1GPG(1)                       GNU Privacy Guard 1.4                      GPG(1)
2
3
4

NAME

6       gpg - OpenPGP encryption and signing tool
7

SYNOPSIS

9       gpg [--homedir dir] [--options file] [options] command [args]
10
11

DESCRIPTION

13       gpg is the OpenPGP only version of the GNU Privacy Guard (GnuPG). It is
14       a tool to provide digital encryption and  signing  services  using  the
15       OpenPGP  standard.  gpg  features complete key management and all bells
16       and whistles you can expect from a decent OpenPGP implementation.
17
18       This is the standalone version of gpg.  For desktop use you should con‐
19       sider using gpg2 from the GnuPG-2 package
20        ([On some platforms gpg2 is installed under the name gpg]).
21
22
23
24
25
26
27

RETURN VALUE

29       The program returns 0 if everything was fine, 1 if at least a signature
30       was bad, and other error codes for fatal errors.
31
32

WARNINGS

34       Use a *good* password for your user account and a *good* passphrase  to
35       protect  your  secret  key.  This passphrase is the weakest part of the
36       whole system. Programs to do dictionary attacks on your secret  keyring
37       are  very  easy  to  write  and  so you should protect your "~/.gnupg/"
38       directory very well.
39
40       Keep in mind that, if this program is used over a network (telnet),  it
41       is *very* easy to spy out your passphrase!
42
43       If you are going to verify detached signatures, make sure that the pro‐
44       gram knows about it; either give both filenames on the command line  or
45       use '-' to specify STDIN.
46
47

INTEROPERABILITY

49       GnuPG  tries  to be a very flexible implementation of the OpenPGP stan‐
50       dard. In particular, GnuPG implements many of the optional parts of the
51       standard,  such as the SHA-512 hash, and the ZLIB and BZIP2 compression
52       algorithms. It is important to be aware that not all  OpenPGP  programs
53       implement  these  optional algorithms and that by forcing their use via
54       the --cipher-algo, --digest-algo,  --cert-digest-algo,  or  --compress-
55       algo  options  in  GnuPG,  it  is  possible to create a perfectly valid
56       OpenPGP message, but one that cannot be read by the intended recipient.
57
58       There are dozens of variations of OpenPGP programs available, and  each
59       supports a slightly different subset of these optional algorithms.  For
60       example, until recently, no (unhacked) version  of  PGP  supported  the
61       BLOWFISH cipher algorithm. A message using BLOWFISH simply could not be
62       read by a PGP user. By default, GnuPG uses the standard OpenPGP prefer‐
63       ences  system  that  will always do the right thing and create messages
64       that are usable by all recipients, regardless of which OpenPGP  program
65       they  use.  Only override this safe default if you really know what you
66       are doing.
67
68       If you absolutely must override the safe default, or if the preferences
69       on  a  given  key  are  invalid for some reason, you are far better off
70       using the --pgp6, --pgp7, or --pgp8 options. These options are safe  as
71       they  do  not  force any particular algorithms in violation of OpenPGP,
72       but rather reduce the available algorithms to a "PGP-safe" list.
73
74

COMMANDS

76       Commands are not distinguished from options except for  the  fact  that
77       only one command is allowed.
78
79       gpg  may  be run with no commands, in which case it will perform a rea‐
80       sonable action depending on the type of file it is given as  input  (an
81       encrypted  message  is  decrypted, a signature is verified, a file con‐
82       taining keys is listed).
83
84       Please remember that option as well as command parsing stops as soon as
85       a  non-option  is encountered, you can explicitly stop parsing by using
86       the special option --.
87
88
89
90
91
92
93   Commands not specific to the function
94
95
96
97       --version
98              Print the program version and licensing information.  Note  that
99              you cannot abbreviate this command.
100
101
102       --help
103
104       -h     Print  a  usage message summarizing the most useful command line
105              options.  Note that you cannot abbreviate this command.
106
107
108       --warranty
109              Print warranty information.
110
111
112       --dump-options
113              Print a list of all available options and commands.   Note  that
114              you cannot abbreviate this command.
115
116
117
118
119   Commands to select the type of operation
120
121
122
123
124
125       --sign
126
127       -s     Make  a  signature.  This command may be combined with --encrypt
128              (for a signed and encrypted message), --symmetric (for a  signed
129              and symmetrically encrypted message), or --encrypt and --symmet‐
130              ric together (for a signed message that may be decrypted  via  a
131              secret  key or a passphrase).  The key to be used for signing is
132              chosen by default or  can  be  set  with  the  --local-user  and
133              --default-key options.
134
135
136       --clearsign
137              Make a clear text signature.  The content in a clear text signa‐
138              ture is readable without any special software. OpenPGP  software
139              is  only  needed to verify the signature.  Clear text signatures
140              may modify end-of-line whitespace for platform independence  and
141              are not intended to be reversible.  The key to be used for sign‐
142              ing is chosen by default or can be set with the --local-user and
143              --default-key options.
144
145
146
147       --detach-sign
148
149       -b     Make a detached signature.
150
151
152       --encrypt
153
154       -e     Encrypt  data.  This  option  may be combined with --sign (for a
155              signed and encrypted message), --symmetric (for a  message  that
156              may  be  decrypted  via a secret key or a passphrase), or --sign
157              and --symmetric together (for  a  signed  message  that  may  be
158              decrypted via a secret key or a passphrase).
159
160
161       --symmetric
162
163       -c     Encrypt  with a symmetric cipher using a passphrase. The default
164              symmetric cipher used is AES128, but  may  be  chosen  with  the
165              --cipher-algo  option.  This  option may be combined with --sign
166              (for a signed and symmetrically  encrypted  message),  --encrypt
167              (for  a  message  that  may  be  decrypted via a secret key or a
168              passphrase), or --sign and --encrypt together (for a signed mes‐
169              sage that may be decrypted via a secret key or a passphrase).
170
171
172       --store
173              Store only (make a simple RFC1991 literal data packet).
174
175
176       --decrypt
177
178       -d     Decrypt  the file given on the command line (or STDIN if no file
179              is specified) and write it to STDOUT (or the file specified with
180              --output).  If  the  decrypted  file is signed, the signature is
181              also verified. This command differs from the default  operation,
182              as it never writes to the filename which is included in the file
183              and it rejects files which don't begin with  an  encrypted  mes‐
184              sage.
185
186
187       --verify
188              Assume  that  the  first argument is a signed file and verify it
189              without generating any output.  With no arguments, the signature
190              packet  is read from STDIN.  If only a one argument is given, it
191              is expected to be a complete signature.
192
193              With more than 1 argument, the first should be a detached signa‐
194              ture  and  the  remaining  files make up the the signed data. To
195              read the signed data from STDIN, use '-' as the second filename.
196              For security reasons a detached signature cannot read the signed
197              material from STDIN without denoting it in the above way.
198
199              Note: If the option --batch is not used, gpg may assume  that  a
200              single  argument is a file with a detached signature and it will
201              try to find a matching data file by stripping certain  suffixes.
202              Using  this historical feature to verify a detached signature is
203              strongly discouraged; always specify the data file too.
204
205              Note: When verifying a cleartext signature,  gpg  verifies  only
206              what  makes  up the cleartext signed data and not any extra data
207              outside of the cleartext signature  or  header  lines  following
208              directly  the dash marker line.  The option --output may be used
209              to write out the actual signed data; but there  are  other  pit‐
210              falls with this format as well.  It is suggested to avoid clear‐
211              text signatures in favor of detached signatures.
212
213
214
215       --multifile
216              This modifies certain other commands to  accept  multiple  files
217              for  processing on the command line or read from STDIN with each
218              filename on a separate line. This allows for many  files  to  be
219              processed  at once. --multifile may currently be used along with
220              --verify, --encrypt, and --decrypt. Note that --multifile --ver‐
221              ify may not be used with detached signatures.
222
223
224       --verify-files
225              Identical to --multifile --verify.
226
227
228       --encrypt-files
229              Identical to --multifile --encrypt.
230
231
232       --decrypt-files
233              Identical to --multifile --decrypt.
234
235
236       --list-keys
237
238       -k
239
240       --list-public-keys
241              List  all  keys from the public keyrings, or just the keys given
242              on the command line.
243
244              -k is slightly different from --list-keys in that it allows only
245              for one argument and takes the second argument as the keyring to
246              search.  This is for command line compatibility with PGP  2  and
247              has been removed in gpg2.
248
249              Avoid  using the output of this command in scripts or other pro‐
250              grams as it is likely to change as GnuPG  changes.  See  --with-
251              colons  for  a  machine-parseable  key  listing  command that is
252              appropriate for use in scripts and other programs.
253
254
255       --list-secret-keys
256
257       -K     List all keys from the secret keyrings, or just the  ones  given
258              on  the  command  line. A # after the letters sec means that the
259              secret key is not usable (for example, if  it  was  created  via
260              --export-secret-subkeys).
261
262
263       --list-sigs
264              Same as --list-keys, but the signatures are listed too.
265
266              For  each  signature  listed, there are several flags in between
267              the "sig" tag and keyid. These flags give additional information
268              about  each  signature. From left to right, they are the numbers
269              1-3 for certificate check level (see --ask-cert-level), "L"  for
270              a local or non-exportable signature (see --lsign-key), "R" for a
271              nonRevocable signature (see the  --edit-key  command  "nrsign"),
272              "P"  for a signature that contains a policy URL (see --cert-pol‐
273              icy-url), "N" for a signature  that  contains  a  notation  (see
274              --cert-notation),  "X" for an eXpired signature (see --ask-cert-
275              expire), and the numbers 1-9 or "T" for 10 and above to indicate
276              trust signature levels (see the --edit-key command "tsign").
277
278
279       --check-sigs
280              Same as --list-sigs, but the signatures are verified.  Note that
281              for performance reasons the revocation status of a  signing  key
282              is not shown.
283
284              The  status  of the verification is indicated by a flag directly
285              following the "sig" tag (and thus  before  the  flags  described
286              above  for --list-sigs).  A "!" indicates that the signature has
287              been successfully verified, a "-" denotes a bad signature and  a
288              "%"  is  used  if an error occurred while checking the signature
289              (e.g. a non supported algorithm).
290
291
292
293       --fingerprint
294              List all keys (or the specified ones) along with  their  finger‐
295              prints.  This  is  the  same  output as --list-keys but with the
296              additional output of a line with the fingerprint.  May  also  be
297              combined  with  --list-sigs or --check-sigs.  If this command is
298              given twice, the fingerprints of all secondary keys  are  listed
299              too.
300
301
302       --list-packets
303              List  only  the  sequence  of packets. This is mainly useful for
304              debugging.
305
306
307
308       --card-edit
309              Present a menu to work with a smartcard. The  subcommand  "help"
310              provides  an  overview  on  available  commands.  For a detailed
311              description, please see the Card HOWTO at https://gnupg.org/doc
312              umentation/howtos.html#GnuPG-cardHOWTO .
313
314
315       --card-status
316              Show the content of the smart card.
317
318
319       --change-pin
320              Present  a  menu  to allow changing the PIN of a smartcard. This
321              functionality is also available as the subcommand "passwd"  with
322              the --card-edit command.
323
324
325       --delete-key name
326              Remove  key  from the public keyring. In batch mode either --yes
327              is required or the key must be specified by fingerprint. This is
328              a safeguard against accidental deletion of multiple keys.
329
330
331       --delete-secret-key name
332              Remove  key  from the secret keyring. In batch mode the key must
333              be specified by fingerprint.
334
335
336       --delete-secret-and-public-key name
337              Same as --delete-key, but if a secret key  exists,  it  will  be
338              removed  first.  In batch mode the key must be specified by fin‐
339              gerprint.
340
341
342       --export
343              Either export all keys from all keyrings (default  keyrings  and
344              those  registered via option --keyring), or if at least one name
345              is given, those of the given name. The exported keys are written
346              to  STDOUT  or  to  the  file  given  with option --output.  Use
347              together with --armor to mail those keys.
348
349
350       --send-keys key IDs
351              Similar to --export but sends the keys to a keyserver.   Finger‐
352              prints  may  be used instead of key IDs. Option --keyserver must
353              be used to give the name of this keyserver. Don't send your com‐
354              plete  keyring  to  a keyserver --- select only those keys which
355              are new or changed by you.  If no key IDs are  given,  gpg  does
356              nothing.
357
358
359       --export-secret-keys
360
361       --export-secret-subkeys
362              Same  as  --export,  but  exports  the secret keys instead.  The
363              exported keys are written to STDOUT or to the  file  given  with
364              option  --output.   This  command  is  often used along with the
365              option --armor to allow easy  printing  of  the  key  for  paper
366              backup; however the external tool paperkey does a better job for
367              creating backups on paper.  Note that exporting a secret key can
368              be  a  security risk if the exported keys are send over an inse‐
369              cure channel.
370
371              The second form of the command has the special property to  ren‐
372              der  the  secret  part of the primary key useless; this is a GNU
373              extension to  OpenPGP  and  other  implementations  can  not  be
374              expected to successfully import such a key.  Its intended use is
375              to generated a full key with an additional signing subkey  on  a
376              dedicated  machine and then using this command to export the key
377              without the primary key to the main machine.
378
379              See the option --simple-sk-checksum if you  want  to  import  an
380              exported secret key into ancient OpenPGP implementations.
381
382
383       --import
384
385       --fast-import
386              Import/merge  keys. This adds the given keys to the keyring. The
387              fast version is currently just a synonym.
388
389              There are a few other options which  control  how  this  command
390              works.   Most  notable  here  is the --import-options merge-only
391              option which does not insert new keys but does only the  merging
392              of new signatures, user-IDs and subkeys.
393
394
395       --recv-keys key IDs
396              Import  the keys with the given key IDs from a keyserver. Option
397              --keyserver must be used to give the name of this keyserver.
398
399
400       --refresh-keys
401              Request updates from a keyserver for keys that already exist  on
402              the  local  keyring.  This is useful for updating a key with the
403              latest signatures, user IDs, etc. Calling this with no arguments
404              will refresh the entire keyring. Option --keyserver must be used
405              to give the name of the keyserver for all keys that do not  have
406              preferred  keyservers  set  (see  --keyserver-options honor-key‐
407              server-url).
408
409
410       --search-keys names
411              Search the keyserver for the given names. Multiple  names  given
412              here will be joined together to create the search string for the
413              keyserver.  Option --keyserver must be used to give the name  of
414              this  keyserver.  Keyservers that support different search meth‐
415              ods allow using the syntax specified in "How to specify  a  user
416              ID" below. Note that different keyserver types support different
417              search methods. Currently only LDAP supports them all.
418
419
420       --fetch-keys URIs
421              Retrieve keys located at the specified URIs. Note that different
422              installations  of  GnuPG  may support different protocols (HTTP,
423              FTP, LDAP, etc.)
424
425
426       --update-trustdb
427              Do trust database maintenance. This command  iterates  over  all
428              keys and builds the Web of Trust. This is an interactive command
429              because it may have to ask for the "ownertrust" values for keys.
430              The  user  has  to  give an estimation of how far she trusts the
431              owner of the displayed key to  correctly  certify  (sign)  other
432              keys. GnuPG only asks for the ownertrust value if it has not yet
433              been assigned to a key. Using the --edit-key menu, the  assigned
434              value can be changed at any time.
435
436
437       --check-trustdb
438              Do  trust  database  maintenance  without user interaction. From
439              time to time the trust database must be updated so that  expired
440              keys or signatures and the resulting changes in the Web of Trust
441              can be tracked. Normally, GnuPG  will  calculate  when  this  is
442              required  and do it automatically unless --no-auto-check-trustdb
443              is set. This command can be used to force a trust database check
444              at  any  time.  The processing is identical to that of --update-
445              trustdb but it skips keys with a not yet defined "ownertrust".
446
447              For use with cron jobs, this command can be used  together  with
448              --batch in which case the trust database check is done only if a
449              check is needed. To force a run  even  in  batch  mode  add  the
450              option --yes.
451
452
453
454       --export-ownertrust
455              Send  the ownertrust values to STDOUT. This is useful for backup
456              purposes as these values are the only ones which  can't  be  re-
457              created from a corrupted trustdb.  Example:
458                  gpg --export-ownertrust > otrust.txt
459
460
461
462       --import-ownertrust
463              Update  the  trustdb  with the ownertrust values stored in files
464              (or STDIN if not given); existing values  will  be  overwritten.
465              In  case  of a severely damaged trustdb and if you have a recent
466              backup of the ownertrust values (e.g. in the file  ‘otrust.txt’,
467              you may re-create the trustdb using these commands:
468                  cd ~/.gnupg
469                  rm trustdb.gpg
470                  gpg --import-ownertrust < otrust.txt
471
472
473
474       --rebuild-keydb-caches
475              When updating from version 1.0.6 to 1.0.7 this command should be
476              used to create signature caches in  the  keyring.  It  might  be
477              handy in other situations too.
478
479
480       --print-md algo
481
482       --print-mds
483              Print  message  digest  of algorithm ALGO for all given files or
484              STDIN.  With the second form  (or  a  deprecated  "*"  as  algo)
485              digests for all available algorithms are printed.
486
487
488       --gen-random 0|1|2 count
489              Emit count random bytes of the given quality level 0, 1 or 2. If
490              count is not given or zero, an endless sequence of random  bytes
491              will be emitted.  If used with --armor the output will be base64
492              encoded.  PLEASE, don't use this command unless  you  know  what
493              you are doing; it may remove precious entropy from the system!
494
495
496       --gen-prime mode bits
497              Use  the source, Luke :-). The output format is still subject to
498              change.
499
500
501
502       --enarmor
503
504       --dearmor
505              Pack or unpack an arbitrary input  into/from  an  OpenPGP  ASCII
506              armor.   This is a GnuPG extension to OpenPGP and in general not
507              very useful.
508
509
510
511
512
513   How to manage your keys
514
515
516       This section explains the main commands for key management
517
518
519
520       --gen-key
521              Generate a new key pair using the  current  default  parameters.
522              This is the standard command to create a new key.
523
524              There is also a feature which allows you to create keys in batch
525              mode. See the the manual section ``Unattended  key  generation''
526              on how to use this.
527
528
529       --gen-revoke name
530              Generate  a  revocation  certificate  for  the  complete key. To
531              revoke a subkey or a signature, use the --edit command.
532
533
534       --desig-revoke name
535              Generate a designated revocation certificate  for  a  key.  This
536              allows  a  user (with the permission of the keyholder) to revoke
537              someone else's key.
538
539
540
541       --edit-key
542              Present a menu which enables you to do most of the  key  manage‐
543              ment  related  tasks.   It expects the specification of a key on
544              the command line.
545
546
547
548              uid n  Toggle selection of user ID or photographic user ID  with
549                     index n.  Use * to select all and 0 to deselect all.
550
551
552              key n  Toggle selection of subkey with index n.  Use * to select
553                     all and 0 to deselect all.
554
555
556              sign   Make a signature on key of user name If the  key  is  not
557                     yet  signed  by the default user (or the users given with
558                     -u), the program displays  the  information  of  the  key
559                     again,  together with its fingerprint and asks whether it
560                     should be signed. This question is repeated for all users
561                     specified with -u.
562
563
564              lsign  Same  as  "sign"  but  the  signature  is  marked as non-
565                     exportable and will therefore never be  used  by  others.
566                     This  may  be  used  to make keys valid only in the local
567                     environment.
568
569
570              nrsign Same as "sign" but the signature is marked as non-revoca‐
571                     ble and can therefore never be revoked.
572
573
574              tsign  Make a trust signature. This is a signature that combines
575                     the notions of certification (like a regular  signature),
576                     and  trust  (like  the  "trust" command). It is generally
577                     only useful in distinct communities or groups.
578
579              Note that "l" (for local / non-exportable), "nr" (for  non-revo‐
580              cable,  and  "t" (for trust) may be freely mixed and prefixed to
581              "sign" to create a signature of any type desired.
582
583
584
585              delsig Delete a signature. Note  that  it  is  not  possible  to
586                     retract  a signature, once it has been send to the public
587                     (i.e. to a keyserver).   In  that  case  you  better  use
588                     revsig.
589
590
591              revsig Revoke  a  signature.  For every signature which has been
592                     generated by one of the secret keys, GnuPG asks whether a
593                     revocation certificate should be generated.
594
595
596              check  Check the signatures on all selected user IDs.
597
598
599              adduid Create an additional user ID.
600
601
602              addphoto
603                     Create  a  photographic  user  ID. This will prompt for a
604                     JPEG file that will be embedded into the  user  ID.  Note
605                     that  a  very  large JPEG will make for a very large key.
606                     Also note that  some  programs  will  display  your  JPEG
607                     unchanged (GnuPG), and some programs will scale it to fit
608                     in a dialog box (PGP).
609
610
611              showphoto
612                     Display the selected photographic user ID.
613
614
615              deluid Delete a user ID or photographic user ID.  Note  that  it
616                     is  not  possible  to retract a user id, once it has been
617                     send to the public (i.e. to a keyserver).  In  that  case
618                     you better use revuid.
619
620
621              revuid Revoke a user ID or photographic user ID.
622
623
624              primary
625                     Flag  the current user id as the primary one, removes the
626                     primary user id flag from all other user ids and sets the
627                     timestamp  of  all  affected  self-signatures  one second
628                     ahead. Note that setting a photo user ID as primary makes
629                     it primary over other photo user IDs, and setting a regu‐
630                     lar user ID as primary makes it primary over other  regu‐
631                     lar user IDs.
632
633
634              keyserver
635                     Set  a  preferred keyserver for the specified user ID(s).
636                     This allows other users to know where you prefer they get
637                     your  key  from. See --keyserver-options honor-keyserver-
638                     url for more on how  this  works.   Setting  a  value  of
639                     "none" removes an existing preferred keyserver.
640
641
642              notation
643                     Set  a  name=value notation for the specified user ID(s).
644                     See --cert-notation for more on how this works. Setting a
645                     value of "none" removes all notations, setting a notation
646                     prefixed with a minus sign (-) removes that notation, and
647                     setting  a  notation  name  (without the =value) prefixed
648                     with a minus sign removes all notations with that name.
649
650
651              pref   List preferences from the selected user  ID.  This  shows
652                     the  actual  preferences,  without  including any implied
653                     preferences.
654
655
656              showpref
657                     More verbose preferences listing for  the  selected  user
658                     ID. This shows the preferences in effect by including the
659                     implied preferences of 3DES (cipher), SHA-1 (digest), and
660                     Uncompressed   (compression)  if  they  are  not  already
661                     included in the preference list. In  addition,  the  pre‐
662                     ferred  keyserver  and  signature  notations (if any) are
663                     shown.
664
665
666              setpref string
667                     Set the list of user ID preferences to string for all (or
668                     just  the  selected)  user  IDs.  Calling setpref with no
669                     arguments sets the preference list to the default (either
670                     built-in or set via --default-preference-list), and call‐
671                     ing setpref with "none" as the  argument  sets  an  empty
672                     preference  list.  Use  gpg  --version  to  get a list of
673                     available algorithms. Note that while you can change  the
674                     preferences  on  an  attribute  user ID (aka "photo ID"),
675                     GnuPG does not select keys  via  attribute  user  IDs  so
676                     these preferences will not be used by GnuPG.
677
678                     When  setting preferences, you should list the algorithms
679                     in the order which you'd like to see them used by someone
680                     else when encrypting a message to your key.  If you don't
681                     include 3DES, it will be automatically added at the  end.
682                     Note that there are many factors that go into choosing an
683                     algorithm (for example, your key  may  not  be  the  only
684                     recipient),  and  so the remote OpenPGP application being
685                     used to send to you may or may not follow your exact cho‐
686                     sen  order  for  a given message.  It will, however, only
687                     choose an algorithm that is  present  on  the  preference
688                     list of every recipient key.  See also the INTEROPERABIL‐
689                     ITY WITH OTHER OPENPGP PROGRAMS section below.
690
691
692              addkey Add a subkey to this key.
693
694
695              addcardkey
696                     Generate a subkey on a card and add it to this key.
697
698
699              keytocard
700                     Transfer the selected secret subkey (or the  primary  key
701                     if  no  subkey  has  been  selected)  to a smartcard. The
702                     secret key in the keyring will be replaced by a  stub  if
703                     the  key could be stored successfully on the card and you
704                     use the save command later. Only certain key types may be
705                     transferred  to the card. A sub menu allows you to select
706                     on what card to store the key. Note that it is not possi‐
707                     ble to get that key back from the card - if the card gets
708                     broken your secret key will be lost  unless  you  have  a
709                     backup somewhere.
710
711
712              bkuptocard file
713                     Restore  the  given  file  to a card. This command may be
714                     used to restore a backup key (as  generated  during  card
715                     initialization)  to  a new card. In almost all cases this
716                     will be the encryption key. You should use  this  command
717                     only with the corresponding public key and make sure that
718                     the file given  as  argument  is  indeed  the  backup  to
719                     restore.  You  should then select 2 to restore as encryp‐
720                     tion  key.   You  will  first  be  asked  to  enter   the
721                     passphrase  of  the backup key and then for the Admin PIN
722                     of the card.
723
724
725              delkey Remove a subkey (secondart key). Note that it is not pos‐
726                     sible  to  retract a subkey, once it has been send to the
727                     public (i.e. to a keyserver).  In that  case  you  better
728                     use revkey.
729
730
731              revkey Revoke a subkey.
732
733
734              expire Change  the key or subkey expiration time. If a subkey is
735                     selected, the expiration time  of  this  subkey  will  be
736                     changed.  With  no  selection,  the key expiration of the
737                     primary key is changed.
738
739
740              trust  Change the owner trust value for the  key.  This  updates
741                     the trust-db immediately and no save is required.
742
743
744              disable
745
746              enable Disable  or  enable an entire key. A disabled key can not
747                     normally be used for encryption.
748
749
750              addrevoker
751                     Add a designated revoker  to  the  key.  This  takes  one
752                     optional  argument:  "sensitive". If a designated revoker
753                     is marked as  sensitive,  it  will  not  be  exported  by
754                     default (see export-options).
755
756
757              passwd Change the passphrase of the secret key.
758
759
760              toggle Toggle between public and secret key listing.
761
762
763              clean  Compact  (by  removing all signatures except the selfsig)
764                     any user ID that is no longer usable  (e.g.  revoked,  or
765                     expired). Then, remove any signatures that are not usable
766                     by the trust calculations.   Specifically,  this  removes
767                     any  signature that does not validate, any signature that
768                     is superseded by a later signature,  revoked  signatures,
769                     and signatures issued by keys that are not present on the
770                     keyring.
771
772
773              minimize
774                     Make the key as small as possible. This removes all  sig‐
775                     natures  from  each  user  ID  except for the most recent
776                     self-signature.
777
778
779              cross-certify
780                     Add cross-certification  signatures  to  signing  subkeys
781                     that  may  not  currently  have them. Cross-certification
782                     signatures protect against a subtle attack against  sign‐
783                     ing  subkeys. See --require-cross-certification.  All new
784                     keys generated have this signature by  default,  so  this
785                     option is only useful to bring older keys up to date.
786
787
788              save   Save all changes to the key rings and quit.
789
790
791              quit   Quit the program without updating the key rings.
792
793              The  listing  shows  you the key with its secondary keys and all
794              user ids.  The primary user  id  is  indicated  by  a  dot,  and
795              selected  keys  or  user  ids are indicated by an asterisk.  The
796              trust value is displayed with the primary key: the first is  the
797              assigned  owner  trust  and  the  second is the calculated trust
798              value. Letters are used for the values:
799
800
801
802              -      No ownertrust assigned / not yet calculated.
803
804
805              e      Trust calculation has failed; probably due to an  expired
806                     key.
807
808
809              q      Not enough information for calculation.
810
811
812              n      Never trust this key.
813
814
815              m      Marginally trusted.
816
817
818              f      Fully trusted.
819
820
821              u      Ultimately trusted.
822
823
824
825       --sign-key name
826              Signs a public key with your secret key. This is a shortcut ver‐
827              sion of the subcommand "sign" from --edit.
828
829
830       --lsign-key name
831              Signs a public key with your secret key but  marks  it  as  non-
832              exportable. This is a shortcut version of the subcommand "lsign"
833              from --edit-key.
834
835
836
837
838

OPTIONS

840       gpg features a bunch of options to control the exact behaviour  and  to
841       change the default configuration.
842
843
844       Long    options    can   be   put   in   an   options   file   (default
845       "~/.gnupg/gpg.conf"). Short option names will not work -  for  example,
846       "armor"  is  a  valid option for the options file, while "a" is not. Do
847       not write the 2 dashes, but simply the  name  of  the  option  and  any
848       required  arguments.  Lines  with  a hash ('#') as the first non-white-
849       space character are ignored. Commands may be put in this file too,  but
850       that  is not generally useful as the command will execute automatically
851       with every execution of gpg.
852
853       Please remember that option parsing stops as soon as  a  non-option  is
854       encountered,  you  can  explicitly  stop  parsing  by using the special
855       option --.
856
857
858
859   How to change the configuration
860
861
862       These options are used to change  the  configuration  and  are  usually
863       found in the option file.
864
865
866
867       --default-key name
868              Use  name as the default key to sign with. If this option is not
869              used, the default key is the  first  key  found  in  the  secret
870              keyring.  Note that -u or --local-user overrides this option.
871
872
873       --default-recipient name
874              Use  name as default recipient if option --recipient is not used
875              and don't ask if this is a valid one. name must be non-empty.
876
877
878       --default-recipient-self
879              Use the default key as default recipient if  option  --recipient
880              is  not  used  and don't ask if this is a valid one. The default
881              key is the first one from the secret keyring or the one set with
882              --default-key.
883
884
885       --no-default-recipient
886              Reset --default-recipient and --default-recipient-self.
887
888
889       -v, --verbose
890              Give  more  information  during  processing.  If used twice, the
891              input data is listed in detail.
892
893
894       --no-verbose
895              Reset verbose level to 0.
896
897
898       -q, --quiet
899              Try to be as quiet as possible.
900
901
902       --batch
903
904       --no-batch
905              Use batch mode.  Never ask, do not allow  interactive  commands.
906              --no-batch  disables  this option.  This option is commonly used
907              for unattended operations.
908
909              WARNING: Unattended operation  bears  a  higher  risk  of  being
910              exposed  to  security attacks.  In particular any unattended use
911              of GnuPG which involves the use of secret keys should take  care
912              not to provide an decryption oracle.  There are several standard
913              pre-cautions against being used as an oracle.  For example never
914              return  detailed  error  messages  or any diagnostics printed by
915              your software to the remote site.  Consult  with  an  expert  in
916              case of doubt.
917
918              Note  that  even  with a filename given on the command line, gpg
919              might still need to read from STDIN (in particular if  gpg  fig‐
920              ures that the input is a detached signature and no data file has
921              been specified).  Thus if you do  not  want  to  feed  data  via
922              STDIN, you should connect STDIN to ‘/dev/null’.
923
924
925
926       --no-tty
927              Make  sure that the TTY (terminal) is never used for any output.
928              This option is needed in  some  cases  because  GnuPG  sometimes
929              prints warnings to the TTY even if --batch is used.
930
931
932       --yes  Assume "yes" on most questions.
933
934
935       --no   Assume "no" on most questions.
936
937
938
939       --list-options parameters
940              This  is  a  space  or comma delimited string that gives options
941              used when listing keys and  signatures  (that  is,  --list-keys,
942              --list-sigs,  --list-public-keys,  --list-secret-keys,  and  the
943              --edit-key functions).  Options can  be  prepended  with  a  no-
944              (after  the  two  dashes)  to  give  the  opposite meaning.  The
945              options are:
946
947
948
949              show-photos
950                     Causes --list-keys, --list-sigs, --list-public-keys,  and
951                     --list-secret-keys  to  display any photo IDs attached to
952                     the key.  Defaults to no. See also --photo-viewer.   Does
953                     not  work  with --with-colons: see --attribute-fd for the
954                     appropriate way to get photo data for scripts  and  other
955                     frontends.
956
957
958              show-usage
959                     Show  usage information for keys and subkeys in the stan‐
960                     dard key listing.  This is a list of  letters  indicating
961                     the  allowed  usage  for  a key (E=encryption, S=signing,
962                     C=certification, A=authentication).  Defaults to no.
963
964
965              show-policy-urls
966                     Show policy URLs in the --list-sigs or --check-sigs list‐
967                     ings.  Defaults to no.
968
969
970              show-notations
971
972              show-std-notations
973
974              show-user-notations
975                     Show  all, IETF standard, or user-defined signature nota‐
976                     tions  in  the  --list-sigs  or  --check-sigs   listings.
977                     Defaults to no.
978
979
980              show-keyserver-urls
981                     Show  any  preferred  keyserver URL in the --list-sigs or
982                     --check-sigs listings. Defaults to no.
983
984
985              show-uid-validity
986                     Display the calculated validity of user  IDs  during  key
987                     listings.  Defaults to no.
988
989
990              show-unusable-uids
991                     Show  revoked  and  expired  user  IDs  in  key listings.
992                     Defaults to no.
993
994
995              show-unusable-subkeys
996                     Show  revoked  and  expired  subkeys  in  key   listings.
997                     Defaults to no.
998
999
1000              show-keyring
1001                     Display  the  keyring name at the head of key listings to
1002                     show which keyring a given key resides  on.  Defaults  to
1003                     no.
1004
1005
1006              show-sig-expire
1007                     Show  signature  expiration dates (if any) during --list-
1008                     sigs or --check-sigs listings. Defaults to no.
1009
1010
1011              show-sig-subpackets
1012                     Include signature subpackets in  the  key  listing.  This
1013                     option can take an optional argument list of the subpack‐
1014                     ets to list. If no argument is passed, list all  subpack‐
1015                     ets.  Defaults to no. This option is only meaningful when
1016                     using --with-colons along with  --list-sigs  or  --check-
1017                     sigs.
1018
1019
1020
1021       --verify-options parameters
1022              This  is  a  space  or comma delimited string that gives options
1023              used when verifying signatures. Options can be prepended with  a
1024              `no-' to give the opposite meaning. The options are:
1025
1026
1027
1028              show-photos
1029                     Display  any photo IDs present on the key that issued the
1030                     signature.  Defaults to no. See also --photo-viewer.
1031
1032
1033              show-policy-urls
1034                     Show  policy  URLs  in  the  signature  being   verified.
1035                     Defaults to no.
1036
1037
1038              show-notations
1039
1040              show-std-notations
1041
1042              show-user-notations
1043                     Show  all, IETF standard, or user-defined signature nota‐
1044                     tions in the signature being verified. Defaults  to  IETF
1045                     standard.
1046
1047
1048              show-keyserver-urls
1049                     Show  any  preferred keyserver URL in the signature being
1050                     verified.  Defaults to no.
1051
1052
1053              show-uid-validity
1054                     Display the calculated validity of the user  IDs  on  the
1055                     key that issued the signature. Defaults to no.
1056
1057
1058              show-unusable-uids
1059                     Show  revoked and expired user IDs during signature veri‐
1060                     fication.  Defaults to no.
1061
1062
1063              show-primary-uid-only
1064                     Show only the primary user ID during signature  verifica‐
1065                     tion.  That is all the AKA lines as well as photo Ids are
1066                     not shown with the signature verification status.
1067
1068
1069              pka-lookups
1070                     Enable PKA lookups to verify sender addresses. Note  that
1071                     PKA is based on DNS, and so enabling this option may dis‐
1072                     close information on when and what signatures  are  veri‐
1073                     fied or to whom data is encrypted. This is similar to the
1074                     "web bug" described for the auto-key-retrieve feature.
1075
1076
1077              pka-trust-increase
1078                     Raise the trust in a signature to full if  the  signature
1079                     passes  PKA validation. This option is only meaningful if
1080                     pka-lookups is set.
1081
1082
1083       --enable-large-rsa
1084
1085       --disable-large-rsa
1086              With --gen-key and --batch, enable the creation  of  larger  RSA
1087              secret  keys  than  is  generally recommended (up to 8192 bits).
1088              These large keys are more expensive to use, and their signatures
1089              and certifications are also larger.
1090
1091
1092       --enable-dsa2
1093
1094       --disable-dsa2
1095              Enable hash truncation for all DSA keys even for old DSA Keys up
1096              to 1024 bit.  This is also the  default  with  --openpgp.   Note
1097              that  older  versions  of GnuPG also required this flag to allow
1098              the generation of DSA larger than 1024 bit.
1099
1100
1101       --photo-viewer string
1102              This is the command line that should be run to view a photo  ID.
1103              "%i"  will  be expanded to a filename containing the photo. "%I"
1104              does the same, except the file will  not  be  deleted  once  the
1105              viewer exits.  Other flags are "%k" for the key ID, "%K" for the
1106              long key ID, "%f" for the key fingerprint, "%t" for  the  exten‐
1107              sion  of  the image type (e.g. "jpg"), "%T" for the MIME type of
1108              the image (e.g. "image/jpeg"),  "%v"  for  the  single-character
1109              calculated  validity  of the image being viewed (e.g. "f"), "%V"
1110              for the calculated validity as a string (e.g.  "full"), "%U" for
1111              a  base32  encoded  hash  of the user ID, and "%%" for an actual
1112              percent sign. If neither %i or %I are present,  then  the  photo
1113              will be supplied to the viewer on standard input.
1114
1115              The  default  viewer  is  "xloadimage -fork -quiet -title 'KeyID
1116              0x%k' STDIN". Note that if your  image  viewer  program  is  not
1117              secure, then executing it from GnuPG does not make it secure.
1118
1119
1120       --exec-path string
1121              Sets  a list of directories to search for photo viewers and key‐
1122              server helpers. If not provided, keyserver helpers use the  com‐
1123              piled-in  default  directory,  and  photo  viewers use the $PATH
1124              environment variable.  Note, that on W32 system  this  value  is
1125              ignored when searching for keyserver helpers.
1126
1127
1128       --keyring file
1129              Add  file to the current list of keyrings. If file begins with a
1130              tilde and a slash, these are replaced by the $HOME directory. If
1131              the  filename  does  not contain a slash, it is assumed to be in
1132              the GnuPG home directory ("~/.gnupg" if --homedir or  $GNUPGHOME
1133              is not used).
1134
1135              Note that this adds a keyring to the current list. If the intent
1136              is to use the specified keyring alone, use --keyring along  with
1137              --no-default-keyring.
1138
1139
1140       --secret-keyring file
1141              Same as --keyring but for the secret keyrings.
1142
1143
1144       --primary-keyring file
1145              Designate  file  as  the primary public keyring. This means that
1146              newly imported keys (via --import or keyserver --recv-from) will
1147              go to this keyring.
1148
1149
1150       --trustdb-name file
1151              Use  file  instead of the default trustdb. If file begins with a
1152              tilde and a slash, these are replaced by the $HOME directory. If
1153              the  filename  does  not contain a slash, it is assumed to be in
1154              the GnuPG home directory (‘~/.gnupg’ if --homedir or  $GNUPGHOME
1155              is not used).
1156
1157
1158
1159       --homedir dir
1160              Set the name of the home directory to dir. If this option is not
1161              used, the home directory defaults to  ‘~/.gnupg’.   It  is  only
1162              recognized  when  given  on the command line.  It also overrides
1163              any home  directory  stated  through  the  environment  variable
1164GNUPGHOME’  or  (on  Windows  systems) by means of the Registry
1165              entry HKCU\Software\GNU\GnuPG:HomeDir.
1166
1167              On Windows systems it is possible to install GnuPG as a portable
1168              application.  In this case only this command line option is con‐
1169              sidered, all other ways to set a home directory are ignored.
1170
1171              To install GnuPG as a portable application under Windows, create
1172              an  empty  file  name ‘gpgconf.ctl’ in the same directory as the
1173              tool ‘gpgconf.exe’.  The root of the installation is  than  that
1174              directory;  or,  if  ‘gpgconf.exe’  has  been installed directly
1175              below a directory named ‘bin’, its parent directory.   You  also
1176              need  to  make sure that the following directories exist and are
1177              writable:    ‘ROOT/home’    for    the    GnuPG     home     and
1178ROOT/var/cache/gnupg’ for internal cache files.
1179
1180
1181
1182       --pcsc-driver file
1183              Use  file to access the smartcard reader. The current default is
1184              `libpcsclite.so.1'   for    GLIBC    based    systems,    `/Sys‐
1185              tem/Library/Frameworks/PCSC.framework/PCSC'  for MAC OS X, `win‐
1186              scard.dll' for Windows and `libpcsclite.so' for other systems.
1187
1188
1189       --disable-ccid
1190              Disable the integrated support for CCID compliant readers.  This
1191              allows  falling  back  to  one  of the other drivers even if the
1192              internal CCID driver can handle the reader. Note, that CCID sup‐
1193              port is only available if libusb was available at build time.
1194
1195
1196       --reader-port number_or_string
1197              This  option  may be used to specify the port of the card termi‐
1198              nal. A value of 0 refers to the first serial device;  add  32768
1199              to  access USB devices. The default is 32768 (first USB device).
1200              PC/SC or CCID readers might need a string here; run the  program
1201              in  verbose mode to get a list of available readers. The default
1202              is then the first reader found.
1203
1204
1205       --display-charset name
1206              Set the name of the native character set. This is used  to  con‐
1207              vert  some  informational  strings  like  user IDs to the proper
1208              UTF-8 encoding.  Note that this has nothing to do with the char‐
1209              acter  set  of  data  to  be encrypted or signed; GnuPG does not
1210              recode user-supplied data. If  this  option  is  not  used,  the
1211              default  character  set is determined from the current locale. A
1212              verbosity level of 3 shows the chosen  set.   Valid  values  for
1213              name are:
1214
1215
1216
1217              iso-8859-1
1218                     This is the Latin 1 set.
1219
1220
1221              iso-8859-2
1222                     The Latin 2 set.
1223
1224
1225              iso-8859-15
1226                     This is currently an alias for the Latin 1 set.
1227
1228
1229              koi8-r The usual Russian set (rfc1489).
1230
1231
1232              utf-8  Bypass  all  translations  and  assume  that  the OS uses
1233                     native UTF-8 encoding.
1234
1235
1236       --utf8-strings
1237
1238       --no-utf8-strings
1239              Assume that command line arguments are given  as  UTF8  strings.
1240              The  default (--no-utf8-strings) is to assume that arguments are
1241              encoded in the character set as specified by  --display-charset.
1242              These  options  affect all following arguments. Both options may
1243              be used multiple times.
1244
1245
1246
1247       --options file
1248              Read options from file and do not try  to  read  them  from  the
1249              default options file in the homedir (see --homedir). This option
1250              is ignored if used in an options file.
1251
1252
1253       --no-options
1254              Shortcut for --options /dev/null. This option is detected before
1255              an  attempt to open an option file.  Using this option will also
1256              prevent the creation of a ‘~/.gnupg’ homedir.
1257
1258
1259       -z n
1260
1261       --compress-level n
1262
1263       --bzip2-compress-level n
1264              Set compression level to n for  the  ZIP  and  ZLIB  compression
1265              algorithms.  The default is to use the default compression level
1266              of zlib (normally 6). --bzip2-compress-level sets  the  compres‐
1267              sion  level for the BZIP2 compression algorithm (defaulting to 6
1268              as well). This is a different option from --compress-level since
1269              BZIP2  uses  a  significant amount of memory for each additional
1270              compression level.  -z sets both. A value of 0  for  n  disables
1271              compression.
1272
1273
1274       --bzip2-decompress-lowmem
1275              Use a different decompression method for BZIP2 compressed files.
1276              This alternate method uses a bit more than half the memory,  but
1277              also  runs  at  half the speed. This is useful under extreme low
1278              memory circumstances when the file was originally compressed  at
1279              a high --bzip2-compress-level.
1280
1281
1282
1283       --mangle-dos-filenames
1284
1285       --no-mangle-dos-filenames
1286              Older  version of Windows cannot handle filenames with more than
1287              one dot. --mangle-dos-filenames causes GnuPG to replace  (rather
1288              than  add  to) the extension of an output filename to avoid this
1289              problem. This option is off by default and has no effect on non-
1290              Windows platforms.
1291
1292
1293       --ask-cert-level
1294
1295       --no-ask-cert-level
1296              When  making  a key signature, prompt for a certification level.
1297              If this option is not specified, the certification level used is
1298              set   via  --default-cert-level.  See  --default-cert-level  for
1299              information on the specific levels and how they are used.  --no-
1300              ask-cert-level disables this option. This option defaults to no.
1301
1302
1303       --default-cert-level n
1304              The default to use for the check level when signing a key.
1305
1306              0  means  you  make  no particular claim as to how carefully you
1307              verified the key.
1308
1309              1 means you believe the key is owned by the person who claims to
1310              own it but you could not, or did not verify the key at all. This
1311              is useful for a "persona" verification, where you sign  the  key
1312              of a pseudonymous user.
1313
1314              2  means  you  did  casual verification of the key. For example,
1315              this could mean  that  you  verified  the  key  fingerprint  and
1316              checked the user ID on the key against a photo ID.
1317
1318              3  means you did extensive verification of the key. For example,
1319              this could mean that you verified the key fingerprint  with  the
1320              owner  of the key in person, and that you checked, by means of a
1321              hard to forge document with a photo ID (such as a passport) that
1322              the name of the key owner matches the name in the user ID on the
1323              key, and finally that you verified (by exchange of  email)  that
1324              the email address on the key belongs to the key owner.
1325
1326              Note  that  the examples given above for levels 2 and 3 are just
1327              that: examples. In the end, it is up to you to decide just  what
1328              "casual" and "extensive" mean to you.
1329
1330              This option defaults to 0 (no particular claim).
1331
1332
1333       --min-cert-level
1334              When  building  the  trust database, treat any signatures with a
1335              certification level below this as invalid. Defaults to 2,  which
1336              disregards  level 1 signatures. Note that level 0 "no particular
1337              claim" signatures are always accepted.
1338
1339
1340       --trusted-key long key ID
1341              Assume that the specified key (which must be given as a  full  8
1342              byte  key  ID) is as trustworthy as one of your own secret keys.
1343              This option is useful if you don't want to keep your secret keys
1344              (or  one  of them) online but still want to be able to check the
1345              validity of a given recipient's or signator's key.
1346
1347
1348       --trust-model pgp|classic|direct|always|auto
1349              Set what trust model GnuPG should follow. The models are:
1350
1351
1352
1353              pgp    This is the Web of Trust combined with  trust  signatures
1354                     as  used  in PGP 5.x and later. This is the default trust
1355                     model when creating a new trust database.
1356
1357
1358              classic
1359                     This is the standard Web of Trust as introduced by PGP 2.
1360
1361
1362              direct Key validity is set directly by the user and  not  calcu‐
1363                     lated via the Web of Trust.
1364
1365
1366              always Skip  key validation and assume that used keys are always
1367                     fully valid. You generally won't use this unless you  are
1368                     using  some  external validation scheme. This option also
1369                     suppresses the "[uncertain]" tag printed  with  signature
1370                     checks  when  there  is  no  evidence that the user ID is
1371                     bound to the key.  Note that this trust model still  does
1372                     not allow the use of expired, revoked, or disabled keys.
1373
1374
1375              auto   Select the trust model depending on whatever the internal
1376                     trust database says. This is the default model if such  a
1377                     database already exists.
1378
1379
1380       --auto-key-locate parameters
1381
1382       --no-auto-key-locate
1383              GnuPG can automatically locate and retrieve keys as needed using
1384              this option. This happens when encrypting to  an  email  address
1385              (in  the  "user@example.com"  form), and there are no user@exam‐
1386              ple.com keys on the local keyring.  This option takes any number
1387              of the following mechanisms, in the order they are to be tried:
1388
1389
1390
1391              cert   Locate a key using DNS CERT, as specified in rfc4398.
1392
1393
1394              pka    Locate a key using DNS PKA.
1395
1396
1397              ldap   Using DNS Service Discovery, check the domain in question
1398                     for any LDAP keyservers to use.  If this  fails,  attempt
1399                     to  locate  the  key  using  the  PGP Universal method of
1400                     checking 'ldap://keys.(thedomain)'.
1401
1402
1403              keyserver
1404                     Locate a key using whatever keyserver  is  defined  using
1405                     the --keyserver option.
1406
1407
1408              keyserver-URL
1409                     In  addition,  a keyserver URL as used in the --keyserver
1410                     option may be used here to  query  that  particular  key‐
1411                     server.
1412
1413
1414              local  Locate  the key using the local keyrings.  This mechanism
1415                     allows the user to select the order a local key lookup is
1416                     done.   Thus using '--auto-key-locate local' is identical
1417                     to --no-auto-key-locate.
1418
1419
1420              nodefault
1421                     This flag disables the standard local  key  lookup,  done
1422                     before  any  of the mechanisms defined by the --auto-key-
1423                     locate are tried.  The position of this mechanism in  the
1424                     list  does  not  matter.   It is not required if local is
1425                     also used.
1426
1427
1428              clear  Clear all defined mechanisms.  This is useful to override
1429                     mechanisms given in a config file.
1430
1431
1432
1433       --keyid-format short|0xshort|long|0xlong
1434              Select  how  to  display  key  IDs.  "short"  is the traditional
1435              8-character key ID. "long" is the more accurate (but less conve‐
1436              nient)  16-character key ID. Add an "0x" to either to include an
1437              "0x" at the beginning of the key ID,  as  in  0x99242560.   Note
1438              that this option is ignored if the option --with-colons is used.
1439
1440
1441       --keyserver name
1442              Use name as your keyserver. This is the server that --recv-keys,
1443              --send-keys, and --search-keys will communicate with to  receive
1444              keys  from,  send keys to, and search for keys on. The format of
1445              the name is a URI: `scheme:[//]keyservername[:port]' The  scheme
1446              is  the  type  of  keyserver: "hkp" for the HTTP (or compatible)
1447              keyservers, "ldap" for the LDAP keyservers, or "mailto" for  the
1448              Graff email keyserver. Note that your particular installation of
1449              GnuPG may have other keyserver types  available  as  well.  Key‐
1450              server  schemes  are case-insensitive. After the keyserver name,
1451              optional keyserver configuration options may be provided.  These
1452              are  the  same as the global --keyserver-options from below, but
1453              apply only to this particular keyserver.
1454
1455              Most keyservers synchronize with each other, so there is  gener‐
1456              ally no need to send keys to more than one server. The keyserver
1457              hkp://keys.gnupg.net uses round robin DNS to  give  a  different
1458              keyserver each time you use it.
1459
1460
1461       --keyserver-options name=value1
1462              This is a space or comma delimited string that gives options for
1463              the keyserver. Options can be prefixed with a `no-' to give  the
1464              opposite  meaning. Valid import-options or export-options may be
1465              used here as well to apply to importing (--recv-key) or  export‐
1466              ing  (--send-key)  a key from a keyserver. While not all options
1467              are available for all keyserver types, some common options are:
1468
1469
1470
1471              include-revoked
1472                     When searching for a key with --search-keys, include keys
1473                     that  are  marked  on the keyserver as revoked. Note that
1474                     not all  keyservers  differentiate  between  revoked  and
1475                     unrevoked  keys,  and  for such keyservers this option is
1476                     meaningless. Note also that most keyservers do  not  have
1477                     cryptographic  verification  of  key  revocations, and so
1478                     turning this option off may result in skipping keys  that
1479                     are incorrectly marked as revoked.
1480
1481
1482              include-disabled
1483                     When searching for a key with --search-keys, include keys
1484                     that are marked on the keyserver as disabled.  Note  that
1485                     this option is not used with HKP keyservers.
1486
1487
1488              auto-key-retrieve
1489                     This option enables the automatic retrieving of keys from
1490                     a keyserver when verifying signatures made by  keys  that
1491                     are not on the local keyring.
1492
1493                     Note  that  this  option  makes a "web bug" like behavior
1494                     possible.  Keyserver operators can  see  which  keys  you
1495                     request,  so  by  sending you a message signed by a brand
1496                     new key (which you naturally will not have on your  local
1497                     keyring),  the operator can tell both your IP address and
1498                     the time when you verified the signature.
1499
1500
1501              honor-keyserver-url
1502                     When using --refresh-keys, if the key in question  has  a
1503                     preferred  keyserver  URL,  then  use that preferred key‐
1504                     server to refresh the key from. In addition, if auto-key-
1505                     retrieve  is  set, and the signature being verified has a
1506                     preferred keyserver URL, then  use  that  preferred  key‐
1507                     server to fetch the key from. Defaults to yes.
1508
1509
1510              honor-pka-record
1511                     If auto-key-retrieve is set, and the signature being ver‐
1512                     ified has a PKA record, then use the PKA  information  to
1513                     fetch the key. Defaults to yes.
1514
1515
1516              include-subkeys
1517                     When  receiving  a key, include subkeys as potential tar‐
1518                     gets. Note that this option is not  used  with  HKP  key‐
1519                     servers, as they do not support retrieving keys by subkey
1520                     id.
1521
1522
1523              use-temp-files
1524                     On most Unix-like platforms, GnuPG communicates with  the
1525                     keyserver  helper  program  via  pipes, which is the most
1526                     efficient method. This option forces GnuPG to use  tempo‐
1527                     rary  files  to  communicate.  On some platforms (such as
1528                     Win32 and RISC OS), this option is always enabled.
1529
1530
1531              keep-temp-files
1532                     If using `use-temp-files', do not delete the  temp  files
1533                     after using them. This option is useful to learn the key‐
1534                     server communication protocol by  reading  the  temporary
1535                     files.
1536
1537
1538              verbose
1539                     Tell  the  keyserver  helper  program to be more verbose.
1540                     This option can be repeated multiple  times  to  increase
1541                     the verbosity level.
1542
1543
1544              timeout
1545                     Tell  the  keyserver helper program how long (in seconds)
1546                     to try and perform a keyserver action before  giving  up.
1547                     Note  that  performing  multiple actions at the same time
1548                     uses this timeout value per action.   For  example,  when
1549                     retrieving  multiple  keys  via  --recv-keys, the timeout
1550                     applies separately to each key retrieval, and not to  the
1551                     --recv-keys command as a whole. Defaults to 30 seconds.
1552
1553
1554              http-proxy=value
1555                     Set  the  proxy to use for HTTP and HKP keyservers.  This
1556                     overrides the "http_proxy" environment variable, if any.
1557
1558
1559
1560              max-cert-size
1561                     When retrieving a key via DNS CERT, only accept  keys  up
1562                     to this size.  Defaults to 16384 bytes.
1563
1564
1565              debug  Turn  on  debug  output  in the keyserver helper program.
1566                     Note that the details of debug output  depends  on  which
1567                     keyserver  helper  program is being used, and in turn, on
1568                     any libraries that  the  keyserver  helper  program  uses
1569                     internally (libcurl, openldap, etc).
1570
1571
1572              check-cert
1573                     Enable certificate checking if the keyserver presents one
1574                     (for hkps or ldaps).  Defaults to on.
1575
1576
1577              ca-cert-file
1578                     Provide  a  certificate  store  to  override  the  system
1579                     default.   Only  necessary  if check-cert is enabled, and
1580                     the keyserver is using a certificate that is not  present
1581                     in a system default certificate list.
1582
1583                     Note that depending on the SSL library that the keyserver
1584                     helper is built with, this may actually be a directory or
1585                     a file.
1586
1587
1588
1589       --completes-needed n
1590              Number of completely trusted users to introduce a new key signer
1591              (defaults to 1).
1592
1593
1594       --marginals-needed n
1595              Number of marginally trusted users to introduce a new key signer
1596              (defaults to 3)
1597
1598
1599       --max-cert-depth n
1600              Maximum depth of a certification chain (default is 5).
1601
1602
1603       --simple-sk-checksum
1604              Secret  keys  are integrity protected by using a SHA-1 checksum.
1605              This method is part of the upcoming enhanced OpenPGP  specifica‐
1606              tion  but GnuPG already uses it as a countermeasure against cer‐
1607              tain attacks.  Old applications don't understand this  new  for‐
1608              mat, so this option may be used to switch back to the old behav‐
1609              iour. Using this option bears a security risk. Note  that  using
1610              this option only takes effect when the secret key is encrypted -
1611              the simplest way to make this happen is to change the passphrase
1612              on the key (even changing it to the same value is acceptable).
1613
1614
1615       --no-sig-cache
1616              Do not cache the verification status of key signatures.  Caching
1617              gives a much better performance in key listings. However, if you
1618              suspect that your public keyring is not save against write modi‐
1619              fications, you can use this option to disable  the  caching.  It
1620              probably  does  not make sense to disable it because all kind of
1621              damage can be done if someone else has write access to your pub‐
1622              lic keyring.
1623
1624
1625       --no-sig-create-check
1626              This options is obsolete.  It has no function.
1627
1628
1629       --auto-check-trustdb
1630
1631       --no-auto-check-trustdb
1632              If  GnuPG  feels that its information about the Web of Trust has
1633              to be updated, it automatically runs the --check-trustdb command
1634              internally.   This  may  be a time consuming process. --no-auto-
1635              check-trustdb disables this option.
1636
1637
1638       --use-agent
1639
1640       --no-use-agent
1641              Try to use the GnuPG-Agent.  With this option, GnuPG first tries
1642              to  connect  to the agent before it asks for a passphrase. --no-
1643              use-agent disables this option.  Note, that the tool gpg-preset-
1644              passphrase, which comes with GnuPG-2, cannot be used to preset a
1645              passphrase for this version of GnuPG.
1646
1647
1648       --gpg-agent-info
1649              Override the value of the environment variable 'GPG_AGENT_INFO'.
1650              This  is  only used when --use-agent has been given.  Given that
1651              this option is not anymore used by gpg2, it should be avoided if
1652              possible.
1653
1654
1655
1656       --lock-once
1657              Lock the databases the first time a lock is requested and do not
1658              release the lock until the process terminates.
1659
1660
1661       --lock-multiple
1662              Release the locks every time a lock is  no  longer  needed.  Use
1663              this to override a previous --lock-once from a config file.
1664
1665
1666       --lock-never
1667              Disable  locking  entirely.  This  option should be used only in
1668              very special environments, where it can be assured that only one
1669              process  is  accessing  those  files.  A  bootable floppy with a
1670              stand-alone encryption system will probably use  this.  Improper
1671              usage of this option may lead to data and key corruption.
1672
1673
1674       --exit-on-status-write-error
1675              This  option will cause write errors on the status FD to immedi‐
1676              ately terminate the process. That should in fact be the  default
1677              but  it  never  worked  this  way  and thus we need an option to
1678              enable this, so that the change won't break  applications  which
1679              close  their  end of a status fd connected pipe too early. Using
1680              this option along with --enable-progress-filter may be  used  to
1681              cleanly cancel long running gpg operations.
1682
1683
1684       --limit-card-insert-tries n
1685              With  n  greater than 0 the number of prompts asking to insert a
1686              smartcard gets limited to N-1. Thus with a value of 1 gpg  won't
1687              at  all  ask  to  insert  a  card  if  none has been inserted at
1688              startup. This option is useful in the configuration file in case
1689              an  application  does  not  know about the smartcard support and
1690              waits ad infinitum for an inserted card.
1691
1692
1693       --no-random-seed-file
1694              GnuPG uses a file to store its internal random pool over invoca‐
1695              tions.   This  makes random generation faster; however sometimes
1696              write operations are not desired. This option  can  be  used  to
1697              achieve that with the cost of slower random generation.
1698
1699
1700       --no-greeting
1701              Suppress the initial copyright message.
1702
1703
1704       --no-secmem-warning
1705              Suppress the warning about "using insecure memory".
1706
1707
1708       --no-permission-warning
1709              Suppress  the  warning  about  unsafe  file  and  home directory
1710              (--homedir) permissions. Note that the  permission  checks  that
1711              GnuPG  performs are not intended to be authoritative, but rather
1712              they simply warn about certain common  permission  problems.  Do
1713              not  assume that the lack of a warning means that your system is
1714              secure.
1715
1716              Note that the warning for unsafe --homedir permissions cannot be
1717              suppressed in the gpg.conf file, as this would allow an attacker
1718              to place an unsafe gpg.conf file in place, and use this file  to
1719              suppress  warnings about itself. The --homedir permissions warn‐
1720              ing may only be suppressed on the command line.
1721
1722
1723       --no-mdc-warning
1724              Suppress the warning about missing MDC integrity protection.
1725
1726
1727       --require-secmem
1728
1729       --no-require-secmem
1730              Refuse to run if GnuPG cannot get secure memory. Defaults to  no
1731              (i.e. run, but give a warning).
1732
1733
1734
1735       --require-cross-certification
1736
1737       --no-require-cross-certification
1738              When  verifying  a signature made from a subkey, ensure that the
1739              cross certification "back signature" on the  subkey  is  present
1740              and  valid.   This protects against a subtle attack against sub‐
1741              keys that can sign.  Defaults  to  --require-cross-certification
1742              for gpg.
1743
1744
1745       --expert
1746
1747       --no-expert
1748              Allow  the user to do certain nonsensical or "silly" things like
1749              signing an expired or revoked key, or certain potentially incom‐
1750              patible things like generating unusual key types. This also dis‐
1751              ables certain warning messages  about  potentially  incompatible
1752              actions.  As  the name implies, this option is for experts only.
1753              If you don't fully understand the implications of what it allows
1754              you to do, leave this off. --no-expert disables this option.
1755
1756
1757
1758
1759
1760   Key related options
1761
1762
1763
1764
1765       --recipient name
1766
1767       -r     Encrypt  for  user id name. If this option or --hidden-recipient
1768              is not specified, GnuPG asks for the user-id  unless  --default-
1769              recipient is given.
1770
1771
1772       --hidden-recipient name
1773
1774       -R     Encrypt  for  user  ID  name, but hide the key ID of this user's
1775              key. This option helps to hide the receiver of the  message  and
1776              is  a  limited  countermeasure against traffic analysis. If this
1777              option or --recipient is not specified, GnuPG asks for the  user
1778              ID unless --default-recipient is given.
1779
1780
1781       --encrypt-to name
1782              Same  as  --recipient  but  this  one is intended for use in the
1783              options file and may  be  used  with  your  own  user-id  as  an
1784              "encrypt-to-self". These keys are only used when there are other
1785              recipients given either by use of --recipient or  by  the  asked
1786              user  id.  No trust checking is performed for these user ids and
1787              even disabled keys can be used.
1788
1789
1790       --hidden-encrypt-to name
1791              Same as --hidden-recipient but this one is intended for  use  in
1792              the options file and may be used with your own user-id as a hid‐
1793              den "encrypt-to-self". These keys are only used when  there  are
1794              other  recipients  given  either by use of --recipient or by the
1795              asked user id.  No trust checking is performed  for  these  user
1796              ids and even disabled keys can be used.
1797
1798
1799       --no-encrypt-to
1800              Disable  the  use  of  all  --encrypt-to and --hidden-encrypt-to
1801              keys.
1802
1803
1804       --group name=value1
1805              Sets up a named group, which is similar to aliases in email pro‐
1806              grams.   Any time the group name is a recipient (-r or --recipi‐
1807              ent), it will be expanded  to  the  values  specified.  Multiple
1808              groups with the same name are automatically merged into a single
1809              group.
1810
1811              The values are key IDs or fingerprints, but any key  description
1812              is accepted. Note that a value with spaces in it will be treated
1813              as two different values. Note also there is only  one  level  of
1814              expansion  ---  you  cannot make an group that points to another
1815              group. When used from the command line, it may be  necessary  to
1816              quote  the  argument  to  this  option to prevent the shell from
1817              treating it as multiple arguments.
1818
1819
1820       --ungroup name
1821              Remove a given entry from the --group list.
1822
1823
1824       --no-groups
1825              Remove all entries from the --group list.
1826
1827
1828       --local-user name
1829
1830       -u     Use name as the key to sign with. Note that  this  option  over‐
1831              rides --default-key.
1832
1833
1834       --try-all-secrets
1835              Don't  look  at  the key ID as stored in the message but try all
1836              secret keys in turn to  find  the  right  decryption  key.  This
1837              option  forces  the  behaviour  as  used by anonymous recipients
1838              (created by  using  --throw-keyids  or  --hidden-recipient)  and
1839              might  come  handy in case where an encrypted message contains a
1840              bogus key ID.
1841
1842
1843
1844
1845
1846   Input and Output
1847
1848
1849
1850
1851       --armor
1852
1853       -a     Create ASCII armored output.   The  default  is  to  create  the
1854              binary OpenPGP format.
1855
1856
1857       --no-armor
1858              Assume the input data is not in ASCII armored format.
1859
1860
1861       --output file
1862
1863       -o file
1864              Write output to file.
1865
1866
1867       --max-output n
1868              This  option  sets  a  limit on the number of bytes that will be
1869              generated when processing a file. Since OpenPGP supports various
1870              levels  of  compression,  it is possible that the plaintext of a
1871              given message may be  significantly  larger  than  the  original
1872              OpenPGP  message. While GnuPG works properly with such messages,
1873              there is often a desire to set a maximum file size that will  be
1874              generated  before processing is forced to stop by the OS limits.
1875              Defaults to 0, which means "no limit".
1876
1877
1878       --import-options parameters
1879              This is a space or comma delimited string that gives options for
1880              importing  keys.  Options  can be prepended with a `no-' to give
1881              the opposite meaning. The options are:
1882
1883
1884
1885              import-local-sigs
1886                     Allow importing key signatures marked as "local". This is
1887                     not  generally  useful  unless a shared keyring scheme is
1888                     being used.  Defaults to no.
1889
1890
1891              keep-ownertrust
1892                     Normally possible still existing ownertrust values  of  a
1893                     key are cleared if a key is imported.  This is in general
1894                     desirable so that a formerly deleted key does  not  auto‐
1895                     matically gain an ownertrust values merely due to import.
1896                     On the other hand it is sometimes necessary to  re-import
1897                     a  trusted set of keys again but keeping already assigned
1898                     ownertrust values.  This can be achieved  by  using  this
1899                     option.
1900
1901
1902              repair-pks-subkey-bug
1903                     During import, attempt to repair the damage caused by the
1904                     PKS keyserver bug (pre version 0.9.6) that  mangles  keys
1905                     with  multiple  subkeys. Note that this cannot completely
1906                     repair the damaged key as some crucial data is removed by
1907                     the  keyserver,  but  it  does at least give you back one
1908                     subkey. Defaults to no for regular --import  and  to  yes
1909                     for keyserver --recv-keys.
1910
1911
1912              merge-only
1913                     During import, allow key updates to existing keys, but do
1914                     not allow any new keys to be imported. Defaults to no.
1915
1916
1917              import-clean
1918                     After import, compact (remove all signatures  except  the
1919                     self-signature)  any  user  IDs from the new key that are
1920                     not usable.  Then, remove any signatures from the new key
1921                     that  are not usable.  This includes signatures that were
1922                     issued by keys that are not present on the keyring.  This
1923                     option  is  the  same  as  running the --edit-key command
1924                     "clean" after import. Defaults to no.
1925
1926
1927              import-minimal
1928                     Import the smallest key possible. This removes all signa‐
1929                     tures  except the most recent self-signature on each user
1930                     ID. This option is the same  as  running  the  --edit-key
1931                     command "minimize" after import.  Defaults to no.
1932
1933
1934       --export-options parameters
1935              This is a space or comma delimited string that gives options for
1936              exporting keys. Options can be prepended with a  `no-'  to  give
1937              the opposite meaning. The options are:
1938
1939
1940
1941              export-local-sigs
1942                     Allow exporting key signatures marked as "local". This is
1943                     not generally useful unless a shared  keyring  scheme  is
1944                     being used.  Defaults to no.
1945
1946
1947              export-attributes
1948                     Include  attribute  user IDs (photo IDs) while exporting.
1949                     This is useful to export keys if they  are  going  to  be
1950                     used by an OpenPGP program that does not accept attribute
1951                     user IDs. Defaults to yes.
1952
1953
1954              export-sensitive-revkeys
1955                     Include designated revoker information that was marked as
1956                     "sensitive". Defaults to no.
1957
1958
1959              export-reset-subkey-passwd
1960                     When  using  the  --export-secret-subkeys  command,  this
1961                     option resets the passphrases for all exported subkeys to
1962                     empty.  This  is useful when the exported subkey is to be
1963                     used on an unattended machine where a passphrase  doesn't
1964                     necessarily make sense. Defaults to no.
1965
1966
1967              export-clean
1968                     Compact  (remove all signatures from) user IDs on the key
1969                     being exported if the user IDs are not usable.  Also,  do
1970                     not  export  any  signatures  that  are  not usable. This
1971                     includes signatures that were issued by keys that are not
1972                     present  on  the keyring. This option is the same as run‐
1973                     ning the --edit-key command "clean" before export  except
1974                     that  the local copy of the key is not modified. Defaults
1975                     to no.
1976
1977
1978              export-minimal
1979                     Export the smallest key possible. This removes all signa‐
1980                     tures  except the most recent self-signature on each user
1981                     ID. This option is the same  as  running  the  --edit-key
1982                     command  "minimize"  before  export except that the local
1983                     copy of the key is not modified. Defaults to no.
1984
1985
1986       --with-colons
1987              Print key listings delimited by colons.  Note  that  the  output
1988              will  be  encoded  in  UTF-8 regardless of any --display-charset
1989              setting. This format is useful when GnuPG is called from scripts
1990              and  other  programs as it is easily machine parsed. The details
1991              of this format are documented in the file  ‘doc/DETAILS’,  which
1992              is included in the GnuPG source distribution.
1993
1994
1995       --fixed-list-mode
1996              Do  not  merge  primary  user ID and primary key in --with-colon
1997              listing  mode  and  print  all  timestamps  as   seconds   since
1998              1970-01-01.
1999
2000
2001       --with-fingerprint
2002              Same as the command --fingerprint but changes only the format of
2003              the output and may be used together with another command.
2004
2005
2006
2007
2008   OpenPGP protocol specific options.
2009
2010
2011
2012
2013       -t, --textmode
2014
2015       --no-textmode
2016              Treat input files as text and store them in the OpenPGP  canoni‐
2017              cal  text form with standard "CRLF" line endings. This also sets
2018              the necessary flags to inform the recipient that  the  encrypted
2019              or  signed  data is text and may need its line endings converted
2020              back to whatever the local system uses. This  option  is  useful
2021              when  communicating  between  two  platforms that have different
2022              line ending conventions (UNIX-like to Mac, Mac to Windows, etc).
2023              --no-textmode disables this option, and is the default.
2024
2025              If  -t  (but  not --textmode) is used together with armoring and
2026              signing, this  enables  clearsigned  messages.  This  kludge  is
2027              needed for command-line compatibility with command-line versions
2028              of PGP; normally you would use --sign or --clearsign  to  select
2029              the type of the signature.
2030
2031
2032       --force-v3-sigs
2033
2034       --no-force-v3-sigs
2035              OpenPGP  states that an implementation should generate v4 signa‐
2036              tures but PGP versions 5 through 7 only recognize v4  signatures
2037              on key material. This option forces v3 signatures for signatures
2038              on data.  Note that this option implies --no-ask-sig-expire, and
2039              unsets  --sig-policy-url,  --sig-notation,  and --sig-keyserver-
2040              url, as these features cannot be used with v3 signatures.  --no-
2041              force-v3-sigs disables this option.  Defaults to no.
2042
2043
2044       --force-v4-certs
2045
2046       --no-force-v4-certs
2047              Always  use  v4 key signatures even on v3 keys. This option also
2048              changes the default hash algorithm for v3 RSA keys from  MD5  to
2049              SHA-1.  --no-force-v4-certs disables this option.
2050
2051
2052       --force-mdc
2053              Force  the use of encryption with a modification detection code.
2054              This is always used with the newer ciphers (those with a  block‐
2055              size  greater  than  64  bits),  or if all of the recipient keys
2056              indicate MDC support in their feature flags.
2057
2058
2059       --disable-mdc
2060              Disable the use of the modification detection code. Note that by
2061              using this option, the encrypted message becomes vulnerable to a
2062              message modification attack.
2063
2064
2065       --personal-cipher-preferences string
2066              Set the list of personal cipher preferences to string.  Use  gpg
2067              --version to get a list of available algorithms, and use none to
2068              set no preference at all.  This allows the user to safely  over‐
2069              ride  the  algorithm chosen by the recipient key preferences, as
2070              GPG will only select an algorithm that is usable by all  recipi‐
2071              ents.   The  most highly ranked cipher in this list is also used
2072              for the --symmetric encryption command.
2073
2074
2075       --personal-digest-preferences string
2076              Set the list of personal digest preferences to string.  Use  gpg
2077              --version to get a list of available algorithms, and use none to
2078              set no preference at all.  This allows the user to safely  over‐
2079              ride  the  algorithm chosen by the recipient key preferences, as
2080              GPG will only select an algorithm that is usable by all  recipi‐
2081              ents.   The  most highly ranked digest algorithm in this list is
2082              also used when signing without encryption (e.g.  --clearsign  or
2083              --sign).
2084
2085
2086       --personal-compress-preferences string
2087              Set the list of personal compression preferences to string.  Use
2088              gpg --version to get a list of  available  algorithms,  and  use
2089              none  to  set  no  preference  at  all.  This allows the user to
2090              safely override the algorithm chosen by the recipient key  pref‐
2091              erences,  as GPG will only select an algorithm that is usable by
2092              all recipients.  The most highly ranked compression algorithm in
2093              this  list is also used when there are no recipient keys to con‐
2094              sider (e.g. --symmetric).
2095
2096
2097       --s2k-cipher-algo name
2098              Use name as the cipher algorithm used to  protect  secret  keys.
2099              The  default cipher is AES128. This cipher is also used for con‐
2100              ventional  encryption   if   --personal-cipher-preferences   and
2101              --cipher-algo is not given.
2102
2103
2104       --s2k-digest-algo name
2105              Use name as the digest algorithm used to mangle the passphrases.
2106              The default algorithm is SHA-1.
2107
2108
2109       --s2k-mode n
2110              Selects  how  passphrases  are  mangled.  If  n  is  0  a  plain
2111              passphrase  (which  is not recommended) will be used, a 1 adds a
2112              salt to the passphrase and a 3 (the default) iterates the  whole
2113              process  a  number of times (see --s2k-count).  Unless --rfc1991
2114              is used, this mode is also used for conventional encryption.
2115
2116
2117       --s2k-count n
2118              Specify how many times  the  passphrase  mangling  is  repeated.
2119              This  value  may range between 1024 and 65011712 inclusive.  The
2120              default is inquired from gpg-agent.  Note that not all values in
2121              the  1024-65011712  range  are  legal and if an illegal value is
2122              selected, GnuPG will round up to the nearest legal value.   This
2123              option is only meaningful if --s2k-mode is 3.
2124
2125
2126
2127
2128
2129   Compliance options
2130
2131
2132       These  options  control  what  GnuPG is compliant to. Only one of these
2133       options may be active at a time. Note that the default setting of  this
2134       is  nearly  always the correct one. See the INTEROPERABILITY WITH OTHER
2135       OPENPGP PROGRAMS section below before using one of these options.
2136
2137
2138
2139       --gnupg
2140              Use standard GnuPG behavior. This is essentially OpenPGP  behav‐
2141              ior  (see  --openpgp),  but with some additional workarounds for
2142              common compatibility problems in different versions of PGP. This
2143              is the default option, so it is not generally needed, but it may
2144              be useful to override  a  different  compliance  option  in  the
2145              gpg.conf file.
2146
2147
2148       --openpgp
2149              Reset  all  packet,  cipher and digest options to strict OpenPGP
2150              behavior. Use this option to reset  all  previous  options  like
2151              --s2k-*,  --cipher-algo,  --digest-algo  and  --compress-algo to
2152              OpenPGP compliant values. All PGP workarounds are disabled.
2153
2154
2155       --rfc4880
2156              Reset all packet, cipher and digest options to  strict  RFC-4880
2157              behavior.  Note  that  this  is  currently  the  same  thing  as
2158              --openpgp.
2159
2160
2161       --rfc2440
2162              Reset all packet, cipher and digest options to  strict  RFC-2440
2163              behavior.
2164
2165
2166       --rfc1991
2167              Try  to  be  more  RFC-1991 (PGP 2.x) compliant.  This option is
2168              deprecated will be removed in GnuPG 2.1.
2169
2170
2171       --pgp2 Set up all options to be as PGP 2.x compliant as  possible,  and
2172              warn  if  an  action is taken (e.g. encrypting to a non-RSA key)
2173              that will create a message that PGP 2.x will not be able to han‐
2174              dle.  Note  that `PGP 2.x' here means `MIT PGP 2.6.2'. There are
2175              other versions of PGP 2.x available, but the MIT  release  is  a
2176              good common baseline.
2177
2178              This option implies --rfc1991 --disable-mdc --no-force-v4-certs
2179               --escape-from-lines  --force-v3-sigs --allow-weak-digest-algos
2180               --cipher-algo  IDEA  --digest-algo MD5 --compress-algo ZIP.  It
2181              also disables --textmode when encrypting.
2182
2183              This option is deprecated will be removed  in  GnuPG  2.1.   The
2184              reason  for  dropping  PGP-2 support is that the PGP 2 format is
2185              not anymore considered safe (for example due to the use  of  the
2186              broken  MD5  algorithm).  Note that the decryption of PGP-2 cre‐
2187              ated messages will continue to work.
2188
2189
2190       --pgp6 Set up all options to be as PGP 6 compliant  as  possible.  This
2191              restricts  you  to  the  ciphers  IDEA  (if  the  IDEA plugin is
2192              installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160,
2193              and  the compression algorithms none and ZIP. This also disables
2194              --throw-keyids, and making signatures with  signing  subkeys  as
2195              PGP 6 does not understand signatures made by signing subkeys.
2196
2197              This  option  implies --disable-mdc --escape-from-lines --force-
2198              v3-sigs.
2199
2200
2201       --pgp7 Set up all options to be as PGP 7 compliant as possible. This is
2202              identical  to  --pgp6 except that MDCs are not disabled, and the
2203              list of allowable ciphers is expanded  to  add  AES128,  AES192,
2204              AES256, and TWOFISH.
2205
2206
2207       --pgp8 Set  up  all options to be as PGP 8 compliant as possible. PGP 8
2208              is a lot closer to the OpenPGP standard than  previous  versions
2209              of  PGP,  so  all  this  does  is disable --throw-keyids and set
2210              --escape-from-lines.  All algorithms are allowed except for  the
2211              SHA224, SHA384, and SHA512 digests.
2212
2213
2214
2215
2216
2217   Doing things one usually doesn't want to do.
2218
2219
2220
2221
2222       -n
2223
2224       --dry-run
2225              Don't make any changes (this is not completely implemented).
2226
2227
2228       --list-only
2229              Changes  the  behaviour of some commands. This is like --dry-run
2230              but different in some cases. The semantic of this command may be
2231              extended  in  the  future.  Currently  it  only skips the actual
2232              decryption pass and therefore enables  a  fast  listing  of  the
2233              encryption keys.
2234
2235
2236       -i
2237
2238       --interactive
2239              Prompt before overwriting any files.
2240
2241
2242       --debug-level level
2243              Select  the debug level for investigating problems. level may be
2244              a numeric value or by a keyword:
2245
2246
2247              none   No debugging at all.  A value of less than 1 may be  used
2248                     instead of the keyword.
2249
2250              basic  Some  basic  debug messages.  A value between 1 and 2 may
2251                     be used instead of the keyword.
2252
2253              advanced
2254                     More verbose debug messages.  A value between 3 and 5 may
2255                     be used instead of the keyword.
2256
2257              expert Even more detailed messages.  A value between 6 and 8 may
2258                     be used instead of the keyword.
2259
2260              guru   All of the debug messages you can get.  A  value  greater
2261                     than  8 may be used instead of the keyword.  The creation
2262                     of hash tracing files is only enabled if the  keyword  is
2263                     used.
2264
2265       How  these  messages  are  mapped  to the actual debugging flags is not
2266       specified and may change with newer releases of this program. They  are
2267       however carefully selected to best aid in debugging.
2268
2269
2270       --debug flags
2271              Set  debugging flags. All flags are or-ed and flags may be given
2272              in C syntax (e.g. 0x0042).
2273
2274
2275       --debug-all
2276              Set all useful debugging flags.
2277
2278
2279       --debug-ccid-driver
2280              Enable debug output from the included  CCID  driver  for  smart‐
2281              cards.  Note that this option is only available on some system.
2282
2283
2284       --enable-progress-filter
2285              Enable certain PROGRESS status outputs. This option allows fron‐
2286              tends to display a progress indicator while  gpg  is  processing
2287              larger files.  There is a slight performance overhead using it.
2288
2289
2290       --status-fd n
2291              Write  special status strings to the file descriptor n.  See the
2292              file DETAILS in the documentation for a listing of them.
2293
2294
2295       --status-file file
2296              Same as --status-fd, except the status data is written  to  file
2297              file.
2298
2299
2300       --logger-fd n
2301              Write log output to file descriptor n and not to STDERR.
2302
2303
2304       --log-file file
2305
2306       --logger-file file
2307              Same  as  --logger-fd, except the logger data is written to file
2308              file.  Note that --log-file is only implemented for GnuPG-2.
2309
2310
2311       --attribute-fd n
2312              Write attribute subpackets to the file  descriptor  n.  This  is
2313              most  useful for use with --status-fd, since the status messages
2314              are needed to separate  out  the  various  subpackets  from  the
2315              stream delivered to the file descriptor.
2316
2317
2318       --attribute-file file
2319              Same  as --attribute-fd, except the attribute data is written to
2320              file file.
2321
2322
2323       --comment string
2324
2325       --no-comments
2326              Use string as a comment string  in  clear  text  signatures  and
2327              ASCII armored messages or keys (see --armor). The default behav‐
2328              ior is not to use a comment string. --comment  may  be  repeated
2329              multiple  times  to  get multiple comment strings. --no-comments
2330              removes all comments.  It is a good idea to keep the length of a
2331              single  comment  below 60 characters to avoid problems with mail
2332              programs wrapping such lines.  Note that comment lines, like all
2333              other header lines, are not protected by the signature.
2334
2335
2336       --emit-version
2337
2338       --no-emit-version
2339              Force  inclusion  of the version string in ASCII armored output.
2340              If given once only the name of the program and the major  number
2341              is  emitted, given twice the minor is also emitted, given triple
2342              the micro is added, and given quad an operating system identifi‐
2343              cation  is  also  emitted.  --no-emit-version (default) disables
2344              the version line.
2345
2346
2347       --sig-notation name=value
2348
2349       --cert-notation name=value
2350
2351       -N, --set-notation name=value
2352              Put the name value pair into the  signature  as  notation  data.
2353              name  must  consist  only of printable characters or spaces, and
2354              must contain a '@' character in  the  form  keyname@domain.exam‐
2355              ple.com  (substituting  the appropriate keyname and domain name,
2356              of course).  This is to  help  prevent  pollution  of  the  IETF
2357              reserved notation namespace. The --expert flag overrides the '@'
2358              check. value may be any printable string; it will be encoded  in
2359              UTF8,  so  you  should  check that your --display-charset is set
2360              correctly. If you prefix name with an exclamation mark (!),  the
2361              notation  data  will  be flagged as critical (rfc4880:5.2.3.16).
2362              --sig-notation sets a notation for data signatures. --cert-nota‐
2363              tion sets a notation for key signatures (certifications). --set-
2364              notation sets both.
2365
2366              There are special codes that may be used in notation names. "%k"
2367              will  be  expanded into the key ID of the key being signed, "%K"
2368              into the long key ID of the key being signed, "%f" into the fin‐
2369              gerprint  of  the  key being signed, "%s" into the key ID of the
2370              key making the signature, "%S" into the long key ID of  the  key
2371              making  the signature, "%g" into the fingerprint of the key mak‐
2372              ing the signature (which might be a subkey), "%p" into the  fin‐
2373              gerprint  of  the  primary  key of the key making the signature,
2374              "%c" into the signature count from the  OpenPGP  smartcard,  and
2375              "%%" results in a single "%". %k, %K, and %f are only meaningful
2376              when making a key signature  (certification),  and  %c  is  only
2377              meaningful when using the OpenPGP smartcard.
2378
2379
2380       --sig-policy-url string
2381
2382       --cert-policy-url string
2383
2384       --set-policy-url string
2385              Use  string  as  a Policy URL for signatures (rfc4880:5.2.3.20).
2386              If you prefix it with an exclamation mark (!),  the  policy  URL
2387              packet will be flagged as critical. --sig-policy-url sets a pol‐
2388              icy url for data signatures. --cert-policy-url sets a policy url
2389              for key signatures (certifications). --set-policy-url sets both.
2390
2391              The same %-expandos used for notation data are available here as
2392              well.
2393
2394
2395       --sig-keyserver-url string
2396              Use string as a preferred keyserver URL for data signatures.  If
2397              you  prefix  it  with an exclamation mark (!), the keyserver URL
2398              packet will be flagged as critical.
2399
2400              The same %-expandos used for notation data are available here as
2401              well.
2402
2403
2404       --set-filename string
2405              Use  string  as  the  filename  which is stored inside messages.
2406              This overrides the default, which is to use the actual  filename
2407              of the file being encrypted.
2408
2409
2410       --for-your-eyes-only
2411
2412       --no-for-your-eyes-only
2413              Set  the  `for  your eyes only' flag in the message. This causes
2414              GnuPG to refuse to save the file unless the --output  option  is
2415              given,  and PGP to use a "secure viewer" with a claimed Tempest-
2416              resistant font to display the  message.  This  option  overrides
2417              --set-filename.  --no-for-your-eyes-only disables this option.
2418
2419
2420       --use-embedded-filename
2421
2422       --no-use-embedded-filename
2423              Try  to  create a file with a name as embedded in the data. This
2424              can be a dangerous  option  as  it  enables  overwriting  files.
2425              Defaults to no.
2426
2427
2428       --cipher-algo name
2429              Use  name as cipher algorithm. Running the program with the com‐
2430              mand --version yields a list of supported algorithms. If this is
2431              not  used  the cipher algorithm is selected from the preferences
2432              stored with the key. In general, you do not  want  to  use  this
2433              option as it allows you to violate the OpenPGP standard.  --per‐
2434              sonal-cipher-preferences is the safe way to accomplish the  same
2435              thing.
2436
2437
2438       --digest-algo name
2439              Use  name  as  the message digest algorithm. Running the program
2440              with the command --version yields  a  list  of  supported  algo‐
2441              rithms.  In  general,  you  do not want to use this option as it
2442              allows you to violate the OpenPGP  standard.  --personal-digest-
2443              preferences is the safe way to accomplish the same thing.
2444
2445
2446       --compress-algo name
2447              Use compression algorithm name. "zlib" is RFC-1950 ZLIB compres‐
2448              sion. "zip" is RFC-1951 ZIP compression which is  used  by  PGP.
2449              "bzip2"  is  a  more modern compression scheme that can compress
2450              some things better than zip or zlib, but at  the  cost  of  more
2451              memory used during compression and decompression. "uncompressed"
2452              or "none" disables compression. If this option is not used,  the
2453              default  behavior is to examine the recipient key preferences to
2454              see which algorithms the recipient supports. If all else  fails,
2455              ZIP is used for maximum compatibility.
2456
2457              ZLIB  may  give better compression results than ZIP, as the com‐
2458              pression window size is not limited to 8k. BZIP2 may  give  even
2459              better  compression  results  than that, but will use a signifi‐
2460              cantly larger amount of memory while compressing and decompress‐
2461              ing.  This  may  be  significant in low memory situations. Note,
2462              however, that PGP (all versions) only supports ZIP  compression.
2463              Using  any algorithm other than ZIP or "none" will make the mes‐
2464              sage unreadable with PGP. In general, you do  not  want  to  use
2465              this  option  as  it allows you to violate the OpenPGP standard.
2466              --personal-compress-preferences is the safe  way  to  accomplish
2467              the same thing.
2468
2469
2470       --cert-digest-algo name
2471              Use  name  as  the  message digest algorithm used when signing a
2472              key. Running the program with the  command  --version  yields  a
2473              list  of  supported  algorithms.  Be aware that if you choose an
2474              algorithm that GnuPG supports but other OpenPGP  implementations
2475              do  not,  then some users will not be able to use the key signa‐
2476              tures you make, or quite possibly your entire key.
2477
2478
2479       --disable-cipher-algo name
2480              Never allow the use of name as cipher algorithm.  The given name
2481              will  not be checked so that a later loaded algorithm will still
2482              get disabled.
2483
2484
2485       --disable-pubkey-algo name
2486              Never allow the use of name as public key algorithm.  The  given
2487              name  will  not be checked so that a later loaded algorithm will
2488              still get disabled.
2489
2490
2491       --throw-keyids
2492
2493       --no-throw-keyids
2494              Do not put the recipient key IDs into encrypted  messages.  This
2495              helps  to  hide  the  receivers  of the message and is a limited
2496              countermeasure against traffic analysis. ([Using a little social
2497              engineering  anyone who is able to decrypt the message can check
2498              whether one of the other recipients is the  one  he  suspects.])
2499              On  the  receiving side, it may slow down the decryption process
2500              because all available secret keys must  be  tried.   --no-throw-
2501              keyids disables this option. This option is essentially the same
2502              as using --hidden-recipient for all recipients.
2503
2504
2505       --not-dash-escaped
2506              This option changes the behavior of cleartext signatures so that
2507              they  can  be  used for patch files. You should not send such an
2508              armored file via email because all spaces and line  endings  are
2509              hashed  too.  You  can  not use this option for data which has 5
2510              dashes at the beginning of a line, patch files don't have  this.
2511              A  special  armor  header  line tells GnuPG about this cleartext
2512              signature option.
2513
2514
2515       --escape-from-lines
2516
2517       --no-escape-from-lines
2518              Because some mailers change  lines  starting  with  "From  "  to
2519              ">From  "  it is good to handle such lines in a special way when
2520              creating cleartext signatures to prevent the  mail  system  from
2521              breaking  the  signature. Note that all other PGP versions do it
2522              this way too.  Enabled by default.  --no-escape-from-lines  dis‐
2523              ables this option.
2524
2525
2526       --passphrase-repeat n
2527              Specify  how  many  times  gpg  will request a new passphrase be
2528              repeated.  This is useful for  helping  memorize  a  passphrase.
2529              Defaults to 1 repetition.
2530
2531
2532       --passphrase-fd n
2533              Read  the passphrase from file descriptor n. Only the first line
2534              will be read from file descriptor n. If you use  0  for  n,  the
2535              passphrase  will  be  read  from STDIN. This can only be used if
2536              only one passphrase is supplied.
2537
2538
2539       --passphrase-file file
2540              Read the passphrase from file file. Only the first line will  be
2541              read  from  file  file.  This  can  only  be  used  if  only one
2542              passphrase is supplied. Obviously, a passphrase stored in a file
2543              is  of  questionable security if other users can read this file.
2544              Don't use this option if you can avoid it.
2545
2546
2547       --passphrase string
2548              Use string as the passphrase. This can only be used if only  one
2549              passphrase  is supplied. Obviously, this is of very questionable
2550              security on a multi-user system. Don't use this  option  if  you
2551              can avoid it.
2552
2553
2554       --command-fd n
2555              This is a replacement for the deprecated shared-memory IPC mode.
2556              If this option is  enabled,  user  input  on  questions  is  not
2557              expected  from  the  TTY  but from the given file descriptor. It
2558              should  be  used  together  with  --status-fd.  See   the   file
2559              doc/DETAILS in the source distribution for details on how to use
2560              it.
2561
2562
2563       --command-file file
2564              Same as --command-fd, except the commands are read out  of  file
2565              file
2566
2567
2568       --allow-non-selfsigned-uid
2569
2570       --no-allow-non-selfsigned-uid
2571              Allow  the  import  and  use of keys with user IDs which are not
2572              self-signed. This is not recommended, as a non self-signed  user
2573              ID is trivial to forge. --no-allow-non-selfsigned-uid disables.
2574
2575
2576       --allow-freeform-uid
2577              Disable all checks on the form of the user ID while generating a
2578              new one. This option should only be used in very  special  envi‐
2579              ronments  as  it does not ensure the de-facto standard format of
2580              user IDs.
2581
2582
2583       --ignore-time-conflict
2584              GnuPG normally checks that the timestamps associated  with  keys
2585              and  signatures have plausible values. However, sometimes a sig‐
2586              nature seems to be older than the key  due  to  clock  problems.
2587              This  option  makes  these  checks  just  a  warning.  See  also
2588              --ignore-valid-from for timestamp issues on subkeys.
2589
2590
2591       --ignore-valid-from
2592              GnuPG normally does not select and use subkeys  created  in  the
2593              future.   This  option  allows  the  use  of  such keys and thus
2594              exhibits the pre-1.0.7 behaviour. You should not use this option
2595              unless  there is some clock problem. See also --ignore-time-con‐
2596              flict for timestamp issues with signatures.
2597
2598
2599       --ignore-crc-error
2600              The ASCII armor used by OpenPGP is protected by a  CRC  checksum
2601              against  transmission  errors. Occasionally the CRC gets mangled
2602              somewhere on the transmission channel  but  the  actual  content
2603              (which  is  protected  by  the OpenPGP protocol anyway) is still
2604              okay. This option allows GnuPG to ignore CRC errors.
2605
2606
2607       --ignore-mdc-error
2608              This option changes a MDC integrity protection  failure  into  a
2609              warning.   This can be useful if a message is partially corrupt,
2610              but it is necessary to get as much data as possible out  of  the
2611              corrupt  message.  However, be aware that a MDC protection fail‐
2612              ure may also mean that the message was tampered with  intention‐
2613              ally by an attacker.
2614
2615
2616       --allow-weak-digest-algos
2617              Signatures  made  with known-weak digest algorithms are normally
2618              rejected with an ``invalid  digest  algorithm''  message.   This
2619              option allows the verification of signatures made with such weak
2620              algorithms.  MD5 is the only digest algorithm considered weak by
2621              default.   See  also  --weak-digest to reject other digest algo‐
2622              rithms.
2623
2624
2625       --weak-digest name
2626              Treat the specified digest algorithm as weak.   Signatures  made
2627              over  weak digests algorithms are normally rejected. This option
2628              can be supplied multiple times if multiple algorithms should  be
2629              considered  weak.  See also --allow-weak-digest-algos to disable
2630              rejection of weak digests.  MD5 is always considered  weak,  and
2631              does not need to be listed explicitly.
2632
2633
2634
2635       --no-default-keyring
2636              Do  not  add  the default keyrings to the list of keyrings. Note
2637              that GnuPG will not operate without any keyrings, so if you  use
2638              this  option and do not provide alternate keyrings via --keyring
2639              or --secret-keyring, then GnuPG will still use the default  pub‐
2640              lic or secret keyrings.
2641
2642
2643       --skip-verify
2644              Skip  the  signature verification step. This may be used to make
2645              the decryption faster  if  the  signature  verification  is  not
2646              needed.
2647
2648
2649       --with-key-data
2650              Print  key listings delimited by colons (like --with-colons) and
2651              print the public key data.
2652
2653
2654       --fast-list-mode
2655              Changes the output of the list commands to work faster; this  is
2656              achieved  by  leaving  some parts empty. Some applications don't
2657              need the user ID and the trust information given  in  the  list‐
2658              ings.  By  using this options they can get a faster listing. The
2659              exact behaviour of this option may change  in  future  versions.
2660              If you are missing some information, don't use this option.
2661
2662
2663       --no-literal
2664              This  is  not  for normal use. Use the source to see for what it
2665              might be useful.
2666
2667
2668       --set-filesize
2669              This is not for normal use. Use the source to see  for  what  it
2670              might be useful.
2671
2672
2673       --show-session-key
2674              Display  the  session  key used for one message. See --override-
2675              session-key for the counterpart of this option.
2676
2677              We think that Key Escrow is a Bad Thing; however the user should
2678              have  the freedom to decide whether to go to prison or to reveal
2679              the content of one specific  message  without  compromising  all
2680              messages  ever encrypted for one secret key. DON'T USE IT UNLESS
2681              YOU ARE REALLY FORCED TO DO SO.
2682
2683
2684       --override-session-key string
2685              Don't use the public key but the session key string. The  format
2686              of this string is the same as the one printed by --show-session-
2687              key. This option is normally not used but comes  handy  in  case
2688              someone  forces  you  to reveal the content of an encrypted mes‐
2689              sage; using this option you can do this without handing out  the
2690              secret key.
2691
2692
2693       --ask-sig-expire
2694
2695       --no-ask-sig-expire
2696              When  making a data signature, prompt for an expiration time. If
2697              this option is  not  specified,  the  expiration  time  set  via
2698              --default-sig-expire  is used. --no-ask-sig-expire disables this
2699              option.
2700
2701
2702       --default-sig-expire
2703              The default expiration time to  use  for  signature  expiration.
2704              Valid values are "0" for no expiration, a number followed by the
2705              letter d (for days), w (for weeks), m (for months),  or  y  (for
2706              years)  (for  example  "2m"  for  two  months,  or "5y" for five
2707              years), or an absolute date in the form YYYY-MM-DD. Defaults  to
2708              "0".
2709
2710
2711       --ask-cert-expire
2712
2713       --no-ask-cert-expire
2714              When  making  a key signature, prompt for an expiration time. If
2715              this option is  not  specified,  the  expiration  time  set  via
2716              --default-cert-expire  is  used.  --no-ask-cert-expire  disables
2717              this option.
2718
2719
2720       --default-cert-expire
2721              The default expiration time to use for key signature expiration.
2722              Valid values are "0" for no expiration, a number followed by the
2723              letter d (for days), w (for weeks), m (for months),  or  y  (for
2724              years)  (for  example  "2m"  for  two  months,  or "5y" for five
2725              years), or an absolute date in the form YYYY-MM-DD. Defaults  to
2726              "0".
2727
2728
2729       --allow-secret-key-import
2730              This is an obsolete option and is not used anywhere.
2731
2732
2733       --allow-multiple-messages
2734
2735       --no-allow-multiple-messages
2736              Allow  processing  of  multiple  OpenPGP messages contained in a
2737              single file or stream.  Some programs that call GPG are not pre‐
2738              pared  to  deal with multiple messages being processed together,
2739              so this option defaults to no.  Note that versions of GPG  prior
2740              to 1.4.7 always allowed multiple messages.
2741
2742              Warning:  Do  not use this option unless you need it as a tempo‐
2743              rary workaround!
2744
2745
2746
2747       --enable-special-filenames
2748              This options enables a mode  in  which  filenames  of  the  form
2749-&n’,  where  n  is a non-negative decimal number, refer to the
2750              file descriptor n and not to a file with that name.
2751
2752
2753       --no-expensive-trust-checks
2754              Experimental use only.
2755
2756
2757       --preserve-permissions
2758              Don't change the permissions of a secret keyring  back  to  user
2759              read/write  only.  Use  this option only if you really know what
2760              you are doing.
2761
2762
2763       --default-preference-list string
2764              Set the list of default preferences to string.  This  preference
2765              list  is used for new keys and becomes the default for "setpref"
2766              in the edit menu.
2767
2768
2769       --default-keyserver-url name
2770              Set the default keyserver URL to name. This  keyserver  will  be
2771              used as the keyserver URL when writing a new self-signature on a
2772              key, which includes key generation and changing preferences.
2773
2774
2775       --list-config
2776              Display various internal configuration parameters of GnuPG. This
2777              option is intended for external programs that call GnuPG to per‐
2778              form tasks, and is thus  not  generally  useful.  See  the  file
2779doc/DETAILS’  in  the  source  distribution  for the details of
2780              which configuration items may be listed. --list-config  is  only
2781              usable with --with-colons set.
2782
2783
2784       --gpgconf-list
2785              This  command  is  similar  to --list-config but in general only
2786              internally used by the gpgconf tool.
2787
2788
2789       --gpgconf-test
2790              This is more or less dummy action.  However it parses  the  con‐
2791              figuration  file  and  returns with failure if the configuration
2792              file would prevent gpg from startup.  Thus it may be used to run
2793              a syntax check on the configuration file.
2794
2795
2796
2797
2798   Deprecated options
2799
2800
2801
2802
2803       --load-extension name
2804              Load an extension module. If name does not contain a slash it is
2805              searched for in the directory configured when  GnuPG  was  built
2806              (generally "/usr/local/lib/gnupg"). Extensions are not generally
2807              useful anymore, and the use of this option is deprecated.
2808
2809
2810       --show-photos
2811
2812       --no-show-photos
2813              Causes  --list-keys,  --list-sigs,  --list-public-keys,  --list-
2814              secret-keys, and verifying a signature to also display the photo
2815              ID attached to the key, if any. See also  --photo-viewer.  These
2816              options  are  deprecated.  Use  --list-options  [no-]show-photos
2817              and/or --verify-options [no-]show-photos instead.
2818
2819
2820       --show-keyring
2821              Display the keyring name at the head of  key  listings  to  show
2822              which keyring a given key resides on. This option is deprecated:
2823              use --list-options [no-]show-keyring instead.
2824
2825
2826       --ctapi-driver file
2827              Use file to access the smartcard reader. The current default  is
2828              `libtowitoko.so'.  Note that the use of this interface is depre‐
2829              cated; it may be removed in future releases.
2830
2831
2832       --always-trust
2833              Identical to --trust-model always. This option is deprecated.
2834
2835
2836       --show-notation
2837
2838       --no-show-notation
2839              Show signature notations  in  the  --list-sigs  or  --check-sigs
2840              listings  as  well as when verifying a signature with a notation
2841              in  it.  These  options  are  deprecated.   Use   --list-options
2842              [no-]show-notation  and/or  --verify-options  [no-]show-notation
2843              instead.
2844
2845
2846       --show-policy-url
2847
2848       --no-show-policy-url
2849              Show policy URLs in the --list-sigs or --check-sigs listings  as
2850              well  as  when  verifying  a  signature with a policy URL in it.
2851              These options are deprecated. Use --list-options  [no-]show-pol‐
2852              icy-url and/or --verify-options [no-]show-policy-url instead.
2853
2854
2855
2856
2857
2858

EXAMPLES

2860       gpg -se -r Bob file
2861              sign and encrypt for user Bob
2862
2863
2864       gpg --clearsign file
2865              make a clear text signature
2866
2867
2868       gpg -sb file
2869              make a detached signature
2870
2871
2872       gpg -u 0x12345678 -sb file
2873              make a detached signature with the key 0x12345678
2874
2875
2876       gpg --list-keys user_ID
2877              show keys
2878
2879
2880       gpg --fingerprint user_ID
2881              show fingerprint
2882
2883
2884       gpg --verify pgpfile
2885
2886       gpg --verify sigfile
2887              Verify the signature of the file but do not output the data. The
2888              second form is used for detached signatures,  where  sigfile  is
2889              the  detached signature (either ASCII armored or binary) and are
2890              the signed data; if this is not given,  the  name  of  the  file
2891              holding the signed data is constructed by cutting off the exten‐
2892              sion (".asc" or ".sig") of sigfile or by asking the user for the
2893              filename.
2894
2895
2896
2897

HOW TO SPECIFY A USER ID

2899       There  are  different ways to specify a user ID to GnuPG.  Some of them
2900       are only valid for gpg others are only good for  gpgsm.   Here  is  the
2901       entire list of ways to specify a key:
2902
2903
2904
2905       By key Id.
2906              This  format  is  deduced  from the length of the string and its
2907              content or 0x prefix. The key Id of an X.509 certificate are the
2908              low  64  bits  of  its SHA-1 fingerprint.  The use of key Ids is
2909              just a shortcut, for all automated  processing  the  fingerprint
2910              should be used.
2911
2912              When  using gpg an exclamation mark (!) may be appended to force
2913              using the specified primary or secondary key and not to try  and
2914              calculate which primary or secondary key to use.
2915
2916              The last four lines of the example give the key ID in their long
2917              form as internally used by the OpenPGP protocol. You can see the
2918              long key ID using the option --with-colons.
2919
2920         234567C4
2921         0F34E556E
2922         01347A56A
2923         0xAB123456
2924
2925         234AABBCC34567C4
2926         0F323456784E56EAB
2927         01AB3FED1347A5612
2928         0x234AABBCC34567C4
2929
2930
2931
2932
2933       By fingerprint.
2934              This  format  is  deduced  from the length of the string and its
2935              content or the 0x prefix.  Note, that only the 20  byte  version
2936              fingerprint  is available with gpgsm (i.e. the SHA-1 hash of the
2937              certificate).
2938
2939              When using gpg an exclamation mark (!) may be appended to  force
2940              using  the specified primary or secondary key and not to try and
2941              calculate which primary or secondary key to use.
2942
2943              The best way to specify a key Id is by  using  the  fingerprint.
2944              This  avoids  any  ambiguities in case that there are duplicated
2945              key IDs.
2946
2947         1234343434343434C434343434343434
2948         123434343434343C3434343434343734349A3434
2949         0E12343434343434343434EAB3484343434343434
2950         0xE12343434343434343434EAB3484343434343434
2951
2952
2953       gpgsm also accepts colons  between  each  pair  of  hexadecimal  digits
2954       because  this  is the de-facto standard on how to present X.509 finger‐
2955       prints.  gpg also allows the use of the space separated  SHA-1  finger‐
2956       print as printed by the key listing commands.
2957
2958
2959       By exact match on OpenPGP user ID.
2960              This  is denoted by a leading equal sign. It does not make sense
2961              for X.509 certificates.
2962
2963         =Heinrich Heine <heinrichh@uni-duesseldorf.de>
2964
2965
2966       By exact match on an email address.
2967              This is indicated by enclosing the email address  in  the  usual
2968              way with left and right angles.
2969
2970         <heinrichh@uni-duesseldorf.de>
2971
2972
2973
2974       By word match.
2975              All words must match exactly (not case sensitive) but can appear
2976              in any order in the user ID or a subjects name.  Words  are  any
2977              sequences  of letters, digits, the underscore and all characters
2978              with bit 7 set.
2979
2980         +Heinrich Heine duesseldorf
2981
2982
2983       By exact match on the subject's DN.
2984              This is indicated by a leading slash, directly followed  by  the
2985              RFC-2253 encoded DN of the subject.  Note that you can't use the
2986              string printed by "gpgsm --list-keys" because that one  as  been
2987              reordered and modified for better readability; use --with-colons
2988              to print the raw (but standard escaped) RFC-2253 string
2989
2990         /CN=Heinrich Heine,O=Poets,L=Paris,C=FR
2991
2992
2993       By exact match on the issuer's DN.
2994              This is indicated by a leading hash mark, directly followed by a
2995              slash  and  then  directly followed by the rfc2253 encoded DN of
2996              the issuer.  This should return the Root  cert  of  the  issuer.
2997              See note above.
2998
2999         #/CN=Root Cert,O=Poets,L=Paris,C=FR
3000
3001
3002
3003       By exact match on serial number and issuer's DN.
3004              This  is  indicated  by a hash mark, followed by the hexadecimal
3005              representation of the serial number, then followed  by  a  slash
3006              and the RFC-2253 encoded DN of the issuer. See note above.
3007
3008         #4F03/CN=Root Cert,O=Poets,L=Paris,C=FR
3009
3010
3011       By keygrip
3012              This  is indicated by an ampersand followed by the 40 hex digits
3013              of a keygrip.  gpgsm prints the keygrip when using  the  command
3014              --dump-cert.  It does not yet work for OpenPGP keys.
3015
3016         &D75F22C3F86E355877348498CDC92BD21010A480
3017
3018
3019
3020       By substring match.
3021              This is the default mode but applications may want to explicitly
3022              indicate this by putting the asterisk in front.   Match  is  not
3023              case sensitive.
3024
3025         Heine
3026         *Heine
3027
3028
3029
3030       Please note that we have reused the hash mark identifier which was used
3031       in old GnuPG versions to indicate the so called local-id.   It  is  not
3032       anymore  used  and  there  should  be  no conflict when used with X.509
3033       stuff.
3034
3035       Using the RFC-2253 format of DNs has the drawback that it is not possi‐
3036       ble to map them back to the original encoding, however we don't have to
3037       do this because our key database stores this encoding as meta data.
3038
3039
3040
3041
3042

FILES

3044       There are a few configuration files to control certain aspects of gpg's
3045       operation.  Unless  noted, they are expected in the current home direc‐
3046       tory (see: [option --homedir]).
3047
3048
3049
3050       gpg.conf
3051              This is the standard configuration file read by gpg on  startup.
3052              It may contain any valid long option; the leading two dashes may
3053              not be entered and the option  may  not  be  abbreviated.   This
3054              default  name  may  be  changed  on the command line (see: [gpg-
3055              option --options]).  You should backup this file.
3056
3057
3058       Note that on larger installations, it is useful to put predefined files
3059       into  the  directory  ‘/etc/skel/.gnupg/’  so  that newly created users
3060       start up with a working configuration.
3061
3062       For internal purposes gpg creates and maintains a few other files; They
3063       all  live  in  in the current home directory (see: [option --homedir]).
3064       Only the gpg may modify these files.
3065
3066
3067
3068       ~/.gnupg/pubring.gpg
3069              The public keyring.  You should backup this file.
3070
3071
3072       ~/.gnupg/pubring.gpg.lock
3073              The lock file for the public keyring.
3074
3075
3076       ~/.gnupg/pubring.kbx
3077
3078       ~/.gnupg/pubring.kbx.lock
3079              A public keyring and its lock file used by GnuPG versions >=  2.
3080              It is ignored by GnuPG 1.x
3081
3082
3083       ~/.gnupg/secring.gpg
3084              The secret keyring.  You should backup this file.
3085
3086
3087       ~/.gnupg/trustdb.gpg
3088              The trust database.  There is no need to backup this file; it is
3089              better to backup the ownertrust values (see:  [option  --export-
3090              ownertrust]).
3091
3092
3093       ~/.gnupg/trustdb.gpg.lock
3094              The lock file for the trust database.
3095
3096
3097       ~/.gnupg/random_seed
3098              A file used to preserve the state of the internal random pool.
3099
3100
3101       ~/.gnupg/secring.gpg.lock
3102              The lock file for the secret keyring.
3103
3104
3105       ~/.gnupg/openpgp-revocs.d/
3106              This  is the directory where gpg stores pre-generated revocation
3107              certificates.  The file name corresponds to the OpenPGP  finger‐
3108              print  of  the  respective key.  It is suggested to backup those
3109              certificates and if the primary private key is not stored on the
3110              disk to move them to an external storage device.  Anyone who can
3111              access theses files is able to  revoke  the  corresponding  key.
3112              You  may want to print them out.  You should backup all files in
3113              this directory and take care to keep this backup closed away.
3114
3115
3116       /usr[/local]/share/gnupg/options.skel
3117              The skeleton options file.
3118
3119
3120       /usr[/local]/lib/gnupg/
3121              Default location for extensions.
3122
3123
3124       Operation is further controlled by a few environment variables:
3125
3126
3127
3128       HOME   Used to locate the default home directory.
3129
3130
3131       GNUPGHOME
3132              If set directory used instead of "~/.gnupg".
3133
3134
3135       GPG_AGENT_INFO
3136              Used to locate the gpg-agent.  This is only honored when  --use-
3137              agent is set.
3138
3139              The value consists of 3 colon delimited fields: The first is the
3140              path to the Unix Domain Socket, the second the PID of  the  gpg-
3141              agent  and  the  protocol version which should be set to 1. When
3142              starting the gpg-agent as described in its  documentation,  this
3143              variable  is  set  to the correct value. The option --gpg-agent-
3144              info can be used to override it.
3145
3146
3147       PINENTRY_USER_DATA
3148              This value is passed via gpg-agent to pinentry.  It is useful to
3149              convey extra information to a custom pinentry.
3150
3151
3152       COLUMNS
3153
3154       LINES  Used to size some displays to the full size of the screen.
3155
3156
3157
3158       LANGUAGE
3159              Apart  from  its  use  by  GNU, it is used in the W32 version to
3160              override the language selection done through the  Registry.   If
3161              used  and  set  to a valid and available language name (langid),
3162              the file with the translation is loaded from
3163
3164              gpgdir/gnupg.nls/langid.mo.  Here gpgdir is the directory out of
3165              which the gpg binary has been loaded.  If it can't be loaded the
3166              Registry is tried and as last resort the native  Windows  locale
3167              system is used.
3168
3169
3170
3171
3172

BUGS

3174       On older systems this program should be installed as setuid(root). This
3175       is necessary to lock memory pages. Locking memory  pages  prevents  the
3176       operating   system   from  writing  memory  pages  (which  may  contain
3177       passphrases or other sensitive material) to disk. If you get no warning
3178       message  about  insecure  memory your operating system supports locking
3179       without being root. The program drops root privileges as soon as locked
3180       memory is allocated.
3181
3182       Note  also  that  some systems (especially laptops) have the ability to
3183       ``suspend to disk'' (also known as ``safe  sleep''  or  ``hibernate'').
3184       This  writes  all  memory to disk before going into a low power or even
3185       powered off mode.  Unless measures are taken in the operating system to
3186       protect  the  saved memory, passphrases or other sensitive material may
3187       be recoverable from it later.
3188
3189       Before you report a bug you should first search the  mailing  list  ar‐
3190       chives  for  similar  problems  and second check whether such a bug has
3191       already been reported to our bug tracker at http://bugs.gnupg.org .
3192
3193
3194

SEE ALSO

3196       gpgv(1),
3197
3198       The full documentation for this tool is maintained as a Texinfo manual.
3199       If  GnuPG and the info program are properly installed at your site, the
3200       command
3201
3202         info gnupg
3203
3204       should give you access to the complete manual including a  menu  struc‐
3205       ture and an index.
3206
3207
3208
3209GnuPG 1.4.23                      2020-02-06                            GPG(1)
Impressum