mirror of
https://codeberg.org/scip/pcp.git
synced 2025-12-16 19:40:57 +01:00
144 lines
7.9 KiB
Plaintext
144 lines
7.9 KiB
Plaintext
|
|
=head1 OPTIONS
|
|
|
|
Usage: pcp1 [options]
|
|
|
|
General Options:
|
|
-V --vault <vaultfile> Specify an alternate vault file.
|
|
The deault vault is ~/.pcpvault.
|
|
-O --outfile <file> Output file. If not specified, stdout
|
|
will be used.
|
|
-I --infile <file> Input file. If not specified, stdin
|
|
will be used.
|
|
-x --xpass <passwd> Provide password. B<INSECURE>! Use for
|
|
testing or debugging only!
|
|
-X --password-file <file> Read passphrase from <file>. If <file>
|
|
is -, read from stdin. This takes
|
|
precedence over other uses of stdin
|
|
elsewhere, see below for more details.
|
|
--extpass <program> Use external program for password prompt.
|
|
-i --keyid <id> Specify a key id to import/export.
|
|
-r --recipient <string> Specify a recpipient, used for public
|
|
key export and encryption.
|
|
-t --text Print textual representation of some
|
|
item. Specify -V to get info about a
|
|
vault, -i to get info about a key id
|
|
installed in the vault or -I in which
|
|
case it determines itself what kind of
|
|
file it is.
|
|
-h --help Print this help message.
|
|
--version Print program version.
|
|
-D --debug Enable debug output.
|
|
-v --verbose Enable verbose output.
|
|
|
|
Keymanagement Options:
|
|
-k --keygen Generate a CURVE25519 secret key. If
|
|
the generated key is the first one in
|
|
your vault, it will become the primary
|
|
secret key. If an output file (-O) has
|
|
been specified, don't store the generated
|
|
key to the vault but export it to the
|
|
file instead. You will be asked for
|
|
an owner, mail and a passphrase.
|
|
-l --listkeys List all keys currently stored in your
|
|
vault. Only the key id's and some info
|
|
about the keys will be printed, not the
|
|
actual keys.
|
|
-L --listkeys-verbose Display a more verbose key listing
|
|
-l -v including signature fingerprint, key
|
|
fingerprint, checksum and the like.
|
|
-R --remove-key Remove a key from the vault. Requires
|
|
option -i <keyid>.
|
|
-s --export-secret Export a secret key. If your vault only
|
|
contains one secret key, this one will
|
|
be exported. If a key id have been
|
|
specified (-i), this one will be used.
|
|
If there are more than one secret keys
|
|
in the vault and no key id has been
|
|
given, export the primary secret key.
|
|
Use -O to export to a file.
|
|
-p --export-public Export a public key. If no key id have
|
|
--export been specified, the public part of your
|
|
primary secret key will be exported.
|
|
Use -O to export to a file.
|
|
-K --import Import a key. pcp determines automatically
|
|
--import-key the key type and encodingg. Use -I to import
|
|
from a file.
|
|
-F --format Export the key in a particular format.
|
|
Currently supported: pcp and pbp.
|
|
-j --json enable JSON output. Can be used with info
|
|
output (-t) and key export (-p and -s).
|
|
and import (-K).
|
|
|
|
Encryption Options:
|
|
-e --encrypt Asym-Encrypt a message. Read from stdin or
|
|
specified via -I. Output will be written
|
|
to stdout or the file given with -O.
|
|
If a keyid (-i) has been
|
|
given, use that public key for encryption.
|
|
If one or more recipient (-r) has been given,
|
|
encrypt the message for all recipients
|
|
asymetrically, given there are matching
|
|
public keys installed in the vault for them.
|
|
If none of -i or -r has been given, encrypt
|
|
the message symetrically. This is the same
|
|
as -m (self-encryption mode).
|
|
Add -z to ascii armor the output using Z85.
|
|
-A --anonymous Use anonymous sender key pair instead of
|
|
your own primary key pair. In this mode the
|
|
recipient doesn't need to have your public
|
|
key.
|
|
-m --encrypt-sym Sym-Encrypt a message. Specify -I and/or
|
|
-O for input/output file. You will be asked
|
|
for a passphrase. No key material will
|
|
be used. Same as -e without -r and -i.
|
|
-M --add-myself Add yourself to list of recipients in asymmetric
|
|
encryption mode, so that you can decrypt it as
|
|
well.
|
|
-d --decrypt Decrypt a message. Read from stdin or
|
|
specified via -I. Output to stdout or
|
|
written to the file specified via -O.
|
|
The primary secret key will be used for
|
|
decryption, if there is no primary and
|
|
just one secret key in the vault, this
|
|
one will be used. Otherwise you'll have
|
|
to specify the keyid (-i) of the key.
|
|
You need to have the public key of the
|
|
sender installed in your vault.
|
|
If the input is self-encrypted (symetrically)
|
|
a passphrase will be requested.
|
|
|
|
Signature Options:
|
|
-g --sign Create a signature of file specified with
|
|
-I (or from stdin) using your primary
|
|
secret key. If -r has been given, a derived
|
|
secret key will be used for signing.
|
|
-c --check-signature <file> Verify a signature in file <file> against
|
|
the file specified with -I (or stdin).
|
|
The public key required for this must
|
|
exist in your vault file.
|
|
-f --sigfile <file> Write a detached signature file, which doesn't
|
|
contain the original content. Output will be
|
|
z85 encoded always. To verify, you need to
|
|
specify the original file to be verified
|
|
against using -I as well (plus -f <sigfile>).
|
|
|
|
Encoding Options:
|
|
-z --z85-encode Encode (armor) something to Z85 encoding.
|
|
-a --armor If used with encryption or singing operation
|
|
--textmode encode its output. Otherwise encode a plain
|
|
file. Use -I and -O respectively, otherwise it
|
|
uses stdin/stdout.
|
|
-Z --z85-decode Decode (dearmor) something from Z85 encoding.
|
|
Use -I and -O respectively, otherwise it
|
|
uses stdin/stdout
|
|
|
|
Misc Options:
|
|
-C --checksum Calculate a Blake2b checksum of one or more files.
|
|
If -x is provided, an authenticated hash will
|
|
be calculated, otherwise a normal hash.
|
|
Use -I to specify one file or put multiple file
|
|
names after -C like "pcp1 -C -- file1 file2 file3".
|
|
|
|
|