gpg

Encryption and signing tool

Subcommands

NameDescription
-s,--signMake a signature
--clearsignMake a clear text signature
-b,--detach-signMake a detached signature
-e,--encryptEncrypt data
-c,--symmetricEncrypt with symmetric cipher only
--storeStore only (make a simple RFC1991 packet)
--decryptDecrypt file (or stdin if no file is specified) and write it to stdout
--verifyAssume that sigfile is a signature and verify it without generating any output
--verify-filesSpecial version of --verify which does not work with detached signatures
--list-keys,--list-public-keysList all keys from public keyrings, or just the ones given on the command line
--list-secret-keysList all keys from secret keyrings, or just the ones given on the command line
--list-sigsSame as --list-keys, but the signatures are listed too
--check-sigsSame as --list-sigs, but the signatures are verified
--fingerprintList all keys with their fingerprints
--list-packetsList only the sequence of packets
--gen-keyGenerate a new key pair
--edit-keyPresent a menu which enables you to do all key related tasks
--sign-keySign a public key with you secret key
--lsign-keySign a public key with you secret key but mark it as non-exportable
--trusted-keyAssume that the specified key is as trustworthy as one of your own secret keys
--delete-keyRemove key from the public keyring
--delete-secret-keyRemove key from the secret and public keyring
--gen-revokeGenerate a revocation certificate for the complete key
--exportEither export all keys from all keyrings or those of the given names
--send-keysSame as --export but sends the keys to a keyserver
--export-allSame as --export, but also exports keys which are not compatible to OpenPGP
--export-secret-keysSame as --export, but exports the secret keys
--export-secret-subkeysSame as --export, but exports the secret subkeys
--importImport/merge keys. This adds the given keys to the keyring
--fast-import--import but does not build the trustdb
--recv-keysImport the keys with the given key IDs from a HKP keyserver
--export-ownertrustList the ownertrust values in ASCII format
--import-ownertrustUpdate the trustdb with the ownertrust values stored in files
--print-mdPrint message digest of algorithm ALGO for all given files of stdin
--gen-randomEmit COUNT random bytes of the given quality level
--gen-primeGenerate prime numbers
--versionPrint version information
--warrantyPrint warranty information
-h,--helpPrint usage information

Options

NameDescription
--homedir <command>Set the name of the home directory
--options <command>Read options from file
-a,--armourCreate ASCII armored output
-o,--output <command>Write output to file
-u,--local-user <command>Use name as the user ID to sign
--default-key <command>Use name as default user ID for signatures
-r,--recipient <command>Encrypt for user id name
--default-recipient <command>Use name as default recipient
--default-recipient-selfUse the default key as default recipient
--no-default-recipientReset --default-recipient and --default-recipient-self
--encrypt-to <command>Same as --recipient but this one is intended for in the options file
--no-encrypt-toDisable the use of all --encrypt-to keys
-v,--verboseGive more information during processing
-q,--quietTry to be as quiet as possible
-Z <command>Set compression level to n
-t,--textmodeUse canonical text mode
-n,--dry-runDon't make any changes
-i,--interactivePrompt before overwriting any files
--batchUse batch mode
--no-ttyMake sure that the TTY is never used for any output
--no-batchDisable batch mode
--yesAssume "yes" on most questions
--noAssume "no" on most questions
--always-trustSkip key validation
--keyserver <command>Use name to lookup keys which are not yet in your keyring
--no-auto-key-retrieveDisables the automatic retrieving of keys
--honor-http-proxyTry to access the keyserver over the proxy
--keyring <command>Add file to the list of keyrings
--secret-keyring <command>Same as --keyring but for the secret keyrings
--charset <command>Set the name of the native character set
--utf8-stringsAssume that the arguments are already given as UTF8
--no-utf8-strings
--no-optionsShortcut for "--options /dev/null"
--load-extension <command>Load an extension module
--debug <command>Set debugging flags
--debug-allSet all useful debugging flags
--status-fd <command>Write special status strings to the file descriptor n
--logger-fd <command>Write log output to file descriptor n and not to stderr
--no-commentDo not write comment packets
--comment <command>Use string as comment string in clear text signatures
--default-commentForce to write the standard comment string
--no-versionOmit the version string in clear text signatures
--emit-versionForce to write the version string
-N,--notation-data <command>Put the name value pair into the signature as notation data
--set-policy-url <command>Use string as Policy URL for signatures (rfc2440:5.2.3.19)
--set-filename <command>Use string as the name of file which is stored in messages
--use-embedded-filenameTry to create a file with a name as embedded in the data
--completes-needed <command>Number of completely trusted users to introduce a new key signer
--marginals-needed <command>Number of marginally trusted users to introduce a new key signer
--max-cert-depth <command>Maximum depth of a certification chain
--cipher-algo <command>Use name as cipher algorithm
--digest-algo <command>Use name as message digest algorithm
--s2k-cipher-algo <command>Use name as the cipher algorithm used to protect secret keys
--s2k-digest-algo <command>Use name as the digest algorithm used to mangle the passphrases
--s2k-mode <command>Selects how passphrases are mangled
--compress-algo <command>Use compress algorithm n
--disable-cipher-algo <command>Never allow the use of name as cipher algorithm
--disable-pubkey-algo <command>Never allow the use of name as public key algorithm
--throw-keyidDo not put the keyid into encrypted packets
--not-dash-escapedMakes signatures usable for patch files
--escape-from-linesHandle "<From" in emails
--passphrase-fd <command>Read the passphrase from file descriptor n
--command-fd <command>This is a replacement for the depreciated shared-memory IPC mode
--rfc1991Try to be more RFC1991 (PGP 2.x) compliant
--openpgpReset all packet, cipher and digest options to OpenPGP
--force-v3-sigsForces v3 signatures for signatures on data
--force-mdcForce encryption with appended manipulation code
--allow-non-selfsigned-uidAllow non self-signed user IDs
--allow-freeform-uidDisable all checks on the form of the user ID
--ignore-time-conflictMakes time checks just a warning
--lock-onceDo not release the lock until the process terminates
--lock-multipleRelease the locks every time one is no longer needed
--lock-neverDisable locking entirely
--no-random-seed-fileDisable random pool cache
--no-verboseReset verbose level to 0
--no-greetingSuppress the initial copyright message
--no-secmem-warningSuppress the "using insecure memory" warning
--no-armorAssume the input data is not in ASCII armored format
--no-default-keyringDo not add the keyrings to the list of keyrings
--skip-verifySkip the signature verification step
--with-colonsPrint key listings delimited by colons
--with-key-data--with-colons with the public key data
--with-fingerprint--fingerprint with a different format
--fast-list-modeChanges the list commands to work faster
--list-onlySkip the decryption pass
--no-literalThis is not for normal use
--set-filesizeThis is not for normal use
--emulate-md-encode-bugEnables workaround to check faulty signatures
--show-session-keyDisplay the session key used for one message
--override-session-key <command>Don't use the public key but the session key string
--merge-onlyDon't insert new keys into the keyrings
--try-all-secretsTry all secret keys in turn to find the right one