The
1254
default (-no-utf8-strings) is to assume that arguments are encoded
1255
in the character set as specified by -display-charset. These
1256
options affect all following arguments. Both options may be used
1260
Read options from `file' and do not try to read them from the
1261
default options file in the homedir (see -homedir). This option is
1262
ignored if used in an options file.
1265
Shortcut for "-options /dev/null". This option is detected before
1266
an attempt to open an option file. Using this option will also
1267
prevent the creation of a "~./gnupg" homedir.
1269
-load-extension `name'
1270
Load an extension module. If `name' does not contain a slash it is
1271
searched for in the directory configured when GnuPG was built
1272
(generally "/usr/local/lib/gnupg"). Extensions are not generally
1273
useful anymore, and the use of this option is deprecated.
1276
Set debugging flags. All flags are or-ed and `flags' may be given
1277
in C syntax (e.g. 0x0042).
1280
Set all useful debugging flags.
1283
Enable debug output from the included CCID driver for smartcards.
1284
Note that this option is only available on some system.
1286
-enable-progress-filter
1287
Enable certain PROGRESS status outputs. This option allows
1288
frontends to display a progress indicator while gpg is processing
1289
larger files. There is a slight performance overhead using it.
1292
Write special status strings to the file descriptor `n'. See the
1293
file DETAILS in the documentation for a listing of them.
1296
Same as -status-fd, except the status data is written to file
1300
Write log output to file descriptor `n' and not to stderr.
1303
Same as -logger-fd, except the logger data is written to file
1307
Write attribute subpackets to the file descriptor `n'. This is
1308
most useful for use with -status-fd, since the status messages are
1309
needed to separate out the various subpackets from the stream
1310
delivered to the file descriptor.
1312
-attribute-file `file'
1313
Same as -attribute-fd, except the attribute data is written to file
1318
Use `string' as a comment string in clear text signatures and
1319
ASCII armored messages or keys (see -armor). The default behavior
1320
is not to use a comment string. -comment may be repeated multiple
1321
times to get multiple comment strings. -no-comments removes all
1322
comments. It is a good idea to keep the length of a single
1323
comment below 60 characters to avoid problems with mail programs
1324
wrapping such lines. Note that comment lines, like all other
1325
header lines, are not protected by the signature.
1329
Force inclusion of the version string in ASCII armored output.
1330
-no-emit-version disables this option.
1332
-sig-notation `name=value'
1333
-cert-notation `name=value'
1334
-N, -set-notation `name=value'
1335
Put the name value pair into the signature as notation data.
1336
`name' must consist only of printable characters or spaces, and
1337
must contain a '@' character in the form keyname@domain.example.com
1338
(substituting the appropriate keyname and domain name, of course).
1339
This is to help prevent pollution of the IETF reserved notation
1340
namespace. The -expert flag overrides the '@' check. `value' may
1341
be any printable string; it will be encoded in UTF8, so you should
1342
check that your -display-charset is set correctly. If you prefix
1343
`name' with an exclamation mark (!), the notation data will be
1344
flagged as critical (rfc2440:5.2.3.15). -sig-notation sets a
1345
notation for data signatures. -cert-notation sets a notation for
1346
key signatures (certifications). -set-notation sets both.
1348
There are special codes that may be used in notation names. "%k"
1349
will be expanded into the key ID of the key being signed, "%K"
1350
into the long key ID of the key being signed, "%f" into the
1351
fingerprint of the key being signed, "%s" into the key ID of the
1352
key making the signature, "%S" into the long key ID of the key
1353
making the signature, "%g" into the fingerprint of the key making
1354
the signature (which might be a subkey), "%p" into the fingerprint
1355
of the primary key of the key making the signature, "%c" into the
1356
signature count from the OpenPGP smartcard, and "%%" results in a
1357
single "%". %k, %K, and %f are only meaningful when making a key
1358
signature (certification), and %c is only meaningful when using
1359
the OpenPGP smartcard.
1363
Show signature notations in the -list-sigs or -check-sigs listings
1364
as well as when verifying a signature with a notation in it. These
1365
options are deprecated. Use `-list-options [no-]show-notation'
1366
and/or `-verify-options [no-]show-notation' instead.
1368
-sig-policy-url `string'
1369
-cert-policy-url `string'
1370
-set-policy-url `string'
1371
Use `string' as a Policy URL for signatures (rfc2440:5.2.3.19).
1372
If you prefix it with an exclamation mark (!), the policy URL
1373
packet will be flagged as critical. -sig-policy-url sets a policy
1374
url for data signatures. -cert-policy-url sets a policy url for key
1375
signatures (certifications). -set-policy-url sets both.
1377
The same %-expandos used for notation data are available here as
1382
Show policy URLs in the -list-sigs or -check-sigs listings as well
1383
as when verifying a signature with a policy URL in it. These
1384
options are deprecated. Use `-list-options [no-]show-policy-url'
1385
and/or `-verify-options [no-]show-policy-url' instead.
1387
-sig-keyserver-url `string'
1388
Use `string' as a preferred keyserver URL for data signatures. If
1389
you prefix it with an exclamation mark, the keyserver URL packet
1390
will be flagged as critical.
1392
The same %-expandos used for notation data are available here as
1395
-set-filename `string'
1396
Use `string' as the filename which is stored inside messages.
1397
This overrides the default, which is to use the actual filename of
1398
the file being encrypted.
1401
-no-for-your-eyes-only
1402
Set the `for your eyes only' flag in the message. This causes GnuPG
1403
to refuse to save the file unless the -output option is given, and
1404
PGP to use the "secure viewer" with a Tempest-resistant font to
1405
display the message. This option overrides -set-filename.
1406
-no-for-your-eyes-only disables this option.
1408
-use-embedded-filename
1409
-no-use-embedded-filename
1410
Try to create a file with a name as embedded in the data. This can
1411
be a dangerous option as it allows to overwrite files. Defaults to
1414
-completes-needed `n'
1415
Number of completely trusted users to introduce a new key signer
1418
-marginals-needed `n'
1419
Number of marginally trusted users to introduce a new key signer
1423
Maximum depth of a certification chain (default is 5).
1426
Use `name' as cipher algorithm. Running the program with the
1427
command -version yields a list of supported algorithms. If this is
1428
not used the cipher algorithm is selected from the preferences
1429
stored with the key. In general, you do not want to use this
1430
option as it allows you to violate the OpenPGP standard.
1431
-personal-cipher-preferences is the safe way to accomplish the same
1435
Use `name' as the message digest algorithm. Running the program
1436
with the command -version yields a list of supported algorithms. In
1437
general, you do not want to use this option as it allows you to
1438
violate the OpenPGP standard. -personal-digest-preferences is the
1439
safe way to accomplish the same thing.
1441
-compress-algo `name'
1442
Use compression algorithm `name'. "zlib" is RFC-1950 ZLIB
1443
compression. "zip" is RFC-1951 ZIP compression which is used by
1444
PGP. "bzip2" is a more modern compression scheme that can
1445
compress some things better than zip or zlib, but at the cost of
1446
more memory used during compression and decompression.
1447
"uncompressed" or "none" disables compression. If this option is
1448
not used, the default behavior is to examine the recipient key
1449
preferences to see which algorithms the recipient supports. If all
1450
else fails, ZIP is used for maximum compatibility.
1452
ZLIB may give better compression results than ZIP, as the
1453
compression window size is not limited to 8k. BZIP2 may give even
1454
better compression results than that, but will use a significantly
1455
larger amount of memory while compressing and decompressing. This
1456
may be significant in low memory situations. Note, however, that
1457
PGP (all versions) only supports ZIP compression. Using any
1458
algorithm other than ZIP or "none" will make the message
1459
unreadable with PGP. In general, you do not want to use this
1460
option as it allows you to violate the OpenPGP standard.
1461
-personal-compress-preferences is the safe way to accomplish the
1464
-cert-digest-algo `name'
1465
Use `name' as the message digest algorithm used when signing a
1466
key. Running the program with the command -version yields a list of
1467
supported algorithms. Be aware that if you choose an algorithm that
1468
GnuPG supports but other OpenPGP implementations do not, then some
1469
users will not be able to use the key signatures you make, or quite
1470
possibly your entire key.
1472
-s2k-cipher-algo `name'
1473
Use `name' as the cipher algorithm used to protect secret keys.
1474
The default cipher is CAST5. This cipher is also used for
1475
conventional encryption if -personal-cipher-preferences and
1476
-cipher-algo is not given.
1478
-s2k-digest-algo `name'
1479
Use `name' as the digest algorithm used to mangle the passphrases.
1480
The default algorithm is SHA-1.
1483
Selects how passphrases are mangled. If `n' is 0 a plain
1484
passphrase (which is not recommended) will be used, a 1 adds a
1485
salt to the passphrase and a 3 (the default) iterates the whole
1486
process a couple of times. Unless -rfc1991 is used, this mode is
1487
also used for conventional encryption.
1490
Secret keys are integrity protected by using a SHA-1 checksum. This
1491
method is part of the upcoming enhanced OpenPGP specification but
1492
GnuPG already uses it as a countermeasure against certain attacks.
1493
Old applications don't understand this new format, so this option
1494
may be used to switch back to the old behaviour. Using this option
1495
bears a security risk. Note that using this option only takes
1496
effect when the secret key is encrypted - the simplest way to make
1497
this happen is to change the passphrase on the key (even changing
1498
it to the same value is acceptable).
1500
-disable-cipher-algo `name'
1501
Never allow the use of `name' as cipher algorithm. The given name
1502
will not be checked so that a later loaded algorithm will still
1505
-disable-pubkey-algo `name'
1506
Never allow the use of `name' as public key algorithm. The given
1507
name will not be checked so that a later loaded algorithm will
1511
Do not cache the verification status of key signatures. Caching
1512
gives a much better performance in key listings. However, if you
1513
suspect that your public keyring is not save against write
1514
modifications, you can use this option to disable the caching. It
1515
probably does not make sense to disable it because all kind of
1516
damage can be done if someone else has write access to your public
1519
-no-sig-create-check
1520
GnuPG normally verifies each signature right after creation to
1521
protect against bugs and hardware malfunctions which could leak
1522
out bits from the secret key. This extra verification needs some
1523
time (about 115% for DSA keys), and so this option can be used to
1524
disable it. However, due to the fact that the signature creation
1525
needs manual interaction, this performance penalty does not matter
1529
-no-auto-check-trustdb
1530
If GnuPG feels that its information about the Web of Trust has to
1531
be updated, it automatically runs the -check-trustdb command
1532
internally. This may be a time consuming process.
1533
-no-auto-check-trustdb disables this option.
1537
Do not put the recipient key IDs into encrypted messages. This
1538
helps to hide the receivers of the message and is a limited
1539
countermeasure against traffic analysis. On the receiving side, it
1540
may slow down the decryption process because all available secret
1541
keys must be tried. -no-throw-keyids disables this option. This
1542
option is essentially the same as using -hidden-recipient for all
1546
This option changes the behavior of cleartext signatures so that
1547
they can be used for patch files. You should not send such an
1548
armored file via email because all spaces and line endings are
1549
hashed too. You can not use this option for data which has 5
1550
dashes at the beginning of a line, patch files don't have this. A
1551
special armor header line tells GnuPG about this cleartext
1555
-no-escape-from-lines
1556
Because some mailers change lines starting with "From " to ">From
1557
" it is good to handle such lines in a special way when creating
1558
cleartext signatures to prevent the mail system from breaking the
1559
signature. Note that all other PGP versions do it this way too.
1560
Enabled by default. -no-escape-from-lines disables this option.
1563
Read the passphrase from file descriptor `n'. Only the first line
1564
will be read from file descriptor `n'. If you use 0 for `n', the
1565
passphrase will be read from stdin. This can only be used if only
1566
one passphrase is supplied.
1568
-passphrase-file `file'
1569
Read the passphrase from file `file'. Only the first line will be
1570
read from file `file'. This can only be used if only one
1571
passphrase is supplied. Obviously, a passphrase stored in a file is
1572
of questionable security if other users can read this file. Don't
1573
use this option if you can avoid it.
1575
-passphrase `string'
1576
Use `string' as the passphrase. This can only be used if only one
1577
passphrase is supplied. Obviously, this is of very questionable
1578
security on a multi-user system. Don't use this option if you can
1582
This is a replacement for the deprecated shared-memory IPC mode.
1583
If this option is enabled, user input on questions is not expected
1584
from the TTY but from the given file descriptor. It should be used
1585
together with -status-fd. See the file doc/DETAILS in the source
1586
distribution for details on how to use it.
1588
-command-file `file'
1589
Same as -command-fd, except the commands are read out of file
1594
Try to use the GnuPG-Agent. Please note that this agent is still
1595
under development. With this option, GnuPG first tries to connect
1596
to the agent before it asks for a passphrase. -no-use-agent
1597
disables this option.
1600
Override the value of the environment variable `GPG_AGENT_INFO'.
1601
This is only used when -use-agent has been given
1604
These options control what GnuPG is compliant to. Only one of these
1605
options may be active at a time. Note that the default setting of
1606
this is nearly always the correct one. See the INTEROPERABILITY
1607
WITH OTHER OPENPGP PROGRAMS section below before using one of these
1611
Use standard GnuPG behavior. This is essentially OpenPGP
1612
behavior (see -openpgp), but with some additional workarounds
1613
for common compatibility problems in different versions of
1614
PGP. This is the default option, so it is not generally
1615
needed, but it may be useful to override a different
1616
compliance option in the gpg.conf file.
1619
Reset all packet, cipher and digest options to strict OpenPGP
1620
behavior. Use this option to reset all previous options like
1621
-rfc1991, -force-v3-sigs, -s2k-*, -cipher-algo, -digest-algo
1622
and -compress-algo to OpenPGP compliant values. All PGP
1623
workarounds are disabled.
1626
Reset all packet, cipher and digest options to strict RFC-2440
1627
behavior. Note that this is currently the same thing as
1631
Try to be more RFC-1991 (PGP 2.x) compliant.
1634
Set up all options to be as PGP 2.x compliant as possible,
1635
and warn if an action is taken (e.g. encrypting to a non-RSA
1636
key) that will create a message that PGP 2.x will not be able
1637
to handle. Note that `PGP 2.x' here means `MIT PGP 2.6.2'.
1638
There are other versions of PGP 2.x available, but the MIT
1639
release is a good common baseline.
1641
This option implies `-rfc1991 -disable-mdc -no-force-v4-certs
1642
-no-sk-comment -escape-from-lines -force-v3-sigs
1643
-no-ask-sig-expire -no-ask-cert-expire -cipher-algo IDEA
1644
-digest-algo MD5 -compress-algo 1'. It also disables -textmode
1648
Set up all options to be as PGP 6 compliant as possible. This
1649
restricts you to the ciphers IDEA (if the IDEA plugin is
1650
installed), 3DES, and CAST5, the hashes MD5, SHA1 and
1651
RIPEMD160, and the compression algorithms none and ZIP. This
1652
also disables -throw-keyids, and making signatures with
1653
signing subkeys as PGP 6 does not understand signatures made
1656
This option implies `-disable-mdc -no-sk-comment
1657
-escape-from-lines -force-v3-sigs -no-ask-sig-expire'
1660
Set up all options to be as PGP 7 compliant as possible. This
1661
is identical to -pgp6 except that MDCs are not disabled, and
1662
the list of allowable ciphers is expanded to add AES128,
1663
AES192, AES256, and TWOFISH.
1666
Set up all options to be as PGP 8 compliant as possible. PGP
1667
8 is a lot closer to the OpenPGP standard than previous
1668
versions of PGP, so all this does is disable -throw-keyids
1669
and set -escape-from-lines. All algorithms are allowed
1670
except for the SHA224, SHA384, and SHA512 digests.
1674
OpenPGP states that an implementation should generate v4 signatures
1675
but PGP versions 5 through 7 only recognize v4 signatures on key
1676
material. This option forces v3 signatures for signatures on data.
1677
Note that this option overrides -ask-sig-expire, as v3 signatures
1678
cannot have expiration dates. -no-force-v3-sigs disables this
1683
Always use v4 key signatures even on v3 keys. This option also
1684
changes the default hash algorithm for v3 RSA keys from MD5 to
1685
SHA-1. -no-force-v4-certs disables this option.
1688
Force the use of encryption with a modification detection code.
1689
This is always used with the newer ciphers (those with a blocksize
1690
greater than 64 bits), or if all of the recipient keys indicate
1691
MDC support in their feature flags.
1694
Disable the use of the modification detection code. Note that by
1695
using this option, the encrypted message becomes vulnerable to a
1696
message modification attack.
1698
-allow-non-selfsigned-uid
1699
-no-allow-non-selfsigned-uid
1700
Allow the import and use of keys with user IDs which are not
1701
self-signed. This is not recommended, as a non self-signed user ID
1702
is trivial to forge. -no-allow-non-selfsigned-uid disables.
1705
Disable all checks on the form of the user ID while generating a
1706
new one. This option should only be used in very special
1707
environments as it does not ensure the de-facto standard format of
1710
-ignore-time-conflict
1711
GnuPG normally checks that the timestamps associated with keys and
1712
signatures have plausible values. However, sometimes a signature
1713
seems to be older than the key due to clock problems. This option
1714
makes these checks just a warning. See also -ignore-valid-from for
1715
timestamp issues on subkeys.
1718
GnuPG normally does not select and use subkeys created in the
1719
future. This option allows the use of such keys and thus exhibits
1720
the pre-1.0.7 behaviour. You should not use this option unless you
1721
there is some clock problem. See also -ignore-time-conflict for
1722
timestamp issues with signatures.
1725
The ASCII armor used by OpenPGP is protected by a CRC checksum
1726
against transmission errors. Occasionally the CRC gets mangled
1727
somewhere on the transmission channel but the actual content
1728
(which is protected by the OpenPGP protocol anyway) is still okay.
1729
This option allows GnuPG to ignore CRC errors.
1732
This option changes a MDC integrity protection failure into a
1733
warning. This can be useful if a message is partially corrupt,
1734
but it is necessary to get as much data as possible out of the
1735
corrupt message. However, be aware that a MDC protection failure
1736
may also mean that the message was tampered with intentionally by
1740
Lock the databases the first time a lock is requested and do not
1741
release the lock until the process terminates.
1744
Release the locks every time a lock is no longer needed. Use this
1745
to override a previous -lock-once from a config file.
1748
Disable locking entirely. This option should be used only in very
1749
special environments, where it can be assured that only one process
1750
is accessing those files. A bootable floppy with a stand-alone
1751
encryption system will probably use this. Improper usage of this
1752
option may lead to data and key corruption.
1754
-exit-on-status-write-error
1755
This option will cause write errors on the status FD to immediately
1756
terminate the process. That should in fact be the default but it
1757
never worked this way and thus we need an option to enable this, so
1758
that the change won't break applications which close their end of a
1759
status fd connected pipe too early. Using this option along with
1760
-enable-progress-filter may be used to cleanly cancel long running
1763
-limit-card-insert-tries `n'
1764
With `n' greater than 0 the number of prompts asking to insert a
1765
smartcard gets limited to N-1. Thus with a value of 1 gpg won't at
1766
all ask to insert a card if none has been inserted at startup. This
1767
option is useful in the configuration file in case an application
1768
does not know about the smartcard support and waits ad infinitum
1769
for an inserted card.
1771
-no-random-seed-file
1772
GnuPG uses a file to store its internal random pool over
1773
invocations. This makes random generation faster; however
1774
sometimes write operations are not desired. This option can be
1775
used to achieve that with the cost of slower random generation.
1778
Reset verbose level to 0.
1781
Suppress the initial copyright message.
1784
Suppress the warning about "using insecure memory".
1786
-no-permission-warning
1787
Suppress the warning about unsafe file and home directory
1788
(-homedir) permissions. Note that the permission checks that GnuPG
1789
performs are not intended to be authoritative, but rather they
1790
simply warn about certain common permission problems. Do not
1791
assume that the lack of a warning means that your system is secure.
1793
Note that the warning for unsafe -homedir permissions cannot be
1794
suppressed in the gpg.conf file, as this would allow an attacker to
1795
place an unsafe gpg.conf file in place, and use this file to
1796
suppress warnings about itself. The -homedir permissions warning
1797
may only be suppressed on the command line.
1800
Suppress the warning about missing MDC integrity protection.
1804
Refuse to run if GnuPG cannot get secure memory. Defaults to no
1805
(i.e. run, but give a warning).
1808
Assume the input data is not in ASCII armored format.
1811
Do not add the default keyrings to the list of keyrings. Note that
1812
GnuPG will not operate without any keyrings, so if you use this
1813
option and do not provide alternate keyrings via -keyring or
1814
-secret-keyring, then GnuPG will still use the default public or
1818
Skip the signature verification step. This may be used to make the
1819
decryption faster if the signature verification is not needed.
1822
Print key listings delimited by colons. Note that the output will
1823
be encoded in UTF-8 regardless of any -display-charset setting.
1824
This format is useful when GnuPG is called from scripts and other
1825
programs as it is easily machine parsed. The details of this
1826
format are documented in the file doc/DETAILS, which is included
1827
in the GnuPG source distribution.
1830
Print key listings delimited by colons (like -with-colons) and
1831
print the public key data.
1834
Same as the command -fingerprint but changes only the format of
1835
the output and may be used together with another command.
1838
Changes the output of the list commands to work faster; this is
1839
achieved by leaving some parts empty. Some applications don't need
1840
the user ID and the trust information given in the listings. By
1841
using this options they can get a faster listing. The exact
1842
behaviour of this option may change in future versions.
1845
Do not merge primary user ID and primary key in -with-colon listing
1846
mode and print all timestamps as seconds since 1970-01-01.
1849
Changes the behaviour of some commands. This is like -dry-run but
1850
different in some cases. The semantic of this command may be
1851
extended in the future. Currently it only skips the actual
1852
decryption pass and therefore enables a fast listing of the
1856
This is not for normal use. Use the source to see for what it
1860
This is not for normal use. Use the source to see for what it
1864
Display the session key used for one message. See
1865
-override-session-key for the counterpart of this option.
1867
We think that Key Escrow is a Bad Thing; however the user should
1868
have the freedom to decide whether to go to prison or to reveal
1869
the content of one specific message without compromising all
1870
messages ever encrypted for one secret key. DON'T USE IT UNLESS
1871
YOU ARE REALLY FORCED TO DO SO.
1873
-override-session-key `string'
1874
Don't use the public key but the session key `string'. The format
1875
of this string is the same as the one printed by
1876
-show-session-key. This option is normally not used but comes
1877
handy in case someone forces you to reveal the content of an
1878
encrypted message; using this option you can do this without
1879
handing out the secret key.
1881
-require-cross-certification
1882
-no-require-certification
1883
When verifying a signature made from a subkey, ensure that the
1884
cross certification "back signature" on the subkey is present and
1885
valid. This protects against a subtle attack against subkeys that
1886
can sign. Currently defaults to -no-require-cross-certification,
1887
but will be changed to -require-cross-certification in the future.
1891
When making a data signature, prompt for an expiration time. If
1892
this option is not specified, the expiration time set via
1893
-default-sig-expire is used. -no-ask-sig-expire disables this
1894
option. Note that by default, -force-v3-sigs is set which also
1895
disables this option. If you want signature expiration, you must
1896
set -no-force-v3-sigs as well as turning -ask-sig-expire on.
1899
The default expiration time to use for signature expiration. Valid
1900
values are "0" for no expiration, a number followed by the letter d
1901
(for days), w (for weeks), m (for months), or y (for years) (for
1902
example "2m" for two months, or "5y" for five years), or an
1903
absolute date in the form YYYY-MM-DD. Defaults to "0".
1907
When making a key signature, prompt for an expiration time. If this
1908
option is not specified, the expiration time set via
1909
-default-cert-expire is used. -no-ask-cert-expire disables this
1912
-default-cert-expire
1913
The default expiration time to use for key signature expiration.
1914
Valid values are "0" for no expiration, a number followed by the
1915
letter d (for days), w (for weeks), m (for months), or y (for
1916
years) (for example "2m" for two months, or "5y" for five years),
1917
or an absolute date in the form YYYY-MM-DD. Defaults to "0".
1921
Allow the user to do certain nonsensical or "silly" things like
1922
signing an expired or revoked key, or certain potentially
1923
incompatible things like generating unusual key types. This also
1924
disables certain warning messages about potentially incompatible
1925
actions. As the name implies, this option is for experts only. If
1926
you don't fully understand the implications of what it allows you
1927
to do, leave this off. -no-expert disables this option.
1929
-allow-secret-key-import
1930
This is an obsolete option and is not used anywhere.
1933
Don't look at the key ID as stored in the message but try all
1934
secret keys in turn to find the right decryption key. This option
1935
forces the behaviour as used by anonymous recipients (created by
1936
using -throw-keyids) and might come handy in case where an
1937
encrypted message contains a bogus key ID.
1939
-allow-multisig-verification
1940
Allow verification of concatenated signed messages. This will run a
1941
signature verification for each data+signature block. There are
1942
some security issues with this option and thus it is off by
1943
default. Note that versions of GPG prior to version 1.4.3
1944
implicitly allowed this.
1946
-enable-special-filenames
1947
This options enables a mode in which filenames of the form `-&n',
1948
where n is a non-negative decimal number, refer to the file
1949
descriptor n and not to a file with that name.
1951
-no-expensive-trust-checks
1952
Experimental use only.
1954
-group `name=value1 '
1955
Sets up a named group, which is similar to aliases in email
1956
programs. Any time the group name is a recipient (-r or
1957
-recipient), it will be expanded to the values specified. Multiple
1958
groups with the same name are automatically merged into a single
1961
The values are `key IDs' or fingerprints, but any key description
1962
is accepted. Note that a value with spaces in it will be treated as
1963
two different values. Note also there is only one level of
1964
expansion - you cannot make an group that points to another group.
1965
When used from the command line, it may be necessary to quote the
1966
argument to this option to prevent the shell from treating it as
1970
Remove a given entry from the -group list.
1973
Remove all entries from the -group list.
1975
-preserve-permissions
1976
Don't change the permissions of a secret keyring back to user
1977
read/write only. Use this option only if you really know what you
1980
-personal-cipher-preferences `string'
1981
Set the list of personal cipher preferences to `string', this list
1982
should be a string similar to the one printed by the command
1983
"pref" in the edit menu. This allows the user to factor in their
1984
own preferred algorithms when algorithms are chosen via recipient
1985
key preferences. The most highly ranked cipher in this list is
1986
also used for the -symmetric encryption command.
1988
-personal-digest-preferences `string'
1989
Set the list of personal digest preferences to `string', this list
1990
should be a string similar to the one printed by the command
1991
"pref" in the edit menu. This allows the user to factor in their
1992
own preferred algorithms when algorithms are chosen via recipient
1993
key preferences. The most highly ranked digest algorithm in this
1994
list is algo used when signing without encryption (e.g. -clearsign
1995
or -sign). The default value is SHA-1.
1997
-personal-compress-preferences `string'
1998
Set the list of personal compression preferences to `string', this
1999
list should be a string similar to the one printed by the command
2000
"pref" in the edit menu. This allows the user to factor in their
2001
own preferred algorithms when algorithms are chosen via recipient
2002
key preferences. The most highly ranked algorithm in this list is
2003
also used when there are no recipient keys to consider (e.g.
2006
-default-preference-list `string'
2007
Set the list of default preferences to `string'. This preference
2008
list is used for new keys and becomes the default for "setpref" in
2011
-default-keyserver-url `name'
2012
Set the default keyserver URL to `name'. This keyserver will be
2013
used as the keyserver URL when writing a new self-signature on a
2014
key, which includes key generation and changing preferences.
2017
Display various internal configuration parameters of GnuPG. This
2018
option is intended for external programs that call GnuPG to perform
2019
tasks, and is thus not generally useful. See the file
2020
`doc/DETAILS' in the source distribution for the details of which
2021
configuration items may be listed. -list-config is only usable
2022
with -with-colons set.
2024
How to specify a user ID
2025
************************
2027
There are different ways to specify a user ID to GnuPG; here are some
2036
Here the key ID is given in the usual short form.
2042
Here the key ID is given in the long form as used by OpenPGP (you
2043
can get the long key ID using the option -with-colons).
2045
1234343434343434C434343434343434
2046
123434343434343C3434343434343734349A3434
2047
0E12343434343434343434EAB3484343434343434
2048
0xE12343434343434343434EAB3484343434343434
2049
The best way to specify a key ID is by using the fingerprint of
2050
the key. This avoids any ambiguities in case that there are
2051
duplicated key IDs (which are really rare for the long key IDs).
2053
=Heinrich Heine <heinrichh@uni-duesseldorf.de>
2054
Using an exact to match string. The equal sign indicates this.
2056
<heinrichh@uni-duesseldorf.de>
2057
Using the email address part which must match exactly. The left
2058
angle bracket indicates this email address mode.
2061
Match within the <email.address> part of a user ID. The at sign
2062
indicates this email address mode.
2066
By case insensitive substring matching. This is the default mode
2067
but applications may want to explicitly indicate this by putting
2068
the asterisk in front.
2070
Note that you can append an exclamation mark (!) to key IDs or
2071
fingerprints. This flag tells GnuPG to use the specified primary or
2072
secondary key and not to try and calculate which primary or secondary
2078
The program returns 0 if everything was fine, 1 if at least a signature
2079
was bad, and other error codes for fatal errors.
2084
gpg -se -r `Bob' `file'
2085
sign and encrypt for user Bob
2087
gpg -clearsign `file'
2088
make a clear text signature
2091
make a detached signature
2093
gpg -list-keys `user_ID'
2096
gpg -fingerprint `user_ID'
2099
gpg -verify `pgpfile'
2100
gpg -verify `sigfile'
2101
Verify the signature of the file but do not output the data. The
2102
second form is used for detached signatures, where `sigfile' is
2103
the detached signature (either ASCII armored or binary) and are
2104
the signed data; if this is not given, the name of the file
2105
holding the signed data is constructed by cutting off the
2106
extension (".asc" or ".sig") of `sigfile' or by asking the user
2113
Used to locate the default home directory.
2116
If set directory used instead of "~/.gnupg".
2119
Used to locate the gpg-agent; only honored when -use-agent is set.
2120
The value consists of 3 colon delimited fields: The first is the
2121
path to the Unix Domain Socket, the second the PID of the
2122
gpg-agent and the protocol version which should be set to 1. When
2123
starting the gpg-agent as described in its documentation, this
2124
variable is set to the correct value. The option -gpg-agent-info
2125
can be used to override it.
2129
Used to size some displays to the full size of the screen.
2134
~/.gnupg/secring.gpg
2137
~/.gnupg/secring.gpg.lock
2140
~/.gnupg/pubring.gpg
2143
~/.gnupg/pubring.gpg.lock
2146
~/.gnupg/trustdb.gpg
2149
~/.gnupg/trustdb.gpg.lock
2152
~/.gnupg/random_seed
2153
used to preserve the internal random pool
2156
Default configuration file
2159
Old style configuration file; only used when gpg.conf is not found
2161
/usr[/local]/share/gnupg/options.skel
2162
Skeleton options file
2164
/usr[/local]/lib/gnupg/
2165
Default location for extensions
2170
Use a *good* password for your user account and a *good* passphrase to
2171
protect your secret key. This passphrase is the weakest part of the
2172
whole system. Programs to do dictionary attacks on your secret keyring
2173
are very easy to write and so you should protect your "~/.gnupg/"
2174
directory very well.
2176
Keep in mind that, if this program is used over a network (telnet),
2177
it is *very* easy to spy out your passphrase!
2179
If you are going to verify detached signatures, make sure that the
2180
program knows about it; either give both filenames on the command line
2181
or use `-' to specify stdin.
2183
INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
2184
********************************************
2186
GnuPG tries to be a very flexible implementation of the OpenPGP
2187
standard. In particular, GnuPG implements many of the optional parts of
2188
the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
2189
compression algorithms. It is important to be aware that not all
2190
OpenPGP programs implement these optional algorithms and that by
2191
forcing their use via the -cipher-algo, -digest-algo,
2192
-cert-digest-algo, or -compress-algo options in GnuPG, it is possible
2193
to create a perfectly valid OpenPGP message, but one that cannot be
2194
read by the intended recipient.
2196
There are dozens of variations of OpenPGP programs available, and
2197
each supports a slightly different subset of these optional algorithms.
2198
For example, until recently, no (unhacked) version of PGP supported the
2199
BLOWFISH cipher algorithm. A message using BLOWFISH simply could not be
2200
read by a PGP user. By default, GnuPG uses the standard OpenPGP
2201
preferences system that will always do the right thing and create
2202
messages that are usable by all recipients, regardless of which OpenPGP
2203
program they use. Only override this safe default if you really know
2206
If you absolutely must override the safe default, or if the
2207
preferences on a given key are invalid for some reason, you are far
2208
better off using the -pgp6, -pgp7, or -pgp8 options. These options are
2209
safe as they do not force any particular algorithms in violation of
2210
OpenPGP, but rather reduce the available algorithms to a "PGP-safe"
2216
On many systems this program should be installed as setuid(root). This
2217
is necessary to lock memory pages. Locking memory pages prevents the
2218
operating system from writing memory pages (which may contain
2219
passphrases or other sensitive material) to disk. If you get no warning
2220
message about insecure memory your operating system supports locking
2221
without being root. The program drops root privileges as soon as locked
2222
memory is allocated.