PC World 1999 February

home *** CD-ROM | disk | FTP | other *** search

/ PC World 1999 February / PCWorld_1999-02_cd.bin / software / servis / Pgp31 / pgpk.doc < prev next >

Wrap

Text File | 1998-03-14 | 6KB | 155 lines

PGPK(1) User Manual PGPK(1) NAME pgpk - Public and Private key management for PGP. SYNOPSIS pgpk [-a keyfile ... | -c [userid] | -d <userid> | -e <userid> | -g | -l[l] [userid] | --revoke[s] <userid> | -r[u|s] <userid> | -s <userid> [-u <yourid>] | -x <userid> [-o <outfile>]] [-z] DESCRIPTION pgpk Manages public and private keys for PGP. Unlike other PGP applica- tions, pgpk is stream based and not file based; if no files are specified, stdin and stdout are used. OPTIONS All configuration options can be controlled from the command line. See pgp.cfg(5) for a complete list and how to specify them. -a [keyfile] Adds the contents of keyfile to your keyring. If keyfile is not specified, input is taken from stdin. Keyfile may also be an URL; the supported protocols are hkp (Horowitz Key Protocol), http and finger. To add foo@bar.baz.com's key to your keyring from PGP, Inc's server, for example, enter: pgpk -a hkp://keys.pgp.com/foo@bar.baz.com If foo@bar.baz.com has his key in his finger information, you could add that with: pgpk -a finger://bar.baz.com/foo If foo@bar.baz.com has his key on his web page, you could add that with: pgpk -a http://www.baz.com/foo/DSSkey.html If the Keyfile is not obviously a filename (it doesn't begin with "/" or "./") and it doesn't exist as a readable file, an attempt will be made to fetch it from your default keyserver using the Horowitz Key Protocol. (See pgp.cfg(5) for information on setting your default keyserver). For example, if there is no file named foo@bar.baz.com readable in the current directory, pgpk -a foo@bar.baz.com will extract foo@bar.baz.com's key from your default keyserver. Some people consider this a security risk (as it could potentially leak information about the files on your system if you make a typing error). Use the GetNotFoundKeyFiles configuration option to disable this behavior. -c [userid] Checks the signatures of all keys on your public keyring. If [userid] is specified, only the signatures on that key are checked. This com- mand performs pgpk -ll on all specified keys, then outputs an explicit listing of trust and validity for each key. Trust is the amount of trust placed in each key as an introducer. Validity is the certainty that the key and user ID belong together. Both this command and the long listing function output a leading column which succinctly describes the condition of the key. The possible leading columns can have the following first three char- acter values: pub A public key ret A revoked key sec A secret key sub A sub-key (in 5.0, this is always a Diffie-Hellman key) SIG A signature issued by a public key to which you have thecorresponding private key (i.e., your key) sig A signature issued by a public key to which you do NOT have the corresponding private key (i.e., someone else's key) uid A user ID Following this column is a single character which describes other attributes of the object: % The object is not valid (it does not have enough trusted signatures) ? No information is available about the object (generally because it is a signature from a key that is not on your keyring) ! The object has been checked * The object has been tried @ The object is disabled + The object is axiomatically trusted (i.e., it's your key) -d <userid> Toggles the disablement of <userid>'s key on your public keyring. -e <userid> Edits <userid>'s key. If this is your key, it allows you to edit your userid(s) and passphrase. If it is someone else's key, it allows you to edit the trust you have in that person as an introducer. -g Generate a public/private key pair. -l[l] [userid] Lists information about a key. -ll lists more information about a key. If [userid] is specified, that key is listed. Otherwise, all keys are listed. See -c, above, for more information about the long format. -o outfile Specifies that output should go to outfile. If not specified, output goes to stdout. If the output file is from a key extraction (see -x, below), you may specify an hkp (Horowitz Key Protocol) URL. For exam- ple: pgpk -x foo@bar.baz.com -o hkp://keys.pgp.com would send foo@bar.baz.com's key to the PGP, Inc. public key server. --revoke <userid> Permanently revokes the key specified. There is no way to undo this, so don't play with it if you don't mean it. --revokes <userid> Permanently revokes your signature (if any) on the key specified. -r <userid> Removes <userid>'s key from your public keyring, and your private as well, if it's there. -ru <userid> Removes the given userid from your public and private keyrings. -rs <userid> Removes the given signature from your public keyring. -s <userid> [-u <yourid>] Signs <userid>'s key with your default signing key. If -u is speci- fied, uses that key, instead. -x <userid> Extracts the specified key in ASCII-armored form. -z Batch mode. See pgp-integration(7) for a discussion of integrating pgp support into your application. EXAMPLE pgpk -g Generates a key. FILES ~/.pgp/pgp.cfg User-specific configuration file. In previous releases, this file was called config.txt. See pgp.cfg(5) for further details. BUGS See pgp(1). SEE ALSO pgp(1), pgpv(1), pgpe(1), pgps(1), pgp.cfg(5), pgp-integration(7), http://www.pgp.com (US versions) and http://www.pgpi.com (International versions)