gpg-sq - Man Page

OpenPGP encryption and signing tool like gpg

Synopsis

gpg-sq [-s|--sign] [--clear-sign] [-b|--detach-sign] [-e|--encrypt] [-c|--symmetric] [-d|--decrypt] [--verify] [-k|--list-keys] [--list-signatures] [--check-signatures] [--fingerprint] [-K|--list-secret-keys] [--generate-key] [--quick-generate-key] [--quick-add-uid] [--quick-revoke-uid] [--quick-set-expire] [--full-generate-key] [--generate-revocation] [--delete-keys] [--delete-secret-keys] [--quick-sign-key] [--quick-lsign-key] [--quick-revoke-sig] [--sign-key] [--lsign-key] [--edit-key] [--change-passphrase] [--export] [--send-keys] [--receive-keys] [--search-keys] [--refresh-keys] [--import] [--update-trustdb] [--print-md] [--server] [--tofu-policy] [--x-sequoia-parcimonie] [-v|--verbose] [-q|--quiet] [--options] [--log-file] [--default-key] [--encrypt-to] [--group] [--openpgp] [-n|--dry-run] [-i|--interactive] [-a|--armor] [-o|--output] [--textmode] [-z ] [--auto-key-locate] [--auto-key-import] [--include-key-block] [--disable-dirmngr] [-r|--recipient] [-u|--local-user] [--x-sequoia-autostart-parcimonie] [-h|--help] [-V|--version] [ARGS]

Description

This is a re-implementation and drop-in replacement of gpg using the Sequoia OpenPGP implementation.

gpg-sq is not feature-complete. It currently implements a commonly used subset of the signature creation and verification commands, the encryption and decryption commands, the key listing commands, and some miscellaneous commands.

Support for trust models is limited. Currently, the Web-of-Trust ("pgp") and always trust ("always") are implemented.

Options

-s,  --sign

make a signature

--clear-sign

make a clear text signature

-b,  --detach-sign

make a detached signature

-e,  --encrypt

encrypt data

-c,  --symmetric

encryption only with symmetric cipher

-d,  --decrypt

decrypt data (default)

--verify

verify a signature

-k,  --list-keys

list keys

--list-signatures

list keys and signatures

--check-signatures

list and check key signatures

--fingerprint

list keys and fingerprints

-K,  --list-secret-keys

list secret keys

--generate-key

generate a new key pair

--quick-generate-key

quickly generate a new key pair

--quick-add-uid

quickly add a new user-id

--quick-revoke-uid

quickly revoke a user-id

--quick-set-expire

quickly set a new expiration date

--full-generate-key

full featured key pair generation

--generate-revocation

generate a revocation certificate

--delete-keys

remove keys from the public keyring

--delete-secret-keys

remove keys from the secret keyring

--quick-sign-key

quickly sign a key

--quick-lsign-key

quickly sign a key locally

--quick-revoke-sig

quickly revoke a key signature

--sign-key

sign a key

--lsign-key

sign a key locally

--edit-key

sign or edit a key

--change-passphrase

change a passphrase

--export

export keys

--send-keys

export keys to a keyserver

--receive-keys

import keys from a keyserver

--search-keys

search for keys on a keyserver

--refresh-keys

update all keys from a keyserver

--import

import/merge keys

--update-trustdb

update the trust database

--print-md

print message digests

--server

run in server mode

--tofu-policy=VALUE

set the TOFU policy for a key

--x-sequoia-parcimonie

continuously update certificates

-v,  --verbose

verbose

-q,  --quiet

be somewhat more quiet

--options=FILE

read options from FILE

--log-file=FILE

write server mode logs to FILE

--default-key=NAME

use NAME as default secret key

--encrypt-to=NAME

encrypt to user ID NAME as well

--group=SPEC

set up email aliases

--openpgp

use strict OpenPGP behavior

-n,  --dry-run

do not make any changes

-i,  --interactive

prompt before overwriting

-a,  --armor

create ascii armored output

-o,  --output=FILE

write output to FILE

--textmode

use canonical text mode

-z=N

set compress level to N (0 disables)

--auto-key-locate=MECHANISMS

use MECHANISMS to locate keys by mail address

--auto-key-import

import missing key from a signature

--include-key-block

include the public key in signatures

--disable-dirmngr

disable all access to the dirmngr

-r,  --recipient=USER-ID

encrypt for USER-ID

-u,  --local-user=USER-ID

use USER-ID to sign or decrypt

--x-sequoia-autostart-parcimonie

automatically start daemon to update certs

-h,  --help

Print help (see a summary with '-h')

-V,  --version

Print version

[ARGS]

Additional arguments.  The semantics of the additional arguments, and if there are any, and how many, is dependent on the selected command.

Environment

GNUPGHOME

If set, must contain an absolute path to a directory containing the GnuPG state, i.e. the configuration files, the cert rings, the secret keys, and the trust database.  Can be overridden using the the option `--gnupghome`.  If unset, and the option `--gnupghome` is not given, defaults to `$HOME/.gnupg`.  In the Files section below, `$GNUPGHOME` is the location of the GnuPG state directory, independently on how it is set (i.e. unset, set via `--gnupghome`, or set via `$GNUPGHOME).

SEQUOIA_CRYPTO_POLICY

If set, must contain an absolute path to a configuration file that changes which cryptographic algorithms are acceptable.  By default, /etc/crypto-policies/back-ends/sequoia.config is read, which on Fedora contains a reasonable policy set by the distribution.  See https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/#format for a description of the file format.

Files

$GNUPGHOME/gpg.conf

GnuPG's main configuration file.

$GNUPGHOME/dirmngr.conf

GnuPG's network configuration file.  gpg-sq reads this and honors a subset of the options given.

$XDG_DATA_HOME/pgp.cert.d

Default certificate store on POSIX systems if the default `GNUPGHOME` is used.  This location is read and written to.

$HOME/Library/Application Support/pgp.cert.d

Default certificate store on macOS if the default `GNUPGHOME` is used. This location is read and written to.

{FOLDERID_RoamingAppData}/pgp.cert.d

Default certificate store on Windows if the default `GNUPGHOME` is used. This location is read and written to.

$GNUPGHOME/pubring.cert.d

Certificate store if a non-default `GNUPGHOME` is used.  This location is read and written to.

$GNUPGHOME/pubring.kbx

GnuPG's default certificate store.  This file is read and monitored for changes, but never changed.

$GNUPGHOME/pubring.gpg

GnuPG's legacy certificate store.  This file is read and monitored for changes, but never changed.

$GNUPGHOME/public-keys.d/pubring.db

GnuPG 2.4.x's certificate store.  This file is read and monitored for changes, but never changed.

$GNUPGHOME/secring.gpg

GnuPG's legacy secret key store.  gpg-sq does not use this file, except for doing a migration from pre-2.1 state directories.

$GNUPGHOME/.gpg-v21-migrated

Indicates that the state directory has been migrated from a pre-2.1 release.

$GNUPGHOME/trustdb.gpg

GnuPG's trust database.  This file is read and monitored for changes, but never modified.

/etc/crypto-policies/back-ends/sequoia.config

Default cryptographic policy.  On Fedora, this contains a reasonable policy set by the distribution.  Can be overridden using the SEQUOIA_POLICY_CONFIG environment variable.  See https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/#format for a description of the file format.

Version

v0.11.2

Info

gpg-sq 0.11.2