* dirmngr-client:: How to use the Dirmngr client tool.
* gpgparsemail:: Parse a mail message into an annotated format
* symcryptrun:: Call a simple symmetric encryption tool.
-* gpg-zip:: Encrypt or sign files into an archive.
+* gpgtar:: Encrypt or sign files into an archive.
@end menu
@c
@command{watchgnupg} is commonly invoked as
@example
-watchgnupg --force ~/.gnupg/S.log
+watchgnupg --force $(gpgconf --list-dirs socketdir)/S.log
@end example
@manpause
@noindent
-This starts it on the current terminal for listening on the socket
-@file{~/.gnupg/S.log}.
+This starts it on the current terminal for listening on the standard
+logging socket (which is either @file{~/.gnupg/S.log} or
+@file{/var/run/user/UID/gnupg/S.log}).
@mansect options
@noindent
Instead of reading from a local socket, listen for connects on TCP port
@var{n}.
+@item --time-only
+@opindex time-only
+Do not print the date part of the timestamp.
+
@item --verbose
@opindex verbose
Enable extra informational output.
@chapheading Examples
@example
-$ watchgnupg --force /home/foo/.gnupg/S.log
+$ watchgnupg --force --time-only $(gpgconf --list-dirs socketdir)/S.log
@end example
This waits for connections on the local socket
-@file{/home/foo/.gnupg/S.log} and shows all log entries. To make this
-work the option @option{log-file} needs to be used with all modules
-which logs are to be shown. The value for that option must be given
-with a special prefix (e.g. in the conf files):
+(e.g. @file{/home/foo/.gnupg/S.log}) and shows all log entries. To
+make this work the option @option{log-file} needs to be used with all
+modules which logs are to be shown. The suggested entry for the
+configuration files is:
@example
-log-file socket:///home/foo/.gnupg/S.log
+log-file socket://
@end example
-If only @code{socket://} is used a default socket file named
-@file{S.log} in the standard socket directory is used.
+If the default socket as given above and returned by "echo $(gpgconf
+--list-dirs socketdir)/S.log" is not desired an arbitrary socket name
+can be specified, for example @file{socket:///home/foo/bar/mysocket}.
For debugging purposes it is also possible to do remote logging. Take
care if you use this feature because the information is send in the
clear over the network. Use this syntax in the conf files:
log-file tcp://192.168.1.1:4711
@end example
-You may use any port and not just 4711 as shown above; only IP addresses
-are supported (v4 and v6) and no host names. You need to start
-@command{watchgnupg} with the @option{tcp} option. Note that under
-Windows the registry entry @var{HKCU\Software\GNU\GnuPG:DefaultLogFile}
-can be used to change the default log output from @code{stderr} to
-whatever is given by that entry. However the only useful entry is a TCP
-name for remote debugging.
+You may use any port and not just 4711 as shown above; only IP
+addresses are supported (v4 and v6) and no host names. You need to
+start @command{watchgnupg} with the @option{tcp} option. Note that
+under Windows the registry entry
+@var{HKCU\Software\GNU\GnuPG:DefaultLogFile} can be used to change the
+default log output from @code{stderr} to whatever is given by that
+entry. However the only useful entry is a TCP name for remote
+debugging.
@mansect see also
@item --reload [@var{component}]
@opindex reload
-Reload all or the given component. This is basically the same as sending
-a SIGHUP to the component. Components which don't support reloading are
-ignored.
+Reload all or the given component. This is basically the same as
+sending a SIGHUP to the component. Components which don't support
+reloading are ignored. Without @var{component} or by using "all" for
+@var{component} all components which are daemons are reloaded.
@item --launch [@var{component}]
@opindex launch
@command{component} must be a daemon. This is in general not required
because the system starts these daemons as needed. However, external
software making direct use of @command{gpg-agent} or @command{dirmngr}
-may use this command to ensure that they are started.
+may use this command to ensure that they are started. Using "all" for
+@var{component} launches all components which are daemons.
@item --kill [@var{component}]
@opindex kill
Kill the given component. Components which support killing are
@command{gpg-agent} and @command{scdaemon}. Components which don't
-support reloading are ignored. Note that as of now reload and kill
-have the same effect for @command{scdaemon}.
+support reloading are ignored. Using "all" for @var{component} kills
+all components running as daemons. Note that as of now reload and
+kill have the same effect for @command{scdaemon}.
@item --create-socketdir
@opindex create-socketdir
This means that the changes will take effect at run-time, as far as
this is possible. Otherwise, they will take effect at the next start
of the respective backend programs.
+
+@item --status-fd @var{n}
+@opindex status-fd
+Write special status strings to the file descriptor @var{n}. This
+program returns the status messages SUCCESS or FAILURE which are
+helpful when the caller uses a double fork approach and can't easily
+get the return code of the process.
+
@manpause
@end table
may not be used and the passphrases for the to be used keys are given at
machine startup.
+This program works with GnuPG 2 and later. GnuPG 1.x is not supported.
+
Passphrases set with this utility don't expire unless the
@option{--forget} option is used to explicitly clear them from the
cache --- or @command{gpg-agent} is either restarted or reloaded (by
@var{cacheid} is either a 40 character keygrip of hexadecimal
characters identifying the key for which the passphrase should be set
or cleared. The keygrip is listed along with the key when running the
-command: @code{gpgsm --dump-secret-keys}. Alternatively an arbitrary
-string may be used to identify a passphrase; it is suggested that such
-a string is prefixed with the name of the application (e.g
-@code{foo:12346}).
+command: @code{gpgsm --with-keygrip --list-secret-keys}.
+Alternatively an arbitrary string may be used to identify a
+passphrase; it is suggested that such a string is prefixed with the
+name of the application (e.g @code{foo:12346}). Scripts should always
+use the option @option{--with-colons}, which provides the keygrip in a
+"grp" line (cf. @file{doc/DETAILS})/
@noindent
One of the following command options must be given:
@c
-@c GPG-ZIP
+@c GPGTAR
@c
-@c The original manpage on which this section is based was written
-@c by Colin Tuckley <colin@tuckley.org> and Daniel Leidert
-@c <daniel.leidert@wgdd.de> for the Debian distribution (but may be used by
-@c others).
-@manpage gpg-zip.1
-@node gpg-zip
+@manpage gpgtar.1
+@node gpgtar
@section Encrypt or sign files into an archive
@ifset manverb
-.B gpg-zip
+.B gpgtar
\- Encrypt or sign files into an archive
@end ifset
@mansect synopsis
@ifset manverb
-.B gpg-zip
+.B gpgtar
.RI [ options ]
.I filename1
.I [ filename2, ... ]
@end ifset
@mansect description
-@command{gpg-zip} encrypts or signs files into an archive. It is an
+@command{gpgtar} encrypts or signs files into an archive. It is an
gpg-ized tar using the same format as used by PGP's PGP Zip.
@manpause
@noindent
-@command{gpg-zip} is invoked this way:
+@command{gpgtar} is invoked this way:
@example
-gpg-zip [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...]
+gpgtar [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...]
@end example
@mansect options
@noindent
-@command{gpg-zip} understands these options:
+@command{gpgtar} understands these options:
@table @gnupgtabopt
+@item --create
+@opindex create
+Put given files and directories into a vanilla ``ustar'' archive.
+
+@item --extract
+@opindex extract
+Extract all files from a vanilla ``ustar'' archive.
+
@item --encrypt
@itemx -e
@opindex encrypt
-Encrypt data. This option may be combined with @option{--symmetric} (for output that may be decrypted via a secret key or a passphrase).
+Encrypt given files and directories into an archive. This option may
+be combined with option @option{--symmetric} for an archive that may
+be decrypted via a secret key or a passphrase.
@item --decrypt
@itemx -d
@opindex decrypt
-Decrypt data.
+Extract all files from an encrypted archive.
+
+@item --sign
+@itemx -s
+Make a signed archive from the given files and directories. Thsi can
+be combined with option @option{--encrypt} to create a signed and then
+encrypted archive.
+
+@item --list-archive
+@itemx -t
+@opindex list-archive
+List the contents of the specified archive.
@item --symmetric
@itemx -c
Encrypt with a symmetric cipher using a passphrase. The default
-symmetric cipher used is CAST5, but may be chosen with the
+symmetric cipher used is @value{GPGSYMENCALGO}, but may be chosen with the
@option{--cipher-algo} option to @command{gpg}.
-@item --sign
-@itemx -s
-Make a signature. See @command{gpg}.
-
@item --recipient @var{user}
@itemx -r @var{user}
@opindex recipient
-Encrypt for user id @var{user}. See @command{gpg}.
+Encrypt for user id @var{user}. For details see @command{gpg}.
@item --local-user @var{user}
@itemx -u @var{user}
@opindex local-user
-Use @var{user} as the key to sign with. See @command{gpg}.
-
-@item --list-archive
-@opindex list-archive
-List the contents of the specified archive.
+Use @var{user} as the key to sign with. For details see @command{gpg}.
@item --output @var{file}
@itemx -o @var{file}
@opindex output
-Write output to specified file @var{file}.
+Write the archive to the specified file @var{file}.
+
+@item --verbose
+@itemx -v
+@opindex verbose
+Enable extra informational output.
+
+@item --quiet
+@itemx -q
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --skip-crypto
+@opindex skip-crypto
+Skip all crypto operations and create or extract vanilla ``ustar''
+archives.
+
+@item --dry-run
+@opindex dry-run
+Do not actually output the extracted files.
+
+@item --directory @var{dir}
+@itemx -C @var{dir}
+@opindex directory
+Extract the files into the directory @var{dir}. The
+default is to take the directory name from
+the input filename. If no input filename is known a directory named
+@file{GPGARCH} is used.
+
+@item --files-from @var{file}
+@itemx -T @var{file}
+Take the file names to work from the file @var{file}; one file per
+line.
+
+@item --null
+@opindex null
+Modify option @option{--files-from} to use a binary nul instead of a
+linefeed to separate file names.
+
+@item --openpgp
+@opindex openpgp
+This option has no effect becuase OpenPGP encryption and signing is
+the default.
+
+@item --cms
+@opindex cms
+This option is reserved and shall not be used. It will eventually be
+used to encrypt or sign using the CMS protocol; but that is not yet
+implemented.
+
+
+@item --set-filename @var{file}
+@opindex set-filename
+Use the last component of @var{file} as the output directory. The
+default is to take the directory name from the input filename. If no
+input filename is known a directory named @file{GPGARCH} is used.
+This option is deprecated in favor of option @option{--directory}.
@item --gpg @var{gpgcmd}
@opindex gpg
@item --gpg-args @var{args}
@opindex gpg-args
-Pass the specified options to @command{gpg}.
-
-@item --tar @var{tarcmd}
-@opindex tar
-Use the specified command @var{tarcmd} instead of @command{tar}.
+Pass the specified extra options to @command{gpg}.
@item --tar-args @var{args}
@opindex tar-args
-Pass the specified options to @command{tar}.
+Assume @var{args} are standard options of the command @command{tar}
+and parse them. The only supported tar options are "--directory",
+"--files-from", and "--null" This is an obsolete options because those
+supported tar options can also be given directly.
@item --version
@opindex version
@file{test1}:
@example
-gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs
+gpgtar --encrypt --output test1 -r Bob mydocs
@end example
@noindent
List the contents of archive @file{test1}:
@example
-gpg-zip --list-archive test1
+gpgtar --list-archive test1
@end example
projects / platform / upstream / gpg2.git / blobdiff