/run/media/bill/PROJECTS/System_maintenance/security/gpg man output.txt www.BillHowell.ca initial 04Dec2019 ************ 04Jan2020 man gpg NAME gpg2 - OpenPGP encryption and signing tool SYNOPSIS gpg2 [--homedir dir] [--options file] [options] command [args] COMMANDS Commands are not distinguished from options except for the fact that only one command is allowed. Generally speaking, irrelevant options are silently ignored, and may not be checked for correctness. Commands to select the type of operation --list-keys --export-secret-keys --export-secret-subkeys Same as --export, but exports the secret keys instead. The exported keys are written to STDOUT or to the file given with option --output. This command is often used along with the option --armor to allow for easy printing of the key for paper backup; however the external tool paperkey does a better job of creating backups on paper. Note that exporting a secret key can be a security risk if the exported keys are sent over an insecure channel. The second form of the command has the special property to render the secret part of the primary key useless; this is a GNU extension to OpenPGP and other implementations can not be expected to successfully import such a key. Its intended use is in generating a full key with an additional signing subkey on a dedicated machine. This command then exports the key without the primary key to the main machine. GnuPG may ask you to enter the passphrase for the key. This is required, because the internal protection method of the secret key is different from the one specified by the OpenPGP protocol. How to manage your keys This section explains the main commands for key management. --generate-key --gen-key Generate a new key pair using the current default parameters. This is the standard command to create a new key. In addition to the key a revocation certificate is created and stored in the ‘openpgp-revocs.d’ directory below the GnuPG home directory. # enddoc