=head1 OPTIONS Usage: pcp1 [options] General Options: -V --vault Specify an alternate vault file. The deault vault is ~/.pcpvault. -O --outfile Output file. If not specified, stdout will be used. -I --infile Input file. If not specified, stdin will be used. -X --password-file Read passphrase from . If is -, read from stdin. This takes precedence over other uses of stdin elsewhere, see below for more details. -i --keyid Specify a key id to import/export. -r --recipient Specify a recpipient, used for public key export and encryption. -t --text Print textual representation of some item. Specify -V to get info about a vault, -i to get info about a key id installed in the vault or -I in which case it determines itself what kind of file it is. -h --help Print this help message. --version Print program version. -D --debug Enable debug output. -v --verbose Enable verbose output. Keymanagement Options: -k --keygen Generate a CURVE25519 secret key. If the generated key is the first one in your vault, it will become the primary secret key. If an output file (-O) has been specified, don't store the generated key to the vault but export it to the file instead. You will be asked for an owner, mail and a passphrase. If you leave the passphrase empty, the key will be stored unencrypted. -l --listkeys List all keys currently stored in your vault. Only the key id's and some info about the keys will be printed, not the actual keys. -L --listkeys-verbose Display a more verbose key listing -l -v including signature fingerprint, key fingerprint, checksum and the like. -R --remove-key Remove a key from the vault. Requires option -i . -s --export-secret Export a secret key. If your vault only contains one secret key, this one will be exported. If a key id have been specified (-i), this one will be used. If there are more than one secret keys in the vault and no key id has been given, export the primary secret key. Use -O to export to a file. -p --export-public Export a public key. If no key id have --export been specified, the public part of your primary secret key will be exported. Use -O to export to a file. -K --import Import a key. pcp determines automatically --import-key the key type and encodingg. Use -I to import from a file. -F --format Export the key in a particular format. Currently supported: pcp and pbp. -j --json enable JSON ex- and import of keys. Encryption Options: -e --encrypt Asym-Encrypt a message. Read from stdin or specified via -I. Output will be written to stdout or the file given with -O. If a keyid (-i) has been given, use that public key for encryption. If one or more recipient (-r) has been given, encrypt the message for all recipients asymetrically, given there are matching public keys installed in the vault for them. If none of -i or -r has been given, encrypt the message symetrically. This is the same as -m (self-encryption mode). Add -z to ascii armor the output using Z85. -A --anonymous Use anonymous sender key pair instead of your own primary key pair. In this mode the recipient doesn't need to have your public key. -m --encrypt-sym Sym-Encrypt a message. Specify -I and/or -O for input/output file. You will be asked for a passphrase. No key material will be used. Same as -e without -r and -i. -M --add-myself Add yourself to list of recipients in asymmetric encryption mode, so that you can decrypt it as well. -d --decrypt Decrypt a message. Read from stdin or specified via -I. Output to stdout or written to the file specified via -O. The primary secret key will be used for decryption, if there is no primary and just one secret key in the vault, this one will be used. Otherwise you'll have to specify the keyid (-i) of the key. You need to have the public key of the sender installed in your vault. If the input is self-encrypted (symetrically) a passphrase will be requested. Signature Options: -g --sign Create a signature of file specified with -I (or from stdin) using your primary secret key. If -r has been given, a derived secret key will be used for signing. -c --check-signature Verify a signature in file against the file specified with -I (or stdin). The public key required for this must exist in your vault file. -f --sigfile Write a detached signature file, which doesn't contain the original content. Output will be z85 encoded always. To verify, you need to specify the original file to be verified against using -I as well (plus -f ). Encoding Options: -z --z85-encode Encode (armor) something to Z85 encoding. -a --armor If used with encryption or singing operation --textmode encode its output. Otherwise encode a plain file. Use -I and -O respectively, otherwise it uses stdin/stdout. -Z --z85-decode Decode (dearmor) something from Z85 encoding. Use -I and -O respectively, otherwise it uses stdin/stdout