PGPK(1) User Manual PGPK(1)NAME
pgpk - Public and Private key management for PGP.
SYNOPSIS
pgpk [-a keyfile ... | -c [userid]] | -d <userid> |
-e <userid> | -g | -l[l] [userid] | --revoke[s] <userid> | -r[u|s]
<userid> | -s <userid> [-u <yourid>] |
-x <userid>] [-o <outfile>] [-z]
DESCRIPTION
pgpk Manages public and private keys for PGP. Unlike other PGP appli‐
cations, pgpk is stream based and not file based; if no files are spec‐
ified, stdin and stdout are used.
OPTIONS
All configuration options can be controlled from the command line. See
pgp.cfg(5) for a complete list and how to specify them.
-a [keyfile]
Adds the contents of keyfile to your keyring. If keyfile is not
specified, input is taken from stdin. Keyfile may also be an
URL; the supported protocols are hkp (Horowitz Key Protocol),
http and finger. To add foo@bar.baz.com's key to your keyring
from PGP, Inc's server, for example, enter:
pgpk -a hkp://keys.pgp.com/foo@bar.baz.com
If foo@bar.baz.com has his key in his finger information, you
could add that with:
pgpk -a finger://bar.baz.com/foo
If foo@bar.baz.com has his key on his web page, you could add
that with:
pgpk -a http://www.baz.com/foo/DSSkey.html
If the Keyfile is not obviously a filename (it doesn't begin
with "/" or "./") and it doesn't exist as a readable file, an
attempt will be made to fetch it from your default keyserver
using the Horowitz Key Protocol. (See pgp.cfg(5) for informa‐
tion on setting your default keyserver). For example, if there
is no file named foo@bar.baz.com readable in the current direc‐
tory,
pgpk -a foo@bar.baz.com
will extract foo@bar.baz.com's key from your default keyserver.
Some people consider this a security risk (as it could poten‐
tially leak information about the files on your system if you
make a typing error). Use the GetNotFoundKeyFiles configuration
option to disable this behavior.
-c [userid]
Checks the signatures of all keys on your public keyring. If
[userid] is specified, only the signatures on that key are
checked. This command performs pgpk -ll on all specified keys,
then outputs an explicit listing of trust and validity for each
key. Trust is the amount of trust placed in each key as an
introducer. Validity is the certainty that the key and user ID
belong together. Both this command and the long listing func‐
tion output a leading column which succinctly describes the con‐
dition of the key.
The possible leading columns can have the following first three
character values:
pub A public key
ret A revoked key
sec A secret key
sub A sub-key (in 5.0, this is always a Diffie-Hellman key)
SIG A signature issued by a public key to which you have thecor‐
responding private key (i.e., your key)
sig A signature issued by a public key to which you do NOT have
the corresponding private key (i.e., someone else's key)
uid A user ID
Following this column is a single character which describes
other attributes of the object:
% The object is not valid (it does not have enough trusted sig‐
natures)
? No information is available about the object (generally
because it is a signature from a key that is not on your
keyring)
! The object has been checked
* The object has been tried
@ The object is disabled
+ The object is axiomatically trusted (i.e., it's your key)
-d <userid>
Toggles the disablement of <userid>'s key on your public
keyring.
-e <userid>
Edits <userid>'s key. If this is your key, it allows you to
edit your userid(s) and passphrase. If it is someone else's
key, it allows you to edit the trust you have in that person as
an introducer.
-g Generate a public/private key pair.
-l[l] [userid]
Lists information about a key. -ll lists more information about
a key. If [userid] is specified, that key is listed. Other‐
wise, all keys are listed. See -c, above, for more information
about the long format.
-o outfile
Specifies that output should go to outfile. If not specified,
output goes to stdout. If the output file is from a key extrac‐
tion (see -x, below), you may specify an hkp (Horowitz Key Pro‐
tocol) URL. For example: pgpk -x foo@bar.baz.com -o
hkp://keys.pgp.com would send foo@bar.baz.com's key to the PGP,
Inc. public key server.
--revoke <userid>
Permanately revokes the key specified. There is no way to undo
this, so don't play with it if you don't mean it.
--revokes <userid>
Permanently revokes your signature (if any) on the key speci‐
fied.
-r <userid>
Removes <userid>'s key from your public keyring, and your pri‐
vate as well, if it's there.
-ru <userid>
Removes the given userid from your public and private keyrings.
-rs <userid>
Removes the given signature from your public keyring.
-s <userid> [-u <yourid>]
Signs <userid>'s key with your default signing key. If -u is
specified, uses that key, instead.
-x <userid>
Extracts the specified key in ASCII-armored form. -x <userid>
-z Batch mode. See pgp-integration(7) for a discussion of inte‐
grating pgp support into your application.
EXAMPLE
pgpk -g Generates a key.
FILES
~/.pgp/pgp.cfg
User-specific configuration file. In previous releases, this
file was called config.txt. See pgp.cfg(5) for further details.
BUGS
See pgp5(1).
SEE ALSOpgp5(1), pgpv(1), pgpe(1), pgps(1), pgp.cfg(5),
pgp-integration(7), http://www.pgp.com (US versions) and
http://www.pgpi.com (International versions)
PGP JULY 1997 (v5.0) PGPK(1)