Authentication for PGP KMS Operations
12 Miscellaneous Commands
176
Commands
--create-keyrings
Creates a pair of empty keyrings. Several commands create keyrings automatically as part of the command; gen-key, import, and
--keyserver-recv, for example. You only need to use --create-keyrings if you want to create empty keyrings.
PGP Command Line will try to create the keyrings in the default location for the operating system: C:\Documents and Settings\<current user>\My Documents\PGP\ on Windows, $HOME/Documents/PGP on Mac OS X, and
$HOME/.pgp/ on UNIX. If the PGP portions of these directories do not exist, PGP Command Line attempts to create them.
If the home directory is set and keyrings are not specified, PGP Command Line will try to create the keyrings in the default home directory location. No paths will be created in this case; they must already exist. If the keyrings are specified, they are relative to the current directory. Use a full path in this case.
The usage format is:
pgp --create keyrings [--home-dir <path1>] [--public-keyring <path2>]
[--private-keyring <path3>]
Where:
<path1> is the path to the home directory.
<path2> is the path to the public keyring file. You can specify a single file (which is relative to the current directory), a relative path (relative to the current directory), or a full path (the recommended usage).
<path3> is the path to the private keyring file. You can specify a single file (which is relative to the current directory), a relative path (relative to the current directory), or a full path (the recommended usage).
Example:
pgp --create-keyrings --home-dir /test/
Create keyrings using /test as the home directory.
177
--help (-h)
Displays the banner message and the built-in help message, which provides a brief description of the commands and options in PGP Command Line.
The usage format is:
pgp --help
--license-authorize
You cannot use PGP Command Line normally until is licensed.
Refer to Licensing (on page 25) for a complete description of how to license PGP Command Line.
--purge-all-caches
Purges both the passphrase cache and the keyring cache. Caching is a security risk, so PGP Command Line makes it easy for you to purge the passphrase and keyring caches at any time.
The usage format is:
pgp --purge-all-caches Example:
pgp --purge-all-caches
Purges both the passphrase and the keyring cache.
--purge-keyring-cache
Purges the keyring cache, which stores keyrings in memory so that they do not have to be retrieved each time they are needed. Caching is a security risk, so PGP Command Line makes it easy for you to purge the keyring cache at any time. The option --purge-keyring-cache is not used unless specifically enabled.
The usage format is:
pgp --purge-keyring-cache Example:
pgp --purge-keyring-cache Purges the keyring cache.
178
--purge-passphrase-cache
Purges the global (shared) passphrase cache, which stores in memory passphrases you enter so that you do not have to enter them every time you need them. Caching is a security risk, so PGP Command Line makes it easy for you to purge the passphrase cache at any time.
--purge-passphrase-cache is not used unless specifically enabled.
The usage format is:
pgp --purge-passphrase-cache Example:
pgp --purge-passphrase-cache Purges the passphrase cache.
--speed-test
Runs a suite of PGP SDK speed tests, which both identify the version of the PGP SDK that PGP Command Line is using and returns test results for several tests: hash, cipher, and public key, for example.
Running speedtest forces PGP Command Line into local mode. Running --speed-test in FIPS mode (--fips-mode) runs the tests with the PGP SDK in FIPS mode, which runs a slightly different set of tests.
The usage format is:
pgp --speed-test [--fips-mode]
Example:
pgp --speed-test
Runs the suite of PGP SDK speed tests.
--version
Tells you what version of PGP Command Line you are using and displays the banner message.
The usage format is:
pgp --version [options]
Where:
[options] let you modify the command. Options are:
179
--verbose, which displays additional information about PGP Command Line, including passphrase cache information, time zone information, PGP SDK information, public key algorithms, symmetric ciphers, hashes, and compression.
Examples:
pgp --version
Displays version information and the banner message in the format:
PGP Command Line 10.0
Copyright (C) 2010 PGP Corporation All rights reserved.
--wipe
Wipes a file off of your system.
The --wipe command exceeds the media sanitization requirements of Department of Defense 5220.22-M at three passes. Security continues to increase up to approximately 28 passes.
The usage format is:
pgp --wipe <input> [<input> ...] [options]
Where:
<input> is the file or files you want to wipe.
[options] let you modify the command. Options are:
--wipe-passes, which lets you specify how many wipe passes are made. Available values are 1 through 49. The default is 3.
--recursive, which lets you select subdirectories and files in subdirectories.
--verbose, which provides extra information about the progress.
Examples:
1 pgp --wipe secretreport.txt
Wipes the file secretreport.txt from your system using the default number of passes, three.
2 pgp --wipe secret.doc --wipe-passes 8
Wipes the file secret.doc from your system using the number of passes specified with the --wipe-passes option, eight.
180
--check-sigs
Checks the signatures on all keys on your keyring. If errors are found, they are displayed.
The usage format is:
pgp --check-sigs Example:
1 pgp --check-sigs
Checks the signatures of all keys on your keyring.
--check-userids
Checks the user IDs on specified keys to make sure they conform to the conventional naming standard.
The acceptable form for a user ID is:
More than one character but fewer than 256 characters.
Common Name <contact information>. For example, "Alice Cameron
<acameron @example.com>" or "Ming Pa <AIM: 12345678>".
Common Name does not have to be the name of an individual. On an ADK, for example, it could be a company name.
<contact information> cannot be empty, but it does not have to be an email address or viable contact information.
The GPG format "Common Name (Comment) <contact information>" is invalid.
If no invalid user IDs are found, a successful status message ("0:signatures checked successfully") appears.
If invalid user IDs are found, each is listed as an error status message and the exit code is returned.
The usage format is:
pgp --check-userids [<user1> ...]
Where:
<user1> is the user ID, portion of a user ID, or the key ID of a key on your keyring.
181 Examples:
1 pgp --check-userids
Checks the user IDs of all keys on your keyring.
2 pgp --check-userids acameron
Checks the user IDs of all keys on your keyring with "acameron" in the user ID or key ID of the key.
183
This chapter lists and describes PGP Command Line options.
Options are listed in alphabetical order within their sections.