1GPG(1)                       GNU Privacy Guard 1.4                      GPG(1)
2
3
4

NAME

6       gpg - OpenPGP encryption and signing tool
7

SYNOPSIS

9       gpg [--homedir dir] [--options file] [options] command [args]
10
11

DESCRIPTION

13       gpg is the OpenPGP only version of the GNU Privacy Guard (GnuPG). It is
14       a tool to provide digital encryption and  signing  services  using  the
15       OpenPGP  standard.  gpg  features complete key management and all bells
16       and whistles you can expect from a decent OpenPGP implementation.
17
18       This is the standalone version of gpg.  For desktop use you should con‐
19       sider using gpg2 from the GnuPG-2 package
20        ([On some platforms gpg2 is installed under the name gpg]).
21
22
23
24
25
26
27

RETURN VALUE

29       The program returns 0 if everything was fine, 1 if at least a signature
30       was bad, and other error codes for fatal errors.
31
32

WARNINGS

34       Use a *good* password for your user account and a *good* passphrase  to
35       protect  your  secret  key.  This passphrase is the weakest part of the
36       whole system. Programs to do dictionary attacks on your secret  keyring
37       are  very  easy to write and so you should protect your "~/.gnupg/" di‐
38       rectory very well.
39
40       Keep in mind that, if this program is used over a network (telnet),  it
41       is *very* easy to spy out your passphrase!
42
43       If you are going to verify detached signatures, make sure that the pro‐
44       gram knows about it; either give both filenames on the command line  or
45       use '-' to specify STDIN.
46
47

INTEROPERABILITY

49       GnuPG  tries  to be a very flexible implementation of the OpenPGP stan‐
50       dard. In particular, GnuPG implements many of the optional parts of the
51       standard,  such as the SHA-512 hash, and the ZLIB and BZIP2 compression
52       algorithms. It is important to be aware that not all  OpenPGP  programs
53       implement  these  optional algorithms and that by forcing their use via
54       the --cipher-algo, --digest-algo,  --cert-digest-algo,  or  --compress-
55       algo  options  in  GnuPG,  it  is  possible to create a perfectly valid
56       OpenPGP message, but one that cannot be read by the intended recipient.
57
58       There are dozens of variations of OpenPGP programs available, and  each
59       supports a slightly different subset of these optional algorithms.  For
60       example, until recently, no (unhacked) version  of  PGP  supported  the
61       BLOWFISH cipher algorithm. A message using BLOWFISH simply could not be
62       read by a PGP user. By default, GnuPG uses the standard OpenPGP prefer‐
63       ences  system  that  will always do the right thing and create messages
64       that are usable by all recipients, regardless of which OpenPGP  program
65       they  use.  Only override this safe default if you really know what you
66       are doing.
67
68       If you absolutely must override the safe default, or if the preferences
69       on  a given key are invalid for some reason, you are far better off us‐
70       ing the --pgp6, --pgp7, or --pgp8 options. These options  are  safe  as
71       they  do  not  force any particular algorithms in violation of OpenPGP,
72       but rather reduce the available algorithms to a "PGP-safe" list.
73
74

COMMANDS

76       Commands are not distinguished from options except for  the  fact  that
77       only one command is allowed.
78
79       gpg  may  be run with no commands, in which case it will perform a rea‐
80       sonable action depending on the type of file it is given as  input  (an
81       encrypted  message  is  decrypted, a signature is verified, a file con‐
82       taining keys is listed).
83
84       Please remember that option as well as command parsing stops as soon as
85       a  non-option  is encountered, you can explicitly stop parsing by using
86       the special option --.
87
88
89
90
91
92
93   Commands not specific to the function
94
95
96
97       --version
98              Print the program version and licensing information.  Note  that
99              you cannot abbreviate this command.
100
101
102       --help
103
104       -h     Print  a  usage message summarizing the most useful command line
105              options.  Note that you cannot abbreviate this command.
106
107
108       --warranty
109              Print warranty information.
110
111
112       --dump-options
113              Print a list of all available options and commands.   Note  that
114              you cannot abbreviate this command.
115
116
117
118
119   Commands to select the type of operation
120
121
122
123
124
125       --sign
126
127       -s     Make  a  signature.  This command may be combined with --encrypt
128              (for a signed and encrypted message), --symmetric (for a  signed
129              and symmetrically encrypted message), or --encrypt and --symmet‐
130              ric together (for a signed message that may be decrypted  via  a
131              secret  key or a passphrase).  The key to be used for signing is
132              chosen by default or can be set with the --local-user and  --de‐
133              fault-key options.
134
135
136       --clearsign
137              Make a clear text signature.  The content in a clear text signa‐
138              ture is readable without any special software. OpenPGP  software
139              is  only  needed to verify the signature.  Clear text signatures
140              may modify end-of-line whitespace for platform independence  and
141              are not intended to be reversible.  The key to be used for sign‐
142              ing is chosen by default or can be set with the --local-user and
143              --default-key options.
144
145
146
147       --detach-sign
148
149       -b     Make a detached signature.
150
151
152       --encrypt
153
154       -e     Encrypt  data.  This  option  may be combined with --sign (for a
155              signed and encrypted message), --symmetric (for a  message  that
156              may  be  decrypted  via a secret key or a passphrase), or --sign
157              and --symmetric together (for a signed message that may  be  de‐
158              crypted via a secret key or a passphrase).
159
160
161       --symmetric
162
163       -c     Encrypt  with a symmetric cipher using a passphrase. The default
164              symmetric cipher used is AES128, but  may  be  chosen  with  the
165              --cipher-algo  option.  This  option may be combined with --sign
166              (for a signed and symmetrically  encrypted  message),  --encrypt
167              (for  a  message  that  may  be  decrypted via a secret key or a
168              passphrase), or --sign and --encrypt together (for a signed mes‐
169              sage that may be decrypted via a secret key or a passphrase).
170
171
172       --store
173              Store only (make a simple RFC1991 literal data packet).
174
175
176       --decrypt
177
178       -d     Decrypt  the file given on the command line (or STDIN if no file
179              is specified) and write it to STDOUT (or the file specified with
180              --output).  If  the  decrypted  file is signed, the signature is
181              also verified. This command differs from the default  operation,
182              as it never writes to the filename which is included in the file
183              and it rejects files which don't begin with  an  encrypted  mes‐
184              sage.
185
186
187       --verify
188              Assume  that  the  first argument is a signed file and verify it
189              without generating any output.  With no arguments, the signature
190              packet  is read from STDIN.  If only a one argument is given, it
191              is expected to be a complete signature.
192
193              With more than 1 argument, the first should be a detached signa‐
194              ture  and  the  remaining  files make up the the signed data. To
195              read the signed data from STDIN, use '-' as the second filename.
196              For security reasons a detached signature cannot read the signed
197              material from STDIN without denoting it in the above way.
198
199              Note: If the option --batch is not used, gpg may assume  that  a
200              single  argument is a file with a detached signature and it will
201              try to find a matching data file by stripping certain  suffixes.
202              Using  this historical feature to verify a detached signature is
203              strongly discouraged; always specify the data file too.
204
205              Note: When verifying a cleartext signature,  gpg  verifies  only
206              what  makes  up the cleartext signed data and not any extra data
207              outside of the cleartext signature or header lines following di‐
208              rectly the dash marker line.  The option --output may be used to
209              write out the actual signed data; but there are  other  pitfalls
210              with  this  format  as well.  It is suggested to avoid cleartext
211              signatures in favor of detached signatures.
212
213
214
215       --multifile
216              This modifies certain other commands to  accept  multiple  files
217              for  processing on the command line or read from STDIN with each
218              filename on a separate line. This allows for many  files  to  be
219              processed  at once. --multifile may currently be used along with
220              --verify, --encrypt, and --decrypt. Note that --multifile --ver‐
221              ify may not be used with detached signatures.
222
223
224       --verify-files
225              Identical to --multifile --verify.
226
227
228       --encrypt-files
229              Identical to --multifile --encrypt.
230
231
232       --decrypt-files
233              Identical to --multifile --decrypt.
234
235
236       --list-keys
237
238       -k
239
240       --list-public-keys
241              List  all  keys from the public keyrings, or just the keys given
242              on the command line.
243
244              -k is slightly different from --list-keys in that it allows only
245              for one argument and takes the second argument as the keyring to
246              search.  This is for command line compatibility with PGP  2  and
247              has been removed in gpg2.
248
249              Avoid  using the output of this command in scripts or other pro‐
250              grams as it is likely to change as GnuPG  changes.  See  --with-
251              colons  for  a machine-parseable key listing command that is ap‐
252              propriate for use in scripts and other programs.
253
254
255       --list-secret-keys
256
257       -K     List all keys from the secret keyrings, or just the  ones  given
258              on  the  command  line. A # after the letters sec means that the
259              secret key is not usable (for example, if  it  was  created  via
260              --export-secret-subkeys).
261
262
263       --list-sigs
264              Same as --list-keys, but the signatures are listed too.
265
266              For  each  signature  listed, there are several flags in between
267              the "sig" tag and keyid. These flags give additional information
268              about  each  signature. From left to right, they are the numbers
269              1-3 for certificate check level (see --ask-cert-level), "L"  for
270              a local or non-exportable signature (see --lsign-key), "R" for a
271              nonRevocable signature (see the  --edit-key  command  "nrsign"),
272              "P"  for a signature that contains a policy URL (see --cert-pol‐
273              icy-url), "N" for a signature  that  contains  a  notation  (see
274              --cert-notation),  "X" for an eXpired signature (see --ask-cert-
275              expire), and the numbers 1-9 or "T" for 10 and above to indicate
276              trust signature levels (see the --edit-key command "tsign").
277
278
279       --check-sigs
280              Same as --list-sigs, but the signatures are verified.  Note that
281              for performance reasons the revocation status of a  signing  key
282              is not shown.
283
284              The  status  of the verification is indicated by a flag directly
285              following the "sig" tag (and thus  before  the  flags  described
286              above  for --list-sigs).  A "!" indicates that the signature has
287              been successfully verified, a "-" denotes a bad signature and  a
288              "%"  is  used  if an error occurred while checking the signature
289              (e.g. a non supported algorithm).
290
291
292
293       --fingerprint
294              List all keys (or the specified ones) along with  their  finger‐
295              prints.  This is the same output as --list-keys but with the ad‐
296              ditional output of a line with the fingerprint. May also be com‐
297              bined  with  --list-sigs  or  --check-sigs.   If this command is
298              given twice, the fingerprints of all secondary keys  are  listed
299              too.
300
301
302       --list-packets
303              List only the sequence of packets. This is mainly useful for de‐
304              bugging.
305
306
307
308       --card-edit
309              Present a menu to work with a smartcard. The  subcommand  "help"
310              provides  an  overview on available commands. For a detailed de‐
311              scription, please see the Card HOWTO at  https://gnupg.org/docu
312              mentation/howtos.html#GnuPG-cardHOWTO .
313
314
315       --card-status
316              Show the content of the smart card.
317
318
319       --change-pin
320              Present  a  menu  to allow changing the PIN of a smartcard. This
321              functionality is also available as the subcommand "passwd"  with
322              the --card-edit command.
323
324
325       --delete-key name
326              Remove  key  from the public keyring. In batch mode either --yes
327              is required or the key must be specified by fingerprint. This is
328              a safeguard against accidental deletion of multiple keys.
329
330
331       --delete-secret-key name
332              Remove  key  from the secret keyring. In batch mode the key must
333              be specified by fingerprint.
334
335
336       --delete-secret-and-public-key name
337              Same as --delete-key, but if a secret key exists, it will be re‐
338              moved  first. In batch mode the key must be specified by finger‐
339              print.
340
341
342       --export
343              Either export all keys from all keyrings (default  keyrings  and
344              those  registered via option --keyring), or if at least one name
345              is given, those of the given name. The exported keys are written
346              to  STDOUT  or  to the file given with option --output.  Use to‐
347              gether with --armor to mail those keys.
348
349
350       --send-keys key IDs
351              Similar to --export but sends the keys to a keyserver.   Finger‐
352              prints  may  be used instead of key IDs. Option --keyserver must
353              be used to give the name of this keyserver. Don't send your com‐
354              plete  keyring  to  a keyserver --- select only those keys which
355              are new or changed by you.  If no key IDs are  given,  gpg  does
356              nothing.
357
358
359       --export-secret-keys
360
361       --export-secret-subkeys
362              Same  as --export, but exports the secret keys instead.  The ex‐
363              ported keys are written to STDOUT or to the file given with  op‐
364              tion --output.  This command is often used along with the option
365              --armor to allow easy printing of the key for paper backup; how‐
366              ever  the  external tool paperkey does a better job for creating
367              backups on paper.  Note that exporting a secret key can be a se‐
368              curity risk if the exported keys are send over an insecure chan‐
369              nel.
370
371              The second form of the command has the special property to  ren‐
372              der  the  secret  part of the primary key useless; this is a GNU
373              extension to OpenPGP and other implementations can  not  be  ex‐
374              pected  to  successfully import such a key.  Its intended use is
375              to generated a full key with an additional signing subkey  on  a
376              dedicated  machine and then using this command to export the key
377              without the primary key to the main machine.
378
379              See the option --simple-sk-checksum if you want to import an ex‐
380              ported secret key into ancient OpenPGP implementations.
381
382
383       --import
384
385       --fast-import
386              Import/merge  keys. This adds the given keys to the keyring. The
387              fast version is currently just a synonym.
388
389              There are a few other options which  control  how  this  command
390              works.  Most notable here is the --import-options merge-only op‐
391              tion which does not insert new keys but does only the merging of
392              new signatures, user-IDs and subkeys.
393
394
395       --recv-keys key IDs
396              Import  the keys with the given key IDs from a keyserver. Option
397              --keyserver must be used to give the name of this keyserver.
398
399
400       --refresh-keys
401              Request updates from a keyserver for keys that already exist  on
402              the  local  keyring.  This is useful for updating a key with the
403              latest signatures, user IDs, etc. Calling this with no arguments
404              will refresh the entire keyring. Option --keyserver must be used
405              to give the name of the keyserver for all keys that do not  have
406              preferred  keyservers  set  (see  --keyserver-options honor-key‐
407              server-url).
408
409
410       --search-keys names
411              Search the keyserver for the given names. Multiple  names  given
412              here will be joined together to create the search string for the
413              keyserver.  Option --keyserver must be used to give the name  of
414              this  keyserver.  Keyservers that support different search meth‐
415              ods allow using the syntax specified in "How to specify  a  user
416              ID" below. Note that different keyserver types support different
417              search methods. Currently only LDAP supports them all.
418
419
420       --fetch-keys URIs
421              Retrieve keys located at the specified URIs. Note that different
422              installations  of  GnuPG  may support different protocols (HTTP,
423              FTP, LDAP, etc.)
424
425
426       --update-trustdb
427              Do trust database maintenance. This command  iterates  over  all
428              keys and builds the Web of Trust. This is an interactive command
429              because it may have to ask for the "ownertrust" values for keys.
430              The  user  has  to  give an estimation of how far she trusts the
431              owner of the displayed key to  correctly  certify  (sign)  other
432              keys. GnuPG only asks for the ownertrust value if it has not yet
433              been assigned to a key. Using the --edit-key menu, the  assigned
434              value can be changed at any time.
435
436
437       --check-trustdb
438              Do  trust  database  maintenance  without user interaction. From
439              time to time the trust database must be updated so that  expired
440              keys or signatures and the resulting changes in the Web of Trust
441              can be tracked. Normally, GnuPG will calculate when this is  re‐
442              quired and do it automatically unless --no-auto-check-trustdb is
443              set. This command can be used to force a trust database check at
444              any  time.  The  processing  is  identical  to that of --update-
445              trustdb but it skips keys with a not yet defined "ownertrust".
446
447              For use with cron jobs, this command can be used  together  with
448              --batch in which case the trust database check is done only if a
449              check is needed. To force a run even in batch mode add  the  op‐
450              tion --yes.
451
452
453
454       --export-ownertrust
455              Send  the ownertrust values to STDOUT. This is useful for backup
456              purposes as these values are the only ones which  can't  be  re-
457              created from a corrupted trustdb.  Example:
458                  gpg --export-ownertrust > otrust.txt
459
460
461
462       --import-ownertrust
463              Update  the  trustdb  with the ownertrust values stored in files
464              (or STDIN if not given); existing values  will  be  overwritten.
465              In  case  of a severely damaged trustdb and if you have a recent
466              backup of the ownertrust values (e.g. in the file  ‘otrust.txt’,
467              you may re-create the trustdb using these commands:
468                  cd ~/.gnupg
469                  rm trustdb.gpg
470                  gpg --import-ownertrust < otrust.txt
471
472
473
474       --rebuild-keydb-caches
475              When updating from version 1.0.6 to 1.0.7 this command should be
476              used to create signature caches in  the  keyring.  It  might  be
477              handy in other situations too.
478
479
480       --print-md algo
481
482       --print-mds
483              Print  message  digest  of algorithm ALGO for all given files or
484              STDIN.  With the second form (or a deprecated "*" as  algo)  di‐
485              gests for all available algorithms are printed.
486
487
488       --gen-random 0|1|2 count
489              Emit count random bytes of the given quality level 0, 1 or 2. If
490              count is not given or zero, an endless sequence of random  bytes
491              will be emitted.  If used with --armor the output will be base64
492              encoded.  PLEASE, don't use this command unless  you  know  what
493              you are doing; it may remove precious entropy from the system!
494
495
496       --gen-prime mode bits
497              Use  the source, Luke :-). The output format is still subject to
498              change.
499
500
501
502       --enarmor
503
504       --dearmor
505              Pack or unpack an arbitrary input into/from an OpenPGP ASCII ar‐
506              mor.   This  is  a GnuPG extension to OpenPGP and in general not
507              very useful.
508
509
510
511
512
513   How to manage your keys
514
515
516       This section explains the main commands for key management
517
518
519
520       --gen-key
521              Generate a new key pair using the  current  default  parameters.
522              This is the standard command to create a new key.
523
524              There is also a feature which allows you to create keys in batch
525              mode. See the the manual section ``Unattended  key  generation''
526              on how to use this.
527
528
529       --gen-revoke name
530              Generate  a  revocation certificate for the complete key. To re‐
531              voke a subkey or a signature, use the --edit command.
532
533
534       --desig-revoke name
535              Generate a designated revocation certificate for a key. This al‐
536              lows  a  user  (with  the permission of the keyholder) to revoke
537              someone else's key.
538
539
540
541       --edit-key
542              Present a menu which enables you to do most of the  key  manage‐
543              ment  related  tasks.   It expects the specification of a key on
544              the command line.
545
546
547
548              uid n  Toggle selection of user ID or photographic user ID  with
549                     index n.  Use * to select all and 0 to deselect all.
550
551
552              key n  Toggle selection of subkey with index n.  Use * to select
553                     all and 0 to deselect all.
554
555
556              sign   Make a signature on key of user name If the  key  is  not
557                     yet  signed  by the default user (or the users given with
558                     -u), the program displays  the  information  of  the  key
559                     again,  together with its fingerprint and asks whether it
560                     should be signed. This question is repeated for all users
561                     specified with -u.
562
563
564              lsign  Same  as  "sign"  but  the signature is marked as non-ex‐
565                     portable and will therefore never be used by others. This
566                     may be used to make keys valid only in the local environ‐
567                     ment.
568
569
570              nrsign Same as "sign" but the signature is marked as non-revoca‐
571                     ble and can therefore never be revoked.
572
573
574              tsign  Make a trust signature. This is a signature that combines
575                     the notions of certification (like a regular  signature),
576                     and  trust  (like  the  "trust" command). It is generally
577                     only useful in distinct communities or groups.
578
579              Note that "l" (for local / non-exportable), "nr" (for  non-revo‐
580              cable,  and  "t" (for trust) may be freely mixed and prefixed to
581              "sign" to create a signature of any type desired.
582
583
584
585              delsig Delete a signature. Note that it is not possible  to  re‐
586                     tract  a  signature,  once it has been send to the public
587                     (i.e. to a keyserver).   In  that  case  you  better  use
588                     revsig.
589
590
591              revsig Revoke  a  signature.  For every signature which has been
592                     generated by one of the secret keys, GnuPG asks whether a
593                     revocation certificate should be generated.
594
595
596              check  Check the signatures on all selected user IDs.
597
598
599              adduid Create an additional user ID.
600
601
602              addphoto
603                     Create  a  photographic  user  ID. This will prompt for a
604                     JPEG file that will be embedded into the  user  ID.  Note
605                     that  a  very  large JPEG will make for a very large key.
606                     Also note that some programs will display your  JPEG  un‐
607                     changed  (GnuPG),  and some programs will scale it to fit
608                     in a dialog box (PGP).
609
610
611              showphoto
612                     Display the selected photographic user ID.
613
614
615              deluid Delete a user ID or photographic user ID.  Note  that  it
616                     is  not  possible  to retract a user id, once it has been
617                     send to the public (i.e. to a keyserver).  In  that  case
618                     you better use revuid.
619
620
621              revuid Revoke a user ID or photographic user ID.
622
623
624              primary
625                     Flag  the current user id as the primary one, removes the
626                     primary user id flag from all other user ids and sets the
627                     timestamp  of  all  affected  self-signatures  one second
628                     ahead. Note that setting a photo user ID as primary makes
629                     it primary over other photo user IDs, and setting a regu‐
630                     lar user ID as primary makes it primary over other  regu‐
631                     lar user IDs.
632
633
634              keyserver
635                     Set  a  preferred keyserver for the specified user ID(s).
636                     This allows other users to know where you prefer they get
637                     your  key  from. See --keyserver-options honor-keyserver-
638                     url for more on how  this  works.   Setting  a  value  of
639                     "none" removes an existing preferred keyserver.
640
641
642              notation
643                     Set  a  name=value notation for the specified user ID(s).
644                     See --cert-notation for more on how this works. Setting a
645                     value of "none" removes all notations, setting a notation
646                     prefixed with a minus sign (-) removes that notation, and
647                     setting  a  notation  name  (without the =value) prefixed
648                     with a minus sign removes all notations with that name.
649
650
651              pref   List preferences from the selected user  ID.  This  shows
652                     the  actual  preferences,  without  including any implied
653                     preferences.
654
655
656              showpref
657                     More verbose preferences listing for  the  selected  user
658                     ID. This shows the preferences in effect by including the
659                     implied preferences of 3DES (cipher), SHA-1 (digest), and
660                     Uncompressed  (compression)  if  they are not already in‐
661                     cluded in the preference list. In addition, the preferred
662                     keyserver and signature notations (if any) are shown.
663
664
665              setpref string
666                     Set the list of user ID preferences to string for all (or
667                     just the selected) user IDs. Calling setpref with no  ar‐
668                     guments  sets  the preference list to the default (either
669                     built-in or set via --default-preference-list), and call‐
670                     ing  setpref  with  "none"  as the argument sets an empty
671                     preference list. Use gpg  --version  to  get  a  list  of
672                     available  algorithms. Note that while you can change the
673                     preferences on an attribute user  ID  (aka  "photo  ID"),
674                     GnuPG  does  not  select  keys  via attribute user IDs so
675                     these preferences will not be used by GnuPG.
676
677                     When setting preferences, you should list the  algorithms
678                     in the order which you'd like to see them used by someone
679                     else when encrypting a message to your key.  If you don't
680                     include  3DES, it will be automatically added at the end.
681                     Note that there are many factors that go into choosing an
682                     algorithm  (for example, your key may not be the only re‐
683                     cipient), and so the  remote  OpenPGP  application  being
684                     used to send to you may or may not follow your exact cho‐
685                     sen order for a given message.  It  will,  however,  only
686                     choose  an  algorithm  that  is present on the preference
687                     list of every recipient key.  See also the INTEROPERABIL‐
688                     ITY WITH OTHER OPENPGP PROGRAMS section below.
689
690
691              addkey Add a subkey to this key.
692
693
694              addcardkey
695                     Generate a subkey on a card and add it to this key.
696
697
698              keytocard
699                     Transfer  the  selected secret subkey (or the primary key
700                     if no subkey has been selected) to a smartcard.  The  se‐
701                     cret key in the keyring will be replaced by a stub if the
702                     key could be stored successfully on the card and you  use
703                     the  save  command  later.  Only certain key types may be
704                     transferred to the card. A sub menu allows you to  select
705                     on what card to store the key. Note that it is not possi‐
706                     ble to get that key back from the card - if the card gets
707                     broken  your  secret  key  will be lost unless you have a
708                     backup somewhere.
709
710
711              bkuptocard file
712                     Restore the given file to a card.  This  command  may  be
713                     used  to  restore  a backup key (as generated during card
714                     initialization) to a new card. In almost all  cases  this
715                     will  be  the encryption key. You should use this command
716                     only with the corresponding public key and make sure that
717                     the  file  given  as argument is indeed the backup to re‐
718                     store. You should then select 2 to restore as  encryption
719                     key.   You will first be asked to enter the passphrase of
720                     the backup key and then for the Admin PIN of the card.
721
722
723              delkey Remove a subkey (secondart key). Note that it is not pos‐
724                     sible  to  retract a subkey, once it has been send to the
725                     public (i.e. to a keyserver).  In that  case  you  better
726                     use revkey.
727
728
729              revkey Revoke a subkey.
730
731
732              expire Change  the key or subkey expiration time. If a subkey is
733                     selected, the expiration time  of  this  subkey  will  be
734                     changed.  With  no  selection,  the key expiration of the
735                     primary key is changed.
736
737
738              trust  Change the owner trust value for the  key.  This  updates
739                     the trust-db immediately and no save is required.
740
741
742              disable
743
744              enable Disable  or  enable an entire key. A disabled key can not
745                     normally be used for encryption.
746
747
748              addrevoker
749                     Add a designated revoker to the key. This takes  one  op‐
750                     tional  argument: "sensitive". If a designated revoker is
751                     marked as sensitive, it will not be exported  by  default
752                     (see export-options).
753
754
755              passwd Change the passphrase of the secret key.
756
757
758              toggle Toggle between public and secret key listing.
759
760
761              clean  Compact  (by  removing all signatures except the selfsig)
762                     any user ID that is no longer usable  (e.g.  revoked,  or
763                     expired). Then, remove any signatures that are not usable
764                     by the trust calculations.   Specifically,  this  removes
765                     any  signature that does not validate, any signature that
766                     is superseded by a later signature,  revoked  signatures,
767                     and signatures issued by keys that are not present on the
768                     keyring.
769
770
771              minimize
772                     Make the key as small as possible. This removes all  sig‐
773                     natures  from  each  user  ID  except for the most recent
774                     self-signature.
775
776
777              cross-certify
778                     Add cross-certification  signatures  to  signing  subkeys
779                     that  may  not  currently  have them. Cross-certification
780                     signatures protect against a subtle attack against  sign‐
781                     ing  subkeys. See --require-cross-certification.  All new
782                     keys generated have this signature by  default,  so  this
783                     option is only useful to bring older keys up to date.
784
785
786              save   Save all changes to the key rings and quit.
787
788
789              quit   Quit the program without updating the key rings.
790
791              The  listing  shows  you the key with its secondary keys and all
792              user ids.  The primary user id is indicated by a  dot,  and  se‐
793              lected keys or user ids are indicated by an asterisk.  The trust
794              value is displayed with the primary key: the first  is  the  as‐
795              signed owner trust and the second is the calculated trust value.
796              Letters are used for the values:
797
798
799
800              -      No ownertrust assigned / not yet calculated.
801
802
803              e      Trust calculation has failed; probably due to an  expired
804                     key.
805
806
807              q      Not enough information for calculation.
808
809
810              n      Never trust this key.
811
812
813              m      Marginally trusted.
814
815
816              f      Fully trusted.
817
818
819              u      Ultimately trusted.
820
821
822
823       --sign-key name
824              Signs a public key with your secret key. This is a shortcut ver‐
825              sion of the subcommand "sign" from --edit.
826
827
828       --lsign-key name
829              Signs a public key with your secret key but marks it as  non-ex‐
830              portable.  This  is a shortcut version of the subcommand "lsign"
831              from --edit-key.
832
833
834
835
836

OPTIONS

838       gpg features a bunch of options to control the exact behaviour  and  to
839       change the default configuration.
840
841
842       Long    options    can   be   put   in   an   options   file   (default
843       "~/.gnupg/gpg.conf"). Short option names will not work -  for  example,
844       "armor"  is  a  valid option for the options file, while "a" is not. Do
845       not write the 2 dashes, but simply the name of the option and  any  re‐
846       quired  arguments. Lines with a hash ('#') as the first non-white-space
847       character are ignored. Commands may be put in this file too,  but  that
848       is  not generally useful as the command will execute automatically with
849       every execution of gpg.
850
851       Please remember that option parsing stops as soon as  a  non-option  is
852       encountered,  you  can explicitly stop parsing by using the special op‐
853       tion --.
854
855
856
857   How to change the configuration
858
859
860       These options are used to change  the  configuration  and  are  usually
861       found in the option file.
862
863
864
865       --default-key name
866              Use  name as the default key to sign with. If this option is not
867              used, the default key is the  first  key  found  in  the  secret
868              keyring.  Note that -u or --local-user overrides this option.
869
870
871       --default-recipient name
872              Use  name as default recipient if option --recipient is not used
873              and don't ask if this is a valid one. name must be non-empty.
874
875
876       --default-recipient-self
877              Use the default key as default recipient if  option  --recipient
878              is  not  used  and don't ask if this is a valid one. The default
879              key is the first one from the secret keyring or the one set with
880              --default-key.
881
882
883       --no-default-recipient
884              Reset --default-recipient and --default-recipient-self.
885
886
887       -v, --verbose
888              Give  more information during processing. If used twice, the in‐
889              put data is listed in detail.
890
891
892       --no-verbose
893              Reset verbose level to 0.
894
895
896       -q, --quiet
897              Try to be as quiet as possible.
898
899
900       --batch
901
902       --no-batch
903              Use batch mode.  Never ask, do not allow  interactive  commands.
904              --no-batch  disables  this option.  This option is commonly used
905              for unattended operations.
906
907              WARNING: Unattended operation bears a higher risk of  being  ex‐
908              posed  to security attacks.  In particular any unattended use of
909              GnuPG which involves the use of secret keys should take care not
910              to  provide  an  decryption  oracle.  There are several standard
911              pre-cautions against being used as an oracle.  For example never
912              return  detailed  error  messages  or any diagnostics printed by
913              your software to the remote site.  Consult  with  an  expert  in
914              case of doubt.
915
916              Note  that  even  with a filename given on the command line, gpg
917              might still need to read from STDIN (in particular if  gpg  fig‐
918              ures that the input is a detached signature and no data file has
919              been specified).  Thus if you do  not  want  to  feed  data  via
920              STDIN, you should connect STDIN to ‘/dev/null’.
921
922
923
924       --no-tty
925              Make  sure that the TTY (terminal) is never used for any output.
926              This option is needed in  some  cases  because  GnuPG  sometimes
927              prints warnings to the TTY even if --batch is used.
928
929
930       --yes  Assume "yes" on most questions.
931
932
933       --no   Assume "no" on most questions.
934
935
936
937       --list-options parameters
938              This  is  a  space  or comma delimited string that gives options
939              used when listing keys and  signatures  (that  is,  --list-keys,
940              --list-sigs,  --list-public-keys,  --list-secret-keys,  and  the
941              --edit-key functions).  Options can be prepended with a no- (af‐
942              ter  the  two dashes) to give the opposite meaning.  The options
943              are:
944
945
946
947              show-photos
948                     Causes --list-keys, --list-sigs, --list-public-keys,  and
949                     --list-secret-keys  to  display any photo IDs attached to
950                     the key.  Defaults to no. See also --photo-viewer.   Does
951                     not  work  with --with-colons: see --attribute-fd for the
952                     appropriate way to get photo data for scripts  and  other
953                     frontends.
954
955
956              show-usage
957                     Show  usage information for keys and subkeys in the stan‐
958                     dard key listing.  This is a list of  letters  indicating
959                     the  allowed  usage  for  a key (E=encryption, S=signing,
960                     C=certification, A=authentication).  Defaults to no.
961
962
963              show-policy-urls
964                     Show policy URLs in the --list-sigs or --check-sigs list‐
965                     ings.  Defaults to no.
966
967
968              show-notations
969
970              show-std-notations
971
972              show-user-notations
973                     Show  all, IETF standard, or user-defined signature nota‐
974                     tions in the --list-sigs or  --check-sigs  listings.  De‐
975                     faults to no.
976
977
978              show-keyserver-urls
979                     Show  any  preferred  keyserver URL in the --list-sigs or
980                     --check-sigs listings. Defaults to no.
981
982
983              show-uid-validity
984                     Display the calculated validity of user  IDs  during  key
985                     listings.  Defaults to no.
986
987
988              show-unusable-uids
989                     Show  revoked  and  expired user IDs in key listings. De‐
990                     faults to no.
991
992
993              show-unusable-subkeys
994                     Show revoked and expired subkeys  in  key  listings.  De‐
995                     faults to no.
996
997
998              show-keyring
999                     Display  the  keyring name at the head of key listings to
1000                     show which keyring a given key resides  on.  Defaults  to
1001                     no.
1002
1003
1004              show-sig-expire
1005                     Show  signature  expiration dates (if any) during --list-
1006                     sigs or --check-sigs listings. Defaults to no.
1007
1008
1009              show-sig-subpackets
1010                     Include signature subpackets in the key listing. This op‐
1011                     tion can take an optional argument list of the subpackets
1012                     to list. If no argument is passed, list  all  subpackets.
1013                     Defaults to no. This option is only meaningful when using
1014                     --with-colons along with --list-sigs or --check-sigs.
1015
1016
1017
1018       --verify-options parameters
1019              This is a space or comma delimited  string  that  gives  options
1020              used  when verifying signatures. Options can be prepended with a
1021              `no-' to give the opposite meaning. The options are:
1022
1023
1024
1025              show-photos
1026                     Display any photo IDs present on the key that issued  the
1027                     signature.  Defaults to no. See also --photo-viewer.
1028
1029
1030              show-policy-urls
1031                     Show  policy  URLs  in  the signature being verified. De‐
1032                     faults to no.
1033
1034
1035              show-notations
1036
1037              show-std-notations
1038
1039              show-user-notations
1040                     Show all, IETF standard, or user-defined signature  nota‐
1041                     tions  in  the signature being verified. Defaults to IETF
1042                     standard.
1043
1044
1045              show-keyserver-urls
1046                     Show any preferred keyserver URL in the  signature  being
1047                     verified.  Defaults to no.
1048
1049
1050              show-uid-validity
1051                     Display  the  calculated  validity of the user IDs on the
1052                     key that issued the signature. Defaults to no.
1053
1054
1055              show-unusable-uids
1056                     Show revoked and expired user IDs during signature  veri‐
1057                     fication.  Defaults to no.
1058
1059
1060              show-primary-uid-only
1061                     Show  only the primary user ID during signature verifica‐
1062                     tion.  That is all the AKA lines as well as photo Ids are
1063                     not shown with the signature verification status.
1064
1065
1066              pka-lookups
1067                     Enable  PKA lookups to verify sender addresses. Note that
1068                     PKA is based on DNS, and so enabling this option may dis‐
1069                     close  information  on when and what signatures are veri‐
1070                     fied or to whom data is encrypted. This is similar to the
1071                     "web bug" described for the auto-key-retrieve feature.
1072
1073
1074              pka-trust-increase
1075                     Raise  the  trust in a signature to full if the signature
1076                     passes PKA validation. This option is only meaningful  if
1077                     pka-lookups is set.
1078
1079
1080       --enable-large-rsa
1081
1082       --disable-large-rsa
1083              With  --gen-key  and  --batch, enable the creation of larger RSA
1084              secret keys than is generally recommended  (up  to  8192  bits).
1085              These large keys are more expensive to use, and their signatures
1086              and certifications are also larger.
1087
1088
1089       --enable-dsa2
1090
1091       --disable-dsa2
1092              Enable hash truncation for all DSA keys even for old DSA Keys up
1093              to  1024  bit.   This  is also the default with --openpgp.  Note
1094              that older versions of GnuPG also required this  flag  to  allow
1095              the generation of DSA larger than 1024 bit.
1096
1097
1098       --photo-viewer string
1099              This  is the command line that should be run to view a photo ID.
1100              "%i" will be expanded to a filename containing the  photo.  "%I"
1101              does  the  same,  except  the  file will not be deleted once the
1102              viewer exits.  Other flags are "%k" for the key ID, "%K" for the
1103              long  key  ID, "%f" for the key fingerprint, "%t" for the exten‐
1104              sion of the image type (e.g. "jpg"), "%T" for the MIME  type  of
1105              the  image  (e.g.  "image/jpeg"),  "%v" for the single-character
1106              calculated validity of the image being viewed (e.g.  "f"),  "%V"
1107              for the calculated validity as a string (e.g.  "full"), "%U" for
1108              a base32 encoded hash of the user ID, and  "%%"  for  an  actual
1109              percent  sign.  If  neither %i or %I are present, then the photo
1110              will be supplied to the viewer on standard input.
1111
1112              The default viewer is "xloadimage  -fork  -quiet  -title  'KeyID
1113              0x%k'  STDIN". Note that if your image viewer program is not se‐
1114              cure, then executing it from GnuPG does not make it secure.
1115
1116
1117       --exec-path string
1118              Sets a list of directories to search for photo viewers and  key‐
1119              server  helpers. If not provided, keyserver helpers use the com‐
1120              piled-in default directory, and photo viewers use the $PATH  en‐
1121              vironment  variable.  Note, that on W32 system this value is ig‐
1122              nored when searching for keyserver helpers.
1123
1124
1125       --keyring file
1126              Add file to the current list of keyrings. If file begins with  a
1127              tilde and a slash, these are replaced by the $HOME directory. If
1128              the filename does not contain a slash, it is assumed  to  be  in
1129              the  GnuPG home directory ("~/.gnupg" if --homedir or $GNUPGHOME
1130              is not used).
1131
1132              Note that this adds a keyring to the current list. If the intent
1133              is  to use the specified keyring alone, use --keyring along with
1134              --no-default-keyring.
1135
1136
1137       --secret-keyring file
1138              Same as --keyring but for the secret keyrings.
1139
1140
1141       --primary-keyring file
1142              Designate file as the primary public keyring.  This  means  that
1143              newly imported keys (via --import or keyserver --recv-from) will
1144              go to this keyring.
1145
1146
1147       --trustdb-name file
1148              Use file instead of the default trustdb. If file begins  with  a
1149              tilde and a slash, these are replaced by the $HOME directory. If
1150              the filename does not contain a slash, it is assumed  to  be  in
1151              the  GnuPG home directory (‘~/.gnupg’ if --homedir or $GNUPGHOME
1152              is not used).
1153
1154
1155
1156       --homedir dir
1157              Set the name of the home directory to dir. If this option is not
1158              used,  the  home  directory  defaults to ‘~/.gnupg’.  It is only
1159              recognized when given on the command line.   It  also  overrides
1160              any  home  directory  stated  through  the  environment variable
1161GNUPGHOME’ or (on Windows systems) by means of the Registry en‐
1162              try HKCU\Software\GNU\GnuPG:HomeDir.
1163
1164              On Windows systems it is possible to install GnuPG as a portable
1165              application.  In this case only this command line option is con‐
1166              sidered, all other ways to set a home directory are ignored.
1167
1168              To install GnuPG as a portable application under Windows, create
1169              an empty file name ‘gpgconf.ctl’ in the same  directory  as  the
1170              tool  ‘gpgconf.exe’.   The root of the installation is than that
1171              directory; or, if ‘gpgconf.exe’ has been installed directly  be‐
1172              low  a  directory  named  ‘bin’, its parent directory.  You also
1173              need to make sure that the following directories exist  and  are
1174              writable:     ‘ROOT/home’     for    the    GnuPG    home    and
1175ROOT/var/cache/gnupg’ for internal cache files.
1176
1177
1178
1179       --pcsc-driver file
1180              Use file to access the smartcard reader. The current default  is
1181              `libpcsclite.so.1'   for   GLIBC   based  systems,  `/System/Li‐
1182              brary/Frameworks/PCSC.framework/PCSC'  for  MAC  OS   X,   `win‐
1183              scard.dll' for Windows and `libpcsclite.so' for other systems.
1184
1185
1186       --disable-ccid
1187              Disable  the integrated support for CCID compliant readers. This
1188              allows falling back to one of the other drivers even if the  in‐
1189              ternal  CCID  driver can handle the reader. Note, that CCID sup‐
1190              port is only available if libusb was available at build time.
1191
1192
1193       --reader-port number_or_string
1194              This option may be used to specify the port of the  card  termi‐
1195              nal.  A  value of 0 refers to the first serial device; add 32768
1196              to access USB devices. The default is 32768 (first USB  device).
1197              PC/SC  or CCID readers might need a string here; run the program
1198              in verbose mode to get a list of available readers. The  default
1199              is then the first reader found.
1200
1201
1202       --display-charset name
1203              Set  the  name of the native character set. This is used to con‐
1204              vert some informational strings like  user  IDs  to  the  proper
1205              UTF-8 encoding.  Note that this has nothing to do with the char‐
1206              acter set of data to be encrypted or signed; GnuPG does not  re‐
1207              code user-supplied data. If this option is not used, the default
1208              character set is determined from the current locale. A verbosity
1209              level of 3 shows the chosen set.  Valid values for name are:
1210
1211
1212
1213              iso-8859-1
1214                     This is the Latin 1 set.
1215
1216
1217              iso-8859-2
1218                     The Latin 2 set.
1219
1220
1221              iso-8859-15
1222                     This is currently an alias for the Latin 1 set.
1223
1224
1225              koi8-r The usual Russian set (rfc1489).
1226
1227
1228              utf-8  Bypass  all  translations and assume that the OS uses na‐
1229                     tive UTF-8 encoding.
1230
1231
1232       --utf8-strings
1233
1234       --no-utf8-strings
1235              Assume that command line arguments are given  as  UTF8  strings.
1236              The  default (--no-utf8-strings) is to assume that arguments are
1237              encoded in the character set as specified by  --display-charset.
1238              These  options  affect all following arguments. Both options may
1239              be used multiple times.
1240
1241
1242
1243       --options file
1244              Read options from file and do not try to read them from the  de‐
1245              fault  options  file in the homedir (see --homedir). This option
1246              is ignored if used in an options file.
1247
1248
1249       --no-options
1250              Shortcut for --options /dev/null. This option is detected before
1251              an  attempt to open an option file.  Using this option will also
1252              prevent the creation of a ‘~/.gnupg’ homedir.
1253
1254
1255       -z n
1256
1257       --compress-level n
1258
1259       --bzip2-compress-level n
1260              Set compression level to n for the ZIP and ZLIB compression  al‐
1261              gorithms. The default is to use the default compression level of
1262              zlib (normally 6). --bzip2-compress-level sets  the  compression
1263              level  for  the  BZIP2 compression algorithm (defaulting to 6 as
1264              well). This is a different option  from  --compress-level  since
1265              BZIP2  uses  a  significant amount of memory for each additional
1266              compression level.  -z sets both. A value of 0  for  n  disables
1267              compression.
1268
1269
1270       --bzip2-decompress-lowmem
1271              Use a different decompression method for BZIP2 compressed files.
1272              This alternate method uses a bit more than half the memory,  but
1273              also  runs  at  half the speed. This is useful under extreme low
1274              memory circumstances when the file was originally compressed  at
1275              a high --bzip2-compress-level.
1276
1277
1278
1279       --mangle-dos-filenames
1280
1281       --no-mangle-dos-filenames
1282              Older  version of Windows cannot handle filenames with more than
1283              one dot. --mangle-dos-filenames causes GnuPG to replace  (rather
1284              than  add  to) the extension of an output filename to avoid this
1285              problem. This option is off by default and has no effect on non-
1286              Windows platforms.
1287
1288
1289       --ask-cert-level
1290
1291       --no-ask-cert-level
1292              When  making  a key signature, prompt for a certification level.
1293              If this option is not specified, the certification level used is
1294              set  via  --default-cert-level. See --default-cert-level for in‐
1295              formation on the specific levels and how they  are  used.  --no-
1296              ask-cert-level disables this option. This option defaults to no.
1297
1298
1299       --default-cert-level n
1300              The default to use for the check level when signing a key.
1301
1302              0  means  you  make  no particular claim as to how carefully you
1303              verified the key.
1304
1305              1 means you believe the key is owned by the person who claims to
1306              own it but you could not, or did not verify the key at all. This
1307              is useful for a "persona" verification, where you sign  the  key
1308              of a pseudonymous user.
1309
1310              2  means  you  did  casual verification of the key. For example,
1311              this could mean  that  you  verified  the  key  fingerprint  and
1312              checked the user ID on the key against a photo ID.
1313
1314              3  means you did extensive verification of the key. For example,
1315              this could mean that you verified the key fingerprint  with  the
1316              owner  of the key in person, and that you checked, by means of a
1317              hard to forge document with a photo ID (such as a passport) that
1318              the name of the key owner matches the name in the user ID on the
1319              key, and finally that you verified (by exchange of  email)  that
1320              the email address on the key belongs to the key owner.
1321
1322              Note  that  the examples given above for levels 2 and 3 are just
1323              that: examples. In the end, it is up to you to decide just  what
1324              "casual" and "extensive" mean to you.
1325
1326              This option defaults to 0 (no particular claim).
1327
1328
1329       --min-cert-level
1330              When  building  the  trust database, treat any signatures with a
1331              certification level below this as invalid. Defaults to 2,  which
1332              disregards  level 1 signatures. Note that level 0 "no particular
1333              claim" signatures are always accepted.
1334
1335
1336       --trusted-key long key ID
1337              Assume that the specified key (which must be given as a  full  8
1338              byte  key  ID) is as trustworthy as one of your own secret keys.
1339              This option is useful if you don't want to keep your secret keys
1340              (or  one  of them) online but still want to be able to check the
1341              validity of a given recipient's or signator's key.
1342
1343
1344       --trust-model pgp|classic|direct|always|auto
1345              Set what trust model GnuPG should follow. The models are:
1346
1347
1348
1349              pgp    This is the Web of Trust combined with  trust  signatures
1350                     as  used  in PGP 5.x and later. This is the default trust
1351                     model when creating a new trust database.
1352
1353
1354              classic
1355                     This is the standard Web of Trust as introduced by PGP 2.
1356
1357
1358              direct Key validity is set directly by the user and  not  calcu‐
1359                     lated via the Web of Trust.
1360
1361
1362              always Skip  key validation and assume that used keys are always
1363                     fully valid. You generally won't use this unless you  are
1364                     using  some  external validation scheme. This option also
1365                     suppresses the "[uncertain]" tag printed  with  signature
1366                     checks  when  there  is  no  evidence that the user ID is
1367                     bound to the key.  Note that this trust model still  does
1368                     not allow the use of expired, revoked, or disabled keys.
1369
1370
1371              auto   Select the trust model depending on whatever the internal
1372                     trust database says. This is the default model if such  a
1373                     database already exists.
1374
1375
1376       --auto-key-locate parameters
1377
1378       --no-auto-key-locate
1379              GnuPG can automatically locate and retrieve keys as needed using
1380              this option. This happens when encrypting to  an  email  address
1381              (in  the  "user@example.com"  form), and there are no user@exam‐
1382              ple.com keys on the local keyring.  This option takes any number
1383              of the following mechanisms, in the order they are to be tried:
1384
1385
1386
1387              cert   Locate a key using DNS CERT, as specified in rfc4398.
1388
1389
1390              pka    Locate a key using DNS PKA.
1391
1392
1393              ldap   Using DNS Service Discovery, check the domain in question
1394                     for any LDAP keyservers to use.  If this  fails,  attempt
1395                     to  locate  the  key  using  the  PGP Universal method of
1396                     checking 'ldap://keys.(thedomain)'.
1397
1398
1399              keyserver
1400                     Locate a key using whatever keyserver  is  defined  using
1401                     the --keyserver option.
1402
1403
1404              keyserver-URL
1405                     In  addition,  a keyserver URL as used in the --keyserver
1406                     option may be used here to  query  that  particular  key‐
1407                     server.
1408
1409
1410              local  Locate  the key using the local keyrings.  This mechanism
1411                     allows the user to select the order a local key lookup is
1412                     done.   Thus using '--auto-key-locate local' is identical
1413                     to --no-auto-key-locate.
1414
1415
1416              nodefault
1417                     This flag disables the standard local  key  lookup,  done
1418                     before  any  of the mechanisms defined by the --auto-key-
1419                     locate are tried.  The position of this mechanism in  the
1420                     list  does  not  matter.   It is not required if local is
1421                     also used.
1422
1423
1424              clear  Clear all defined mechanisms.  This is useful to override
1425                     mechanisms given in a config file.
1426
1427
1428
1429       --keyid-format short|0xshort|long|0xlong
1430              Select  how  to  display  key  IDs.  "short"  is the traditional
1431              8-character key ID. "long" is the more accurate (but less conve‐
1432              nient)  16-character key ID. Add an "0x" to either to include an
1433              "0x" at the beginning of the key ID,  as  in  0x99242560.   Note
1434              that this option is ignored if the option --with-colons is used.
1435
1436
1437       --keyserver name
1438              Use name as your keyserver. This is the server that --recv-keys,
1439              --send-keys, and --search-keys will communicate with to  receive
1440              keys  from,  send keys to, and search for keys on. The format of
1441              the name is a URI: `scheme:[//]keyservername[:port]' The  scheme
1442              is  the  type  of  keyserver: "hkp" for the HTTP (or compatible)
1443              keyservers, "ldap" for the LDAP keyservers, or "mailto" for  the
1444              Graff email keyserver. Note that your particular installation of
1445              GnuPG may have other keyserver types  available  as  well.  Key‐
1446              server  schemes  are case-insensitive. After the keyserver name,
1447              optional keyserver configuration options may be provided.  These
1448              are  the  same as the global --keyserver-options from below, but
1449              apply only to this particular keyserver.
1450
1451              Most keyservers synchronize with each other, so there is  gener‐
1452              ally no need to send keys to more than one server. The keyserver
1453              hkp://keys.gnupg.net uses round robin DNS to  give  a  different
1454              keyserver each time you use it.
1455
1456
1457       --keyserver-options name=value1
1458              This is a space or comma delimited string that gives options for
1459              the keyserver. Options can be prefixed with a `no-' to give  the
1460              opposite  meaning. Valid import-options or export-options may be
1461              used here as well to apply to importing (--recv-key) or  export‐
1462              ing  (--send-key)  a key from a keyserver. While not all options
1463              are available for all keyserver types, some common options are:
1464
1465
1466
1467              include-revoked
1468                     When searching for a key with --search-keys, include keys
1469                     that  are  marked  on the keyserver as revoked. Note that
1470                     not all keyservers differentiate between revoked and  un‐
1471                     revoked  keys,  and  for  such  keyservers this option is
1472                     meaningless. Note also that most keyservers do  not  have
1473                     cryptographic  verification  of  key  revocations, and so
1474                     turning this option off may result in skipping keys  that
1475                     are incorrectly marked as revoked.
1476
1477
1478              include-disabled
1479                     When searching for a key with --search-keys, include keys
1480                     that are marked on the keyserver as disabled.  Note  that
1481                     this option is not used with HKP keyservers.
1482
1483
1484              auto-key-retrieve
1485                     This option enables the automatic retrieving of keys from
1486                     a keyserver when verifying signatures made by  keys  that
1487                     are not on the local keyring.
1488
1489                     Note  that  this  option  makes a "web bug" like behavior
1490                     possible.  Keyserver operators can see which keys you re‐
1491                     quest,  so by sending you a message signed by a brand new
1492                     key (which you naturally will  not  have  on  your  local
1493                     keyring),  the operator can tell both your IP address and
1494                     the time when you verified the signature.
1495
1496
1497              honor-keyserver-url
1498                     When using --refresh-keys, if the key in question  has  a
1499                     preferred  keyserver  URL,  then  use that preferred key‐
1500                     server to refresh the key from. In addition, if auto-key-
1501                     retrieve  is  set, and the signature being verified has a
1502                     preferred keyserver URL, then  use  that  preferred  key‐
1503                     server to fetch the key from. Defaults to yes.
1504
1505
1506              honor-pka-record
1507                     If auto-key-retrieve is set, and the signature being ver‐
1508                     ified has a PKA record, then use the PKA  information  to
1509                     fetch the key. Defaults to yes.
1510
1511
1512              include-subkeys
1513                     When  receiving  a key, include subkeys as potential tar‐
1514                     gets. Note that this option is not  used  with  HKP  key‐
1515                     servers, as they do not support retrieving keys by subkey
1516                     id.
1517
1518
1519              use-temp-files
1520                     On most Unix-like platforms, GnuPG communicates with  the
1521                     keyserver helper program via pipes, which is the most ef‐
1522                     ficient method. This option forces GnuPG to use temporary
1523                     files  to  communicate.  On some platforms (such as Win32
1524                     and RISC OS), this option is always enabled.
1525
1526
1527              keep-temp-files
1528                     If using `use-temp-files', do not delete the  temp  files
1529                     after using them. This option is useful to learn the key‐
1530                     server communication protocol by  reading  the  temporary
1531                     files.
1532
1533
1534              verbose
1535                     Tell  the  keyserver  helper  program to be more verbose.
1536                     This option can be repeated multiple  times  to  increase
1537                     the verbosity level.
1538
1539
1540              timeout
1541                     Tell  the  keyserver helper program how long (in seconds)
1542                     to try and perform a keyserver action before  giving  up.
1543                     Note  that  performing  multiple actions at the same time
1544                     uses this timeout value per action.   For  example,  when
1545                     retrieving multiple keys via --recv-keys, the timeout ap‐
1546                     plies separately to each key retrieval, and  not  to  the
1547                     --recv-keys command as a whole. Defaults to 30 seconds.
1548
1549
1550              http-proxy=value
1551                     Set  the  proxy to use for HTTP and HKP keyservers.  This
1552                     overrides the "http_proxy" environment variable, if any.
1553
1554
1555
1556              max-cert-size
1557                     When retrieving a key via DNS CERT, only accept  keys  up
1558                     to this size.  Defaults to 16384 bytes.
1559
1560
1561              debug  Turn  on  debug  output  in the keyserver helper program.
1562                     Note that the details of debug output  depends  on  which
1563                     keyserver  helper  program is being used, and in turn, on
1564                     any libraries that the keyserver helper program uses  in‐
1565                     ternally (libcurl, openldap, etc).
1566
1567
1568              check-cert
1569                     Enable certificate checking if the keyserver presents one
1570                     (for hkps or ldaps).  Defaults to on.
1571
1572
1573              ca-cert-file
1574                     Provide a certificate store to override  the  system  de‐
1575                     fault.   Only necessary if check-cert is enabled, and the
1576                     keyserver is using a certificate that is not present in a
1577                     system default certificate list.
1578
1579                     Note that depending on the SSL library that the keyserver
1580                     helper is built with, this may actually be a directory or
1581                     a file.
1582
1583
1584
1585       --completes-needed n
1586              Number of completely trusted users to introduce a new key signer
1587              (defaults to 1).
1588
1589
1590       --marginals-needed n
1591              Number of marginally trusted users to introduce a new key signer
1592              (defaults to 3)
1593
1594
1595       --max-cert-depth n
1596              Maximum depth of a certification chain (default is 5).
1597
1598
1599       --simple-sk-checksum
1600              Secret  keys  are integrity protected by using a SHA-1 checksum.
1601              This method is part of the upcoming enhanced OpenPGP  specifica‐
1602              tion  but GnuPG already uses it as a countermeasure against cer‐
1603              tain attacks.  Old applications don't understand this  new  for‐
1604              mat, so this option may be used to switch back to the old behav‐
1605              iour. Using this option bears a security risk. Note  that  using
1606              this option only takes effect when the secret key is encrypted -
1607              the simplest way to make this happen is to change the passphrase
1608              on the key (even changing it to the same value is acceptable).
1609
1610
1611       --no-sig-cache
1612              Do not cache the verification status of key signatures.  Caching
1613              gives a much better performance in key listings. However, if you
1614              suspect that your public keyring is not save against write modi‐
1615              fications, you can use this option to disable  the  caching.  It
1616              probably  does  not make sense to disable it because all kind of
1617              damage can be done if someone else has write access to your pub‐
1618              lic keyring.
1619
1620
1621       --no-sig-create-check
1622              This options is obsolete.  It has no function.
1623
1624
1625       --auto-check-trustdb
1626
1627       --no-auto-check-trustdb
1628              If  GnuPG  feels that its information about the Web of Trust has
1629              to be updated, it automatically runs the --check-trustdb command
1630              internally.   This  may  be a time consuming process. --no-auto-
1631              check-trustdb disables this option.
1632
1633
1634       --use-agent
1635
1636       --no-use-agent
1637              Try to use the GnuPG-Agent.  With this option, GnuPG first tries
1638              to  connect  to the agent before it asks for a passphrase. --no-
1639              use-agent disables this option.  Note, that the tool gpg-preset-
1640              passphrase, which comes with GnuPG-2, cannot be used to preset a
1641              passphrase for this version of GnuPG.
1642
1643
1644       --gpg-agent-info
1645              Override the value of the environment variable 'GPG_AGENT_INFO'.
1646              This  is  only used when --use-agent has been given.  Given that
1647              this option is not anymore used by gpg2, it should be avoided if
1648              possible.
1649
1650
1651
1652       --lock-once
1653              Lock the databases the first time a lock is requested and do not
1654              release the lock until the process terminates.
1655
1656
1657       --lock-multiple
1658              Release the locks every time a lock is  no  longer  needed.  Use
1659              this to override a previous --lock-once from a config file.
1660
1661
1662       --lock-never
1663              Disable  locking  entirely.  This  option should be used only in
1664              very special environments, where it can be assured that only one
1665              process  is  accessing  those  files.  A  bootable floppy with a
1666              stand-alone encryption system will probably use  this.  Improper
1667              usage of this option may lead to data and key corruption.
1668
1669
1670       --exit-on-status-write-error
1671              This  option will cause write errors on the status FD to immedi‐
1672              ately terminate the process. That should in fact be the  default
1673              but  it  never worked this way and thus we need an option to en‐
1674              able this, so that the change  won't  break  applications  which
1675              close  their  end of a status fd connected pipe too early. Using
1676              this option along with --enable-progress-filter may be  used  to
1677              cleanly cancel long running gpg operations.
1678
1679
1680       --limit-card-insert-tries n
1681              With  n  greater than 0 the number of prompts asking to insert a
1682              smartcard gets limited to N-1. Thus with a value of 1 gpg  won't
1683              at  all  ask  to  insert  a  card  if  none has been inserted at
1684              startup. This option is useful in the configuration file in case
1685              an  application  does  not  know about the smartcard support and
1686              waits ad infinitum for an inserted card.
1687
1688
1689       --no-random-seed-file
1690              GnuPG uses a file to store its internal random pool over invoca‐
1691              tions.   This  makes random generation faster; however sometimes
1692              write operations are not desired. This option  can  be  used  to
1693              achieve that with the cost of slower random generation.
1694
1695
1696       --no-greeting
1697              Suppress the initial copyright message.
1698
1699
1700       --no-secmem-warning
1701              Suppress the warning about "using insecure memory".
1702
1703
1704       --no-permission-warning
1705              Suppress  the  warning  about  unsafe  file  and  home directory
1706              (--homedir) permissions. Note that the  permission  checks  that
1707              GnuPG  performs are not intended to be authoritative, but rather
1708              they simply warn about certain common  permission  problems.  Do
1709              not  assume that the lack of a warning means that your system is
1710              secure.
1711
1712              Note that the warning for unsafe --homedir permissions cannot be
1713              suppressed in the gpg.conf file, as this would allow an attacker
1714              to place an unsafe gpg.conf file in place, and use this file  to
1715              suppress  warnings about itself. The --homedir permissions warn‐
1716              ing may only be suppressed on the command line.
1717
1718
1719       --no-mdc-warning
1720              Suppress the warning about missing MDC integrity protection.
1721
1722
1723       --require-secmem
1724
1725       --no-require-secmem
1726              Refuse to run if GnuPG cannot get secure memory. Defaults to  no
1727              (i.e. run, but give a warning).
1728
1729
1730
1731       --require-cross-certification
1732
1733       --no-require-cross-certification
1734              When  verifying  a signature made from a subkey, ensure that the
1735              cross certification "back signature" on the  subkey  is  present
1736              and  valid.   This protects against a subtle attack against sub‐
1737              keys that can sign.  Defaults  to  --require-cross-certification
1738              for gpg.
1739
1740
1741       --expert
1742
1743       --no-expert
1744              Allow  the user to do certain nonsensical or "silly" things like
1745              signing an expired or revoked key, or certain potentially incom‐
1746              patible things like generating unusual key types. This also dis‐
1747              ables certain warning messages  about  potentially  incompatible
1748              actions.  As  the name implies, this option is for experts only.
1749              If you don't fully understand the implications of what it allows
1750              you to do, leave this off. --no-expert disables this option.
1751
1752
1753
1754
1755
1756   Key related options
1757
1758
1759
1760
1761       --recipient name
1762
1763       -r     Encrypt  for  user id name. If this option or --hidden-recipient
1764              is not specified, GnuPG asks for the user-id  unless  --default-
1765              recipient is given.
1766
1767
1768       --hidden-recipient name
1769
1770       -R     Encrypt  for  user  ID  name, but hide the key ID of this user's
1771              key. This option helps to hide the receiver of the  message  and
1772              is  a  limited  countermeasure against traffic analysis. If this
1773              option or --recipient is not specified, GnuPG asks for the  user
1774              ID unless --default-recipient is given.
1775
1776
1777       --encrypt-to name
1778              Same  as --recipient but this one is intended for use in the op‐
1779              tions file and may be used with your own user-id as an "encrypt-
1780              to-self".  These keys are only used when there are other recipi‐
1781              ents given either by use of --recipient or by the asked user id.
1782              No  trust checking is performed for these user ids and even dis‐
1783              abled keys can be used.
1784
1785
1786       --hidden-encrypt-to name
1787              Same as --hidden-recipient but this one is intended for  use  in
1788              the options file and may be used with your own user-id as a hid‐
1789              den "encrypt-to-self". These keys are only used when  there  are
1790              other  recipients  given  either by use of --recipient or by the
1791              asked user id.  No trust checking is performed  for  these  user
1792              ids and even disabled keys can be used.
1793
1794
1795       --no-encrypt-to
1796              Disable  the  use  of  all  --encrypt-to and --hidden-encrypt-to
1797              keys.
1798
1799
1800       --group name=value1
1801              Sets up a named group, which is similar to aliases in email pro‐
1802              grams.   Any time the group name is a recipient (-r or --recipi‐
1803              ent), it will be expanded  to  the  values  specified.  Multiple
1804              groups with the same name are automatically merged into a single
1805              group.
1806
1807              The values are key IDs or fingerprints, but any key  description
1808              is accepted. Note that a value with spaces in it will be treated
1809              as two different values. Note also there is only  one  level  of
1810              expansion  ---  you  cannot make an group that points to another
1811              group. When used from the command line, it may be  necessary  to
1812              quote  the  argument  to  this  option to prevent the shell from
1813              treating it as multiple arguments.
1814
1815
1816       --ungroup name
1817              Remove a given entry from the --group list.
1818
1819
1820       --no-groups
1821              Remove all entries from the --group list.
1822
1823
1824       --local-user name
1825
1826       -u     Use name as the key to sign with. Note that  this  option  over‐
1827              rides --default-key.
1828
1829
1830       --try-all-secrets
1831              Don't  look  at  the key ID as stored in the message but try all
1832              secret keys in turn to find the right decryption key.  This  op‐
1833              tion  forces the behaviour as used by anonymous recipients (cre‐
1834              ated by using --throw-keyids or  --hidden-recipient)  and  might
1835              come  handy  in case where an encrypted message contains a bogus
1836              key ID.
1837
1838
1839
1840
1841
1842   Input and Output
1843
1844
1845
1846
1847       --armor
1848
1849       -a     Create ASCII armored output.  The default is to create  the  bi‐
1850              nary OpenPGP format.
1851
1852
1853       --no-armor
1854              Assume the input data is not in ASCII armored format.
1855
1856
1857       --output file
1858
1859       -o file
1860              Write output to file.
1861
1862
1863       --max-output n
1864              This  option  sets  a  limit on the number of bytes that will be
1865              generated when processing a file. Since OpenPGP supports various
1866              levels  of  compression,  it is possible that the plaintext of a
1867              given message may be  significantly  larger  than  the  original
1868              OpenPGP  message. While GnuPG works properly with such messages,
1869              there is often a desire to set a maximum file size that will  be
1870              generated  before processing is forced to stop by the OS limits.
1871              Defaults to 0, which means "no limit".
1872
1873
1874       --import-options parameters
1875              This is a space or comma delimited string that gives options for
1876              importing  keys.  Options  can be prepended with a `no-' to give
1877              the opposite meaning. The options are:
1878
1879
1880
1881              import-local-sigs
1882                     Allow importing key signatures marked as "local". This is
1883                     not  generally  useful  unless a shared keyring scheme is
1884                     being used.  Defaults to no.
1885
1886
1887              keep-ownertrust
1888                     Normally possible still existing ownertrust values  of  a
1889                     key are cleared if a key is imported.  This is in general
1890                     desirable so that a formerly deleted key does  not  auto‐
1891                     matically gain an ownertrust values merely due to import.
1892                     On the other hand it is sometimes necessary to  re-import
1893                     a  trusted set of keys again but keeping already assigned
1894                     ownertrust values.  This can be achieved  by  using  this
1895                     option.
1896
1897
1898              repair-pks-subkey-bug
1899                     During import, attempt to repair the damage caused by the
1900                     PKS keyserver bug (pre version 0.9.6) that  mangles  keys
1901                     with  multiple  subkeys. Note that this cannot completely
1902                     repair the damaged key as some crucial data is removed by
1903                     the  keyserver,  but  it  does at least give you back one
1904                     subkey. Defaults to no for regular --import  and  to  yes
1905                     for keyserver --recv-keys.
1906
1907
1908              merge-only
1909                     During import, allow key updates to existing keys, but do
1910                     not allow any new keys to be imported. Defaults to no.
1911
1912
1913              import-clean
1914                     After import, compact (remove all signatures  except  the
1915                     self-signature)  any  user  IDs from the new key that are
1916                     not usable.  Then, remove any signatures from the new key
1917                     that  are not usable.  This includes signatures that were
1918                     issued by keys that are not present on the keyring.  This
1919                     option  is  the  same  as  running the --edit-key command
1920                     "clean" after import. Defaults to no.
1921
1922
1923              import-minimal
1924                     Import the smallest key possible. This removes all signa‐
1925                     tures  except the most recent self-signature on each user
1926                     ID. This option is the same  as  running  the  --edit-key
1927                     command "minimize" after import.  Defaults to no.
1928
1929
1930       --export-options parameters
1931              This is a space or comma delimited string that gives options for
1932              exporting keys. Options can be prepended with a  `no-'  to  give
1933              the opposite meaning. The options are:
1934
1935
1936
1937              export-local-sigs
1938                     Allow exporting key signatures marked as "local". This is
1939                     not generally useful unless a shared  keyring  scheme  is
1940                     being used.  Defaults to no.
1941
1942
1943              export-attributes
1944                     Include  attribute  user IDs (photo IDs) while exporting.
1945                     This is useful to export keys if they  are  going  to  be
1946                     used by an OpenPGP program that does not accept attribute
1947                     user IDs. Defaults to yes.
1948
1949
1950              export-sensitive-revkeys
1951                     Include designated revoker information that was marked as
1952                     "sensitive". Defaults to no.
1953
1954
1955              export-reset-subkey-passwd
1956                     When  using the --export-secret-subkeys command, this op‐
1957                     tion resets the passphrases for all exported  subkeys  to
1958                     empty.  This  is useful when the exported subkey is to be
1959                     used on an unattended machine where a passphrase  doesn't
1960                     necessarily make sense. Defaults to no.
1961
1962
1963              export-clean
1964                     Compact  (remove all signatures from) user IDs on the key
1965                     being exported if the user IDs are not usable.  Also,  do
1966                     not  export  any signatures that are not usable. This in‐
1967                     cludes signatures that were issued by keys that  are  not
1968                     present  on  the keyring. This option is the same as run‐
1969                     ning the --edit-key command "clean" before export  except
1970                     that  the local copy of the key is not modified. Defaults
1971                     to no.
1972
1973
1974              export-minimal
1975                     Export the smallest key possible. This removes all signa‐
1976                     tures  except the most recent self-signature on each user
1977                     ID. This option is the same  as  running  the  --edit-key
1978                     command  "minimize"  before  export except that the local
1979                     copy of the key is not modified. Defaults to no.
1980
1981
1982       --with-colons
1983              Print key listings delimited by colons.  Note  that  the  output
1984              will  be  encoded  in  UTF-8 regardless of any --display-charset
1985              setting. This format is useful when GnuPG is called from scripts
1986              and  other  programs as it is easily machine parsed. The details
1987              of this format are documented in the file  ‘doc/DETAILS’,  which
1988              is included in the GnuPG source distribution.
1989
1990
1991       --fixed-list-mode
1992              Do  not  merge  primary  user ID and primary key in --with-colon
1993              listing  mode  and  print  all  timestamps  as   seconds   since
1994              1970-01-01.
1995
1996
1997       --with-fingerprint
1998              Same as the command --fingerprint but changes only the format of
1999              the output and may be used together with another command.
2000
2001
2002
2003
2004   OpenPGP protocol specific options.
2005
2006
2007
2008
2009       -t, --textmode
2010
2011       --no-textmode
2012              Treat input files as text and store them in the OpenPGP  canoni‐
2013              cal  text form with standard "CRLF" line endings. This also sets
2014              the necessary flags to inform the recipient that  the  encrypted
2015              or  signed  data is text and may need its line endings converted
2016              back to whatever the local system uses. This  option  is  useful
2017              when  communicating  between  two  platforms that have different
2018              line ending conventions (UNIX-like to Mac, Mac to Windows, etc).
2019              --no-textmode disables this option, and is the default.
2020
2021              If  -t  (but  not --textmode) is used together with armoring and
2022              signing, this  enables  clearsigned  messages.  This  kludge  is
2023              needed for command-line compatibility with command-line versions
2024              of PGP; normally you would use --sign or --clearsign  to  select
2025              the type of the signature.
2026
2027
2028       --force-v3-sigs
2029
2030       --no-force-v3-sigs
2031              OpenPGP  states that an implementation should generate v4 signa‐
2032              tures but PGP versions 5 through 7 only recognize v4  signatures
2033              on key material. This option forces v3 signatures for signatures
2034              on data.  Note that this option implies --no-ask-sig-expire, and
2035              unsets  --sig-policy-url,  --sig-notation,  and --sig-keyserver-
2036              url, as these features cannot be used with v3 signatures.  --no-
2037              force-v3-sigs disables this option.  Defaults to no.
2038
2039
2040       --force-v4-certs
2041
2042       --no-force-v4-certs
2043              Always  use  v4 key signatures even on v3 keys. This option also
2044              changes the default hash algorithm for v3 RSA keys from  MD5  to
2045              SHA-1.  --no-force-v4-certs disables this option.
2046
2047
2048       --force-mdc
2049              Force  the use of encryption with a modification detection code.
2050              This is always used with the newer ciphers (those with a  block‐
2051              size  greater than 64 bits), or if all of the recipient keys in‐
2052              dicate MDC support in their feature flags.
2053
2054
2055       --disable-mdc
2056              Disable the use of the modification detection code. Note that by
2057              using this option, the encrypted message becomes vulnerable to a
2058              message modification attack.
2059
2060
2061       --personal-cipher-preferences string
2062              Set the list of personal cipher preferences to string.  Use  gpg
2063              --version to get a list of available algorithms, and use none to
2064              set no preference at all.  This allows the user to safely  over‐
2065              ride  the  algorithm chosen by the recipient key preferences, as
2066              GPG will only select an algorithm that is usable by all  recipi‐
2067              ents.   The  most highly ranked cipher in this list is also used
2068              for the --symmetric encryption command.
2069
2070
2071       --personal-digest-preferences string
2072              Set the list of personal digest preferences to string.  Use  gpg
2073              --version to get a list of available algorithms, and use none to
2074              set no preference at all.  This allows the user to safely  over‐
2075              ride  the  algorithm chosen by the recipient key preferences, as
2076              GPG will only select an algorithm that is usable by all  recipi‐
2077              ents.   The  most highly ranked digest algorithm in this list is
2078              also used when signing without encryption (e.g.  --clearsign  or
2079              --sign).
2080
2081
2082       --personal-compress-preferences string
2083              Set the list of personal compression preferences to string.  Use
2084              gpg --version to get a list of  available  algorithms,  and  use
2085              none  to  set  no  preference  at  all.  This allows the user to
2086              safely override the algorithm chosen by the recipient key  pref‐
2087              erences,  as GPG will only select an algorithm that is usable by
2088              all recipients.  The most highly ranked compression algorithm in
2089              this  list is also used when there are no recipient keys to con‐
2090              sider (e.g. --symmetric).
2091
2092
2093       --s2k-cipher-algo name
2094              Use name as the cipher algorithm used to  protect  secret  keys.
2095              The  default cipher is AES128. This cipher is also used for con‐
2096              ventional encryption if --personal-cipher-preferences and  --ci‐
2097              pher-algo is not given.
2098
2099
2100       --s2k-digest-algo name
2101              Use name as the digest algorithm used to mangle the passphrases.
2102              The default algorithm is SHA-1.
2103
2104
2105       --s2k-mode n
2106              Selects  how  passphrases  are  mangled.  If  n  is  0  a  plain
2107              passphrase  (which  is not recommended) will be used, a 1 adds a
2108              salt to the passphrase and a 3 (the default) iterates the  whole
2109              process  a  number of times (see --s2k-count).  Unless --rfc1991
2110              is used, this mode is also used for conventional encryption.
2111
2112
2113       --s2k-count n
2114              Specify how many times  the  passphrase  mangling  is  repeated.
2115              This  value  may range between 1024 and 65011712 inclusive.  The
2116              default is inquired from gpg-agent.  Note that not all values in
2117              the 1024-65011712 range are legal and if an illegal value is se‐
2118              lected, GnuPG will round up to the nearest  legal  value.   This
2119              option is only meaningful if --s2k-mode is 3.
2120
2121
2122
2123
2124
2125   Compliance options
2126
2127
2128       These options control what GnuPG is compliant to. Only one of these op‐
2129       tions may be active at a time. Note that the default setting of this is
2130       nearly  always  the  correct  one.  See the INTEROPERABILITY WITH OTHER
2131       OPENPGP PROGRAMS section below before using one of these options.
2132
2133
2134
2135       --gnupg
2136              Use standard GnuPG behavior. This is essentially OpenPGP  behav‐
2137              ior  (see  --openpgp),  but with some additional workarounds for
2138              common compatibility problems in different versions of PGP. This
2139              is the default option, so it is not generally needed, but it may
2140              be useful to override  a  different  compliance  option  in  the
2141              gpg.conf file.
2142
2143
2144       --openpgp
2145              Reset  all  packet,  cipher and digest options to strict OpenPGP
2146              behavior. Use this option to reset  all  previous  options  like
2147              --s2k-*,  --cipher-algo,  --digest-algo  and  --compress-algo to
2148              OpenPGP compliant values. All PGP workarounds are disabled.
2149
2150
2151       --rfc4880
2152              Reset all packet, cipher and digest options to  strict  RFC-4880
2153              behavior.  Note  that  this  is  currently  the  same  thing  as
2154              --openpgp.
2155
2156
2157       --rfc2440
2158              Reset all packet, cipher and digest options to  strict  RFC-2440
2159              behavior.
2160
2161
2162       --rfc1991
2163              Try  to  be  more  RFC-1991 (PGP 2.x) compliant.  This option is
2164              deprecated will be removed in GnuPG 2.1.
2165
2166
2167       --pgp2 Set up all options to be as PGP 2.x compliant as  possible,  and
2168              warn  if  an  action is taken (e.g. encrypting to a non-RSA key)
2169              that will create a message that PGP 2.x will not be able to han‐
2170              dle.  Note  that `PGP 2.x' here means `MIT PGP 2.6.2'. There are
2171              other versions of PGP 2.x available, but the MIT  release  is  a
2172              good common baseline.
2173
2174              This option implies --rfc1991 --disable-mdc --no-force-v4-certs
2175               --escape-from-lines  --force-v3-sigs --allow-weak-digest-algos
2176               --cipher-algo  IDEA  --digest-algo MD5 --compress-algo ZIP.  It
2177              also disables --textmode when encrypting.
2178
2179              This option is deprecated will be removed  in  GnuPG  2.1.   The
2180              reason  for  dropping  PGP-2 support is that the PGP 2 format is
2181              not anymore considered safe (for example due to the use  of  the
2182              broken  MD5  algorithm).  Note that the decryption of PGP-2 cre‐
2183              ated messages will continue to work.
2184
2185
2186       --pgp6 Set up all options to be as PGP 6 compliant  as  possible.  This
2187              restricts  you  to  the  ciphers IDEA (if the IDEA plugin is in‐
2188              stalled), 3DES, and CAST5, the hashes MD5, SHA1  and  RIPEMD160,
2189              and  the compression algorithms none and ZIP. This also disables
2190              --throw-keyids, and making signatures with  signing  subkeys  as
2191              PGP 6 does not understand signatures made by signing subkeys.
2192
2193              This  option  implies --disable-mdc --escape-from-lines --force-
2194              v3-sigs.
2195
2196
2197       --pgp7 Set up all options to be as PGP 7 compliant as possible. This is
2198              identical  to  --pgp6 except that MDCs are not disabled, and the
2199              list of allowable ciphers is expanded  to  add  AES128,  AES192,
2200              AES256, and TWOFISH.
2201
2202
2203       --pgp8 Set  up  all options to be as PGP 8 compliant as possible. PGP 8
2204              is a lot closer to the OpenPGP standard than  previous  versions
2205              of PGP, so all this does is disable --throw-keyids and set --es‐
2206              cape-from-lines.  All algorithms  are  allowed  except  for  the
2207              SHA224, SHA384, and SHA512 digests.
2208
2209
2210
2211
2212
2213   Doing things one usually doesn't want to do.
2214
2215
2216
2217
2218       -n
2219
2220       --dry-run
2221              Don't make any changes (this is not completely implemented).
2222
2223
2224       --list-only
2225              Changes  the  behaviour of some commands. This is like --dry-run
2226              but different in some cases. The semantic of this command may be
2227              extended  in  the future. Currently it only skips the actual de‐
2228              cryption pass and therefore enables a fast listing  of  the  en‐
2229              cryption keys.
2230
2231
2232       -i
2233
2234       --interactive
2235              Prompt before overwriting any files.
2236
2237
2238       --debug-level level
2239              Select  the debug level for investigating problems. level may be
2240              a numeric value or by a keyword:
2241
2242
2243              none   No debugging at all.  A value of less than 1 may be  used
2244                     instead of the keyword.
2245
2246              basic  Some  basic  debug messages.  A value between 1 and 2 may
2247                     be used instead of the keyword.
2248
2249              advanced
2250                     More verbose debug messages.  A value between 3 and 5 may
2251                     be used instead of the keyword.
2252
2253              expert Even more detailed messages.  A value between 6 and 8 may
2254                     be used instead of the keyword.
2255
2256              guru   All of the debug messages you can get.  A  value  greater
2257                     than  8 may be used instead of the keyword.  The creation
2258                     of hash tracing files is only enabled if the  keyword  is
2259                     used.
2260
2261       How  these  messages  are  mapped  to the actual debugging flags is not
2262       specified and may change with newer releases of this program. They  are
2263       however carefully selected to best aid in debugging.
2264
2265
2266       --debug flags
2267              Set  debugging flags. All flags are or-ed and flags may be given
2268              in C syntax (e.g. 0x0042).
2269
2270
2271       --debug-all
2272              Set all useful debugging flags.
2273
2274
2275       --debug-ccid-driver
2276              Enable debug output from the included  CCID  driver  for  smart‐
2277              cards.  Note that this option is only available on some system.
2278
2279
2280       --enable-progress-filter
2281              Enable  certain  PROGRESS  status  outputs.  This  option allows
2282              frontends to display a progress indicator while gpg is  process‐
2283              ing  larger files.  There is a slight performance overhead using
2284              it.
2285
2286
2287       --status-fd n
2288              Write special status strings to the file descriptor n.  See  the
2289              file DETAILS in the documentation for a listing of them.
2290
2291
2292       --status-file file
2293              Same  as  --status-fd, except the status data is written to file
2294              file.
2295
2296
2297       --logger-fd n
2298              Write log output to file descriptor n and not to STDERR.
2299
2300
2301       --log-file file
2302
2303       --logger-file file
2304              Same as --logger-fd, except the logger data is written  to  file
2305              file.  Note that --log-file is only implemented for GnuPG-2.
2306
2307
2308       --attribute-fd n
2309              Write  attribute  subpackets  to  the file descriptor n. This is
2310              most useful for use with --status-fd, since the status  messages
2311              are  needed  to  separate  out  the  various subpackets from the
2312              stream delivered to the file descriptor.
2313
2314
2315       --attribute-file file
2316              Same as --attribute-fd, except the attribute data is written  to
2317              file file.
2318
2319
2320       --comment string
2321
2322       --no-comments
2323              Use  string  as  a  comment  string in clear text signatures and
2324              ASCII armored messages or keys (see --armor). The default behav‐
2325              ior  is  not  to use a comment string. --comment may be repeated
2326              multiple times to get multiple  comment  strings.  --no-comments
2327              removes all comments.  It is a good idea to keep the length of a
2328              single comment below 60 characters to avoid problems  with  mail
2329              programs wrapping such lines.  Note that comment lines, like all
2330              other header lines, are not protected by the signature.
2331
2332
2333       --emit-version
2334
2335       --no-emit-version
2336              Force inclusion of the version string in ASCII  armored  output.
2337              If  given once only the name of the program and the major number
2338              is emitted, given twice the minor is also emitted, given  triple
2339              the micro is added, and given quad an operating system identifi‐
2340              cation is also emitted.   --no-emit-version  (default)  disables
2341              the version line.
2342
2343
2344       --sig-notation name=value
2345
2346       --cert-notation name=value
2347
2348       -N, --set-notation name=value
2349              Put  the  name  value  pair into the signature as notation data.
2350              name must consist only of printable characters  or  spaces,  and
2351              must  contain  a  '@' character in the form keyname@domain.exam‐
2352              ple.com (substituting the appropriate keyname and  domain  name,
2353              of  course).   This is to help prevent pollution of the IETF re‐
2354              served notation namespace. The --expert flag overrides  the  '@'
2355              check.  value may be any printable string; it will be encoded in
2356              UTF8, so you should check that  your  --display-charset  is  set
2357              correctly.  If you prefix name with an exclamation mark (!), the
2358              notation data will be flagged  as  critical  (rfc4880:5.2.3.16).
2359              --sig-notation sets a notation for data signatures. --cert-nota‐
2360              tion sets a notation for key signatures (certifications). --set-
2361              notation sets both.
2362
2363              There are special codes that may be used in notation names. "%k"
2364              will be expanded into the key ID of the key being  signed,  "%K"
2365              into the long key ID of the key being signed, "%f" into the fin‐
2366              gerprint of the key being signed, "%s" into the key  ID  of  the
2367              key  making  the signature, "%S" into the long key ID of the key
2368              making the signature, "%g" into the fingerprint of the key  mak‐
2369              ing  the signature (which might be a subkey), "%p" into the fin‐
2370              gerprint of the primary key of the  key  making  the  signature,
2371              "%c"  into  the  signature count from the OpenPGP smartcard, and
2372              "%%" results in a single "%". %k, %K, and %f are only meaningful
2373              when  making  a  key  signature  (certification), and %c is only
2374              meaningful when using the OpenPGP smartcard.
2375
2376
2377       --sig-policy-url string
2378
2379       --cert-policy-url string
2380
2381       --set-policy-url string
2382              Use string as a Policy URL  for  signatures  (rfc4880:5.2.3.20).
2383              If  you  prefix  it with an exclamation mark (!), the policy URL
2384              packet will be flagged as critical. --sig-policy-url sets a pol‐
2385              icy url for data signatures. --cert-policy-url sets a policy url
2386              for key signatures (certifications). --set-policy-url sets both.
2387
2388              The same %-expandos used for notation data are available here as
2389              well.
2390
2391
2392       --sig-keyserver-url string
2393              Use  string as a preferred keyserver URL for data signatures. If
2394              you prefix it with an exclamation mark (!),  the  keyserver  URL
2395              packet will be flagged as critical.
2396
2397              The same %-expandos used for notation data are available here as
2398              well.
2399
2400
2401       --set-filename string
2402              Use string as the filename  which  is  stored  inside  messages.
2403              This  overrides the default, which is to use the actual filename
2404              of the file being encrypted.
2405
2406
2407       --for-your-eyes-only
2408
2409       --no-for-your-eyes-only
2410              Set the `for your eyes only' flag in the  message.  This  causes
2411              GnuPG  to  refuse to save the file unless the --output option is
2412              given, and PGP to use a "secure viewer" with a claimed  Tempest-
2413              resistant  font  to  display  the message. This option overrides
2414              --set-filename.  --no-for-your-eyes-only disables this option.
2415
2416
2417       --use-embedded-filename
2418
2419       --no-use-embedded-filename
2420              Try to create a file with a name as embedded in the  data.  This
2421              can  be  a dangerous option as it enables overwriting files. De‐
2422              faults to no.
2423
2424
2425       --cipher-algo name
2426              Use name as cipher algorithm. Running the program with the  com‐
2427              mand --version yields a list of supported algorithms. If this is
2428              not used the cipher algorithm is selected from  the  preferences
2429              stored with the key. In general, you do not want to use this op‐
2430              tion as it allows you to violate the OpenPGP  standard.   --per‐
2431              sonal-cipher-preferences  is the safe way to accomplish the same
2432              thing.
2433
2434
2435       --digest-algo name
2436              Use name as the message digest algorithm.  Running  the  program
2437              with  the  command  --version  yields  a list of supported algo‐
2438              rithms. In general, you do not want to use this option as it al‐
2439              lows  you  to  violate  the OpenPGP standard. --personal-digest-
2440              preferences is the safe way to accomplish the same thing.
2441
2442
2443       --compress-algo name
2444              Use compression algorithm name. "zlib" is RFC-1950 ZLIB compres‐
2445              sion.  "zip"  is  RFC-1951 ZIP compression which is used by PGP.
2446              "bzip2" is a more modern compression scheme  that  can  compress
2447              some  things  better  than  zip or zlib, but at the cost of more
2448              memory used during compression and decompression. "uncompressed"
2449              or  "none" disables compression. If this option is not used, the
2450              default behavior is to examine the recipient key preferences  to
2451              see  which algorithms the recipient supports. If all else fails,
2452              ZIP is used for maximum compatibility.
2453
2454              ZLIB may give better compression results than ZIP, as  the  com‐
2455              pression  window  size is not limited to 8k. BZIP2 may give even
2456              better compression results than that, but will  use  a  signifi‐
2457              cantly larger amount of memory while compressing and decompress‐
2458              ing. This may be significant in  low  memory  situations.  Note,
2459              however,  that PGP (all versions) only supports ZIP compression.
2460              Using any algorithm other than ZIP or "none" will make the  mes‐
2461              sage  unreadable  with  PGP.  In general, you do not want to use
2462              this option as it allows you to violate  the  OpenPGP  standard.
2463              --personal-compress-preferences  is  the  safe way to accomplish
2464              the same thing.
2465
2466
2467       --cert-digest-algo name
2468              Use name as the message digest algorithm  used  when  signing  a
2469              key.  Running  the  program  with the command --version yields a
2470              list of supported algorithms. Be aware that if you choose an al‐
2471              gorithm that GnuPG supports but other OpenPGP implementations do
2472              not, then some users will not be able to use the key  signatures
2473              you make, or quite possibly your entire key.
2474
2475
2476       --disable-cipher-algo name
2477              Never allow the use of name as cipher algorithm.  The given name
2478              will not be checked so that a later loaded algorithm will  still
2479              get disabled.
2480
2481
2482       --disable-pubkey-algo name
2483              Never  allow the use of name as public key algorithm.  The given
2484              name will not be checked so that a later loaded  algorithm  will
2485              still get disabled.
2486
2487
2488       --throw-keyids
2489
2490       --no-throw-keyids
2491              Do  not  put the recipient key IDs into encrypted messages. This
2492              helps to hide the receivers of the  message  and  is  a  limited
2493              countermeasure against traffic analysis. ([Using a little social
2494              engineering anyone who is able to decrypt the message can  check
2495              whether  one  of  the other recipients is the one he suspects.])
2496              On the receiving side, it may slow down the  decryption  process
2497              because  all  available  secret keys must be tried.  --no-throw-
2498              keyids disables this option. This option is essentially the same
2499              as using --hidden-recipient for all recipients.
2500
2501
2502       --not-dash-escaped
2503              This option changes the behavior of cleartext signatures so that
2504              they can be used for patch files. You should not  send  such  an
2505              armored  file  via email because all spaces and line endings are
2506              hashed too. You can not use this option for  data  which  has  5
2507              dashes  at the beginning of a line, patch files don't have this.
2508              A special armor header line tells  GnuPG  about  this  cleartext
2509              signature option.
2510
2511
2512       --escape-from-lines
2513
2514       --no-escape-from-lines
2515              Because  some  mailers  change  lines  starting  with "From " to
2516              ">From " it is good to handle such lines in a special  way  when
2517              creating  cleartext  signatures  to prevent the mail system from
2518              breaking the signature. Note that all other PGP versions  do  it
2519              this  way  too.  Enabled by default. --no-escape-from-lines dis‐
2520              ables this option.
2521
2522
2523       --passphrase-repeat n
2524              Specify how many times gpg will request a new passphrase be  re‐
2525              peated.   This is useful for helping memorize a passphrase.  De‐
2526              faults to 1 repetition.
2527
2528
2529       --passphrase-fd n
2530              Read the passphrase from file descriptor n. Only the first  line
2531              will  be  read  from  file descriptor n. If you use 0 for n, the
2532              passphrase will be read from STDIN. This can  only  be  used  if
2533              only one passphrase is supplied.
2534
2535
2536       --passphrase-file file
2537              Read  the passphrase from file file. Only the first line will be
2538              read from  file  file.  This  can  only  be  used  if  only  one
2539              passphrase is supplied. Obviously, a passphrase stored in a file
2540              is of questionable security if other users can read  this  file.
2541              Don't use this option if you can avoid it.
2542
2543
2544       --passphrase string
2545              Use  string as the passphrase. This can only be used if only one
2546              passphrase is supplied. Obviously, this is of very  questionable
2547              security  on  a  multi-user system. Don't use this option if you
2548              can avoid it.
2549
2550
2551       --command-fd n
2552              This is a replacement for the deprecated shared-memory IPC mode.
2553              If  this  option  is enabled, user input on questions is not ex‐
2554              pected from the TTY but  from  the  given  file  descriptor.  It
2555              should  be  used together with --status-fd. See the file doc/DE‐
2556              TAILS in the source distribution for details on how to use it.
2557
2558
2559       --command-file file
2560              Same as --command-fd, except the commands are read out  of  file
2561              file
2562
2563
2564       --allow-non-selfsigned-uid
2565
2566       --no-allow-non-selfsigned-uid
2567              Allow  the  import  and  use of keys with user IDs which are not
2568              self-signed. This is not recommended, as a non self-signed  user
2569              ID is trivial to forge. --no-allow-non-selfsigned-uid disables.
2570
2571
2572       --allow-freeform-uid
2573              Disable all checks on the form of the user ID while generating a
2574              new one. This option should only be used in very  special  envi‐
2575              ronments  as  it does not ensure the de-facto standard format of
2576              user IDs.
2577
2578
2579       --ignore-time-conflict
2580              GnuPG normally checks that the timestamps associated  with  keys
2581              and  signatures have plausible values. However, sometimes a sig‐
2582              nature seems to be older than the key  due  to  clock  problems.
2583              This  option  makes  these checks just a warning. See also --ig‐
2584              nore-valid-from for timestamp issues on subkeys.
2585
2586
2587       --ignore-valid-from
2588              GnuPG normally does not select and use subkeys  created  in  the
2589              future.   This  option  allows the use of such keys and thus ex‐
2590              hibits the pre-1.0.7 behaviour. You should not use  this  option
2591              unless  there is some clock problem. See also --ignore-time-con‐
2592              flict for timestamp issues with signatures.
2593
2594
2595       --ignore-crc-error
2596              The ASCII armor used by OpenPGP is protected by a  CRC  checksum
2597              against  transmission  errors. Occasionally the CRC gets mangled
2598              somewhere on the transmission channel  but  the  actual  content
2599              (which  is  protected  by  the OpenPGP protocol anyway) is still
2600              okay. This option allows GnuPG to ignore CRC errors.
2601
2602
2603       --ignore-mdc-error
2604              This option changes a MDC integrity protection  failure  into  a
2605              warning.   This can be useful if a message is partially corrupt,
2606              but it is necessary to get as much data as possible out  of  the
2607              corrupt  message.  However, be aware that a MDC protection fail‐
2608              ure may also mean that the message was tampered with  intention‐
2609              ally by an attacker.
2610
2611
2612       --allow-weak-digest-algos
2613              Signatures  made  with known-weak digest algorithms are normally
2614              rejected with an ``invalid digest algorithm'' message.  This op‐
2615              tion  allows  the verification of signatures made with such weak
2616              algorithms.  MD5 is the only digest algorithm considered weak by
2617              default.   See  also  --weak-digest to reject other digest algo‐
2618              rithms.
2619
2620
2621       --weak-digest name
2622              Treat the specified digest algorithm as weak.   Signatures  made
2623              over  weak digests algorithms are normally rejected. This option
2624              can be supplied multiple times if multiple algorithms should  be
2625              considered  weak.  See also --allow-weak-digest-algos to disable
2626              rejection of weak digests.  MD5 is always considered  weak,  and
2627              does not need to be listed explicitly.
2628
2629
2630
2631       --no-default-keyring
2632              Do  not  add  the default keyrings to the list of keyrings. Note
2633              that GnuPG will not operate without any keyrings, so if you  use
2634              this  option and do not provide alternate keyrings via --keyring
2635              or --secret-keyring, then GnuPG will still use the default  pub‐
2636              lic or secret keyrings.
2637
2638
2639       --skip-verify
2640              Skip  the  signature verification step. This may be used to make
2641              the decryption faster  if  the  signature  verification  is  not
2642              needed.
2643
2644
2645       --with-key-data
2646              Print  key listings delimited by colons (like --with-colons) and
2647              print the public key data.
2648
2649
2650       --fast-list-mode
2651              Changes the output of the list commands to work faster; this  is
2652              achieved  by  leaving  some parts empty. Some applications don't
2653              need the user ID and the trust information given  in  the  list‐
2654              ings.  By  using this options they can get a faster listing. The
2655              exact behaviour of this option may change  in  future  versions.
2656              If you are missing some information, don't use this option.
2657
2658
2659       --no-literal
2660              This  is  not  for normal use. Use the source to see for what it
2661              might be useful.
2662
2663
2664       --set-filesize
2665              This is not for normal use. Use the source to see  for  what  it
2666              might be useful.
2667
2668
2669       --show-session-key
2670              Display  the  session  key used for one message. See --override-
2671              session-key for the counterpart of this option.
2672
2673              We think that Key Escrow is a Bad Thing; however the user should
2674              have  the freedom to decide whether to go to prison or to reveal
2675              the content of one specific  message  without  compromising  all
2676              messages  ever encrypted for one secret key. DON'T USE IT UNLESS
2677              YOU ARE REALLY FORCED TO DO SO.
2678
2679
2680       --override-session-key string
2681              Don't use the public key but the session key string. The  format
2682              of this string is the same as the one printed by --show-session-
2683              key. This option is normally not used but comes  handy  in  case
2684              someone  forces  you  to reveal the content of an encrypted mes‐
2685              sage; using this option you can do this without handing out  the
2686              secret key.
2687
2688
2689       --ask-sig-expire
2690
2691       --no-ask-sig-expire
2692              When  making a data signature, prompt for an expiration time. If
2693              this option is not specified, the expiration time set via  --de‐
2694              fault-sig-expire  is used. --no-ask-sig-expire disables this op‐
2695              tion.
2696
2697
2698       --default-sig-expire
2699              The default expiration time to  use  for  signature  expiration.
2700              Valid values are "0" for no expiration, a number followed by the
2701              letter d (for days), w (for weeks), m (for months),  or  y  (for
2702              years)  (for  example  "2m"  for  two  months,  or "5y" for five
2703              years), or an absolute date in the form YYYY-MM-DD. Defaults  to
2704              "0".
2705
2706
2707       --ask-cert-expire
2708
2709       --no-ask-cert-expire
2710              When  making  a key signature, prompt for an expiration time. If
2711              this option is not specified, the expiration time set via  --de‐
2712              fault-cert-expire  is  used.  --no-ask-cert-expire disables this
2713              option.
2714
2715
2716       --default-cert-expire
2717              The default expiration time to use for key signature expiration.
2718              Valid values are "0" for no expiration, a number followed by the
2719              letter d (for days), w (for weeks), m (for months),  or  y  (for
2720              years)  (for  example  "2m"  for  two  months,  or "5y" for five
2721              years), or an absolute date in the form YYYY-MM-DD. Defaults  to
2722              "0".
2723
2724
2725       --allow-secret-key-import
2726              This is an obsolete option and is not used anywhere.
2727
2728
2729       --allow-multiple-messages
2730
2731       --no-allow-multiple-messages
2732              Allow  processing  of  multiple  OpenPGP messages contained in a
2733              single file or stream.  Some programs that call GPG are not pre‐
2734              pared  to  deal with multiple messages being processed together,
2735              so this option defaults to no.  Note that versions of GPG  prior
2736              to 1.4.7 always allowed multiple messages.
2737
2738              Warning:  Do  not use this option unless you need it as a tempo‐
2739              rary workaround!
2740
2741
2742
2743       --enable-special-filenames
2744              This options enables a mode  in  which  filenames  of  the  form
2745-&n’,  where  n  is a non-negative decimal number, refer to the
2746              file descriptor n and not to a file with that name.
2747
2748
2749       --no-expensive-trust-checks
2750              Experimental use only.
2751
2752
2753       --preserve-permissions
2754              Don't change the permissions of a secret keyring  back  to  user
2755              read/write  only.  Use  this option only if you really know what
2756              you are doing.
2757
2758
2759       --default-preference-list string
2760              Set the list of default preferences to string.  This  preference
2761              list  is used for new keys and becomes the default for "setpref"
2762              in the edit menu.
2763
2764
2765       --default-keyserver-url name
2766              Set the default keyserver URL to name. This  keyserver  will  be
2767              used as the keyserver URL when writing a new self-signature on a
2768              key, which includes key generation and changing preferences.
2769
2770
2771       --list-config
2772              Display various internal configuration parameters of GnuPG. This
2773              option is intended for external programs that call GnuPG to per‐
2774              form tasks, and is thus  not  generally  useful.  See  the  file
2775doc/DETAILS’  in  the  source  distribution  for the details of
2776              which configuration items may be listed. --list-config  is  only
2777              usable with --with-colons set.
2778
2779
2780       --gpgconf-list
2781              This command is similar to --list-config but in general only in‐
2782              ternally used by the gpgconf tool.
2783
2784
2785       --gpgconf-test
2786              This is more or less dummy action.  However it parses  the  con‐
2787              figuration  file  and  returns with failure if the configuration
2788              file would prevent gpg from startup.  Thus it may be used to run
2789              a syntax check on the configuration file.
2790
2791
2792
2793
2794   Deprecated options
2795
2796
2797
2798
2799       --load-extension name
2800              Load an extension module. If name does not contain a slash it is
2801              searched for in the directory configured when  GnuPG  was  built
2802              (generally "/usr/local/lib/gnupg"). Extensions are not generally
2803              useful anymore, and the use of this option is deprecated.
2804
2805
2806       --show-photos
2807
2808       --no-show-photos
2809              Causes --list-keys, --list-sigs, --list-public-keys,  --list-se‐
2810              cret-keys,  and  verifying a signature to also display the photo
2811              ID attached to the key, if any. See also  --photo-viewer.  These
2812              options  are  deprecated.  Use  --list-options  [no-]show-photos
2813              and/or --verify-options [no-]show-photos instead.
2814
2815
2816       --show-keyring
2817              Display the keyring name at the head of  key  listings  to  show
2818              which keyring a given key resides on. This option is deprecated:
2819              use --list-options [no-]show-keyring instead.
2820
2821
2822       --ctapi-driver file
2823              Use file to access the smartcard reader. The current default  is
2824              `libtowitoko.so'.  Note that the use of this interface is depre‐
2825              cated; it may be removed in future releases.
2826
2827
2828       --always-trust
2829              Identical to --trust-model always. This option is deprecated.
2830
2831
2832       --show-notation
2833
2834       --no-show-notation
2835              Show signature notations  in  the  --list-sigs  or  --check-sigs
2836              listings  as  well as when verifying a signature with a notation
2837              in  it.  These  options  are  deprecated.   Use   --list-options
2838              [no-]show-notation  and/or  --verify-options  [no-]show-notation
2839              instead.
2840
2841
2842       --show-policy-url
2843
2844       --no-show-policy-url
2845              Show policy URLs in the --list-sigs or --check-sigs listings  as
2846              well  as  when  verifying  a  signature with a policy URL in it.
2847              These options are deprecated. Use --list-options  [no-]show-pol‐
2848              icy-url and/or --verify-options [no-]show-policy-url instead.
2849
2850
2851
2852
2853
2854

EXAMPLES

2856       gpg -se -r Bob file
2857              sign and encrypt for user Bob
2858
2859
2860       gpg --clearsign file
2861              make a clear text signature
2862
2863
2864       gpg -sb file
2865              make a detached signature
2866
2867
2868       gpg -u 0x12345678 -sb file
2869              make a detached signature with the key 0x12345678
2870
2871
2872       gpg --list-keys user_ID
2873              show keys
2874
2875
2876       gpg --fingerprint user_ID
2877              show fingerprint
2878
2879
2880       gpg --verify pgpfile
2881
2882       gpg --verify sigfile
2883              Verify the signature of the file but do not output the data. The
2884              second form is used for detached signatures,  where  sigfile  is
2885              the  detached signature (either ASCII armored or binary) and are
2886              the signed data; if this is not given,  the  name  of  the  file
2887              holding the signed data is constructed by cutting off the exten‐
2888              sion (".asc" or ".sig") of sigfile or by asking the user for the
2889              filename.
2890
2891
2892
2893

HOW TO SPECIFY A USER ID

2895       There  are  different ways to specify a user ID to GnuPG.  Some of them
2896       are only valid for gpg others are only good for gpgsm.  Here is the en‐
2897       tire list of ways to specify a key:
2898
2899
2900
2901       By key Id.
2902              This  format  is  deduced  from the length of the string and its
2903              content or 0x prefix. The key Id of an X.509 certificate are the
2904              low  64  bits  of  its SHA-1 fingerprint.  The use of key Ids is
2905              just a shortcut, for all automated  processing  the  fingerprint
2906              should be used.
2907
2908              When  using gpg an exclamation mark (!) may be appended to force
2909              using the specified primary or secondary key and not to try  and
2910              calculate which primary or secondary key to use.
2911
2912              The last four lines of the example give the key ID in their long
2913              form as internally used by the OpenPGP protocol. You can see the
2914              long key ID using the option --with-colons.
2915
2916         234567C4
2917         0F34E556E
2918         01347A56A
2919         0xAB123456
2920
2921         234AABBCC34567C4
2922         0F323456784E56EAB
2923         01AB3FED1347A5612
2924         0x234AABBCC34567C4
2925
2926
2927
2928
2929       By fingerprint.
2930              This  format  is  deduced  from the length of the string and its
2931              content or the 0x prefix.  Note, that only the 20  byte  version
2932              fingerprint  is available with gpgsm (i.e. the SHA-1 hash of the
2933              certificate).
2934
2935              When using gpg an exclamation mark (!) may be appended to  force
2936              using  the specified primary or secondary key and not to try and
2937              calculate which primary or secondary key to use.
2938
2939              The best way to specify a key Id is by  using  the  fingerprint.
2940              This  avoids  any  ambiguities in case that there are duplicated
2941              key IDs.
2942
2943         1234343434343434C434343434343434
2944         123434343434343C3434343434343734349A3434
2945         0E12343434343434343434EAB3484343434343434
2946         0xE12343434343434343434EAB3484343434343434
2947
2948
2949       gpgsm also accepts colons between each pair of hexadecimal  digits  be‐
2950       cause  this  is  the  de-facto standard on how to present X.509 finger‐
2951       prints.  gpg also allows the use of the space separated  SHA-1  finger‐
2952       print as printed by the key listing commands.
2953
2954
2955       By exact match on OpenPGP user ID.
2956              This  is denoted by a leading equal sign. It does not make sense
2957              for X.509 certificates.
2958
2959         =Heinrich Heine <heinrichh@uni-duesseldorf.de>
2960
2961
2962       By exact match on an email address.
2963              This is indicated by enclosing the email address  in  the  usual
2964              way with left and right angles.
2965
2966         <heinrichh@uni-duesseldorf.de>
2967
2968
2969
2970       By word match.
2971              All words must match exactly (not case sensitive) but can appear
2972              in any order in the user ID or a subjects name.  Words  are  any
2973              sequences  of letters, digits, the underscore and all characters
2974              with bit 7 set.
2975
2976         +Heinrich Heine duesseldorf
2977
2978
2979       By exact match on the subject's DN.
2980              This is indicated by a leading slash, directly followed  by  the
2981              RFC-2253 encoded DN of the subject.  Note that you can't use the
2982              string printed by "gpgsm --list-keys" because that one  as  been
2983              reordered and modified for better readability; use --with-colons
2984              to print the raw (but standard escaped) RFC-2253 string
2985
2986         /CN=Heinrich Heine,O=Poets,L=Paris,C=FR
2987
2988
2989       By exact match on the issuer's DN.
2990              This is indicated by a leading hash mark, directly followed by a
2991              slash  and  then  directly followed by the rfc2253 encoded DN of
2992              the issuer.  This should return the Root  cert  of  the  issuer.
2993              See note above.
2994
2995         #/CN=Root Cert,O=Poets,L=Paris,C=FR
2996
2997
2998
2999       By exact match on serial number and issuer's DN.
3000              This  is  indicated  by a hash mark, followed by the hexadecimal
3001              representation of the serial number, then followed  by  a  slash
3002              and the RFC-2253 encoded DN of the issuer. See note above.
3003
3004         #4F03/CN=Root Cert,O=Poets,L=Paris,C=FR
3005
3006
3007       By keygrip
3008              This  is indicated by an ampersand followed by the 40 hex digits
3009              of a keygrip.  gpgsm prints the keygrip when using  the  command
3010              --dump-cert.  It does not yet work for OpenPGP keys.
3011
3012         &D75F22C3F86E355877348498CDC92BD21010A480
3013
3014
3015
3016       By substring match.
3017              This is the default mode but applications may want to explicitly
3018              indicate this by putting the asterisk in front.   Match  is  not
3019              case sensitive.
3020
3021         Heine
3022         *Heine
3023
3024
3025
3026       Please note that we have reused the hash mark identifier which was used
3027       in old GnuPG versions to indicate the so called local-id.   It  is  not
3028       anymore  used  and  there  should  be  no conflict when used with X.509
3029       stuff.
3030
3031       Using the RFC-2253 format of DNs has the drawback that it is not possi‐
3032       ble to map them back to the original encoding, however we don't have to
3033       do this because our key database stores this encoding as meta data.
3034
3035
3036
3037
3038

FILES

3040       There are a few configuration files to control certain aspects of gpg's
3041       operation.  Unless  noted, they are expected in the current home direc‐
3042       tory (see: [option --homedir]).
3043
3044
3045
3046       gpg.conf
3047              This is the standard configuration file read by gpg on  startup.
3048              It may contain any valid long option; the leading two dashes may
3049              not be entered and the option may not be abbreviated.  This  de‐
3050              fault  name may be changed on the command line (see: [gpg-option
3051              --options]).  You should backup this file.
3052
3053
3054       Note that on larger installations, it is useful to put predefined files
3055       into  the  directory  ‘/etc/skel/.gnupg/’  so  that newly created users
3056       start up with a working configuration.
3057
3058       For internal purposes gpg creates and maintains a few other files; They
3059       all  live  in  in the current home directory (see: [option --homedir]).
3060       Only the gpg may modify these files.
3061
3062
3063
3064       ~/.gnupg/pubring.gpg
3065              The public keyring.  You should backup this file.
3066
3067
3068       ~/.gnupg/pubring.gpg.lock
3069              The lock file for the public keyring.
3070
3071
3072       ~/.gnupg/pubring.kbx
3073
3074       ~/.gnupg/pubring.kbx.lock
3075              A public keyring and its lock file used by GnuPG versions >=  2.
3076              It is ignored by GnuPG 1.x
3077
3078
3079       ~/.gnupg/secring.gpg
3080              The secret keyring.  You should backup this file.
3081
3082
3083       ~/.gnupg/trustdb.gpg
3084              The trust database.  There is no need to backup this file; it is
3085              better to backup the ownertrust values (see:  [option  --export-
3086              ownertrust]).
3087
3088
3089       ~/.gnupg/trustdb.gpg.lock
3090              The lock file for the trust database.
3091
3092
3093       ~/.gnupg/random_seed
3094              A file used to preserve the state of the internal random pool.
3095
3096
3097       ~/.gnupg/secring.gpg.lock
3098              The lock file for the secret keyring.
3099
3100
3101       ~/.gnupg/openpgp-revocs.d/
3102              This  is the directory where gpg stores pre-generated revocation
3103              certificates.  The file name corresponds to the OpenPGP  finger‐
3104              print  of  the  respective key.  It is suggested to backup those
3105              certificates and if the primary private key is not stored on the
3106              disk to move them to an external storage device.  Anyone who can
3107              access theses files is able to  revoke  the  corresponding  key.
3108              You  may want to print them out.  You should backup all files in
3109              this directory and take care to keep this backup closed away.
3110
3111
3112       /usr[/local]/share/gnupg/options.skel
3113              The skeleton options file.
3114
3115
3116       /usr[/local]/lib/gnupg/
3117              Default location for extensions.
3118
3119
3120       Operation is further controlled by a few environment variables:
3121
3122
3123
3124       HOME   Used to locate the default home directory.
3125
3126
3127       GNUPGHOME
3128              If set directory used instead of "~/.gnupg".
3129
3130
3131       GPG_AGENT_INFO
3132              Used to locate the gpg-agent.  This is only honored when  --use-
3133              agent is set.
3134
3135              The value consists of 3 colon delimited fields: The first is the
3136              path to the Unix Domain Socket, the second the PID of  the  gpg-
3137              agent  and  the  protocol version which should be set to 1. When
3138              starting the gpg-agent as described in its  documentation,  this
3139              variable  is  set  to the correct value. The option --gpg-agent-
3140              info can be used to override it.
3141
3142
3143       PINENTRY_USER_DATA
3144              This value is passed via gpg-agent to pinentry.  It is useful to
3145              convey extra information to a custom pinentry.
3146
3147
3148       COLUMNS
3149
3150       LINES  Used to size some displays to the full size of the screen.
3151
3152
3153
3154       LANGUAGE
3155              Apart  from  its  use  by  GNU, it is used in the W32 version to
3156              override the language selection done through the  Registry.   If
3157              used  and  set  to a valid and available language name (langid),
3158              the file with the translation is loaded from
3159
3160              gpgdir/gnupg.nls/langid.mo.  Here gpgdir is the directory out of
3161              which the gpg binary has been loaded.  If it can't be loaded the
3162              Registry is tried and as last resort the native  Windows  locale
3163              system is used.
3164
3165
3166
3167
3168

BUGS

3170       On older systems this program should be installed as setuid(root). This
3171       is necessary to lock memory pages. Locking memory  pages  prevents  the
3172       operating   system   from  writing  memory  pages  (which  may  contain
3173       passphrases or other sensitive material) to disk. If you get no warning
3174       message  about  insecure  memory your operating system supports locking
3175       without being root. The program drops root privileges as soon as locked
3176       memory is allocated.
3177
3178       Note  also  that  some systems (especially laptops) have the ability to
3179       ``suspend to disk'' (also known as ``safe  sleep''  or  ``hibernate'').
3180       This  writes  all  memory to disk before going into a low power or even
3181       powered off mode.  Unless measures are taken in the operating system to
3182       protect  the  saved memory, passphrases or other sensitive material may
3183       be recoverable from it later.
3184
3185       Before you report a bug you should first search the  mailing  list  ar‐
3186       chives for similar problems and second check whether such a bug has al‐
3187       ready been reported to our bug tracker at http://bugs.gnupg.org .
3188
3189
3190

SEE ALSO

3192       gpgv(1),
3193
3194       The full documentation for this tool is maintained as a Texinfo manual.
3195       If  GnuPG and the info program are properly installed at your site, the
3196       command
3197
3198         info gnupg
3199
3200       should give you access to the complete manual including a  menu  struc‐
3201       ture and an index.
3202
3203
3204
3205GnuPG 1.4.23                      2021-01-26                            GPG(1)
Impressum