pgpk - Public and Private key management for PGP.


SYNOPSIS

       pgpk  [-a  keyfile  ...  |  -c  [userid]]  | -d <userid> |
       -e <userid> | -g | -l[l] [userid] | --revoke[s] <userid> |
       -r[u|s]   <userid>   |   -s   <userid>   [-u  <yourid>]  |
       -x <userid>] [-o <outfile>] [-z]



DESCRIPTION

       pgpk Manages public and  private  keys  for  PGP.   Unlike
       other  PGP applications, pgpk is stream based and not file
       based; if no files are specified,  stdin  and  stdout  are
       used.


OPTIONS

       All  configuration options can be controlled from the com-
       mand line.  See pgp.cfg(5) for a complete list and how  to
       specify them.


       -a [keyfile]
              Adds  the  contents of keyfile to your keyring.  If
              keyfile is  not  specified,  input  is  taken  from
              stdin.   Keyfile  may also be an URL; the supported
              protocols are hkp (Horowitz Key Protocol), http and
              finger.   To  add  foo@bar.baz.com's  key  to  your
              keyring from PGP, Inc's server, for example, enter:

              pgpk -a hkp://keys.pgp.com/foo@bar.baz.com

              If foo@bar.baz.com has his key in his finger infor-
              mation, you could add that with:

              pgpk -a finger://bar.baz.com/foo

              If foo@bar.baz.com has his key on his web page, you
              could add that with:

              pgpk -a http://www.baz.com/foo/DSSkey.html

              If  the  Keyfile  is  not  obviously a filename (it
              doesn't begin with "/"  or  "./")  and  it  doesn't
              exist  as  a readable file, an attempt will be made
              to fetch it from your default keyserver  using  the
              Horowitz  Key Protocol.  (See pgp.cfg(5) for infor-
              mation on setting  your  default  keyserver).   For
              example,  if there is no file named foo@bar.baz.com
              readable in the current directory,

              pgpk -a foo@bar.baz.com

              security risk (as it could potentially leak  infor-
              mation about the files on your system if you make a
              typing error).  Use the GetNotFoundKeyFiles config-
              uration option to disable this behavior.

       -c [userid]
              Checks  the  signatures  of all keys on your public
              keyring.  If [userid] is specified, only the signa-
              tures  on  that key are checked.  This command per-
              forms pgpk -ll on all specified keys, then  outputs
              an  explicit listing of trust and validity for each
              key.  Trust is the amount of trust placed  in  each
              key  as  an  introducer.  Validity is the certainty
              that the key and user  ID  belong  together.   Both
              this command and the long listing function output a
              leading column which succinctly describes the  con-
              dition of the key.

              The possible leading columns can have the following
              first three character values:

              pub A public key
              ret A revoked key
              sec A secret key
              sub A sub-key (in 5.0, this  is  always  a  Diffie-
              Hellman key)
              SIG A signature issued by a public key to which you
              have thecorresponding private key (i.e., your key)
              sig A signature issued by a public key to which you
              do  NOT  have  the corresponding private key (i.e.,
              someone else's key)
              uid A user ID

              Following this column is a single  character  which
              describes other attributes of the object:

              %  The object is not valid (it does not have enough
              trusted signatures)
              ?  No information is  available  about  the  object
              (generally  because  it  is  a signature from a key
              that is not on your keyring)
              !  The object has been checked
              * The object has been tried
              @ The object is disabled
              + The object is axiomatically trusted  (i.e.,  it's
              your key)

       -d <userid>
              Toggles  the  disablement of <userid>'s key on your
              public keyring.

       -e <userid>
              If it is someone else's key, it allows you to  edit
              the trust you have in that person as an introducer.

       -g     Generate a public/private key pair.

       -l[l] [userid]
              Lists information about  a  key.   -ll  lists  more
              information about a key.  If [userid] is specified,
              that  key  is  listed.   Otherwise,  all  keys  are
              listed.   See -c, above, for more information about
              the long format.

       -o outfile
              Specifies that output should go to outfile.  If not
              specified,  output  goes  to stdout.  If the output
              file is from a key extraction (see -x, below),  you
              may  specify  an  hkp  (Horowitz Key Protocol) URL.
              For   example:   pgpk   -x    foo@bar.baz.com    -o
              hkp://keys.pgp.com would send foo@bar.baz.com's key
              to the PGP, Inc. public key server.

       --revoke <userid>
              Permanately revokes the key specified.  There is no
              way  to  undo  this,  so  don't play with it if you
              don't mean it.

       --revokes <userid>
              Permanently revokes your signature (if any) on  the
              key specified.

       -r <userid>
              Removes  <userid>'s  key  from your public keyring,
              and your private as well, if it's there.

       -ru <userid>
              Removes the given userid from your public and  pri-
              vate keyrings.

       -rs <userid>
              Removes   the  given  signature  from  your  public
              keyring.

       -s <userid> [-u <yourid>]
              Signs <userid>'s key with your default signing key.
              If -u is specified, uses that key, instead.

       -x <userid>
              Extracts  the  specified key in ASCII-armored form.
              -x <userid>

       -z     Batch mode.  See pgp-integration(7) for  a  discus-
              sion  of integrating pgp support into your applica-

       pgpk -g Generates a key.


FILES

       ~/.pgp/pgp.cfg
              User-specific  configuration  file.   In   previous
              releases,  this  file  was  called config.txt.  See
              pgp.cfg(5) for further details.


BUGS

              See pgp(1).


SEE ALSO

       pgp(1),    pgpv(1),    pgpe(1),    pgps(1),    pgp.cfg(5),
       pgp-integration(7),  http://www.pgp.com  (US versions) and
       http://www.pgpi.com (International versions)






































Man(1) output converted with man2html