The GNU Privacy Handbook

Please direct questions, bug reports, or suggesstions concerning this manual to the maintainer, Mike Ashley (<jashley@acm.org>). Contributors to this manual also include Matthew Copeland, Joergen Grahn, and David A. Wheeler. J Horacio MG has translated the manual to Spanish.

This manual may be redistributed under the terms of the GNU General Public License.

Table of Contents

1. Getting Started

Generating a new keypair

Generating a revocation certificate

Exchanging keys

Exporting a public key
Importing a public key

Encrypting and decrypting documents

Making and verifying signatures

Clearsigned documents
Detached signatures

2. Concepts

Symmetric ciphers
Public-key ciphers
Hybrid ciphers
Digital signatures

3. Key Management

Managing your own keypair

Key integrity
Adding and deleting key components
Revoking key components
Updating a key's expiration time

Validating other keys on your public keyring

Trust in a key's owner
Using trust to validate keys

Distributing keys

4. Daily use of GnuPG

Defining your security needs

Choosing a key size
Protecting your private key
Selecting expiration dates and using subkeys
Managing your web of trust

Building your web of trust

Using GnuPG legally

5. Topics

Writing user interfaces

I. Command Reference

send-keys — send keys to a key server
recv-keys — retrieve keys from a key server
encrypt — encrypt a document
decrypt — decrypt an encrypted document
clearsign — make a cleartext signature
fingerprint — display key fingerprints
detach-sig — make a detached signature
gen-key — generate a new keypair
symmetric — encrypt a document using only a symmetric encryption algorithm
list-keys — list information about the specified keys
import — import keys to a local keyring
verify — verify a signed document
gen-revoke — generate a revocation certificate for a public/private keypair
export — export keys from a local keyring
edit-key — presents a menu for operating on keys
version — display version information

II. Options Reference

keyserver — specify the keyserver to use to locate keys
output — specify the file in which to place output
recipient — specify the recipient of a public-key encrypted document
armor — ASCII-armor encrypted or signed output
no-greeting — suppress the opening copyright notice but do not enter batch mode
local-user — specifies a user id to use for signing
completes-needed — specifies the number of fully-trusted people needed to validate a new key.
marginals-needed — specifies the number of marginally-trusted people needed to validate a new key.
load-extension — specifies an extension to load.
rfc1991 — try to be more RFC1991 (PGP 2.x) compliant
allow-non-selfsigned-uid — allow the import of keys with user IDs which are not self-signed
cipher-algo — use a specified algorithm as the symmetric cipher
compress-algo — use a specified compression algorithm

		Next
		Getting Started