* dirmngr-client:: How to use the Dirmngr client tool.
* gpgparsemail:: Parse a mail message into an annotated format
* symcryptrun:: Call a simple symmetric encryption tool.
-* gpg-zip:: Encrypt or sign files into an archive.
-* gpgkey2ssh:: Emit GPG public keys in OpenSSH format.
+* gpgtar:: Encrypt or sign files into an archive.
@end menu
@c
@command{watchgnupg} is commonly invoked as
@example
-watchgnupg --force ~/.gnupg/S.log
+watchgnupg --force $(gpgconf --list-dirs socketdir)/S.log
@end example
@manpause
@noindent
-This starts it on the current terminal for listening on the socket
-@file{~/.gnupg/S.log}.
+This starts it on the current terminal for listening on the standard
+logging socket (which is either @file{~/.gnupg/S.log} or
+@file{/var/run/user/UID/gnupg/S.log}).
@mansect options
@noindent
Instead of reading from a local socket, listen for connects on TCP port
@var{n}.
+@item --time-only
+@opindex time-only
+Do not print the date part of the timestamp.
+
@item --verbose
@opindex verbose
Enable extra informational output.
@chapheading Examples
@example
-$ watchgnupg --force /home/foo/.gnupg/S.log
+$ watchgnupg --force --time-only $(gpgconf --list-dirs socketdir)/S.log
@end example
This waits for connections on the local socket
-@file{/home/foo/.gnupg/S.log} and shows all log entries. To make this
-work the option @option{log-file} needs to be used with all modules
-which logs are to be shown. The value for that option must be given
-with a special prefix (e.g. in the conf file):
+(e.g. @file{/home/foo/.gnupg/S.log}) and shows all log entries. To
+make this work the option @option{log-file} needs to be used with all
+modules which logs are to be shown. The suggested entry for the
+configuration files is:
@example
-log-file socket:///home/foo/.gnupg/S.log
+log-file socket://
@end example
+If the default socket as given above and returned by "echo $(gpgconf
+--list-dirs socketdir)/S.log" is not desired an arbitrary socket name
+can be specified, for example @file{socket:///home/foo/bar/mysocket}.
For debugging purposes it is also possible to do remote logging. Take
care if you use this feature because the information is send in the
clear over the network. Use this syntax in the conf files:
log-file tcp://192.168.1.1:4711
@end example
-You may use any port and not just 4711 as shown above; only IP addresses
-are supported (v4 and v6) and no host names. You need to start
-@command{watchgnupg} with the @option{tcp} option. Note that under
-Windows the registry entry @var{HKCU\Software\GNU\GnuPG:DefaultLogFile}
-can be used to change the default log output from @code{stderr} to
-whatever is given by that entry. However the only useful entry is a TCP
-name for remote debugging.
+You may use any port and not just 4711 as shown above; only IP
+addresses are supported (v4 and v6) and no host names. You need to
+start @command{watchgnupg} with the @option{tcp} option. Note that
+under Windows the registry entry
+@var{HKCU\Software\GNU\GnuPG:DefaultLogFile} can be used to change the
+default log output from @code{stderr} to whatever is given by that
+entry. However the only useful entry is a TCP name for remote
+debugging.
@mansect see also
@c
@manpage addgnupghome.8
@node addgnupghome
-@section Create .gnupg home directories.
+@section Create .gnupg home directories
@ifset manverb
.B addgnupghome
\- Create .gnupg home directories
If GnuPG is installed on a system with existing user accounts, it is
sometimes required to populate the GnuPG home directory with existing
files. Especially a @file{trustlist.txt} and a keybox with some
-initial certificates are often desired. This scripts help to do this
+initial certificates are often desired. This script helps to do this
by copying all files from @file{/etc/skel/.gnupg} to the home
directories of the accounts given on the command line. It takes care
not to overwrite existing GnuPG home directories.
@c
@manpage gpgconf.1
@node gpgconf
-@section Modify .gnupg home directories.
+@section Modify .gnupg home directories
@ifset manverb
.B gpgconf
\- Modify .gnupg home directories
@command{gpgconf} provides access to the configuration of one or more
components of the GnuPG system. These components correspond more or
-less to the programs that exist in the GnuPG framework, like GnuPG,
+less to the programs that exist in the GnuPG framework, like GPG,
GPGSM, DirMngr, etc. But this is not a strict one-to-one
relationship. Not all configuration options are available through
@command{gpgconf}. @command{gpgconf} provides a generic and abstract
@command{gpgconf} provides the backend of a configuration editor. The
configuration editor would usually be a graphical user interface
-program, that allows to display the current options, their default
+program that displays the current options, their default
values, and allows the user to make changes to the options. These
changes can then be made active with @command{gpgconf} again. Such a
program that uses @command{gpgconf} in this way will be called GUI
* Invoking gpgconf:: List of all commands and options.
* Format conventions:: Formatting conventions relevant for all commands.
* Listing components:: List all gpgconf components.
-* Checking programs:: Check all programs know to gpgconf.
+* Checking programs:: Check all programs known to gpgconf.
* Listing options:: List all options of a component.
* Changing options:: Changing options of a component.
* Listing global options:: List all global options.
+* Querying versions:: Get and compare software versions.
* Files used by gpgconf:: What files are used by gpgconf.
@end menu
@item --check-options @var{component}
Check the options for the component @var{component}.
+@item --apply-profile @var{file}
+Apply the configuration settings listed in @var{file} to the
+configuration files. If @var{file} has no suffix and no slashes the
+command first tries to read a file with the suffix @code{.prf} from
+the the data directory (@code{gpgconf --list-dirs datadir}) before it
+reads the file verbatim. A profile is divided into sections using the
+bracketed component name. Each section then lists the option which
+shall go into the respective configuration file.
+
@item --apply-defaults
Update all configuration files with values taken from the global
configuration file (usually @file{/etc/gnupg/gpgconf.conf}).
-@item --list-dirs
+@item --list-dirs [@var{names}]
Lists the directories used by @command{gpgconf}. One directory is
listed per line, and each line consists of a colon-separated list where
the first field names the directory type (for example @code{sysconfdir})
they are not directories, the socket file names used by
@command{gpg-agent} and @command{dirmngr} are printed as well. Note
that the socket file names and the @code{homedir} lines are the default
-names and they may be overridden by command line switches.
+names and they may be overridden by command line switches. If
+@var{names} are given only the directories or file names specified by
+the list names are printed without any escaping.
@item --list-config [@var{filename}]
List the global configuration file in a colon separated format. If
Run a syntax check on the global configuration file. If @var{filename}
is given, check that file instead.
+
+@item --query-swdb @var{package_name} [@var{version_string}]
+Returns the current version for @var{package_name} and if
+@var{version_string} is given also an indicator on whether an update
+is available. The actual file with the software version is
+automatically downloaded and checked by @command{dirmngr}.
+@command{dirmngr} uses a thresholds to avoid download the file too
+often and it does this by default only if it can be done via Tor. To
+force an update of that file this command can be used:
+
+@example
+ gpg-connect-agent --dirmngr 'loadswdb --force' /bye
+@end example
+
+
@item --reload [@var{component}]
@opindex reload
-Reload all or the given component. This is basically the same as sending
-a SIGHUP to the component. Components which don't support reloading are
-ignored.
+Reload all or the given component. This is basically the same as
+sending a SIGHUP to the component. Components which don't support
+reloading are ignored. Without @var{component} or by using "all" for
+@var{component} all components which are daemons are reloaded.
@item --launch [@var{component}]
@opindex launch
@command{component} must be a daemon. This is in general not required
because the system starts these daemons as needed. However, external
software making direct use of @command{gpg-agent} or @command{dirmngr}
-may use this command to ensure that they are started.
+may use this command to ensure that they are started. Using "all" for
+@var{component} launches all components which are daemons.
@item --kill [@var{component}]
@opindex kill
Kill the given component. Components which support killing are
-gpg-agent and scdaemon. Components which don't support reloading are
-ignored. Note that as of now reload and kill have the same effect for
-scdaemon.
+@command{gpg-agent} and @command{scdaemon}. Components which don't
+support reloading are ignored. Using "all" for @var{component} kills
+all components running as daemons. Note that as of now reload and
+kill have the same effect for @command{scdaemon}.
+
+@item --create-socketdir
+@opindex create-socketdir
+Create a directory for sockets below /run/user or /var/run/user. This
+is command is only required if a non default home directory is used
+and the /run based sockets shall be used. For the default home
+directory GnUPG creates a directory on the fly.
+
+@item --remove-socketdir
+@opindex remove-socketdir
+Remove a directory created with command @option{--create-socketdir}.
@end table
This means that the changes will take effect at run-time, as far as
this is possible. Otherwise, they will take effect at the next start
of the respective backend programs.
+
+@item --status-fd @var{n}
+@opindex status-fd
+Write special status strings to the file descriptor @var{n}. This
+program returns the status messages SUCCESS or FAILURE which are
+helpful when the caller uses a double fork approach and can't easily
+get the return code of the process.
+
@manpause
@end table
that has the hexadecimal value @code{XY}. @code{X} and @code{Y} are
from the set @code{0-9a-f}.
-@item localised
-Some fields contain strings that are described to be @emph{localised}.
+@item localized
+Some fields contain strings that are described to be @emph{localized}.
Such strings are translated to the active language and formatted in
the active character set.
value and the empty string as value.
@item string list
-If the option takes a number argument and it can occur more than once,
+If the option takes a string argument and it can occur more than once,
then the option argument is either empty, or it is a comma-separated
list of string arguments as described above.
@end table
The command @code{--list-components} will list all components that can
be configured with @command{gpgconf}. Usually, one component will
correspond to one GnuPG-related program and contain the options of
-that programs configuration file that can be modified using
+that program's configuration file that can be modified using
@command{gpgconf}. However, this is not necessarily the case. A
component might also be a group of selected options from several
programs, or contain entirely virtual options that have a special
provide a menu with one entry for each component, or a window with one
tabulator sheet per component.
-The command argument @code{--list-components} lists all available
+The command @code{--list-components} lists all available
components, one per line. The format of each line is:
@code{@var{name}:@var{description}:@var{pgmname}:}
runnable. This also includes a syntax check of all config file options
of the program.
-The command argument @code{--check-programs} lists all available
+The command @code{--check-programs} lists all available
programs, one per line. The format of each line is:
@code{@var{name}:@var{description}:@var{pgmname}:@var{avail}:@var{okay}:@var{cfgfile}:@var{line}:@var{error}:}
into option groups to allow the GUI to give visual hints to the user
about which options are related.
-The command argument @code{@w{--list-options @var{component}}} lists
+The command @code{@w{--list-options @var{component}}} lists
all options (and the groups they belong to) in the component
@var{component}, one per line. @var{component} must be the string in
the field @var{name} in the output of the @code{--list-components}
option has a special meaning if no argument is given.
@item no change (128)
-If this flag is set, gpgconf ignores requests to change the value. GUI
-frontends should grey out this option. Note, that manual changes of the
-configuration files are still possible.
+If this flag is set, @command{gpgconf} ignores requests to change the
+value. GUI frontends should grey out this option. Note, that manual
+changes of the configuration files are still possible.
@end table
@item level
@item argname
This field is only defined for options with an argument type
@var{type} that is not @code{0}. In this case it may contain a
-@emph{percent-escaped} and @emph{localised string} that gives a short
+@emph{percent-escaped} and @emph{localized string} that gives a short
name for the argument. The field may also be empty, though, in which
case a short name is not known.
@item default
This field is defined only for options for which the @code{default} or
@code{default desc} flag is set. If the @code{default} flag is set,
-its format is that of an @emph{option argument} (@xref{Format
+its format is that of an @emph{option argument} (@pxref{Format
conventions}, for details). If the default value is empty, then no
default is known. Otherwise, the value specifies the default value
for this option. If the @code{default desc} flag is set, the field is
@item argdef
This field is defined only for options for which the @code{optional
arg} flag is set. If the @code{no arg desc} flag is not set, its
-format is that of an @emph{option argument} (@xref{Format
+format is that of an @emph{option argument} (@pxref{Format
conventions}, for details). If the default value is empty, then no
default is known. Otherwise, the value specifies the default argument
for this option. If the @code{no arg desc} flag is set, the field is
This describes a rule record. All rule records up to the next key record
make up a rule set for that key. The format of a rule record is:
- @code{r:::@var{component}:@var{option}:@var{flags}:@var{value}:}
+ @code{r:::@var{component}:@var{option}:@var{flag}:@var{value}:}
@table @var
@item component
no feature to change the global option file through @command{gpgconf}.
+@node Querying versions
+@subsection Get and compare software versions.
+
+The GnuPG Project operates a server to query the current versions of
+software packages related to GnuPG. @command{gpgconf} can be used to
+access this online database. To allow for offline operations, this
+feature works by having @command{dirmngr} download a file from
+@code{https://versions.gnupg.org}, checking the signature of that file
+and storing the file in the GnuPG home directory. If
+@command{gpgconf} is used and @command{dirmngr} is running, it may ask
+@command{dirmngr} to refresh that file before itself uses the file.
+
+The command @option{--query-swdb} returns information for the given
+package in a colon delimited format:
+
+@table @var
+
+@item name
+This is the name of the package as requested. Note that "gnupg" is a
+special name which is replaced by the actual package implementing this
+version of GnuPG. For this name it is also not required to specify a
+version because @command{gpgconf} takes its own version in this case.
+
+@item iversion
+The currently installed version or an empty string. The value is
+taken from the command line argument but may be provided by gpg
+if not given.
+
+@item status
+The status of the software package according to this table:
+@table @code
+@item -
+No information available. This is either because no current version
+has been specified or due to an error.
+@item ?
+The given name is not known in the online database.
+@item u
+An update of the software is available.
+@item c
+The installed version of the software is current.
+@item n
+The installed version is already newer than the released version.
+@end table
+
+@item urgency
+If the value (the empty string should be considered as zero) is
+greater than zero an important update is available.
+
+@item error
+This returns an @command{gpg-error} error code to distinguish between
+various failure modes.
+
+@item filedate
+This gives the date of the file with the version numbers in standard
+ISO format (@code{yyyymmddThhmmss}). The date has been extracted by
+@command{dirmngr} from the signature of the file.
+
+@item verified
+This gives the date in ISO format the file was downloaded. This value
+can be used to evaluate the freshness of the information.
+
+@item version
+This returns the version string for the requested software from the
+file.
+
+@item reldate
+This returns the release date in ISO format.
+
+@item size
+This returns the size of the package as decimal number of bytes.
+
+@item hash
+This returns a hexified SHA-2 hash of the package.
+
+@end table
+
+@noindent
+More fields may be added in future to the output.
+
@mansect files
@node Files used by gpgconf
If this file exists, it is processed as a global configuration file.
A commented example can be found in the @file{examples} directory of
the distribution.
+
+@item @var{GNUPGHOME}/swdb.lst
+@cindex swdb.lst
+ A file with current software versions. @command{dirmngr} creates
+ this file on demand from an online resource.
+
@end table
@c
@manpage applygnupgdefaults.8
@node applygnupgdefaults
-@section Run gpgconf for all users.
+@section Run gpgconf for all users
@ifset manverb
.B applygnupgdefaults
\- Run gpgconf --apply-defaults for all users.
command @code{--apply-defaults} for all real users with an existing
GnuPG home directory. Admins might want to use this script to update he
GnuPG configuration files for all users after
-@file{/etc/gnupg/gpgconf.conf} has been changed. This allows to enforce
-certain policies for all users. Note, that this is not a bulletproof of
-forcing a user to use certain options. A user may always directly edit
+@file{/etc/gnupg/gpgconf.conf} has been changed. This allows enforcing
+certain policies for all users. Note, that this is not a bulletproof way to
+force a user to use certain options. A user may always directly edit
the configuration files and bypass gpgconf.
@noindent
@c GPG-PRESET-PASSPHRASE
@c
@node gpg-preset-passphrase
-@section Put a passphrase into the cache.
+@section Put a passphrase into the cache
@manpage gpg-preset-passphrase.1
@ifset manverb
.B gpg-preset-passphrase
may not be used and the passphrases for the to be used keys are given at
machine startup.
+This program works with GnuPG 2 and later. GnuPG 1.x is not supported.
+
Passphrases set with this utility don't expire unless the
@option{--forget} option is used to explicitly clear them from the
cache --- or @command{gpg-agent} is either restarted or reloaded (by
@manpause
@node Invoking gpg-preset-passphrase
-@subsection List of all commands and options.
+@subsection List of all commands and options
@mancont
@noindent
@var{cacheid} is either a 40 character keygrip of hexadecimal
characters identifying the key for which the passphrase should be set
or cleared. The keygrip is listed along with the key when running the
-command: @code{gpgsm --dump-secret-keys}. Alternatively an arbitrary
-string may be used to identify a passphrase; it is suggested that such
-a string is prefixed with the name of the application (e.g
-@code{foo:12346}).
+command: @code{gpgsm --with-keygrip --list-secret-keys}.
+Alternatively an arbitrary string may be used to identify a
+passphrase; it is suggested that such a string is prefixed with the
+name of the application (e.g @code{foo:12346}). Scripts should always
+use the option @option{--with-colons}, which provides the keygrip in a
+"grp" line (cf. @file{doc/DETAILS})/
@noindent
One of the following command options must be given:
@c GPG-CONNECT-AGENT
@c
@node gpg-connect-agent
-@section Communicate with a running agent.
+@section Communicate with a running agent
@manpage gpg-connect-agent.1
@ifset manverb
.B gpg-connect-agent
@mansect description
The @command{gpg-connect-agent} is a utility to communicate with a
running @command{gpg-agent}. It is useful to check out the commands
-gpg-agent provides using the Assuan interface. It might also be useful
-for scripting simple applications. Input is expected at stdin and out
-put gets printed to stdout.
+@command{gpg-agent} provides using the Assuan interface. It might
+also be useful for scripting simple applications. Input is expected
+at stdin and output gets printed to stdout.
It is very similar to running @command{gpg-agent} in server mode; but
here we connect to a running instance.
@manpause
@node Invoking gpg-connect-agent
-@subsection List of all options.
+@subsection List of all options
@noindent
@command{gpg-connect-agent} is invoked this way:
@itemx --exec
@opindex exec
Take the rest of the command line as a program and it's arguments and
-execute it as an assuan server. Here is how you would run @command{gpgsm}:
+execute it as an Assuan server. Here is how you would run @command{gpgsm}:
@smallexample
gpg-connect-agent --exec gpgsm --server
@end smallexample
@item --no-ext-connect
@opindex no-ext-connect
When using @option{-S} or @option{--exec}, @command{gpg-connect-agent}
-connects to the assuan server in extended mode to allow descriptor
+connects to the Assuan server in extended mode to allow descriptor
passing. This option makes it use the old mode.
@item --no-autostart
@mansect control commands
@node Controlling gpg-connect-agent
-@subsection Control commands.
+@subsection Control commands
While reading Assuan commands, gpg-agent also allows a few special
commands to control its operation. These control commands all start
Run commands from @var{file}.
@item /bye
-Terminate the connection and the program
+Terminate the connection and the program.
@item /help
Print a list of available control commands.
@item --force-default-responder
@opindex force-default-responder
-When checking using the OCSP protocl, force the use of the default OCSP
+When checking using the OCSP protocol, force the use of the default OCSP
responder. That is not to use the Reponder as given by the certificate.
@item --ping
@c SYMCRYPTRUN
@c
@node symcryptrun
-@section Call a simple symmetric encryption tool.
+@section Call a simple symmetric encryption tool
@manpage symcryptrun.1
@ifset manverb
.B symcryptrun
@end ifset
@mansect description
-Sometimes simple encryption tools are already in use for a long time and
-there might be a desire to integrate them into the GnuPG framework. The
-protocols and encryption methods might be non-standard or not even
-properly documented, so that a full-fledged encryption tool with an
-interface like gpg is not doable. @command{symcryptrun} provides a
-solution: It operates by calling the external encryption/decryption
-module and provides a passphrase for a key using the standard
-@command{pinentry} based mechanism through @command{gpg-agent}.
+Sometimes simple encryption tools are already in use for a long time
+and there might be a desire to integrate them into the GnuPG
+framework. The protocols and encryption methods might be non-standard
+or not even properly documented, so that a full-fledged encryption
+tool with an interface like @command{gpg} is not doable.
+@command{symcryptrun} provides a solution: It operates by calling the
+external encryption/decryption module and provides a passphrase for a
+key using the standard @command{pinentry} based mechanism through
+@command{gpg-agent}.
Note, that @command{symcryptrun} is only available if GnuPG has been
configured with @samp{--enable-symcryptrun} at build time.
@manpause
@node Invoking symcryptrun
-@subsection List of all commands and options.
+@subsection List of all commands and options
@noindent
@command{symcryptrun} is invoked this way:
@item --log-file @var{file}
@opindex log-file
-Append all logging output to @var{file}. Default is to write logging
-information to STDERR.
+Append all logging output to @var{file}. Use @file{socket://} to log
+to socket. Default is to write logging information to STDERR.
@end table
@item 0
Success.
@item 1
- Some error occured.
+ Some error occurred.
@item 2
No valid passphrase was provided.
@item 3
@c
-@c GPG-ZIP
+@c GPGTAR
@c
-@c The original manpage on which this section is based was written
-@c by Colin Tuckley <colin@tuckley.org> and Daniel Leidert
-@c <daniel.leidert@wgdd.de> for the Debian distribution (but may be used by
-@c others).
-@manpage gpg-zip.1
-@node gpg-zip
+@manpage gpgtar.1
+@node gpgtar
@section Encrypt or sign files into an archive
@ifset manverb
-.B gpg-zip \- Encrypt or sign files into an archive
+.B gpgtar
+\- Encrypt or sign files into an archive
@end ifset
@mansect synopsis
@ifset manverb
-.B gpg-zip
+.B gpgtar
.RI [ options ]
.I filename1
.I [ filename2, ... ]
@end ifset
@mansect description
-@command{gpg-zip} encrypts or signs files into an archive. It is an
+@command{gpgtar} encrypts or signs files into an archive. It is an
gpg-ized tar using the same format as used by PGP's PGP Zip.
@manpause
@noindent
-@command{gpg-zip} is invoked this way:
+@command{gpgtar} is invoked this way:
@example
-gpg-zip [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...]
+gpgtar [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...]
@end example
@mansect options
@noindent
-@command{gpg-zip} understands these options:
+@command{gpgtar} understands these options:
@table @gnupgtabopt
+@item --create
+@opindex create
+Put given files and directories into a vanilla ``ustar'' archive.
+
+@item --extract
+@opindex extract
+Extract all files from a vanilla ``ustar'' archive.
+
@item --encrypt
@itemx -e
@opindex encrypt
-Encrypt data. This option may be combined with @option{--symmetric} (for output that may be decrypted via a secret key or a passphrase).
+Encrypt given files and directories into an archive. This option may
+be combined with option @option{--symmetric} for an archive that may
+be decrypted via a secret key or a passphrase.
@item --decrypt
@itemx -d
@opindex decrypt
-Decrypt data.
+Extract all files from an encrypted archive.
+
+@item --sign
+@itemx -s
+Make a signed archive from the given files and directories. Thsi can
+be combined with option @option{--encrypt} to create a signed and then
+encrypted archive.
+
+@item --list-archive
+@itemx -t
+@opindex list-archive
+List the contents of the specified archive.
@item --symmetric
@itemx -c
Encrypt with a symmetric cipher using a passphrase. The default
-symmetric cipher used is CAST5, but may be chosen with the
+symmetric cipher used is @value{GPGSYMENCALGO}, but may be chosen with the
@option{--cipher-algo} option to @command{gpg}.
-@item --sign
-@itemx -s
-Make a signature. See @command{gpg}.
-
@item --recipient @var{user}
@itemx -r @var{user}
@opindex recipient
-Encrypt for user id @var{user}. See @command{gpg}.
+Encrypt for user id @var{user}. For details see @command{gpg}.
@item --local-user @var{user}
@itemx -u @var{user}
@opindex local-user
-Use @var{user} as the key to sign with. See @command{gpg}.
-
-@item --list-archive
-@opindex list-archive
-List the contents of the specified archive.
+Use @var{user} as the key to sign with. For details see @command{gpg}.
@item --output @var{file}
@itemx -o @var{file}
@opindex output
-Write output to specified file @var{file}.
+Write the archive to the specified file @var{file}.
+
+@item --verbose
+@itemx -v
+@opindex verbose
+Enable extra informational output.
+
+@item --quiet
+@itemx -q
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --skip-crypto
+@opindex skip-crypto
+Skip all crypto operations and create or extract vanilla ``ustar''
+archives.
+
+@item --dry-run
+@opindex dry-run
+Do not actually output the extracted files.
+
+@item --directory @var{dir}
+@itemx -C @var{dir}
+@opindex directory
+Extract the files into the directory @var{dir}. The
+default is to take the directory name from
+the input filename. If no input filename is known a directory named
+@file{GPGARCH} is used.
+
+@item --files-from @var{file}
+@itemx -T @var{file}
+Take the file names to work from the file @var{file}; one file per
+line.
+
+@item --null
+@opindex null
+Modify option @option{--files-from} to use a binary nul instead of a
+linefeed to separate file names.
+
+@item --openpgp
+@opindex openpgp
+This option has no effect becuase OpenPGP encryption and signing is
+the default.
+
+@item --cms
+@opindex cms
+This option is reserved and shall not be used. It will eventually be
+used to encrypt or sign using the CMS protocol; but that is not yet
+implemented.
+
+
+@item --set-filename @var{file}
+@opindex set-filename
+Use the last component of @var{file} as the output directory. The
+default is to take the directory name from the input filename. If no
+input filename is known a directory named @file{GPGARCH} is used.
+This option is deprecated in favor of option @option{--directory}.
@item --gpg @var{gpgcmd}
@opindex gpg
@item --gpg-args @var{args}
@opindex gpg-args
-Pass the specified options to @command{gpg}.
-
-@item --tar @var{tarcmd}
-@opindex tar
-Use the specified command @var{tarcmd} instead of @command{tar}.
+Pass the specified extra options to @command{gpg}.
@item --tar-args @var{args}
@opindex tar-args
-Pass the specified options to @command{tar}.
+Assume @var{args} are standard options of the command @command{tar}
+and parse them. The only supported tar options are "--directory",
+"--files-from", and "--null" This is an obsolete options because those
+supported tar options can also be given directly.
@item --version
@opindex version
@file{test1}:
@example
-gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs
+gpgtar --encrypt --output test1 -r Bob mydocs
@end example
@noindent
List the contents of archive @file{test1}:
@example
-gpg-zip --list-archive test1
+gpgtar --list-archive test1
@end example
@command{tar}(1),
@end ifset
@include see-also-note.texi
-
-
-@c
-@c GPGKEY2SSH
-@c
-@manpage gpgkey2ssh.1
-@node gpgkey2ssh
-@section Emit GPG public keys in OpenSSH format
-@ifset manverb
-.B gpgkey2ssh \- Emit GPG public keys in OpenSSH format
-@end ifset
-
-@mansect synopsis
-@ifset manverb
-.B gpgkey2ssh
-.I keyid
-@end ifset
-
-@mansect description
-This tool is deprecated and will be removed soon.
-
-@command{gpgkey2ssh} emits the public key of an OpenPGP RSA or DSA key
-in a format readable by OpenSSH clients and servers.
-
-It takes only a single argument, a key ID, which designates the
-primary key or subkey whose public key should be converted.
-
-The key ID should use upper-case (A-F, not a-f) for all hex digits
-greater than 9, and the key in question must be present in
-@code{gpg}'s public keyring.
-
-The output of a successful run can be used verbatim as an entry in an
-@code{authorized_keys} file for @code{sshd}, or can be prefixed with a
-host name and appended to a @code{known_hosts} file for @code{ssh}.
-
-@mansect return value
-
-The program returns 0 if the key was successfully converted and
-non-zero if there was an error (e.g., if the key ID was malformed, the
-key was not present in the public keyring, or if the key is not an RSA
-or DSA key).
-
-@mansect environment
-@subsection Environment
-
-@table @asis
-
-@item HOME
-Used to locate the default home directory.
-
-@item GNUPGHOME
-If set directory used instead of "~/.gnupg".
-
-@end table
-
-@mansect files
-@subsection FILES
-
-@table @asis
-
-@item gpg2
-The command used to search the user's keyring.
-
-@end table
-
-@mansect see also
-@ifset isman
-@command{gpg2}(1),
-@command{sshd}(8),
-@command{ssh}(1)
-@end ifset
-@include see-also-note.texi