Pretty Good PGP Reference Card

Index

Encryption
Digital Signatures
Encryption and Digital Signatures Options
Decryption and Checking
Key Management
Help
Environment Variables
Configuration Variables
File Extensions
Copyright

Encryption

Syntax Description

pgp -c myfile Crypt: Encrypts myfile with conventional (private key) cryptography.

pgp -cw myfile Crypt and Wipe: Encrypts myfile and erases the original plaintext file.

pgp -ca myfile Crypt ASCII: Encrypts myfile with conventional cryptography, then encodes it in ASCII Radix 64 so you can email it.

pgp -e message userID Encrypt: Encrypts the message file with userID's public key. You can specify multiple userID's to encrypt for several people.

pgp -ew message userID Encrypt and Wipe: Encrypts the message file with userID's public key and erases the original message.

pgp -eat message userID Encrypt ASCII and Text: Encrypts the message file with userID's public key, and makes the result ASCII and a text file. You can specify multiple userID's.

pgp -eatf userID Encrypt ASCII, Text, Filter: Encrypts the message (read from standard input) with userID's public key, and makes the result ASCII and a text file. You can specify multiple userID's.

Syntax	Description
pgp -c myfile	Crypt: Encrypts myfile with conventional (private key) cryptography.
pgp -cw myfile	Crypt and Wipe: Encrypts myfile and erases the original plaintext file.
pgp -ca myfile	Crypt ASCII: Encrypts myfile with conventional cryptography, then encodes it in ASCII Radix 64 so you can email it.
pgp -e message userID	Encrypt: Encrypts the message file with userID's public key. You can specify multiple userID's to encrypt for several people.
pgp -ew message userID	Encrypt and Wipe: Encrypts the message file with userID's public key and erases the original message.
pgp -eat message userID	Encrypt ASCII and Text: Encrypts the message file with userID's public key, and makes the result ASCII and a text file. You can specify multiple userID's.
pgp -eatf userID	Encrypt ASCII, Text, Filter: Encrypts the message (read from standard input) with userID's public key, and makes the result ASCII and a text file. You can specify multiple userID's.

Digital Signatures

Syntax Description

pgp -s message [-u myID] Sign: Signs the message file with your secret key. Use -u myID to specify which secret key to use to create the signature.

pgp -sb message [-u myID] Sign by itself: Creates a signature certificate for message that is in a file by itself. Use -u myID to specify which secret key to use to create the signature.

pgp -se message userID [-u myID] Sign and Encrypt: Signs the message file with your secret key, then encrypts it with userID's public key. Use -u myID to specify which secret key to use to create the signature.

pgp -sea message userID Sign and Encrypt with ASCII: Signs the message file with your secret key, encrypts it for userID, and makes the result ASCII so you can email it.

pgp -seat message userID [-u myID] Sign and Encrypt with ASCII and Text: Signs the message file with your secret key, encrypts it for userID, and makes the result ASCII and a text file. Use -u myID to specify which secret key to use to create the signature.

pgp -seaw message userID Sign and Encrypt with ASCII, then Wipe: Signs the message file with your secret key, encrypts it for userID, makes the result ASCII, and erases the original message.

Syntax	Description
pgp -s message [-u myID]	Sign: Signs the message file with your secret key. Use -u myID to specify which secret key to use to create the signature.
pgp -sb message [-u myID]	Sign by itself: Creates a signature certificate for message that is in a file by itself. Use -u myID to specify which secret key to use to create the signature.
pgp -se message userID [-u myID]	Sign and Encrypt: Signs the message file with your secret key, then encrypts it with userID's public key. Use -u myID to specify which secret key to use to create the signature.
pgp -sea message userID	Sign and Encrypt with ASCII: Signs the message file with your secret key, encrypts it for userID, and makes the result ASCII so you can email it.
pgp -seat message userID [-u myID]	Sign and Encrypt with ASCII and Text: Signs the message file with your secret key, encrypts it for userID, and makes the result ASCII and a text file. Use -u myID to specify which secret key to use to create the signature.
pgp -seaw message userID	Sign and Encrypt with ASCII, then Wipe: Signs the message file with your secret key, encrypts it for userID, makes the result ASCII, and erases the original message.

Encryption and Digital Signature Options
Specify in conjunction with other options:

Syntax Description

-a ASCII Armour: Codes all PGP output files in printable ASCII characters using Radix 64.

-f Filter: Reads files from standard input and writes file to standard output.

-m More: When decrypting: displays the decrypted file on the screen, but does not save it to disk. When encrypting: tells the recipient not to save the unencrypted file contens.

-o myfile Output: Specifies the name to use for the decrypted file.

-p encryptedFile Preserve: Restores plaintext to the original filename when encrypting.

-t Text: Considers all PGP plaintext files to be text files; convents to local text conventions.

-u myID User: Specifies which secret key to use to create a signature.

-w Wipe: Erases the original plaintext file after ecryption.

Syntax	Description
-a	ASCII Armour: Codes all PGP output files in printable ASCII characters using Radix 64.
-f	Filter: Reads files from standard input and writes file to standard output.
-m	More: When decrypting: displays the decrypted file on the screen, but does not save it to disk. When encrypting: tells the recipient not to save the unencrypted file contens.
-o myfile	Output: Specifies the name to use for the decrypted file.
-p encryptedFile	Preserve: Restores plaintext to the original filename when encrypting.
-t	Text: Considers all PGP plaintext files to be text files; convents to local text conventions.
-u myID	User: Specifies which secret key to use to create a signature.
-w	Wipe: Erases the original plaintext file after ecryption.

Decryption and Checking

Syntax Description

pgp encryptedFile [-o myfile] Decrypts the encryptedFile. -o myfile specifies the name to use for the decrypted file.

pgp signedFile [-o myfile] Checks the signature on the signedFile. -o myfile specifies the name to use for the output file.

pgp -m encryptedFile Decrypts the encryptedFile and displays it on the screen, but does not save it on the computer's disk.

Syntax	Description
pgp encryptedFile [-o myfile]	Decrypts the encryptedFile. -o myfile specifies the name to use for the decrypted file.
pgp signedFile [-o myfile]	Checks the signature on the signedFile. -o myfile specifies the name to use for the output file.
pgp -m encryptedFile	Decrypts the encryptedFile and displays it on the screen, but does not save it on the computer's disk.

Key Management
If you do not specify a keyring in a key management command, the command operates on your public key ring.

Syntax Description

pgp -kg Key Generate: Creates a new public key/secret key pair.

pgp -ke [userID] [keyring] Key Edit: Edits your pass phrase, adds a new userID to your key, or changes the trust of someone else's public key.

pgp -ka keyfile [keyring] Key Add: Adds the keys in keyfile in keyring.

pgp -kaf userID [keyring] Key Add Filter: Adds the keys read from standard input to keyring.

pgp -kr [userID] [keyring] Key Remove: Removes a key from keyring; will prompt for necessary input.

pgp -kv [userID] [keyring] Key View: Views the contents of keyring. If userID is specified, lists only that user's keys.

pgp -kvv [userID] [keyring] Key View Verbose: Views the contents of keyring and shows who signed each key. If userID is specified, lists only that user's keys.

pgp -kc [userID] [keyring] Key Check: Views the contents of the key ring, checks the signature, and shows the trust in each signature. If a backup ring is specified (in the BAKRING configuration variable), compares the keys on the backup ring with the keys on the primary ring. If userID is specified, checks only that user's keys.

pgp -kvc [userID] [keyring] Key View and Check: Views the contents of keyring and displays each key's electronic "fingerprint". if userID is specified, checks only that user's keys.

pgp -ks [userID] [-u anotherID] [keyring] Key Sign: Signs and certifies userID's key with your secret key (or with anotherID); will prompt for userID if omitted

pgp -krs userID [keyring] Key Remove Signature: Removes your signature from userID's public key.

pgp -kx [userID] [keyfile] [keyring] Key Extract: Copies userID's key out of keyring into a separate keyfile; will prompt for necessary input.

pgp -kxa userID keyfile [keyring] Key Extract ASCII: Copies userID's key out of keyring into a serarate ASCII keyfile.

pgp -kxaf userID [keyring] Key Extract ASCII Filter: Copies userID's key out of keyring to standard output in ASCII format.

pgp -kd userID [keyring] Key Disable: Revokes or disables a key.

Syntax	Description
pgp -kg	Key Generate: Creates a new public key/secret key pair.
pgp -ke [userID] [keyring]	Key Edit: Edits your pass phrase, adds a new userID to your key, or changes the trust of someone else's public key.
pgp -ka keyfile [keyring]	Key Add: Adds the keys in keyfile in keyring.
pgp -kaf userID [keyring]	Key Add Filter: Adds the keys read from standard input to keyring.
pgp -kr [userID] [keyring]	Key Remove: Removes a key from keyring; will prompt for necessary input.
pgp -kv [userID] [keyring]	Key View: Views the contents of keyring. If userID is specified, lists only that user's keys.
pgp -kvv [userID] [keyring]	Key View Verbose: Views the contents of keyring and shows who signed each key. If userID is specified, lists only that user's keys.
pgp -kc [userID] [keyring]	Key Check: Views the contents of the key ring, checks the signature, and shows the trust in each signature. If a backup ring is specified (in the BAKRING configuration variable), compares the keys on the backup ring with the keys on the primary ring. If userID is specified, checks only that user's keys.
pgp -kvc [userID] [keyring]	Key View and Check: Views the contents of keyring and displays each key's electronic "fingerprint". if userID is specified, checks only that user's keys.
pgp -ks [userID] [-u anotherID] [keyring]	Key Sign: Signs and certifies userID's key with your secret key (or with anotherID); will prompt for userID if omitted
pgp -krs userID [keyring]	Key Remove Signature: Removes your signature from userID's public key.
pgp -kx [userID] [keyfile] [keyring]	Key Extract: Copies userID's key out of keyring into a separate keyfile; will prompt for necessary input.
pgp -kxa userID keyfile [keyring]	Key Extract ASCII: Copies userID's key out of keyring into a serarate ASCII keyfile.
pgp -kxaf userID [keyring]	Key Extract ASCII Filter: Copies userID's key out of keyring to standard output in ASCII format.
pgp -kd userID [keyring]	Key Disable: Revokes or disables a key.

Help

Syntax Description

pgp -h Help: Displays a summary of PGP's encryption, decryption, and digital signature options.

pgp -k Key: Displays a summary of PGP's key management options.

Syntax	Description
pgp -h	Help: Displays a summary of PGP's encryption, decryption, and digital signature options.
pgp -k	Key: Displays a summary of PGP's key management options.

Environment Variables

Syntax Description

PGPPASS Holds your pass phrase. PGPPASS keeps PGP from having to ask you the pass phrase each time it starts up, but it makes it easy for somebody else to learn your pass phrase by looking at your environment variables. We recommend against using PGPPASS.

PGPPASSFD Specifies a file descriptor from which your pass phrase should be read (an advanced PGP feature normally used with UNIX shell scripts). We recommend against using PGPPASSFD.

PGPPATH Specifies the directory used to store PGP files (pubring.pgp, secring.pgp, randseed.bin, config.txt, language.txt).

TMP Specifies the directories used to store PGP's temporary files (if the TMP option is not set in the configuration file).

TZ Specifies your current time zone (DOS only).

Syntax	Description
PGPPASS	Holds your pass phrase. PGPPASS keeps PGP from having to ask you the pass phrase each time it starts up, but it makes it easy for somebody else to learn your pass phrase by looking at your environment variables. We recommend against using PGPPASS.
PGPPASSFD	Specifies a file descriptor from which your pass phrase should be read (an advanced PGP feature normally used with UNIX shell scripts). We recommend against using PGPPASSFD.
PGPPATH	Specifies the directory used to store PGP files (pubring.pgp, secring.pgp, randseed.bin, config.txt, language.txt).
TMP	Specifies the directories used to store PGP's temporary files (if the TMP option is not set in the configuration file).
TZ	Specifies your current time zone (DOS only).

Configuration Variables
You can specify configuration variables in the configuration file (config.txt) or on the command line. For example:

pgp -seat message +ARMORLINES=720
Default values are shown in parentheses.

Syntax Description

AROMOR (OFF) Use ASCII armor for messages; equivalent to -a option.

ARMORLINES (720) Maximum lines in section of emailed message.

BAKRING (none) Location of backup copy of secret key ring.

CERT_DEPTH (4) Levels of introducers needed to certify a key.

CHARSET ("noconv") Character set to use (ascii, alt_codes, latin2, koi8, cp850).

CLEARSIG (ON) Appends signatures on text files to the end of the files, in ASCII.

COMMEND ("") Places this value at the beginning of every PGP ASCII-armor file.

COMPLETES_NEEDED (1) Number of completely trusted signatures needed to make a key valid.

COMPRESS (1) Compresses file before encrypting.

ENCRYPTTOSELF (OFF) Automatically sends copies of all encrypted messages to self.

INTERACTIVE (OFF) Asks for confirmation before adding new keys.

KEEPBINARY (OFF) PGP keeps intermediate .pgp files.

LANGUAGE ("en") Translates PGP prompts and messages to this language.

MARGINALS_NEEDED (2) Number of marginally trusted signatures needed to make a key valid.

MYNAME ("") Default User ID to use for secret key, equivalent to -u option.

NOMANUAL (OFF) Generates key pairs without requiring that the PGP user documentation be on disk.

PAGER ("") Paging program for -m option.

PKCS_COMPAT (1) Nonstandard formats for message digest and session keys (for old PGP versions).

PUBRING (SPGPPATH/pubring.pgp) Location of default public key ring.

RANDSEED (SPGPPATH/randseed.bin) Location of random number seed file.

SECRING (SPGPPATH/secring.pgp) Location of secret key ring.

SHOWPASS (OFF) Echoes user's pass phrase.

TEXTMODE (OFF for DOS and UNIX, ON for VAX/VMS) Plaintext files are text files, equivalent to -t option.

TMP ("") Location of temporary file directory.

TZFIX (none) Increment for setting time; alternative to TZ environment variable.

VERBOSE (1) Amount of information PGP displays (0 only prompts and errors, 1 normal, 2 debugging information).

Syntax	Description
AROMOR (OFF)	Use ASCII armor for messages; equivalent to -a option.
ARMORLINES (720)	Maximum lines in section of emailed message.
BAKRING (none)	Location of backup copy of secret key ring.
CERT_DEPTH (4)	Levels of introducers needed to certify a key.
CHARSET ("noconv")	Character set to use (ascii, alt_codes, latin2, koi8, cp850).
CLEARSIG (ON)	Appends signatures on text files to the end of the files, in ASCII.
COMMEND ("")	Places this value at the beginning of every PGP ASCII-armor file.
COMPLETES_NEEDED (1)	Number of completely trusted signatures needed to make a key valid.
COMPRESS (1)	Compresses file before encrypting.
ENCRYPTTOSELF (OFF)	Automatically sends copies of all encrypted messages to self.
INTERACTIVE (OFF)	Asks for confirmation before adding new keys.
KEEPBINARY (OFF)	PGP keeps intermediate .pgp files.
LANGUAGE ("en")	Translates PGP prompts and messages to this language.
MARGINALS_NEEDED (2)	Number of marginally trusted signatures needed to make a key valid.
MYNAME ("")	Default User ID to use for secret key, equivalent to -u option.
NOMANUAL (OFF)	Generates key pairs without requiring that the PGP user documentation be on disk.
PAGER ("")	Paging program for -m option.
PKCS_COMPAT (1)	Nonstandard formats for message digest and session keys (for old PGP versions).
PUBRING (SPGPPATH/pubring.pgp)	Location of default public key ring.
RANDSEED (SPGPPATH/randseed.bin)	Location of random number seed file.
SECRING (SPGPPATH/secring.pgp)	Location of secret key ring.
SHOWPASS (OFF)	Echoes user's pass phrase.
TEXTMODE (OFF for DOS and UNIX, ON for VAX/VMS)	Plaintext files are text files, equivalent to -t option.
TMP ("")	Location of temporary file directory.
TZFIX (none)	Increment for setting time; alternative to TZ environment variable.
VERBOSE (1)	Amount of information PGP displays (0 only prompts and errors, 1 normal, 2 debugging information).

File Extensions

Syntax Description

.txt Text file (before encryption).

.pgp Binary PGP file (after encryption); used for key rings and encrypted messages.

.asc ASCII-armour file (created with -a option).

.bin Used for PGP's randseed.bin file (created with -kg option).

Syntax	Description
.txt	Text file (before encryption).
.pgp	Binary PGP file (after encryption); used for key rings and encrypted messages.
.asc	ASCII-armour file (created with -a option).
.bin	Used for PGP's randseed.bin file (created with -kg option).

Copyright
Reprinted with permission from Pretty Good Privacy, Copyright © 1994, O'Reilly and Associates, Inc. For orders and information call 800-998-9938.
This HTML version has been written by Florian Helmberger.
Copyright © 1995, 1996 Florian Helmberger - no modifications please.

Back to the main page Thanks to Athens GeoCities for providing this page.
(last updated 97/04/16)