Using the GNU Privacy Guard Version 2.0.29 September 2015 Werner Koch ([email protected]) This is the The GNU Privacy Guard Manual (version 2.0.29, September 2015). Published by the Free Software Foundation 51 Franklin St, Fifth Floor Boston, MA 02110-1301 USA Copyright c 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. The text of the license can be found in the section entitled \Copying". i Short Contents 1 A short installation guide. :::::::::::::::::::::::::::::: 1 2 Invoking GPG-AGENT :::::::::::::::::::::::::::::::: 3 3 Invoking GPG ::::::::::::::::::::::::::::::::::::::: 21 4 Invoking GPGSM :::::::::::::::::::::::::::::::::::: 67 5 Invoking the SCDAEMON ::::::::::::::::::::::::::::: 85 6 How to Specify a User Id :::::::::::::::::::::::::::::: 93 7 Helper Tools :::::::::::::::::::::::::::::::::::::::: 97 8 How to do certain things ::::::::::::::::::::::::::::: 117 9 Notes pertaining to certain OSes. :::::::::::::::::::::: 123 10 How to solve problems ::::::::::::::::::::::::::::::: 125 GNU General Public License :::::::::::::::::::::::::::::: 129 Contributors to GnuPG :::::::::::::::::::::::::::::::::: 141 Glossary :::::::::::::::::::::::::::::::::::::::::::::: 143 Option Index :::::::::::::::::::::::::::::::::::::::::: 145 Index ::::::::::::::::::::::::::::::::::::::::::::::::: 151 ii Using the GNU Privacy Guard iii Table of Contents 1 A short installation guide. ::::::::::::::::::::: 1 1.1 Installation Overview::::::::::::::::::::::::::::::::::::::::::: 2 2 Invoking GPG-AGENT :::::::::::::::::::::::: 3 2.1 Commands::::::::::::::::::::::::::::::::::::::::::::::::::::: 3 2.2 Option Summary::::::::::::::::::::::::::::::::::::::::::::::: 4 2.3 Configuration :::::::::::::::::::::::::::::::::::::::::::::::::: 9 2.4 Use of some signals. ::::::::::::::::::::::::::::::::::::::::::: 11 2.5 Examples ::::::::::::::::::::::::::::::::::::::::::::::::::::: 11 2.6 Agent's Assuan Protocol :::::::::::::::::::::::::::::::::::::: 12 2.6.1 Decrypting a session key ::::::::::::::::::::::::::::::::: 12 2.6.2 Signing a Hash ::::::::::::::::::::::::::::::::::::::::::: 13 2.6.3 Generating a Key :::::::::::::::::::::::::::::::::::::::: 14 2.6.4 Importing a Secret Key::::::::::::::::::::::::::::::::::: 15 2.6.5 Export a Secret Key ::::::::::::::::::::::::::::::::::::: 15 2.6.6 Importing a Root Certificate ::::::::::::::::::::::::::::: 15 2.6.7 Ask for a passphrase ::::::::::::::::::::::::::::::::::::: 16 2.6.8 Remove a cached passphrase:::::::::::::::::::::::::::::: 17 2.6.9 Ask for confirmation ::::::::::::::::::::::::::::::::::::: 17 2.6.10 Check whether a key is available::::::::::::::::::::::::: 17 2.6.11 Register a smartcard :::::::::::::::::::::::::::::::::::: 17 2.6.12 Change a Passphrase :::::::::::::::::::::::::::::::::::: 17 2.6.13 Change the standard display :::::::::::::::::::::::::::: 17 2.6.14 Get the Event Counters ::::::::::::::::::::::::::::::::: 18 2.6.15 Return information about the process ::::::::::::::::::: 18 2.6.16 Set options for the session ::::::::::::::::::::::::::::::: 18 3 Invoking GPG ::::::::::::::::::::::::::::::::: 21 3.1 Commands:::::::::::::::::::::::::::::::::::::::::::::::::::: 21 3.1.1 Commands not specific to the function ::::::::::::::::::: 21 3.1.2 Commands to select the type of operation :::::::::::::::: 21 3.1.3 How to manage your keys :::::::::::::::::::::::::::::::: 27 3.2 Option Summary ::::::::::::::::::::::::::::::::::::::::::::: 31 3.2.1 How to change the configuration:::::::::::::::::::::::::: 31 3.2.2 Key related options :::::::::::::::::::::::::::::::::::::: 43 3.2.3 Input and Output :::::::::::::::::::::::::::::::::::::::: 44 3.2.4 OpenPGP protocol specific options. :::::::::::::::::::::: 47 3.2.5 Compliance options :::::::::::::::::::::::::::::::::::::: 48 3.2.6 Doing things one usually doesn't want to do. ::::::::::::: 49 3.2.7 Deprecated options ::::::::::::::::::::::::::::::::::::::: 58 3.3 Configuration files::::::::::::::::::::::::::::::::::::::::::::: 58 3.4 Examples ::::::::::::::::::::::::::::::::::::::::::::::::::::: 60 iv Using the GNU Privacy Guard 3.5 Unattended Usage :::::::::::::::::::::::::::::::::::::::::::: 61 3.5.1 Unattended key generation ::::::::::::::::::::::::::::::: 62 4 Invoking GPGSM ::::::::::::::::::::::::::::: 67 4.1 Commands:::::::::::::::::::::::::::::::::::::::::::::::::::: 67 4.1.1 Commands not specific to the function ::::::::::::::::::: 67 4.1.2 Commands to select the type of operation :::::::::::::::: 67 4.1.3 How to manage the certificates and keys :::::::::::::::::: 68 4.2 Option Summary ::::::::::::::::::::::::::::::::::::::::::::: 70 4.2.1 How to change the configuration:::::::::::::::::::::::::: 70 4.2.2 Certificate related options :::::::::::::::::::::::::::::::: 71 4.2.3 Input and Output :::::::::::::::::::::::::::::::::::::::: 72 4.2.4 How to change how the CMS is created. :::::::::::::::::: 73 4.2.5 Doing things one usually do not want to do. :::::::::::::: 73 4.3 Configuration files::::::::::::::::::::::::::::::::::::::::::::: 75 4.4 Examples ::::::::::::::::::::::::::::::::::::::::::::::::::::: 77 4.5 Unattended Usage :::::::::::::::::::::::::::::::::::::::::::: 77 4.5.1 Automated signature checking :::::::::::::::::::::::::::: 77 4.5.2 CSR and certificate creation :::::::::::::::::::::::::::::: 78 4.6 The Protocol the Server Mode Uses. ::::::::::::::::::::::::::: 80 4.6.1 Encrypting a Message :::::::::::::::::::::::::::::::::::: 80 4.6.2 Decrypting a message :::::::::::::::::::::::::::::::::::: 81 4.6.3 Signing a Message :::::::::::::::::::::::::::::::::::::::: 81 4.6.4 Verifying a Message :::::::::::::::::::::::::::::::::::::: 82 4.6.5 Generating a Key :::::::::::::::::::::::::::::::::::::::: 82 4.6.6 List available keys :::::::::::::::::::::::::::::::::::::::: 82 4.6.7 Export certificates:::::::::::::::::::::::::::::::::::::::: 83 4.6.8 Import certificates:::::::::::::::::::::::::::::::::::::::: 83 4.6.9 Delete certificates :::::::::::::::::::::::::::::::::::::::: 83 4.6.10 Return information about the process ::::::::::::::::::: 83 5 Invoking the SCDAEMON ::::::::::::::::::: 85 5.1 Commands:::::::::::::::::::::::::::::::::::::::::::::::::::: 85 5.2 Option Summary ::::::::::::::::::::::::::::::::::::::::::::: 85 5.3 Description of card applications ::::::::::::::::::::::::::::::: 88 5.3.1 The OpenPGP card application \openpgp" ::::::::::::::: 88 5.3.2 The Telesec NetKey card \nks"::::::::::::::::::::::::::: 89 5.3.3 The DINSIG card application \dinsig":::::::::::::::::::: 89 5.3.4 The PKCS#15 card application \p15" :::::::::::::::::::: 89 5.3.5 The Geldkarte card application \geldkarte" ::::::::::::::: 89 5.3.6 The Undefined card application “undefined” :::::::::::::: 89 5.4 Configuration files::::::::::::::::::::::::::::::::::::::::::::: 89 5.5 Examples ::::::::::::::::::::::::::::::::::::::::::::::::::::: 89 5.6 Scdaemon's Assuan Protocol :::::::::::::::::::::::::::::::::: 89 5.6.1 Return the serial number ::::::::::::::::::::::::::::::::: 90 5.6.2 Read all useful information from the card::::::::::::::::: 90 5.6.3 Return a certificate::::::::::::::::::::::::::::::::::::::: 90 5.6.4 Return a public key :::::::::::::::::::::::::::::::::::::: 90 v 5.6.5 Signing data with a Smartcard ::::::::::::::::::::::::::: 90 5.6.6 Decrypting data with a Smartcard:::::::::::::::::::::::: 91 5.6.7 Read an attribute's value. :::::::::::::::::::::::::::::::: 91 5.6.8 Update an attribute's value. :::::::::::::::::::::::::::::: 91 5.6.9 Write a key to a card. :::::::::::::::::::::::::::::::::::: 91 5.6.10 Generate a new key on-card. :::::::::::::::::::::::::::: 91 5.6.11 Return random bytes generate on-card. :::::::::::::::::: 91 5.6.12 Change PINs. ::::::::::::::::::::::::::::::::::::::::::: 92 5.6.13 Perform a VERIFY operation.::::::::::::::::::::::::::: 92 5.6.14 Perform a RESTART operation.::::::::::::::::::::::::: 92 5.6.15 Send a verbatim APDU to the card. ::::::::::::::::::::: 92 6 How to Specify a User Id ::::::::::::::::::::: 93 7 Helper Tools ::::::::::::::::::::::::::::::::::: 97 7.1 Read logs from a socket ::::::::::::::::::::::::::::::::::::::: 97 7.2 Verify OpenPGP signatures ::::::::::::::::::::::::::::::::::: 98 7.2.1 Examples :::::::::::::::::::::::::::::::::::::::::::::::: 99 7.2.2 Environment ::::::::::::::::::::::::::::::::::::::::::::: 99 7.2.3 FILES ::::::::::::::::::::::::::::::::::::::::::::::::::: 99 7.3 Create .gnupg home directories. ::::::::::::::::::::::::::::::: 99 7.4 Modify .gnupg home directories.::::::::::::::::::::::::::::::: 99 7.4.1 Invoking gpgconf :::::::::::::::::::::::::::::::::::::::: 100 7.4.2 Format conventions ::::::::::::::::::::::::::::::::::::: 101 7.4.3 Listing components ::::::::::::::::::::::::::::::::::::: 103 7.4.4 Checking programs:::::::::::::::::::::::::::::::::::::: 103 7.4.5 Listing options :::::::::::::::::::::::::::::::::::::::::: 104 7.4.6 Changing options ::::::::::::::::::::::::::::::::::::::: 107 7.4.7 Listing global options ::::::::::::::::::::::::::::::::::: 108 7.4.8 Files used by gpgconf ::::::::::::::::::::::::::::::::::: 109 7.5 Run gpgconf for all users. :::::::::::::::::::::::::::::::::::: 109 7.6 Generate an X.509 certificate request ::::::::::::::::::::::::: 109 7.7 Put a passphrase into the cache. ::::::::::::::::::::::::::::: 109 7.7.1 List of all commands and options. ::::::::::::::::::::::: 109 7.8 Communicate with a running agent.