manpagez: man pages & more
info gnupg
Home | html | info | man

File: gnupg.info,  Node: OpenPGP Options,  Next: Compliance Options,  Prev: GPG Input and Output,  Up: GPG Options

4.2.4 OpenPGP protocol specific options
---------------------------------------

'--force-ocb'
'--force-aead'
     Force the use of AEAD encryption over MDC encryption.  AEAD is a
     modern and faster way to do authenticated encryption than the old
     MDC method.  '--force-aead' is an alias and deprecated.  See also
     option '--chunk-size'.

'--force-mdc'
'--disable-mdc'
     These options are obsolete and have no effect since GnuPG 2.2.8.
     The MDC is always used unless the keys indicate that an AEAD
     algorithm can be used in which case AEAD is used.  But note: If the
     creation of a legacy non-MDC message is exceptionally required, the
     option '--rfc2440' allows for this.

'--disable-signer-uid'
     By default the user ID of the signing key is embedded in the data
     signature.  As of now this is only done if the signing key has been
     specified with 'local-user' using a mail address, or with 'sender'.
     This information can be helpful for verifier to locate the key; see
     option '--auto-key-retrieve'.

'--include-key-block'
'--no-include-key-block'
     This option is used to embed the actual signing key into a data
     signature.  The embedded key is stripped down to a single user id
     and includes only the signing subkey used to create the signature
     as well as as valid encryption subkeys.  All other info is removed
     from the key to keep it and thus the signature small.  This option
     is the OpenPGP counterpart to the 'gpgsm' option '--include-certs'
     and allows the recipient of a signed message to reply encrypted to
     the sender without using any online directories to lookup the key.
     The default is '--no-include-key-block'.  See also the option
     '--auto-key-import'.

'--personal-cipher-preferences STRING'
     Set the list of personal cipher preferences to STRING.  Use 'gpg
     --version' to get a list of available algorithms, and use 'none' to
     set no preference at all.  This allows the user to safely override
     the algorithm chosen by the recipient key preferences, as GPG will
     only select an algorithm that is usable by all recipients.  The
     most highly ranked cipher in this list is also used for the
     '--symmetric' encryption command.

'--personal-digest-preferences STRING'
     Set the list of personal digest preferences to STRING.  Use 'gpg
     --version' to get a list of available algorithms, and use 'none' to
     set no preference at all.  This allows the user to safely override
     the algorithm chosen by the recipient key preferences, as GPG will
     only select an algorithm that is usable by all recipients.  The
     most highly ranked digest algorithm in this list is also used when
     signing without encryption (e.g.  '--clear-sign' or '--sign').

'--personal-compress-preferences STRING'
     Set the list of personal compression preferences to STRING.  Use
     'gpg --version' to get a list of available algorithms, and use
     'none' to set no preference at all.  This allows the user to safely
     override the algorithm chosen by the recipient key preferences, as
     GPG will only select an algorithm that is usable by all recipients.
     The most highly ranked compression algorithm in this list is also
     used when there are no recipient keys to consider (e.g.
     '--symmetric').

'--s2k-cipher-algo NAME'
     Use NAME as the cipher algorithm for symmetric encryption with a
     passphrase if '--personal-cipher-preferences' and '--cipher-algo'
     are not given.  The default is AES-128.

'--s2k-digest-algo NAME'
     Use NAME as the digest algorithm used to mangle the passphrases for
     symmetric encryption.  The default is SHA-1.

'--s2k-mode N'
     Selects how passphrases for symmetric encryption are mangled.  If N
     is 0 a plain passphrase (which is in general not recommended) will
     be used, a 1 adds a salt (which should not be used) to the
     passphrase and a 3 (the default) iterates the whole process a
     number of times (see '--s2k-count').

'--s2k-count N'
     Specify how many times the passphrases mangling for symmetric
     encryption is repeated.  This value may range between 1024 and
     65011712 inclusive.  The default is inquired from gpg-agent.  Note
     that not all values in the 1024-65011712 range are legal and if an
     illegal value is selected, GnuPG will round up to the nearest legal
     value.  This option is only meaningful if '--s2k-mode' is set to
     the default of 3.

© manpagez.com 2000-2024
Individual documents may contain additional copyright information.