gpg - OpenPGP encryption and signing tool
gpg [--homedir dir] [--options file] [options] command [args]
gpg is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool to provide digital encryption and signing services using the OpenPGP standard. gpg features complete key management and all bells and whistles you can expect from a decent OpenPGP implementation.
This is the standalone version of gpg. For desktop use you should consider using gpg2 ([On some platforms gpg2 is installed under the name gpg]).
There are a few configuration files to control certain aspects of gpg's operation. Unless noted, they are expected in the current home directory (see: [option --home‐dir]).
This is the standard configuration file read by gpg on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. This default name may be changed on the command line (see: [option --options]). You should backup this file.
Note that on larger installations, it is useful to put predefined files into the directory '/etc/skel/.gnupg/' so that newly created users start up with a working configuration.
For internal purposes gpg creates and maintains a few other files; They all live in in the current home directory (see: [option --homedir]). Only the gpg may modify these files.
The secret keyring. You should backup this file.
The lock file for the secret keyring.
The public keyring. You should backup this file.
The lock file for the public keyring.
The trust database. There is no need to backup this file; it is better to backup the ownertrust values (see: [option --export-ownertrust]).
The lock file for the trust database.
A file used to preserve the state of the internal random pool.
The skeleton options file.
Default location for extensions.
Operation is further controlled by a few environment variables:
Used to locate the default home directory.
If set directory used instead of "~/.gnupg".
Used to locate the gpg-agent. This is only honored when --use-agent is set. The value consists of 3 colon delimited fields: The first is the path to the Unix Domain Socket, the second the PID of the gpg-agent and the protocol version which should be set to 1. When starting the gpg-agent as described in its documentation, this variable is set to the correct value. The option --gpg-agent-info can be used to override it.
This value is passed via gpg-agent to pinentry. It is useful to convey extra information to a custom pinentry.
- COLUMNS, LINES
Used to size some displays to the full size of the screen.
Apart from its use by GNU, it is used in the W32 version to override the language selection done through the Registry. If used and set to a valid and available language name (langid), the file with the translation is loaded from gpgdir/gnupg.nls/langid.mo. Here gpgdir is the directory out of which the gpg binary has been loaded. If it can't be loaded the Registry is tried and as last resort the native Windows locale system is used.
We have a few Samples in this Wiki too: