gpg-sq - Man Page
OpenPGP encryption and signing tool like gpg
Synopsis
gpg-sq [-s|--sign] [--clear-sign] [-b|--detach-sign] [-e|--encrypt] [-c|--symmetric] [-d|--decrypt] [--verify] [-k|--list-keys] [--list-signatures] [--check-signatures] [--fingerprint] [-K|--list-secret-keys] [--generate-key] [--quick-generate-key] [--quick-add-uid] [--quick-revoke-uid] [--quick-set-expire] [--full-generate-key] [--generate-revocation] [--delete-keys] [--delete-secret-keys] [--quick-sign-key] [--quick-lsign-key] [--quick-revoke-sig] [--sign-key] [--lsign-key] [--edit-key] [--change-passphrase] [--export] [--send-keys] [--receive-keys] [--search-keys] [--refresh-keys] [--import] [--update-trustdb] [--print-md] [--server] [--tofu-policy] [--x-sequoia-parcimonie] [-v|--verbose] [-q|--quiet] [--options] [--log-file] [--default-key] [--encrypt-to] [--group] [--openpgp] [-n|--dry-run] [-i|--interactive] [-a|--armor] [-o|--output] [--textmode] [-z ] [--auto-key-locate] [--auto-key-import] [--include-key-block] [--disable-dirmngr] [-r|--recipient] [-u|--local-user] [--x-sequoia-autostart-parcimonie] [-h|--help] [-V|--version] [ARGS]
Description
This is a re-implementation and drop-in replacement of gpg using the Sequoia OpenPGP implementation.
gpg-sq is not feature-complete. It currently implements a commonly used subset of the signature creation and verification commands, the encryption and decryption commands, the key listing commands, and some miscellaneous commands.
Support for trust models is limited. Currently, the Web-of-Trust ("pgp") and always trust ("always") are implemented.
Options
- -h, --help
Print help (see a summary with '-h')
- -V, --version
Print version
- [ARGS]
Additional arguments. The semantics of the additional arguments, and if there are any, and how many, is dependent on the selected command.
Commands
- -s, --sign
make a signature
- --clear-sign
make a clear text signature
- -b, --detach-sign
make a detached signature
- -e, --encrypt
encrypt data
- -c, --symmetric
encryption only with symmetric cipher
- -d, --decrypt
decrypt data (default)
- --verify
verify a signature
- -k, --list-keys
list keys
- --list-signatures
list keys and signatures
- --check-signatures
list and check key signatures
- --fingerprint
list keys and fingerprints
- -K, --list-secret-keys
list secret keys
- --generate-key
generate a new key pair
- --quick-generate-key
quickly generate a new key pair
- --quick-add-uid
quickly add a new user-id
- --quick-revoke-uid
quickly revoke a user-id
- --quick-set-expire
quickly set a new expiration date
- --full-generate-key
full featured key pair generation
- --generate-revocation
generate a revocation certificate
- --delete-keys
remove keys from the public keyring
- --delete-secret-keys
remove keys from the secret keyring
- --quick-sign-key
quickly sign a key
- --quick-lsign-key
quickly sign a key locally
- --quick-revoke-sig
quickly revoke a key signature
- --sign-key
sign a key
- --lsign-key
sign a key locally
- --edit-key
sign or edit a key
- --change-passphrase
change a passphrase
- --export
export keys
- --send-keys
export keys to a keyserver
- --receive-keys
import keys from a keyserver
- --search-keys
search for keys on a keyserver
- --refresh-keys
update all keys from a keyserver
- --import
import/merge keys
- --update-trustdb
update the trust database
- --print-md
print message digests
- --server
run in server mode
- --tofu-policy=VALUE
set the TOFU policy for a key
Sequoia-Specific Extensions
- --x-sequoia-parcimonie
continuously update certificates
- --x-sequoia-autostart-parcimonie
automatically start daemon to update certs
Options Controlling the Diagnostic Output
- -v, --verbose
verbose
- -q, --quiet
be somewhat more quiet
- --options=FILE
read options from FILE
- --log-file=FILE
write server mode logs to FILE
Options Controlling the Configuration
- --default-key=NAME
use NAME as default secret key
- --encrypt-to=NAME
encrypt to user ID NAME as well
- --group=SPEC
set up email aliases
- --openpgp
use strict OpenPGP behavior
- -n, --dry-run
do not make any changes
- -i, --interactive
prompt before overwriting
Options Controlling the Output
- -a, --armor
create ascii armored output
- -o, --output=FILE
write output to FILE
- --textmode
use canonical text mode
- -z=N
set compress level to N (0 disables)
Options Controlling Key Import and Export
- --auto-key-locate=MECHANISMS
use MECHANISMS to locate keys by mail address
- --auto-key-import
import missing key from a signature
- --include-key-block
include the public key in signatures
- --disable-dirmngr
disable all access to the dirmngr
Options to Specify Keys
- -r, --recipient=USER-ID
encrypt for USER-ID
- -u, --local-user=USER-ID
use USER-ID to sign or decrypt
Environment
- GNUPGHOME
If set, must contain an absolute path to a directory containing the GnuPG state, i.e. the configuration files, the cert rings, the secret keys, and the trust database. Can be overridden using the the option `--gnupghome`. If unset, and the option `--gnupghome` is not given, defaults to `$HOME/.gnupg`. In the Files section below, `$GNUPGHOME` is the location of the GnuPG state directory, independently on how it is set (i.e. unset, set via `--gnupghome`, or set via `$GNUPGHOME).
- SEQUOIA_CRYPTO_POLICY
If set, must contain an absolute path to a configuration file that changes which cryptographic algorithms are acceptable. By default, /etc/crypto-policies/back-ends/sequoia.config is read, which on Fedora contains a reasonable policy set by the distribution. See https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/#format for a description of the file format.
Files
- $GNUPGHOME/gpg.conf
GnuPG's main configuration file.
- $GNUPGHOME/dirmngr.conf
GnuPG's network configuration file. gpg-sq reads this and honors a subset of the options given.
- $XDG_DATA_HOME/pgp.cert.d
Default certificate store on POSIX systems if the default `GNUPGHOME` is used. This location is read and written to.
- $HOME/Library/Application Support/pgp.cert.d
Default certificate store on macOS if the default `GNUPGHOME` is used. This location is read and written to.
- {FOLDERID_RoamingAppData}/pgp.cert.d
Default certificate store on Windows if the default `GNUPGHOME` is used. This location is read and written to.
- $GNUPGHOME/pubring.cert.d
Certificate store if a non-default `GNUPGHOME` is used. This location is read and written to.
- $GNUPGHOME/pubring.kbx
GnuPG's default certificate store. This file is read and monitored for changes, but never changed.
- $GNUPGHOME/pubring.gpg
GnuPG's legacy certificate store. This file is read and monitored for changes, but never changed.
- $GNUPGHOME/public-keys.d/pubring.db
GnuPG 2.4.x's certificate store. This file is read and monitored for changes, but never changed.
- $GNUPGHOME/secring.gpg
GnuPG's legacy secret key store. gpg-sq does not use this file, except for doing a migration from pre-2.1 state directories.
- $GNUPGHOME/.gpg-v21-migrated
Indicates that the state directory has been migrated from a pre-2.1 release.
- $GNUPGHOME/trustdb.gpg
GnuPG's trust database. This file is read and monitored for changes, but never modified.
- /etc/crypto-policies/back-ends/sequoia.config
Default cryptographic policy. On Fedora, this contains a reasonable policy set by the distribution. Can be overridden using the SEQUOIA_POLICY_CONFIG environment variable. See https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/#format for a description of the file format.
Version
v0.13.1