DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

(gnupg1.info.gz) GPG Examples

Info Catalog (gnupg1.info.gz) GPG Configuration (gnupg1.info.gz) Invoking GPG
 
 1.4 Examples
 ============
 
 gpg -se -r `Bob' `file'
      sign and encrypt for user Bob
 
 gpg -clearsign `file'
      make a clear text signature
 
 gpg -sb `file'
      make a detached signature
 
 gpg -list-keys `user_ID'
      show keys
 
 gpg -fingerprint `user_ID'
      show fingerprint
 
 gpg -verify `pgpfile'
 gpg -verify `sigfile'
      Verify the signature of the file but do not output the data. The
      second form is used for detached signatures, where `sigfile' is
      the detached signature (either ASCII armored or binary) and are
      the signed data; if this is not given, the name of the file
      holding the signed data is constructed by cutting off the
      extension (".asc" or ".sig") of `sigfile' or by asking the user
      for the filename.
 
 RETURN VALUE
 ************
 
 The program returns 0 if everything was fine, 1 if at least a signature
 was bad, and other error codes for fatal errors.
 
 WARNINGS
 ********
 
 Use a *good* password for your user account and a *good* passphrase to
 protect your secret key. This passphrase is the weakest part of the
 whole system. Programs to do dictionary attacks on your secret keyring
 are very easy to write and so you should protect your "~/.gnupg/"
 directory very well.
 
    Keep in mind that, if this program is used over a network (telnet),
 it is *very* easy to spy out your passphrase!
 
    If you are going to verify detached signatures, make sure that the
 program knows about it; either give both filenames on the command line
 or use `-' to specify stdin.
 
 INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
 ********************************************
 
 GnuPG tries to be a very flexible implementation of the OpenPGP
 standard. In particular, GnuPG implements many of the optional parts of
 the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
 compression algorithms. It is important to be aware that not all
 OpenPGP programs implement these optional algorithms and that by
 forcing their use via the `--cipher-algo', `--digest-algo',
 `--cert-digest-algo', or `--compress-algo' options in GnuPG, it is
 possible to create a perfectly valid OpenPGP message, but one that
 cannot be read by the intended recipient.
 
    There are dozens of variations of OpenPGP programs available, and
 each supports a slightly different subset of these optional algorithms.
 For example, until recently, no (unhacked) version of PGP supported the
 BLOWFISH cipher algorithm. A message using BLOWFISH simply could not be
 read by a PGP user. By default, GnuPG uses the standard OpenPGP
 preferences system that will always do the right thing and create
 messages that are usable by all recipients, regardless of which OpenPGP
 program they use. Only override this safe default if you really know
 what you are doing.
 
    If you absolutely must override the safe default, or if the
 preferences on a given key are invalid for some reason, you are far
 better off using the `--pgp6', `--pgp7', or `--pgp8' options. These
 options are safe as they do not force any particular algorithms in
 violation of OpenPGP, but rather reduce the available algorithms to a
 "PGP-safe" list.
 
 BUGS
 ****
 
 On many systems this program should be installed as setuid(root). This
 is necessary to lock memory pages. Locking memory pages prevents the
 operating system from writing memory pages (which may contain
 passphrases or other sensitive material) to disk. If you get no warning
 message about insecure memory your operating system supports locking
 without being root. The program drops root privileges as soon as locked
 memory is allocated.
 
    Note also that some systems (especially laptops) have the ability to
 "suspend to disk" (also known as "safe sleep" or "hibernate").  This
 writes all memory to disk before going into a low power or even powered
 off mode.  Unless measures are taken in the operating system to protect
 the saved memory, passphrases or other sensitive material may be
 recoverable from it later.
 
Info Catalog (gnupg1.info.gz) GPG Configuration (gnupg1.info.gz) Invoking GPG
automatically generated byinfo2html