pgpk - Public and Private key management for PGP.
SYNOPSIS
pgpk [-a keyfile ... | -c [userid]] | -d <userid> |
-e <userid> | -g | -l[l] [userid] | --revoke[s] <userid> |
-r[u|s] <userid> | -s <userid> [-u <yourid>] |
-x <userid>] [-o <outfile>] [-z]
DESCRIPTION
pgpk Manages public and private keys for PGP. Unlike
other PGP applications, pgpk is stream based and not file
based; if no files are specified, stdin and stdout are
used.
OPTIONS
All configuration options can be controlled from the com-
mand line. See pgp.cfg(5) for a complete list and how to
specify them.
-a [keyfile]
Adds the contents of keyfile to your keyring. If
keyfile is not specified, input is taken from
stdin. Keyfile may also be an URL; the supported
protocols are hkp (Horowitz Key Protocol), http and
finger. To add foo@bar.baz.com's key to your
keyring from PGP, Inc's server, for example, enter:
pgpk -a hkp://keys.pgp.com/foo@bar.baz.com
If foo@bar.baz.com has his key in his finger infor-
mation, you could add that with:
pgpk -a finger://bar.baz.com/foo
If foo@bar.baz.com has his key on his web page, you
could add that with:
pgpk -a http://www.baz.com/foo/DSSkey.html
If the Keyfile is not obviously a filename (it
doesn't begin with "/" or "./") and it doesn't
exist as a readable file, an attempt will be made
to fetch it from your default keyserver using the
Horowitz Key Protocol. (See pgp.cfg(5) for infor-
mation on setting your default keyserver). For
example, if there is no file named foo@bar.baz.com
readable in the current directory,
pgpk -a foo@bar.baz.com
security risk (as it could potentially leak infor-
mation about the files on your system if you make a
typing error). Use the GetNotFoundKeyFiles config-
uration option to disable this behavior.
-c [userid]
Checks the signatures of all keys on your public
keyring. If [userid] is specified, only the signa-
tures on that key are checked. This command per-
forms pgpk -ll on all specified keys, then outputs
an explicit listing of trust and validity for each
key. Trust is the amount of trust placed in each
key as an introducer. Validity is the certainty
that the key and user ID belong together. Both
this command and the long listing function output a
leading column which succinctly describes the con-
dition of the key.
The possible leading columns can have the following
first three character values:
pub A public key
ret A revoked key
sec A secret key
sub A sub-key (in 5.0, this is always a Diffie-
Hellman key)
SIG A signature issued by a public key to which you
have thecorresponding private key (i.e., your key)
sig A signature issued by a public key to which you
do NOT have the corresponding private key (i.e.,
someone else's key)
uid A user ID
Following this column is a single character which
describes other attributes of the object:
% The object is not valid (it does not have enough
trusted signatures)
? No information is available about the object
(generally because it is a signature from a key
that is not on your keyring)
! The object has been checked
* The object has been tried
@ The object is disabled
+ The object is axiomatically trusted (i.e., it's
your key)
-d <userid>
Toggles the disablement of <userid>'s key on your
public keyring.
-e <userid>
If it is someone else's key, it allows you to edit
the trust you have in that person as an introducer.
-g Generate a public/private key pair.
-l[l] [userid]
Lists information about a key. -ll lists more
information about a key. If [userid] is specified,
that key is listed. Otherwise, all keys are
listed. See -c, above, for more information about
the long format.
-o outfile
Specifies that output should go to outfile. If not
specified, output goes to stdout. If the output
file is from a key extraction (see -x, below), you
may specify an hkp (Horowitz Key Protocol) URL.
For example: pgpk -x foo@bar.baz.com -o
hkp://keys.pgp.com would send foo@bar.baz.com's key
to the PGP, Inc. public key server.
--revoke <userid>
Permanately revokes the key specified. There is no
way to undo this, so don't play with it if you
don't mean it.
--revokes <userid>
Permanently revokes your signature (if any) on the
key specified.
-r <userid>
Removes <userid>'s key from your public keyring,
and your private as well, if it's there.
-ru <userid>
Removes the given userid from your public and pri-
vate keyrings.
-rs <userid>
Removes the given signature from your public
keyring.
-s <userid> [-u <yourid>]
Signs <userid>'s key with your default signing key.
If -u is specified, uses that key, instead.
-x <userid>
Extracts the specified key in ASCII-armored form.
-x <userid>
-z Batch mode. See pgp-integration(7) for a discus-
sion of integrating pgp support into your applica-
pgpk -g Generates a key.
FILES
~/.pgp/pgp.cfg
User-specific configuration file. In previous
releases, this file was called config.txt. See
pgp.cfg(5) for further details.
BUGS
See pgp(1).
SEE ALSO
pgp(1), pgpv(1), pgpe(1), pgps(1), pgp.cfg(5),
pgp-integration(7), http://www.pgp.com (US versions) and
http://www.pgpi.com (International versions)
Man(1) output converted with
man2html