gpg

Encryption and signing tool

Subcommands

Name	Description
`-s, --sign`	Make a signature
`--clearsign`	Make a clear text signature
`-b, --detach-sign`	Make a detached signature
`-e, --encrypt`	Encrypt data
`-c, --symmetric`	Encrypt with symmetric cipher only
`--store`	Store only (make a simple RFC1991 packet)
`--decrypt`	Decrypt file (or stdin if no file is specified) and write it to stdout
`--verify`	Assume that sigfile is a signature and verify it without generating any output
`--verify-files`	Special version of --verify which does not work with detached signatures
`--list-keys, --list-public-keys`	List all keys from public keyrings, or just the ones given on the command line
`--list-secret-keys`	List all keys from secret keyrings, or just the ones given on the command line
`--list-sigs`	Same as --list-keys, but the signatures are listed too
`--check-sigs`	Same as --list-sigs, but the signatures are verified
`--fingerprint`	List all keys with their fingerprints
`--list-packets`	List only the sequence of packets
`--gen-key`	Generate a new key pair
`--edit-key`	Present a menu which enables you to do all key related tasks
`--sign-key`	Sign a public key with you secret key
`--lsign-key`	Sign a public key with you secret key but mark it as non-exportable
`--trusted-key`	Assume that the specified key is as trustworthy as one of your own secret keys
`--delete-key`	Remove key from the public keyring
`--delete-secret-key`	Remove key from the secret and public keyring
`--gen-revoke`	Generate a revocation certificate for the complete key
`--export`	Either export all keys from all keyrings or those of the given names
`--send-keys`	Same as --export but sends the keys to a keyserver
`--export-all`	Same as --export, but also exports keys which are not compatible to OpenPGP
`--export-secret-keys`	Same as --export, but exports the secret keys
`--export-secret-subkeys`	Same as --export, but exports the secret subkeys
`--import`	Import/merge keys. This adds the given keys to the keyring
`--fast-import`	--import but does not build the trustdb
`--recv-keys`	Import the keys with the given key IDs from a HKP keyserver
`--export-ownertrust`	List the ownertrust values in ASCII format
`--import-ownertrust`	Update the trustdb with the ownertrust values stored in files
`--print-md`	Print message digest of algorithm ALGO for all given files of stdin
`--gen-random`	Emit COUNT random bytes of the given quality level
`--gen-prime`	Generate prime numbers
`--version`	Print version information
`--warranty`	Print warranty information
`-h, --help`	Print usage information

Options

Name	Description
`--homedir <directory>`	Set the name of the home directory
`--options <file>`	Read options from file
`-a, --armour`	Create ASCII armored output
`-o, --output <file>`	Write output to file
`-u, --local-user <name>`	Use name as the user ID to sign
`--default-key <name>`	Use name as default user ID for signatures
`-r, --recipient <name>`	Encrypt for user id name
`--default-recipient <name>`	Use name as default recipient
`--default-recipient-self`	Use the default key as default recipient
`--no-default-recipient`	Reset --default-recipient and --default-recipient-self
`--encrypt-to <name>`	Same as --recipient but this one is intended for in the options file
`--no-encrypt-to`	Disable the use of all --encrypt-to keys
`-v, --verbose`	Give more information during processing
`-q, --quiet`	Try to be as quiet as possible
`-Z <n>`	Set compression level to n
`-t, --textmode`	Use canonical text mode
`-n, --dry-run`	Don't make any changes
`-i, --interactive`	Prompt before overwriting any files
`--batch`	Use batch mode
`--no-tty`	Make sure that the TTY is never used for any output
`--no-batch`	Disable batch mode
`--yes`	Assume "yes" on most questions
`--no`	Assume "no" on most questions
`--always-trust`	Skip key validation
`--keyserver <name>`	Use name to lookup keys which are not yet in your keyring
`--no-auto-key-retrieve`	Disables the automatic retrieving of keys
`--honor-http-proxy`	Try to access the keyserver over the proxy
`--keyring <file>`	Add file to the list of keyrings
`--secret-keyring <file>`	Same as --keyring but for the secret keyrings
`--charset <name>`	Set the name of the native character set
`--utf8-strings`	Assume that the arguments are already given as UTF8
`--no-utf8-strings`
`--no-options`	Shortcut for "--options /dev/null"
`--load-extension <name>`	Load an extension module
`--debug <flags>`	Set debugging flags
`--debug-all`	Set all useful debugging flags
`--status-fd <n>`	Write special status strings to the file descriptor n
`--logger-fd <n>`	Write log output to file descriptor n and not to stderr
`--no-comment`	Do not write comment packets
`--comment <string>`	Use string as comment string in clear text signatures
`--default-comment`	Force to write the standard comment string
`--no-version`	Omit the version string in clear text signatures
`--emit-version`	Force to write the version string
`-N, --notation-data <name=value>`	Put the name value pair into the signature as notation data
`--set-policy-url <string>`	Use string as Policy URL for signatures (rfc2440:5.2.3.19)
`--set-filename <string>`	Use string as the name of file which is stored in messages
`--use-embedded-filename`	Try to create a file with a name as embedded in the data
`--completes-needed <n>`	Number of completely trusted users to introduce a new key signer
`--marginals-needed <n>`	Number of marginally trusted users to introduce a new key signer
`--max-cert-depth <n>`	Maximum depth of a certification chain
`--cipher-algo <name>`	Use name as cipher algorithm
`--digest-algo <name>`	Use name as message digest algorithm
`--s2k-cipher-algo <name>`	Use name as the cipher algorithm used to protect secret keys
`--s2k-digest-algo <name>`	Use name as the digest algorithm used to mangle the passphrases
`--s2k-mode <n>`	Selects how passphrases are mangled
`--compress-algo <n>`	Use compress algorithm n
`--disable-cipher-algo <name>`	Never allow the use of name as cipher algorithm
`--disable-pubkey-algo <name>`	Never allow the use of name as public key algorithm
`--throw-keyid`	Do not put the keyid into encrypted packets
`--not-dash-escaped`	Makes signatures usable for patch files
`--escape-from-lines`	Handle "<From" in emails
`--passphrase-fd <n>`	Read the passphrase from file descriptor n
`--command-fd <n>`	This is a replacement for the depreciated shared-memory IPC mode
`--rfc1991`	Try to be more RFC1991 (PGP 2.x) compliant
`--openpgp`	Reset all packet, cipher and digest options to OpenPGP
`--force-v3-sigs`	Forces v3 signatures for signatures on data
`--force-mdc`	Force encryption with appended manipulation code
`--allow-non-selfsigned-uid`	Allow non self-signed user IDs
`--allow-freeform-uid`	Disable all checks on the form of the user ID
`--ignore-time-conflict`	Makes time checks just a warning
`--lock-once`	Do not release the lock until the process terminates
`--lock-multiple`	Release the locks every time one is no longer needed
`--lock-never`	Disable locking entirely
`--no-random-seed-file`	Disable random pool cache
`--no-verbose`	Reset verbose level to 0
`--no-greeting`	Suppress the initial copyright message
`--no-secmem-warning`	Suppress the "using insecure memory" warning
`--no-armor`	Assume the input data is not in ASCII armored format
`--no-default-keyring`	Do not add the keyrings to the list of keyrings
`--skip-verify`	Skip the signature verification step
`--with-colons`	Print key listings delimited by colons
`--with-key-data`	--with-colons with the public key data
`--with-fingerprint`	--fingerprint with a different format
`--fast-list-mode`	Changes the list commands to work faster
`--list-only`	Skip the decryption pass
`--no-literal`	This is not for normal use
`--set-filesize`	This is not for normal use
`--emulate-md-encode-bug`	Enables workaround to check faulty signatures
`--show-session-key`	Display the session key used for one message
`--override-session-key <string>`	Don't use the public key but the session key string
`--merge-only`	Don't insert new keys into the keyrings
`--try-all-secrets`	Try all secret keys in turn to find the right one