nemo
/
hn-classics
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
hn-classics/_stories/1999/12472849.md

14 KiB
Raw Blame History

Source

The GNU Privacy Handbook

Copyright 1999 by The Free Software Foundation

Please direct questions, bug reports, or suggesstions concerning this manual to the maintainer, Mike Ashley (<[jashley@acm.org][1]>). Contributors to this manual also include Matthew Copeland, Joergen Grahn, and David A. Wheeler. J Horacio MG has translated the manual to Spanish.

This manual may be redistributed under the terms of the GNU General Public License.

Table of Contents
1. Getting Started
Generating a new keypair

Generating a revocation certificate

Exchanging keys

Exporting a public key Importing a public key

Encrypting and decrypting documents
Making and verifying signatures

Clearsigned documents Detached signatures

2. Concepts

Symmetric ciphers Public-key ciphers Hybrid ciphers Digital signatures

3. Key Management
Managing your own keypair

Key integrity Adding and deleting key components Revoking key components Updating a key's expiration time

Validating other keys on your public keyring

Trust in a key's owner Using trust to validate keys

Distributing keys

4. Daily use of GnuPG
Defining your security needs

Choosing a key size Protecting your private key Selecting expiration dates and using subkeys Managing your web of trust

Building your web of trust Using GnuPG legally

5. Topics

Writing user interfaces

I. Command Reference

sign — sign a document detach-signature — make a detached signature encrypt — encrypt a document symmetric — encrypt a document using only a symmetric encryption algorithm decrypt — decrypt an encrypted document clearsign — make a cleartext signature verify — verify a signed document gen-key — generate a new keypair gen-revoke — generate a revocation certificate for a public/private keypair send-keys — send keys to a key server recv-keys — retrieve keys from a key server list-keys — list information about keys list-public-keys — list keys on public keyrings list-secret-keys — list keys on secret keyrings list-sigs — list information about keys including signatures check-sigs — list information about keys including validated signatures fingerprint — display key fingerprints import — import keys to a local keyring fast-import — import/merge keys export — export keys from a local keyring export-all — export all public keys export-secret-keys — export secret keys edit-key — presents a menu for operating on keys sign-key — sign a public key with a private key lsign-key — locally sign a public key with a private key delete-key — remove a public key delete-secret-key — remove a public and private key store — make only simple rfc1991 packets export-ownertrust — export assigned owner-trust values import-ownertrust — import owner-trust values update-trustdb — update the trust database print-md — display message digests gen-random — generate random data gen-prime — ? version — display version information warranty — display warranty information help — display usage information

II. Options Reference

keyserver — specify the keyserver to use to locate keys output — specify the file in which to place output recipient — specify the recipient of a public-key encrypted document default-recipient — specify the default recipient of a public-key encrypted document default-recipient-self — use the default key user ID as the default recipient of a public-key encrypted document no-default-recipient — ignore the options default-recipient and default-recipient-self encrypt-to — specify an additional recipient of a public-key encrypted document no-encrypt-to — ignore the option encrypt-to armor — ASCII-armor encrypted or signed output no-armor — assume input data is not ASCII armored no-greeting — suppress the opening copyright notice but do not enter batch mode no-secmem-warning — suppress warnings if insecure memory is used batch — use batch mode no-batch — disable batch mode local-user — specifies a user id to use for signing default-key — specifies a user ID as a default user ID for signatures completes-needed — specifies the number of fully-trusted people needed to validate a new key. marginals-needed — specifies the number of marginally-trusted people needed to validate a new key. load-extension — specifies an extension to load. rfc1991 — try to be more RFC1991 (PGP 2.x) compliant allow-non-selfsigned-uid — allow the import of keys with user IDs which are not self-signed cipher-algo — use a specified algorithm as the symmetric cipher compress-algo — use a specified compression algorithm z — set compression level verbose — provide additional information during processing no-verbose — resets verbosity to none quiet — supress informational output textmode — use canonical text mode dry-run — do not make changes interactive — prompt before overwriting files yes — assume yes'' to most questions [no][108] — assume no'' to most questions always-trust — skip key validation skip-verify — skip signature verification keyring — add a keyring to the list of keyrings secret-keyring — add a secret keyring no-default-keyring — do not add the default keyrings to the list of keyrings homedir — set the home directory charset — set the name of the native character set. no-literal — ? set-filesize — ? with-fingerprint — modifies key listing output with-colons — modifies key listing output with-key-data — modifies key listing output lock-once — locks the databases once lock-multiple — locks the databases each time they are used passphrase-fd — read the passphrase from a different input stream force-mdc — force the use of encryption with appended manipulation code force-v3-sigs — force the use of v3 signatures on data openpgp — reset all packet, cipher, and digest options to the OpenPGP specification utf8-strings — assume that arguments are provided as UTF8 strings no-utf8-strings — assume that arguments are not provided as UTF8 strings no-options — use no options file debug — set debug flags debug-all — set all useful debugging flags status-fd — write status messages to an alternative output stream logger-fd — write log messages to an alternative output stream no-comment — do not write comment packets comment — set the comment string to use in cleartext signatures default-comment — use the standard comment string in cleartext signatures no-version — omit the version string in clear text signatures emit-version — emit the version string in cleartext signatures notation-data — add data to a signature as notation data set-policy-url — set the policy URL for signatures set-filename — sets the filename stored in encrypted or signed messages use-embedded-filename — use the filename embedded in a message for storing its plaintext or verified version max-cert-depth — set the maximum depth of a certification chain digest-algo — set the message digest algorithm s2k-cipher-algo — use a specified algorithm as the symmetric cipher for encrypting private keys s2k-digest-algo — set the message digest algorithm for mangling passphrases protecting private keys s2k-mode — sets how passphrases are mangled disable-cipher-algo — prevents a symmetric cipher from being used disable-pubkey-algo — prevents a public key cipher from being used throw-keyid — do not put key IDs into encrypted packets not-dash-escaped — changes the format of cleartext signatures escape-from-lines — modifies messages beginning with ``From'' when cleartext signing

| ----- | |   |   | Next | |   |   | Getting Started |