Create PEM encoded output. Default is binary output.
Create Base-64 encoded output; i.e. PEM without the header lines.
Assume the input data is PEM encoded. Default is to autodetect the encoding but this is may fail.
Assume the input data is plain base-64 encoded.
Assume the input data is binary encoded.
--input-size-hint n ¶
This option can be used to tell GPGSM the size of the input data in bytes. n must be a positive base-10 number. It is used by the --status-fd line “PROGRESS” to provide a value for “total” if that is not available by other means.
--p12-charset name ¶
gpgsm uses the UTF-8 encoding when encoding passphrases for
PKCS#12 files. This option may be used to force the passphrase to be
encoded in the specified encoding name. This is useful if the
application used to import the key uses a different encoding and thus
will not be able to import a file generated by
used values for name are
gpgsm itself automagically imports any file with a
passphrase encoded to the most commonly used encodings.
--default-key user_id ¶
Use user_id as the standard key for signing. This key is used if no other key has been defined as a signing key. Note, that the first --local-users option also sets this key if it has not yet been set; however --default-key always overrides this.
-u user_id ¶
Set the user(s) to be used for signing. The default is the first secret key found in the database.
--recipient name ¶
Encrypt to the user id name. There are several ways a user id may be given (see how-to-specify-a-user-id).
--output file ¶
Write output to file. The default is to write it to stdout.
Displays extra information with the
--list-keys commands. Especially
a line tagged
grp is printed which tells you the keygrip of a
key. This string is for example used as the file name of the
secret key. Implies
When doing a key listing, do a full validation check for each key and print the result. This is usually a slow operation because it requires a CRL lookup and other operations.
When used along with --import, a validation of the certificate to import is done and only imported if it succeeds the test. Note that this does not affect an already available certificate in the DB. This option is therefore useful to simply verify a certificate.
For standard key listings, also print the MD5 fingerprint of the certificate.
Include the keygrip in standard key listings. Note that the keygrip is always listed in --with-colons mode.
Include info about the presence of a secret key in public key listings
By default gpgsm prints distinguished names (DNs) like the Issuer or Subject in a more readable format (e.g. using a well defined order of the parts). However, this format can’t be used as input strings. This option reverts printing to standard RFC-2253 format and thus avoids the need to use –dump-cert or –with-colons to get the “real” name.