gpgm [--homedir name] [--options file] [options] command [args]
-s, --sign Make a signature. This option may be combined with --encrypt.
--clearsign Make a clear text signature.
-b, --detach-sign Make a detached signature.
-e, --encrypt Encrypt data. This option may be combined with --sign.
-c, --symmetric Encrypt with symmetric cipher only This command asks for a passphrase.
--store store only (make a simple RFC1991 packet).
--decrypt [file] Decrypt file (or stdin if no file is specified) and write it to stdout (or the file specified with --output). If the decrypted file is signed, the signature is also verified. This command differs from the default operation, as it never writes to the filename which is included in the file and it rejects files which don't begin with an encrypted message.
--verify [[sigfile] {signed-files}] Assume that filename is a signature and verify it without generating any output. With no arguments, the signature packet is read from stdin (it may be a detached signature when not used in batch mode). If only a sigfile is given, it may be a complete signature or a detached signature, in which case the signed stuff is expected in a file without the .sig or .asc extension (if such a file does not exist it is expected at stdin - use - as filename to force a read from stdin). With more than 1 argument, the first should be a detached signature and the remaining files are the signed stuff.
-k [username] [keyring] Kludge to be somewhat compatible with PGP. Without arguments, all public keyrings are listed. With one argument, only keyring is listed. Special combinations are also allowed, but it may give strange results when combined with more options.
--list-keys [names] List all keys from the public keyrings, or just the ones given on the command line.
--list-secret-keys [names] List all keys from the secret keyrings, or just the ones given on the command line.
--list-sigs [names] Same as --list-keys, but the signatures are listed too.
--check-sigs [names] Same as --list-sigs, but the signatures are verified.
--fingerprint [names] List all keys with their fingerprints. This is the same output as list-keys but with the additonal output of a line with the fingerprint. May also be combined with --list-sigs or --check-sigs.
--list-packets List only the sequence of packets. This is mainly useful for debugging.
--gen-key Generate a new key pair. This command can only be used interactive.
--edit-key name Present a menu which enables you to do all key related tasks:
--delete-key Remove key from the public keyring
--delete-secret-key Remove key from the secret and public keyring
--gen-revoke Generate a revocation certificate.
--export [names] Either export all keys from all keyrings (default keyrings and those registered via option --keyring), or if at least one name is given, those of the given name. The new keyring is written to stdout or to the file given with option ``output''. Use together with -a to mail those keys.
--export-secret-keys [names Same as --export, but does export the secret keys. This is normally not very useful.
--import import/merge keys
--export-ownertrust List the assigned ownertrust values in ascii format for backup purposes [gpgm only].
--import-ownertrust [filename] Update the trustdb with the ownertrust values stored in filename (or stdin if not given); existing values will be overwritten. [gpgm only].
gpg recognizes these options:
-a, --armor Create ASCII armored output.
-o file, --output file Write output to file.
-u name, --local-user name Use name as the user-id to sign. This option is silently ignored for the list commands, so that it can be used in an options file.
--default-key name Use name as default user-id for signatures. If this is not used the default user-id is the first user-id from the secret keyring.
-r name, --remote-user name Use name as the user-id for encryption. This option is silently ignored for the list commands, so that it can be used in an options file.
-v, --verbose Give more information during processing. If used twice, the input data is listed in detail.
-z n Set compress level to n. A value of 0 for n disables compression. Default is to use the default compression level of zlib (which is 6).
-t, --textmode Use canonical text mode. Used to make clear-text signatures.
-n, --dry-run Don't make any changes (not yet implemented).
--batch Batch mode; never ask, do not allow interactive commands.
--no-batch Disable batch mode; this may be used if batch is used in the options file.
--yes Assume yes on most questions.
--no Assume no on most questions.
--keyring file Add file to the list of keyrings. If file begins with a tilde and a slash, these are replaced by the HOME directory. If the filename does not contain a slash, it is assumed to be in the home-directory (~/.gnupg if --homedir) is not used.
--secret-keyring file Same as --keyring but for secret keyrings.
--homedir dir
Set the name of the home directory to dir. If this
option is not used it defaults to ~/.gnupg. It does
not make sense to use this in a options file. This
also overrides the environment variable GNUPGHOME
.
--options file Read options from file and do not try to read them from the default options file in the homedir (see --homedir). This option is ignored when used in an options file.
--no-options Shortcut for --options /dev/null. This option is detected before an attempt to open an option file.
--load-extension modulename Load an extension module. If modulename does not contain a slash it is searched in /usr/local/lib/gnupg See the manual for more information about extensions.
--debug flags Set debugging flags. All flags are or-ed and flags may be given in C syntax (e.g. 0x0042).
--debug-all Set all useful debugging flags.
--status-fd n Write special status strings to the file descriptor n.
--no-comment Do not write comment packets.
--completes-needed n Number of completely trusted users to introduce a new key signator (defaults to 1).
--marginals-needed n Number of marginally trusted users to introduce a new key signator (defaults to 3)
--cipher-algo name Use name as cipher algorithm. Running the program with the option --verbose yields a list of supported algorithms. If this is not used the cipher algorithm is selected from the preferences stored with the key.
--digest-algo name Use name as message digest algorithm. Running the program with the option --verbose yields a list of supported algorithms.
--compress-algo number Use compress algorithm number. Default is 2 which is RFC1950 compression; you may use 1 to use the old zlib version which is used by PGP. This is only used for new messages. The default algorithm may give better results because the window size is not limited to 8K. If this is not used the OpenPGP behaviour is used; i.e. the compression algorith is selected from the preferences.
--passphrase-fd n Read the passphrase from file descriptor n. If you use 0 for n, the passphrase will be read from stdin. This can only be used if only one passphrase is supplied. Don't use this option if you can avoid it
--no-verbose Reset verbose level to 0.
--no-greeting Suppress the initial copyright message but do not enter batch mode.
--no-armor Assume the input data is not in ASCCI armored format.
--no-default-keyring Do not add the default keyrings to the list of keyrings.
--skip-verify Skip the signature verification step. This may be used to make the encryption faster if the signature verification is not needed.
--version Print version information along with a list of supported algorithms.
--with-colons Print key listings delimited by colons.
--warranty Print warranty information.
-h, --help Print usage information.
HOME
Used to locate the default home directory.
GNUPGHOME
If set, direcory used instead of ~/.gnupg.
~/.gnupg/pubring.gpg The public keyring
~/.gnupg/trustdb.gpg The trust database
~/.gnupg/options May contain options
/usr[/local]/lib/gnupg/ Default location for extensions
Keep in mind that, if this program is used over a network (telnet), it is very easy to spy out your passphrase!
Please send FSF & GNU inquiries & questions to gnu@gnu.org. There are also other ways to contact the FSF.
Please send comments on these web pages to webmaster@gnupg.org, send other questions to gnu@gnu.org.
Copyright (C) 1998, 1999 Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.
Updated: 1999-09-30 wkoch