(gnupg1.info.gz) OpenPGP Options
Info Catalog
(gnupg1.info.gz) GPG Input and Output
(gnupg1.info.gz) GPG Options
(gnupg1.info.gz) GPG Esoteric Options
1.2.4 OpenPGP protocol specific options.
----------------------------------------
`-t, --textmode'
`--no-textmode'
Treat input files as text and store them in the OpenPGP canonical
text form with standard "CRLF" line endings. This also sets the
necessary flags to inform the recipient that the encrypted or
signed data is text and may need its line endings converted back
to whatever the local system uses. This option is useful when
communicating between two platforms that have different line
ending conventions (UNIX-like to Mac, Mac to Windows, etc).
`--no-textmode' disables this option, and is the default.
If `-t' (but not `--textmode') is used together with armoring and
signing, this enables clearsigned messages. This kludge is needed
for command-line compatibility with command-line versions of PGP;
normally you would use `--sign' or `--clearsign' to select the
type of the signature.
`--force-v3-sigs'
`--no-force-v3-sigs'
OpenPGP states that an implementation should generate v4 signatures
but PGP versions 5 through 7 only recognize v4 signatures on key
material. This option forces v3 signatures for signatures on data.
Note that this option overrides `--ask-sig-expire', as v3
signatures cannot have expiration dates. `--no-force-v3-sigs'
disables this option.
`--force-v4-certs'
`--no-force-v4-certs'
Always use v4 key signatures even on v3 keys. This option also
changes the default hash algorithm for v3 RSA keys from MD5 to
SHA-1. `--no-force-v4-certs' disables this option.
`--force-mdc'
Force the use of encryption with a modification detection code.
This is always used with the newer ciphers (those with a blocksize
greater than 64 bits), or if all of the recipient keys indicate
MDC support in their feature flags.
`--disable-mdc'
Disable the use of the modification detection code. Note that by
using this option, the encrypted message becomes vulnerable to a
message modification attack.
`--personal-cipher-preferences `string''
Set the list of personal cipher preferences to `string', this list
should be a string similar to the one printed by the command
"pref" in the edit menu. This allows the user to factor in their
own preferred algorithms when algorithms are chosen via recipient
key preferences. The most highly ranked cipher in this list is
also used for the `--symmetric' encryption command.
`--personal-digest-preferences `string''
Set the list of personal digest preferences to `string', this list
should be a string similar to the one printed by the command
"pref" in the edit menu. This allows the user to factor in their
own preferred algorithms when algorithms are chosen via recipient
key preferences. The most highly ranked digest algorithm in this
list is algo used when signing without encryption (e.g.
`--clearsign' or `--sign'). The default value is SHA-1.
`--personal-compress-preferences `string''
Set the list of personal compression preferences to `string', this
list should be a string similar to the one printed by the command
"pref" in the edit menu. This allows the user to factor in their
own preferred algorithms when algorithms are chosen via recipient
key preferences. The most highly ranked algorithm in this list is
also used when there are no recipient keys to consider (e.g.
`--symmetric').
`--s2k-cipher-algo `name''
Use `name' as the cipher algorithm used to protect secret keys.
The default cipher is CAST5. This cipher is also used for
conventional encryption if `--personal-cipher-preferences' and
`--cipher-algo' is not given.
`--s2k-digest-algo `name''
Use `name' as the digest algorithm used to mangle the passphrases.
The default algorithm is SHA-1.
`--s2k-mode `n''
Selects how passphrases are mangled. If `n' is 0 a plain
passphrase (which is not recommended) will be used, a 1 adds a
salt to the passphrase and a 3 (the default) iterates the whole
process a number of times (see -s2k-count). Unless `--rfc1991' is
used, this mode is also used for conventional encryption.
`--s2k-count `n''
Specify how many times the passphrase mangling is repeated. This
value may range between 1024 and 65011712 inclusive, and the
default is 65536. Note that not all values in the 1024-65011712
range are legal and if an illegal value is selected, GnuPG will
round up to the nearest legal value. This option is only
meaningful if `--s2k-mode' is 3.
1.2.5 Compliance options
------------------------
These options control what GnuPG is compliant to. Only one of these
options may be active at a time. Note that the default setting of this
is nearly always the correct one. See the INTEROPERABILITY WITH OTHER
OPENPGP PROGRAMS section below before using one of these options.
`--gnupg'
Use standard GnuPG behavior. This is essentially OpenPGP behavior
(see `--openpgp'), but with some additional workarounds for common
compatibility problems in different versions of PGP. This is the
default option, so it is not generally needed, but it may be
useful to override a different compliance option in the gpg.conf
file.
`--openpgp'
Reset all packet, cipher and digest options to strict OpenPGP
behavior. Use this option to reset all previous options like
`--rfc1991', `--force-v3-sigs', `--s2k-*', `--cipher-algo',
`--digest-algo' and `--compress-algo' to OpenPGP compliant values.
All PGP workarounds are disabled.
`--rfc2440'
Reset all packet, cipher and digest options to strict RFC-2440
behavior. Note that this is currently the same thing as
`--openpgp'.
`--rfc1991'
Try to be more RFC-1991 (PGP 2.x) compliant.
`--pgp2'
Set up all options to be as PGP 2.x compliant as possible, and
warn if an action is taken (e.g. encrypting to a non-RSA key) that
will create a message that PGP 2.x will not be able to handle.
Note that `PGP 2.x' here means `MIT PGP 2.6.2'. There are other
versions of PGP 2.x available, but the MIT release is a good
common baseline.
This option implies `--rfc1991 --disable-mdc --no-force-v4-certs
--no-sk-comment --escape-from-lines --force-v3-sigs
--no-ask-sig-expire --no-ask-cert-expire --cipher-algo IDEA
--digest-algo MD5 --compress-algo 1'. It also disables
`--textmode' when encrypting.
`--pgp6'
Set up all options to be as PGP 6 compliant as possible. This
restricts you to the ciphers IDEA (if the IDEA plugin is
installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160,
and the compression algorithms none and ZIP. This also disables
-throw-keyids, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys.
This option implies `--disable-mdc --no-sk-comment
--escape-from-lines --force-v3-sigs --no-ask-sig-expire'.
`--pgp7'
Set up all options to be as PGP 7 compliant as possible. This is
identical to `--pgp6' except that MDCs are not disabled, and the
list of allowable ciphers is expanded to add AES128, AES192,
AES256, and TWOFISH.
`--pgp8'
Set up all options to be as PGP 8 compliant as possible. PGP 8 is
a lot closer to the OpenPGP standard than previous versions of
PGP, so all this does is disable `--throw-keyids' and set
`--escape-from-lines'. All algorithms are allowed except for the
SHA224, SHA384, and SHA512 digests.
Info Catalog
(gnupg1.info.gz) GPG Input and Output
(gnupg1.info.gz) GPG Options
(gnupg1.info.gz) GPG Esoteric Options
automatically generated byinfo2html