table of contents
| gpg-sq(1) | General Commands Manual | gpg-sq(1) |
NAME¶
gpg-sq - OpenPGP encryption and signing tool like gpg
SYNOPSIS¶
gpg-sq [-s|--sign] [--clear-sign] [-b|--detach-sign] [-e|--encrypt] [-c|--symmetric] [-d|--decrypt] [--verify] [-k|--list-keys] [--list-signatures] [--check-signatures] [--fingerprint] [-K|--list-secret-keys] [--generate-key] [--quick-generate-key] [--quick-add-uid] [--quick-revoke-uid] [--quick-set-expire] [--full-generate-key] [--generate-revocation] [--delete-keys] [--delete-secret-keys] [--quick-sign-key] [--quick-lsign-key] [--quick-revoke-sig] [--sign-key] [--lsign-key] [--edit-key] [--change-passphrase] [--export] [--send-keys] [--receive-keys] [--search-keys] [--refresh-keys] [--import] [--update-trustdb] [--print-md] [--server] [--tofu-policy] [--x-sequoia-parcimonie] [-v|--verbose] [-q|--quiet] [--options] [--log-file] [--default-key] [--encrypt-to] [--group] [--openpgp] [-n|--dry-run] [-i|--interactive] [-a|--armor] [-o|--output] [--textmode] [-z ] [--auto-key-locate] [--auto-key-import] [--include-key-block] [--disable-dirmngr] [-r|--recipient] [-u|--local-user] [--x-sequoia-autostart-parcimonie] [-h|--help] [-V|--version] [ARGS]
DESCRIPTION¶
This is a re-implementation and drop-in replacement of gpg using the Sequoia OpenPGP implementation.
gpg-sq is not feature-complete. It currently implements a commonly used subset of the signature creation and verification commands, the encryption and decryption commands, the key listing commands, and some miscellaneous commands.
Support for trust models is limited. Currently, the Web-of-Trust ("pgp") and always trust ("always") are implemented.
OPTIONS¶
- -s, --sign
- make a signature
- --clear-sign
- make a clear text signature
- -b, --detach-sign
- make a detached signature
- -e, --encrypt
- encrypt data
- -c, --symmetric
- encryption only with symmetric cipher
- -d, --decrypt
- decrypt data (default)
- --verify
- verify a signature
- -k, --list-keys
- list keys
- --list-signatures
- list keys and signatures
- --check-signatures
- list and check key signatures
- --fingerprint
- list keys and fingerprints
- -K, --list-secret-keys
- list secret keys
- --generate-key
- generate a new key pair
- --quick-generate-key
- quickly generate a new key pair
- --quick-add-uid
- quickly add a new user-id
- --quick-revoke-uid
- quickly revoke a user-id
- --quick-set-expire
- quickly set a new expiration date
- --full-generate-key
- full featured key pair generation
- --generate-revocation
- generate a revocation certificate
- --delete-keys
- remove keys from the public keyring
- --delete-secret-keys
- remove keys from the secret keyring
- --quick-sign-key
- quickly sign a key
- --quick-lsign-key
- quickly sign a key locally
- --quick-revoke-sig
- quickly revoke a key signature
- --sign-key
- sign a key
- --lsign-key
- sign a key locally
- --edit-key
- sign or edit a key
- --change-passphrase
- change a passphrase
- --export
- export keys
- --send-keys
- export keys to a keyserver
- --receive-keys
- import keys from a keyserver
- --search-keys
- search for keys on a keyserver
- --refresh-keys
- update all keys from a keyserver
- --import
- import/merge keys
- --update-trustdb
- update the trust database
- --print-md
- print message digests
- --server
- run in server mode
- --tofu-policy=VALUE
- set the TOFU policy for a key
- --x-sequoia-parcimonie
- continuously update certificates
- -v, --verbose
- verbose
- -q, --quiet
- be somewhat more quiet
- --options=FILE
- read options from FILE
- --log-file=FILE
- write server mode logs to FILE
- --default-key=NAME
- use NAME as default secret key
- --encrypt-to=NAME
- encrypt to user ID NAME as well
- --group=SPEC
- set up email aliases
- --openpgp
- use strict OpenPGP behavior
- -n, --dry-run
- do not make any changes
- -i, --interactive
- prompt before overwriting
- -a, --armor
- create ascii armored output
- -o, --output=FILE
- write output to FILE
- --textmode
- use canonical text mode
- -z=N
- set compress level to N (0 disables)
- --auto-key-locate=MECHANISMS
- use MECHANISMS to locate keys by mail address
- --auto-key-import
- import missing key from a signature
- --include-key-block
- include the public key in signatures
- --disable-dirmngr
- disable all access to the dirmngr
- -r, --recipient=USER-ID
- encrypt for USER-ID
- -u, --local-user=USER-ID
- use USER-ID to sign or decrypt
- --x-sequoia-autostart-parcimonie
- automatically start daemon to update certs
- -h, --help
- Print help (see a summary with '-h')
- -V, --version
- Print version
- [ARGS]
- Additional arguments. The semantics of the additional arguments, and if there are any, and how many, is dependent on the selected command.
ENVIRONMENT¶
- GNUPGHOME
- If set, must contain an absolute path to a directory containing the GnuPG state, i.e. the configuration files, the cert rings, the secret keys, and the trust database. Can be overridden using the the option `--gnupghome`. If unset, and the option `--gnupghome` is not given, defaults to `$HOME/.gnupg`. In the FILES section below, `$GNUPGHOME` is the location of the GnuPG state directory, independently on how it is set (i.e. unset, set via `--gnupghome`, or set via `$GNUPGHOME).
- SEQUOIA_CRYPTO_POLICY
- If set, must contain an absolute path to a configuration file that changes which cryptographic algorithms are acceptable. By default, /etc/crypto-policies/back-ends/sequoia.config is read, which on Fedora contains a reasonable policy set by the distribution. See https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/#format for a description of the file format.
FILES¶
- $GNUPGHOME/gpg.conf
- GnuPG's main configuration file.
- $GNUPGHOME/dirmngr.conf
- GnuPG's network configuration file. gpg-sq reads this and honors a subset of the options given.
- $XDG_DATA_HOME/pgp.cert.d
- Default certificate store on POSIX systems if the default `GNUPGHOME` is used. This location is read and written to.
- $HOME/Library/Application Support/pgp.cert.d
- Default certificate store on macOS if the default `GNUPGHOME` is used. This location is read and written to.
- {FOLDERID_RoamingAppData}/pgp.cert.d
- Default certificate store on Windows if the default `GNUPGHOME` is used. This location is read and written to.
- $GNUPGHOME/pubring.cert.d
- Certificate store if a non-default `GNUPGHOME` is used. This location is read and written to.
- $GNUPGHOME/pubring.kbx
- GnuPG's default certificate store. This file is read and monitored for changes, but never changed.
- $GNUPGHOME/pubring.gpg
- GnuPG's legacy certificate store. This file is read and monitored for changes, but never changed.
- $GNUPGHOME/public-keys.d/pubring.db
- GnuPG 2.4.x's certificate store. This file is read and monitored for changes, but never changed.
- $GNUPGHOME/secring.gpg
- GnuPG's legacy secret key store. gpg-sq does not use this file, except for doing a migration from pre-2.1 state directories.
- $GNUPGHOME/.gpg-v21-migrated
- Indicates that the state directory has been migrated from a pre-2.1 release.
- $GNUPGHOME/trustdb.gpg
- GnuPG's trust database. This file is read and monitored for changes, but never modified.
- /etc/crypto-policies/back-ends/sequoia.config
- Default cryptographic policy. On Fedora, this contains a reasonable policy set by the distribution. Can be overridden using the SEQUOIA_POLICY_CONFIG environment variable. See https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/#format for a description of the file format.
VERSION¶
v0.12.0
| gpg-sq 0.12.0 |