diff --git a/.gitignore b/.gitignore index 923b870..3691cae 100644 --- a/.gitignore +++ b/.gitignore @@ -3,10 +3,11 @@ _software/*/docs _software/_*_repo _specs/*/ !_specs/*.* -parent-hub/* +# parent-hub/* _site/ .sass-cache/ .jekyll-cache/ .jekyll-metadata .DS_Store -Gemfile.lock \ No newline at end of file +Gemfile.lock +.man_pages_cache diff --git a/Gemfile b/Gemfile index 8a04f3f..4d921ae 100644 --- a/Gemfile +++ b/Gemfile @@ -7,6 +7,10 @@ group :jekyll_plugins do gem "jekyll-theme-rop" end +# For man pages plugin +gem "rubyzip", "~> 2.3" +gem "octokit", "~> 6.0" + # Windows does not include zoneinfo files, so bundle the tzinfo-data gem gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw, :jruby] diff --git a/Makefile b/Makefile deleted file mode 100644 index 50553be..0000000 --- a/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -SHELL := /bin/bash -RNP_ZIP_VERSION := 0.17.0 -CLEAN_TARGETS := _site _man_pages rnp.zip - -all: _site - -rnp.zip: - curl -sSL https://github.com/rnpgp/rnp/archive/refs/tags/v${RNP_ZIP_VERSION}.zip -o $@ - -_man_pages: rnp.zip - mkdir -p $@; \ - unzip -jd $@ $< "*.1.adoc" "*.3.adoc"; \ - find $@ -name '*.adoc' -exec sed -i.bak -e '2,3d' {} \; ; \ - find $@ -name '*.adoc' -exec sed -i.bak 's/{component-version}/${RNP_ZIP_VERSION}/g' {} \; ; \ - find $@ -name '*.adoc' -exec sed -i.bak 's/{release-version}/${RNP_ZIP_VERSION}/g' {} \; ; \ - find $@ -name '*.adoc' -exec sed -i.bak 's/^= \(.*\)$$/---\ntitle: \1\nexcerpt: man page for \1, version ${RNP_ZIP_VERSION}\n---/g' {} \; ; \ - rm -f $@/*.bak - -clean: - rm -rf ${CLEAN_TARGETS} - rm -rf _software/*/.git _software/*/docs _software/_*_repo parent-hub/* - rm -rf .sass-cache .jekyll-cache .jekyll-metadata - -bundle: - bundle - -_site: _man_pages - bundle exec jekyll build --trace - -serve: _man_pages - bundle exec jekyll serve --trace - -.PHONY: bundle all open serve clean diff --git a/_config.yml b/_config.yml index a370b08..4bf8290 100644 --- a/_config.yml +++ b/_config.yml @@ -37,7 +37,7 @@ theme: jekyll-theme-rop parent_hub: git_repo_url: https://github.com/riboseinc/open.ribose.com - home_url: https://open.ribose.com/ + home_url: https://www.ribose.com/ includes_dir: '.' @@ -118,6 +118,13 @@ url: https://www.rnpgp.org github_repo_url: https://github.com/rnpgp/rnpgp.org +# RNP configuration for man pages plugin +rnp: + version: "0.18.0" + man_pages: + enabled: true + cache_duration: 3600 + tag_namespaces: software: writtenin: "Written in" diff --git a/_man_pages/index.md b/_man_pages/index.md new file mode 100644 index 0000000..808412c --- /dev/null +++ b/_man_pages/index.md @@ -0,0 +1,141 @@ +--- +title: RNP Man Pages +excerpt: Manual pages for all RNP versions +layout: docs-index +--- + +# RNP Manual Pages + +This page provides access to manual pages for all versions of RNP. + +## Available Versions + +### [RNP v0.18.0](v0.18.0/) +Released: 2025-06-19 + +- [rnp.1](/docs/0.18.0/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.18.0/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.18.0/librnp.3/) - RNP library API + +### [RNP v0.17.1](v0.17.1/) +Released: 2024-05-14 + +- [rnp.1](/docs/0.17.1/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.17.1/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.17.1/librnp.3/) - RNP library API + +### [RNP v0.17.0](v0.17.0/) +Released: 2023-05-02 + +- [rnp.1](/docs/0.17.0/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.17.0/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.17.0/librnp.3/) - RNP library API + +### [RNP v0.16.3](v0.16.3/) +Released: 2023-04-13 + +- [rnp.1](/docs/0.16.3/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.16.3/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.16.3/librnp.3/) - RNP library API + +### [RNP v0.16.2](v0.16.2/) +Released: 2022-09-22 + +- [rnp.1](/docs/0.16.2/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.16.2/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.16.2/librnp.3/) - RNP library API + +### [RNP v0.16.1](v0.16.1/) +Released: 2022-09-12 + +- [rnp.1](/docs/0.16.1/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.16.1/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.16.1/librnp.3/) - RNP library API + +### [RNP v0.16.0](v0.16.0/) +Released: 2022-01-27 + +- [rnp.1](/docs/0.16.0/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.16.0/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.16.0/librnp.3/) - RNP library API + +### [RNP v0.15.2](v0.15.2/) +Released: 2021-08-06 + +- [rnp.1](/docs/0.15.2/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.15.2/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.15.2/librnp.3/) - RNP library API + +### [RNP v0.15.1](v0.15.1/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.15.1/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.15.1/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.15.1/librnp.3/) - RNP library API + +### [RNP v0.15.0](v0.15.0/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.15.0/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.15.0/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.15.0/librnp.3/) - RNP library API + +### [RNP v0.14.0](v0.14.0/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.14.0/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.14.0/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.14.0/librnp.3/) - RNP library API + +### [RNP v0.13.1](v0.13.1/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.13.1/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.13.1/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.13.1/librnp.3/) - RNP library API + +### [RNP v0.13.0](v0.13.0/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.13.0/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.13.0/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.13.0/librnp.3/) - RNP library API + +### [RNP v0.12.0](v0.12.0/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.12.0/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.12.0/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.12.0/librnp.3/) - RNP library API + +### [RNP v0.11.0](v0.11.0/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.11.0/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.11.0/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.11.0/librnp.3/) - RNP library API + +### [RNP v0.10.0](v0.10.0/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.10.0/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.10.0/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.10.0/librnp.3/) - RNP library API + +### [RNP v0.9.2](v0.9.2/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.9.2/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.9.2/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.9.2/librnp.3/) - RNP library API + +### [RNP v0.9.1](v0.9.1/) +Released: 2021-06-02 + +- [rnp.1](/docs/0.9.1/rnp.1/) - RNP command-line tool +- [rnpkeys.1](/docs/0.9.1/rnpkeys.1/) - RNP key management tool +- [librnp.3](/docs/0.9.1/librnp.3/) - RNP library API + +## Latest Version + +The latest stable version is [RNP v0.18.0](latest/), which is an alias for [v0.18.0](v0.18.0/). \ No newline at end of file diff --git a/_man_pages/latest b/_man_pages/latest new file mode 120000 index 0000000..ade995f --- /dev/null +++ b/_man_pages/latest @@ -0,0 +1 @@ +v0.18.0 \ No newline at end of file diff --git a/_man_pages/v0.15.0/librnp.3.adoc b/_man_pages/v0.15.0/librnp.3.adoc new file mode 100644 index 0000000..e5cdc6f --- /dev/null +++ b/_man_pages/v0.15.0/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.15.0 +version: 0.15.0 +permalink: /docs/0.15.0/librnp.3/ +--- +:release-version: 0.15.0 +:man manual: RNP Manual +:man source: RNP 0.15.0 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.15.0/rnp.1.adoc b/_man_pages/v0.15.0/rnp.1.adoc new file mode 100644 index 0000000..ed0c5b9 --- /dev/null +++ b/_man_pages/v0.15.0/rnp.1.adoc @@ -0,0 +1,392 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.15.0 +version: 0.15.0 +permalink: /docs/0.15.0/rnp.1/ +--- +:release-version: 0.15.0 +:man manual: RNP Manual +:man source: RNP 0.15.0 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z*, *--zip*, *--bzip*::: +Select a compression algorithm. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Output, if not overridden with this option, will be written to the file with stripped _.pgp_ extension or stdout. If _INPUT_FILE_ does not end with the _.pgp_ extension, then output file name will be asked via _stdin_/_tty_. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any. + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg*::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size. This is used for testing or debugging. + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to current local computer time. + ++ +A specific time could be specified in the +ISO 8601-1:2019 date format (_yyyy-mm-dd_), +or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--debug* _FILENAME.CPP_:: +Enable debug output for the source file specified. For development use only. + + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.15.0/rnpkeys.1.adoc b/_man_pages/v0.15.0/rnpkeys.1.adoc new file mode 100644 index 0000000..ee1edfd --- /dev/null +++ b/_man_pages/v0.15.0/rnpkeys.1.adoc @@ -0,0 +1,377 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.15.0 +version: 0.15.0 +permalink: /docs/0.15.0/rnpkeys.1/ +--- +:release-version: 0.15.0 +:man manual: RNP Manual +:man source: RNP 0.15.0 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default RSA key size of *2048* bits. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--force* to overwrite file if it already exists. + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as output file overwrite, secret key removal, and revoking an already revoked key. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_man_pages/v0.15.1/librnp.3.adoc b/_man_pages/v0.15.1/librnp.3.adoc new file mode 100644 index 0000000..11978d8 --- /dev/null +++ b/_man_pages/v0.15.1/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.15.1 +version: 0.15.1 +permalink: /docs/0.15.1/librnp.3/ +--- +:release-version: 0.15.1 +:man manual: RNP Manual +:man source: RNP 0.15.1 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.15.1/rnp.1.adoc b/_man_pages/v0.15.1/rnp.1.adoc new file mode 100644 index 0000000..2ecde51 --- /dev/null +++ b/_man_pages/v0.15.1/rnp.1.adoc @@ -0,0 +1,392 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.15.1 +version: 0.15.1 +permalink: /docs/0.15.1/rnp.1/ +--- +:release-version: 0.15.1 +:man manual: RNP Manual +:man source: RNP 0.15.1 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z*, *--zip*, *--bzip*::: +Select a compression algorithm. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Output, if not overridden with this option, will be written to the file with stripped _.pgp_ extension or stdout. If _INPUT_FILE_ does not end with the _.pgp_ extension, then output file name will be asked via _stdin_/_tty_. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any. + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg*::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size. This is used for testing or debugging. + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to current local computer time. + ++ +A specific time could be specified in the +ISO 8601-1:2019 date format (_yyyy-mm-dd_), +or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--debug* _FILENAME.CPP_:: +Enable debug output for the source file specified. For development use only. + + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.15.1/rnpkeys.1.adoc b/_man_pages/v0.15.1/rnpkeys.1.adoc new file mode 100644 index 0000000..9ef2d52 --- /dev/null +++ b/_man_pages/v0.15.1/rnpkeys.1.adoc @@ -0,0 +1,377 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.15.1 +version: 0.15.1 +permalink: /docs/0.15.1/rnpkeys.1/ +--- +:release-version: 0.15.1 +:man manual: RNP Manual +:man source: RNP 0.15.1 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default RSA key size of *2048* bits. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--force* to overwrite file if it already exists. + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as output file overwrite, secret key removal, and revoking an already revoked key. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_man_pages/v0.15.2/librnp.3.adoc b/_man_pages/v0.15.2/librnp.3.adoc new file mode 100644 index 0000000..63d9db2 --- /dev/null +++ b/_man_pages/v0.15.2/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.15.2 +version: 0.15.2 +permalink: /docs/0.15.2/librnp.3/ +--- +:release-version: 0.15.2 +:man manual: RNP Manual +:man source: RNP 0.15.2 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.15.2/rnp.1.adoc b/_man_pages/v0.15.2/rnp.1.adoc new file mode 100644 index 0000000..7b0195d --- /dev/null +++ b/_man_pages/v0.15.2/rnp.1.adoc @@ -0,0 +1,393 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.15.2 +version: 0.15.2 +permalink: /docs/0.15.2/rnp.1/ +--- +:release-version: 0.15.2 +:man manual: RNP Manual +:man source: RNP 0.15.2 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z*, *--zip*, *--bzip*::: +Select a compression algorithm. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Output, if not overridden with this option, will be written to the file with stripped _.pgp_ extension or stdout. If _INPUT_FILE_ does not end with the _.pgp_ extension, then output file name will be asked via _stdin_/_tty_. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any. + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg*::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size. This is used for testing or debugging. + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to current local computer time. + ++ +A specific time could be specified in the +ISO 8601-1:2019 date format (_yyyy-mm-dd_), +or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: + +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--debug* _FILENAME.CPP_:: +Enable debug output for the source file specified. For development use only. + + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.15.2/rnpkeys.1.adoc b/_man_pages/v0.15.2/rnpkeys.1.adoc new file mode 100644 index 0000000..ee76142 --- /dev/null +++ b/_man_pages/v0.15.2/rnpkeys.1.adoc @@ -0,0 +1,388 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.15.2 +version: 0.15.2 +permalink: /docs/0.15.2/rnpkeys.1/ +--- +:release-version: 0.15.2 +:man manual: RNP Manual +:man source: RNP 0.15.2 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default RSA key size of *2048* bits. + +*--expiration* _TIME_::: +Set key and subkey expiration time, counting from the creation time. + ++ +By default generated keys do not expire. + ++ +Expiration time can be specified as: + +* expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +* hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +* number of seconds. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--force* to overwrite file if it already exists. + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as output file overwrite, secret key removal, and revoking an already revoked key. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_man_pages/v0.16.0/librnp.3.adoc b/_man_pages/v0.16.0/librnp.3.adoc new file mode 100644 index 0000000..b0693be --- /dev/null +++ b/_man_pages/v0.16.0/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.16.0 +version: 0.16.0 +permalink: /docs/0.16.0/librnp.3/ +--- +:release-version: 0.16.0 +:man manual: RNP Manual +:man source: RNP 0.16.0 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.16.0/rnp.1.adoc b/_man_pages/v0.16.0/rnp.1.adoc new file mode 100644 index 0000000..6c6b262 --- /dev/null +++ b/_man_pages/v0.16.0/rnp.1.adoc @@ -0,0 +1,406 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.16.0 +version: 0.16.0 +permalink: /docs/0.16.0/rnp.1/ +--- +:release-version: 0.16.0 +:man manual: RNP Manual +:man source: RNP 0.16.0 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* if *--output* option is given output is written to the path specified (or to the *stdout* if *-* is used) +* to the _INPUT_FILE_ with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to the _stdout_ if input was read from the _stdin_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z 0..9*, *--zlib*, *--zip*, *--bzip*::: +Select a compression algorithm and level. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Output, if not overridden with this option, will be written to the file with stripped _.pgp_ extension or stdout. If _INPUT_FILE_ does not end with the _.pgp_ extension, then output file name will be asked via _stdin_/_tty_. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any (unless option _--output_ is specified). + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg*::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size. This is used for testing or debugging. + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to current local computer time. + ++ +A specific time could be specified in the +ISO 8601-1:2019 date format (_yyyy-mm-dd_), +or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: + +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + +=== EXAMPLE 5 + +*printf* _"Message"_ | *rnp* *--keyfile* _env:PGP_ENCRYPTION_KEY_ *-e* *-* *--armor* + +Encrypt message, passed via stdin, using the key, stored in environment variable *PGP_ENCRYPTION_KEY*, add ascii armoring, and print result to the stdout. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.16.0/rnpkeys.1.adoc b/_man_pages/v0.16.0/rnpkeys.1.adoc new file mode 100644 index 0000000..ee595f7 --- /dev/null +++ b/_man_pages/v0.16.0/rnpkeys.1.adoc @@ -0,0 +1,433 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.16.0 +version: 0.16.0 +permalink: /docs/0.16.0/rnpkeys.1/ +--- +:release-version: 0.16.0 +:man manual: RNP Manual +:man source: RNP 0.16.0 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default RSA key size of *2048* bits. + +*--expiration* _TIME_::: +Set key and subkey expiration time, counting from the creation time. + ++ +By default generated keys do not expire. + ++ +Expiration time can be specified as: + +* expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +* hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +* number of seconds. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation, see *options* section for the available values. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + +*--edit-key* _KEY_:: +Edit or update information, associated with a key. Should be accompanied with editing option. + ++ +Currently the following options are available: + ++ +*--check-cv25519-bits*::: +Check whether least significant/most significant bits of Curve25519 ECDH subkey are correctly set. +RNP internally sets those bits to required values (3 least significant bits and most significant bit must be zero) during decryption, +however other implementations (GnuPG) may require those bits to be set in key material. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--fix-cv25519-bits*::: +Set least significant/most significant bits of Curve25519 ECDH subkey to the correct values, and save a key. +So later export of the key would ensure compatibility with other implementations (like GnuPG). +This operation would require the password for your secret key. +Since version 0.16.0 of RNP generated secret key is stored with bits set to a needed value, +however, this may be needed to fix older keys or keys generated by other implementations. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--overwrite* to overwrite file if it already exists. + +*--overwrite*:: +Overwrite output file if it already exists. + ++ + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as secret key removal, revoking an already revoked key and so on. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnpkeys_ command. + +=== EXAMPLE 1: IMPORT EXISTING KEYS FROM THE GNUPG + +Following oneliner may be used to import all public keys from the GnuPG: + +*gpg* *-a* *--export* | *rnpkeys* *--import* _-_ + +To import all secret keys the following command should be used (please note, that you'll be asked for secret key password(s)): + +*gpg* *-a* *--export-secret-keys* | *rnpkeys* *--import* _-_ + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_man_pages/v0.16.1/librnp.3.adoc b/_man_pages/v0.16.1/librnp.3.adoc new file mode 100644 index 0000000..8572f5e --- /dev/null +++ b/_man_pages/v0.16.1/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.16.1 +version: 0.16.1 +permalink: /docs/0.16.1/librnp.3/ +--- +:release-version: 0.16.1 +:man manual: RNP Manual +:man source: RNP 0.16.1 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.16.1/rnp.1.adoc b/_man_pages/v0.16.1/rnp.1.adoc new file mode 100644 index 0000000..1e60fde --- /dev/null +++ b/_man_pages/v0.16.1/rnp.1.adoc @@ -0,0 +1,422 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.16.1 +version: 0.16.1 +permalink: /docs/0.16.1/rnp.1/ +--- +:release-version: 0.16.1 +:man manual: RNP Manual +:man source: RNP 0.16.1 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* if *--output* option is given output is written to the path specified (or to the *stdout* if *-* is used) +* to the _INPUT_FILE_ with a removed or added file extension (_.pgp_, _.gpg_, _.asc_, _.sig_), depending on operation. +* to the _stdout_ if input was read from the _stdin_. + +If output file already exists, it will *not* be overwritten, unless *--overwrite* option is given. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z 0..9*, *--zlib*, *--zip*, *--bzip*::: +Select a compression algorithm and level. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--no-wrap*::: +Do not wrap the output in literal data packet. This could be used to encrypt a file which is already signed or encrypted. +By default this would also disable compression, use option *-z* to override. + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Override the default output selection with a file name or stdout specifier (*_-_*). For the default output path selection see the *BASICS* section. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any (unless option _--output_ is specified). + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +Also you may use option *--source* to specify the exact source for the signed data. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg*::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--source*:: +Specify signed data for the detached signature verification (_-_ and _env:_ substitutions may be used here). + + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size bits, from 0 to 16 (actual chunk size would be 1 << (6 + bits)). See OpenPGP documentation for the details. + + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to the current local computer time. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: + +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* may be specified in the same way as *--creation*. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + +=== EXAMPLE 5 + +*printf* _"Message"_ | *rnp* *--keyfile* _env:PGP_ENCRYPTION_KEY_ *-e* *-* *--armor* + +Encrypt message, passed via stdin, using the key, stored in environment variable *PGP_ENCRYPTION_KEY*, add ascii armoring, and print result to the stdout. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.16.1/rnpkeys.1.adoc b/_man_pages/v0.16.1/rnpkeys.1.adoc new file mode 100644 index 0000000..e662c69 --- /dev/null +++ b/_man_pages/v0.16.1/rnpkeys.1.adoc @@ -0,0 +1,447 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.16.1 +version: 0.16.1 +permalink: /docs/0.16.1/rnpkeys.1/ +--- +:release-version: 0.16.1 +:man manual: RNP Manual +:man source: RNP 0.16.1 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default RSA key size of *2048* bits. + +*--expiration* _TIME_::: +Set key and subkey expiration time, counting from the creation time. + ++ +By default generated keys do not expire. + ++ +Expiration time can be specified as: + +* expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +* hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +* number of seconds. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation, see *options* section for the available values. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + +*--edit-key* _KEY_:: +Edit or update information, associated with a key. Should be accompanied with editing option. + ++ +Currently the following options are available: + ++ +*--check-cv25519-bits*::: +Check whether least significant/most significant bits of Curve25519 ECDH subkey are correctly set. +RNP internally sets those bits to required values (3 least significant bits and most significant bit must be zero) during decryption, +however other implementations (GnuPG) may require those bits to be set in key material. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--fix-cv25519-bits*::: +Set least significant/most significant bits of Curve25519 ECDH subkey to the correct values, and save a key. +So later export of the key would ensure compatibility with other implementations (like GnuPG). +This operation would require the password for your secret key. +Since version 0.16.0 of RNP generated secret key is stored with bits set to a needed value, +however, this may be needed to fix older keys or keys generated by other implementations. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--overwrite* to overwrite file if it already exists. + +*--overwrite*:: +Overwrite output file if it already exists. + ++ + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as secret key removal, revoking an already revoked key and so on. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnpkeys_ command. + +=== EXAMPLE 1: IMPORT EXISTING KEYS FROM THE GNUPG + +Following oneliner may be used to import all public keys from the GnuPG: + +*gpg* *-a* *--export* | *rnpkeys* *--import* _-_ + +To import all secret keys the following command should be used (please note, that you'll be asked for secret key password(s)): + +*gpg* *-a* *--export-secret-keys* | *rnpkeys* *--import* _-_ + +=== EXAMPLE 2: GENERATE A NEW KEY + +This example generates a new key with specified userid and expiration. +Also it enables "expert" mode, allowing the selection of key/subkey algorithms. + +*rnpkeys* *--generate* *--userid* *"john@doe.com"* *--expert* *--expiration* *1y* + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_man_pages/v0.16.2/librnp.3.adoc b/_man_pages/v0.16.2/librnp.3.adoc new file mode 100644 index 0000000..28a04cb --- /dev/null +++ b/_man_pages/v0.16.2/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.16.2 +version: 0.16.2 +permalink: /docs/0.16.2/librnp.3/ +--- +:release-version: 0.16.2 +:man manual: RNP Manual +:man source: RNP 0.16.2 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.16.2/rnp.1.adoc b/_man_pages/v0.16.2/rnp.1.adoc new file mode 100644 index 0000000..5664538 --- /dev/null +++ b/_man_pages/v0.16.2/rnp.1.adoc @@ -0,0 +1,422 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.16.2 +version: 0.16.2 +permalink: /docs/0.16.2/rnp.1/ +--- +:release-version: 0.16.2 +:man manual: RNP Manual +:man source: RNP 0.16.2 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* if *--output* option is given output is written to the path specified (or to the *stdout* if *-* is used) +* to the _INPUT_FILE_ with a removed or added file extension (_.pgp_, _.gpg_, _.asc_, _.sig_), depending on operation. +* to the _stdout_ if input was read from the _stdin_. + +If output file already exists, it will *not* be overwritten, unless *--overwrite* option is given. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z 0..9*, *--zlib*, *--zip*, *--bzip*::: +Select a compression algorithm and level. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--no-wrap*::: +Do not wrap the output in literal data packet. This could be used to encrypt a file which is already signed or encrypted. +By default this would also disable compression, use option *-z* to override. + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Override the default output selection with a file name or stdout specifier (*_-_*). For the default output path selection see the *BASICS* section. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any (unless option _--output_ is specified). + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +Also you may use option *--source* to specify the exact source for the signed data. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg*::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--source*:: +Specify signed data for the detached signature verification (_-_ and _env:_ substitutions may be used here). + + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size bits, from 0 to 16 (actual chunk size would be 1 << (6 + bits)). See OpenPGP documentation for the details. + + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to the current local computer time. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: + +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* may be specified in the same way as *--creation*. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + +=== EXAMPLE 5 + +*printf* _"Message"_ | *rnp* *--keyfile* _env:PGP_ENCRYPTION_KEY_ *-e* *-* *--armor* + +Encrypt message, passed via stdin, using the key, stored in environment variable *PGP_ENCRYPTION_KEY*, add ascii armoring, and print result to the stdout. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.16.2/rnpkeys.1.adoc b/_man_pages/v0.16.2/rnpkeys.1.adoc new file mode 100644 index 0000000..17486a6 --- /dev/null +++ b/_man_pages/v0.16.2/rnpkeys.1.adoc @@ -0,0 +1,447 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.16.2 +version: 0.16.2 +permalink: /docs/0.16.2/rnpkeys.1/ +--- +:release-version: 0.16.2 +:man manual: RNP Manual +:man source: RNP 0.16.2 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default RSA key size of *2048* bits. + +*--expiration* _TIME_::: +Set key and subkey expiration time, counting from the creation time. + ++ +By default generated keys do not expire. + ++ +Expiration time can be specified as: + +* expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +* hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +* number of seconds. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation, see *options* section for the available values. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + +*--edit-key* _KEY_:: +Edit or update information, associated with a key. Should be accompanied with editing option. + ++ +Currently the following options are available: + ++ +*--check-cv25519-bits*::: +Check whether least significant/most significant bits of Curve25519 ECDH subkey are correctly set. +RNP internally sets those bits to required values (3 least significant bits and most significant bit must be zero) during decryption, +however other implementations (GnuPG) may require those bits to be set in key material. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--fix-cv25519-bits*::: +Set least significant/most significant bits of Curve25519 ECDH subkey to the correct values, and save a key. +So later export of the key would ensure compatibility with other implementations (like GnuPG). +This operation would require the password for your secret key. +Since version 0.16.0 of RNP generated secret key is stored with bits set to a needed value, +however, this may be needed to fix older keys or keys generated by other implementations. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--overwrite* to overwrite file if it already exists. + +*--overwrite*:: +Overwrite output file if it already exists. + ++ + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as secret key removal, revoking an already revoked key and so on. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnpkeys_ command. + +=== EXAMPLE 1: IMPORT EXISTING KEYS FROM THE GNUPG + +Following oneliner may be used to import all public keys from the GnuPG: + +*gpg* *-a* *--export* | *rnpkeys* *--import* _-_ + +To import all secret keys the following command should be used (please note, that you'll be asked for secret key password(s)): + +*gpg* *-a* *--export-secret-keys* | *rnpkeys* *--import* _-_ + +=== EXAMPLE 2: GENERATE A NEW KEY + +This example generates a new key with specified userid and expiration. +Also it enables "expert" mode, allowing the selection of key/subkey algorithms. + +*rnpkeys* *--generate* *--userid* *"john@doe.com"* *--expert* *--expiration* *1y* + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_man_pages/v0.16.3/librnp.3.adoc b/_man_pages/v0.16.3/librnp.3.adoc new file mode 100644 index 0000000..a10f376 --- /dev/null +++ b/_man_pages/v0.16.3/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.16.3 +version: 0.16.3 +permalink: /docs/0.16.3/librnp.3/ +--- +:release-version: 0.16.3 +:man manual: RNP Manual +:man source: RNP 0.16.3 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.16.3/rnp.1.adoc b/_man_pages/v0.16.3/rnp.1.adoc new file mode 100644 index 0000000..2ad9afb --- /dev/null +++ b/_man_pages/v0.16.3/rnp.1.adoc @@ -0,0 +1,422 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.16.3 +version: 0.16.3 +permalink: /docs/0.16.3/rnp.1/ +--- +:release-version: 0.16.3 +:man manual: RNP Manual +:man source: RNP 0.16.3 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* if *--output* option is given output is written to the path specified (or to the *stdout* if *-* is used) +* to the _INPUT_FILE_ with a removed or added file extension (_.pgp_, _.gpg_, _.asc_, _.sig_), depending on operation. +* to the _stdout_ if input was read from the _stdin_. + +If output file already exists, it will *not* be overwritten, unless *--overwrite* option is given. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z 0..9*, *--zlib*, *--zip*, *--bzip*::: +Select a compression algorithm and level. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--no-wrap*::: +Do not wrap the output in literal data packet. This could be used to encrypt a file which is already signed or encrypted. +By default this would also disable compression, use option *-z* to override. + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Override the default output selection with a file name or stdout specifier (*_-_*). For the default output path selection see the *BASICS* section. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any (unless option _--output_ is specified). + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +Also you may use option *--source* to specify the exact source for the signed data. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg*::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--source*:: +Specify signed data for the detached signature verification (_-_ and _env:_ substitutions may be used here). + + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size bits, from 0 to 16 (actual chunk size would be 1 << (6 + bits)). See OpenPGP documentation for the details. + + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to the current local computer time. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: + +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* may be specified in the same way as *--creation*. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + +=== EXAMPLE 5 + +*printf* _"Message"_ | *rnp* *--keyfile* _env:PGP_ENCRYPTION_KEY_ *-e* *-* *--armor* + +Encrypt message, passed via stdin, using the key, stored in environment variable *PGP_ENCRYPTION_KEY*, add ascii armoring, and print result to the stdout. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.16.3/rnpkeys.1.adoc b/_man_pages/v0.16.3/rnpkeys.1.adoc new file mode 100644 index 0000000..d2e5e69 --- /dev/null +++ b/_man_pages/v0.16.3/rnpkeys.1.adoc @@ -0,0 +1,447 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.16.3 +version: 0.16.3 +permalink: /docs/0.16.3/rnpkeys.1/ +--- +:release-version: 0.16.3 +:man manual: RNP Manual +:man source: RNP 0.16.3 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default RSA key size of *2048* bits. + +*--expiration* _TIME_::: +Set key and subkey expiration time, counting from the creation time. + ++ +By default generated keys do not expire. + ++ +Expiration time can be specified as: + +* expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +* hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +* number of seconds. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation, see *options* section for the available values. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + +*--edit-key* _KEY_:: +Edit or update information, associated with a key. Should be accompanied with editing option. + ++ +Currently the following options are available: + ++ +*--check-cv25519-bits*::: +Check whether least significant/most significant bits of Curve25519 ECDH subkey are correctly set. +RNP internally sets those bits to required values (3 least significant bits and most significant bit must be zero) during decryption, +however other implementations (GnuPG) may require those bits to be set in key material. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--fix-cv25519-bits*::: +Set least significant/most significant bits of Curve25519 ECDH subkey to the correct values, and save a key. +So later export of the key would ensure compatibility with other implementations (like GnuPG). +This operation would require the password for your secret key. +Since version 0.16.0 of RNP generated secret key is stored with bits set to a needed value, +however, this may be needed to fix older keys or keys generated by other implementations. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--overwrite* to overwrite file if it already exists. + +*--overwrite*:: +Overwrite output file if it already exists. + ++ + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as secret key removal, revoking an already revoked key and so on. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnpkeys_ command. + +=== EXAMPLE 1: IMPORT EXISTING KEYS FROM THE GNUPG + +Following oneliner may be used to import all public keys from the GnuPG: + +*gpg* *-a* *--export* | *rnpkeys* *--import* _-_ + +To import all secret keys the following command should be used (please note, that you'll be asked for secret key password(s)): + +*gpg* *-a* *--export-secret-keys* | *rnpkeys* *--import* _-_ + +=== EXAMPLE 2: GENERATE A NEW KEY + +This example generates a new key with specified userid and expiration. +Also it enables "expert" mode, allowing the selection of key/subkey algorithms. + +*rnpkeys* *--generate* *--userid* *"john@doe.com"* *--expert* *--expiration* *1y* + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_man_pages/v0.17.0/librnp.3.adoc b/_man_pages/v0.17.0/librnp.3.adoc new file mode 100644 index 0000000..e152609 --- /dev/null +++ b/_man_pages/v0.17.0/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.17.0 +version: 0.17.0 +permalink: /docs/0.17.0/librnp.3/ +--- +:release-version: 0.17.0 +:man manual: RNP Manual +:man source: RNP 0.17.0 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.17.0/rnp.1.adoc b/_man_pages/v0.17.0/rnp.1.adoc new file mode 100644 index 0000000..ec9a6d1 --- /dev/null +++ b/_man_pages/v0.17.0/rnp.1.adoc @@ -0,0 +1,434 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.17.0 +version: 0.17.0 +permalink: /docs/0.17.0/rnp.1/ +--- +:release-version: 0.17.0 +:man manual: RNP Manual +:man source: RNP 0.17.0 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* if *--output* option is given output is written to the path specified (or to the *stdout* if *-* is used) +* to the _INPUT_FILE_ with a removed or added file extension (_.pgp_, _.gpg_, _.asc_, _.sig_), depending on operation. +* to the _stdout_ if input was read from the _stdin_. + +If output file already exists, it will *not* be overwritten, unless *--overwrite* option is given. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z 0..9*, *--zlib*, *--zip*, *--bzip*::: +Select a compression algorithm and level. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--no-wrap*::: +Do not wrap the output in literal data packet. This could be used to encrypt a file which is already signed or encrypted. +By default this would also disable compression, use option *-z* to override. + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Override the default output selection with a file name or stdout specifier (*_-_*). For the default output path selection see the *BASICS* section. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any (unless option _--output_ is specified). + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +Also you may use option *--source* to specify the exact source for the signed data. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg* (default) ::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--source*:: +Specify signed data for the detached signature verification (_-_ and _env:_ substitutions may be used here). + + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size bits, from 0 to 16 (actual chunk size would be 1 << (6 + bits)). See OpenPGP documentation for the details. + + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to the current local computer time. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: + +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* may be specified in the same way as *--creation*. + +*--set-filename* _FNAME_:: +Override or set a file name, stored inside of OpenPGP message. + ++ +By default RNP will store input filename (or empty string for *stdin*/*env* input) in the resulting OpenPGP message during encryption or embedded signing. +This option allows to override this. Special value *_CONSOLE* may be used for "for your eyes only"-message. Refer OpenPGP documentation for the details. + +*--allow-hidden* :: +Allow hidden recipient support. + ++ +Sender of an encrypted message may wish to hide recipient's key by setting a Key ID field to all zeroes. +In this case receiver has to try every available secret key, checking for a valid decrypted session key. This option is disabled by default. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + +=== EXAMPLE 5 + +*printf* _"Message"_ | *rnp* *--keyfile* _env:PGP_ENCRYPTION_KEY_ *-e* *-* *--armor* + +Encrypt message, passed via stdin, using the key, stored in environment variable *PGP_ENCRYPTION_KEY*, add ascii armoring, and print result to the stdout. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.17.0/rnpkeys.1.adoc b/_man_pages/v0.17.0/rnpkeys.1.adoc new file mode 100644 index 0000000..7f0a99d --- /dev/null +++ b/_man_pages/v0.17.0/rnpkeys.1.adoc @@ -0,0 +1,456 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.17.0 +version: 0.17.0 +permalink: /docs/0.17.0/rnpkeys.1/ +--- +:release-version: 0.17.0 +:man manual: RNP Manual +:man source: RNP 0.17.0 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default RSA key size of *2048* bits. + +*--expiration* _TIME_::: +Set key and subkey expiration time, counting from the creation time. + ++ +By default generated keys do not expire. + ++ +Expiration time can be specified as: + +* expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +* hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +* number of seconds. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation, see *options* section for the available values. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + +*--edit-key* _KEY_:: +Edit or update information, associated with a key. Should be accompanied with editing option. + ++ +Currently the following options are available: + ++ +*--add-subkey*::: +Generate and add a new subkey to the existing primary key. All additional options for the +*--generate-key* command apply for subkey generation as well, except *--userid*. + +*--check-cv25519-bits*::: +Check whether least significant/most significant bits of Curve25519 ECDH subkey are correctly set. +RNP internally sets those bits to required values (3 least significant bits and most significant bit must be zero) during decryption, +however other implementations (GnuPG) may require those bits to be set in key material. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--fix-cv25519-bits*::: +Set least significant/most significant bits of Curve25519 ECDH subkey to the correct values, and save a key. +So later export of the key would ensure compatibility with other implementations (like GnuPG). +This operation would require the password for your secret key. +Since version 0.16.0 of RNP generated secret key is stored with bits set to a needed value, +however, this may be needed to fix older keys or keys generated by other implementations. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--set-expire* _TIME_::: +Set key expiration time. See the description of the *--expiration* option for possible time formats. +Setting argument to 0 removes key expiration, the key would never expire. It is not recommended +due to security reasons. + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--overwrite* to overwrite file if it already exists. + +*--overwrite*:: +Overwrite output file if it already exists. + ++ + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as secret key removal, revoking an already revoked key and so on. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnpkeys_ command. + +=== EXAMPLE 1: IMPORT EXISTING KEYS FROM THE GNUPG + +Following oneliner may be used to import all public keys from the GnuPG: + +*gpg* *-a* *--export* | *rnpkeys* *--import* _-_ + +To import all secret keys the following command should be used (please note, that you'll be asked for secret key password(s)): + +*gpg* *-a* *--export-secret-keys* | *rnpkeys* *--import* _-_ + +=== EXAMPLE 2: GENERATE A NEW KEY + +This example generates a new key with specified userid and expiration. +Also it enables "expert" mode, allowing the selection of key/subkey algorithms. + +*rnpkeys* *--generate* *--userid* *"john@doe.com"* *--expert* *--expiration* *1y* + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_man_pages/v0.17.1/librnp.3.adoc b/_man_pages/v0.17.1/librnp.3.adoc new file mode 100644 index 0000000..83fbe08 --- /dev/null +++ b/_man_pages/v0.17.1/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.17.1 +version: 0.17.1 +permalink: /docs/0.17.1/librnp.3/ +--- +:release-version: 0.17.1 +:man manual: RNP Manual +:man source: RNP 0.17.1 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.17.1/rnp.1.adoc b/_man_pages/v0.17.1/rnp.1.adoc new file mode 100644 index 0000000..c523edd --- /dev/null +++ b/_man_pages/v0.17.1/rnp.1.adoc @@ -0,0 +1,434 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.17.1 +version: 0.17.1 +permalink: /docs/0.17.1/rnp.1/ +--- +:release-version: 0.17.1 +:man manual: RNP Manual +:man source: RNP 0.17.1 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* if *--output* option is given output is written to the path specified (or to the *stdout* if *-* is used) +* to the _INPUT_FILE_ with a removed or added file extension (_.pgp_, _.gpg_, _.asc_, _.sig_), depending on operation. +* to the _stdout_ if input was read from the _stdin_. + +If output file already exists, it will *not* be overwritten, unless *--overwrite* option is given. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z 0..9*, *--zlib*, *--zip*, *--bzip*::: +Select a compression algorithm and level. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--no-wrap*::: +Do not wrap the output in literal data packet. This could be used to encrypt a file which is already signed or encrypted. +By default this would also disable compression, use option *-z* to override. + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Override the default output selection with a file name or stdout specifier (*_-_*). For the default output path selection see the *BASICS* section. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any (unless option _--output_ is specified). + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +Also you may use option *--source* to specify the exact source for the signed data. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg* (default) ::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--source*:: +Specify signed data for the detached signature verification (_-_ and _env:_ substitutions may be used here). + + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size bits, from 0 to 16 (actual chunk size would be 1 << (6 + bits)). See OpenPGP documentation for the details. + + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to the current local computer time. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: + +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* may be specified in the same way as *--creation*. + +*--set-filename* _FNAME_:: +Override or set a file name, stored inside of OpenPGP message. + ++ +By default RNP will store input filename (or empty string for *stdin*/*env* input) in the resulting OpenPGP message during encryption or embedded signing. +This option allows to override this. Special value *_CONSOLE* may be used for "for your eyes only"-message. Refer OpenPGP documentation for the details. + +*--allow-hidden* :: +Allow hidden recipient support. + ++ +Sender of an encrypted message may wish to hide recipient's key by setting a Key ID field to all zeroes. +In this case receiver has to try every available secret key, checking for a valid decrypted session key. This option is disabled by default. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + +=== EXAMPLE 5 + +*printf* _"Message"_ | *rnp* *--keyfile* _env:PGP_ENCRYPTION_KEY_ *-e* *-* *--armor* + +Encrypt message, passed via stdin, using the key, stored in environment variable *PGP_ENCRYPTION_KEY*, add ascii armoring, and print result to the stdout. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.17.1/rnpkeys.1.adoc b/_man_pages/v0.17.1/rnpkeys.1.adoc new file mode 100644 index 0000000..2c1857f --- /dev/null +++ b/_man_pages/v0.17.1/rnpkeys.1.adoc @@ -0,0 +1,456 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.17.1 +version: 0.17.1 +permalink: /docs/0.17.1/rnpkeys.1/ +--- +:release-version: 0.17.1 +:man manual: RNP Manual +:man source: RNP 0.17.1 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default RSA key size of *2048* bits. + +*--expiration* _TIME_::: +Set key and subkey expiration time, counting from the creation time. + ++ +By default generated keys do not expire. + ++ +Expiration time can be specified as: + +* expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +* hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +* number of seconds. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation, see *options* section for the available values. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + +*--edit-key* _KEY_:: +Edit or update information, associated with a key. Should be accompanied with editing option. + ++ +Currently the following options are available: + ++ +*--add-subkey*::: +Generate and add a new subkey to the existing primary key. All additional options for the +*--generate-key* command apply for subkey generation as well, except *--userid*. + +*--check-cv25519-bits*::: +Check whether least significant/most significant bits of Curve25519 ECDH subkey are correctly set. +RNP internally sets those bits to required values (3 least significant bits and most significant bit must be zero) during decryption, +however other implementations (GnuPG) may require those bits to be set in key material. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--fix-cv25519-bits*::: +Set least significant/most significant bits of Curve25519 ECDH subkey to the correct values, and save a key. +So later export of the key would ensure compatibility with other implementations (like GnuPG). +This operation would require the password for your secret key. +Since version 0.16.0 of RNP generated secret key is stored with bits set to a needed value, +however, this may be needed to fix older keys or keys generated by other implementations. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--set-expire* _TIME_::: +Set key expiration time. See the description of the *--expiration* option for possible time formats. +Setting argument to 0 removes key expiration, the key would never expire. It is not recommended +due to security reasons. + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--overwrite* to overwrite file if it already exists. + +*--overwrite*:: +Overwrite output file if it already exists. + ++ + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as secret key removal, revoking an already revoked key and so on. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnpkeys_ command. + +=== EXAMPLE 1: IMPORT EXISTING KEYS FROM THE GNUPG + +Following oneliner may be used to import all public keys from the GnuPG: + +*gpg* *-a* *--export* | *rnpkeys* *--import* _-_ + +To import all secret keys the following command should be used (please note, that you'll be asked for secret key password(s)): + +*gpg* *-a* *--export-secret-keys* | *rnpkeys* *--import* _-_ + +=== EXAMPLE 2: GENERATE A NEW KEY + +This example generates a new key with specified userid and expiration. +Also it enables "expert" mode, allowing the selection of key/subkey algorithms. + +*rnpkeys* *--generate* *--userid* *"john@doe.com"* *--expert* *--expiration* *1y* + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_man_pages/v0.18.0/librnp.3.adoc b/_man_pages/v0.18.0/librnp.3.adoc new file mode 100644 index 0000000..2e6bff4 --- /dev/null +++ b/_man_pages/v0.18.0/librnp.3.adoc @@ -0,0 +1,92 @@ +--- +title: librnp(3) +excerpt: man page for librnp(3), version 0.18.0 +version: 0.18.0 +permalink: /docs/0.18.0/librnp.3/ +--- +:release-version: 0.18.0 +:man manual: RNP Manual +:man source: RNP 0.18.0 + +== NAME + +librnp - OpenPGP implementation, available via FFI interface. + +== SYNOPSIS + +*#include * + +*#include * + + +== DESCRIPTION + +*librnp* is part of the *RNP* suite and forms the basis for the _rnp(1)_ and _rnpkeys(1)_ command-line utilities. + +It provides an FFI interface to functions required for operations needed by the OpenPGP protocol. + +Interface to the library is exposed via __ and __ headers. +You will also need to link to _librnp_. + +Please see its headers for the full function list and detailed documentation. + +== EXAMPLES + +A number of examples are provided in *src/examples* folder of the *RNP* suite source tree. + +*generate.c*:: +Demonstrates generation of an OpenPGP keypair using the JSON key description mechanism. +May be used to generate any custom key types that are supported by the *RNP* suite. + +*encrypt.c*:: +Demonstrates how to build OpenPGP-encrypted messages. +A message is encrypted with keys, generated via *./generate*, with a hardcoded password. + +*decrypt.c*:: +Demonstrates how to decrypt OpenPGP messages. +Running this example requires the *./encrypt* example to be first run +in order to produce the sample encrypted message for decryption. + +*sign.c*:: +Demonstrates how to sign OpenPGP messages. +Running this example requires the *./generate* example to be first run +in order to generate and write out secret keys. + +*verify.c*:: +Demonstrates verify OpenPGP signed messages. +Again, running this example requires the *./sign* example to be first run +in order to generate a signed OpenPGP message. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnp(1)*, *rnpkeys(1)* diff --git a/_man_pages/v0.18.0/rnp.1.adoc b/_man_pages/v0.18.0/rnp.1.adoc new file mode 100644 index 0000000..267fd04 --- /dev/null +++ b/_man_pages/v0.18.0/rnp.1.adoc @@ -0,0 +1,441 @@ +--- +title: rnp(1) +excerpt: man page for rnp(1), version 0.18.0 +version: 0.18.0 +permalink: /docs/0.18.0/rnp.1/ +--- +:release-version: 0.18.0 +:man manual: RNP Manual +:man source: RNP 0.18.0 + +== NAME + +RNP - OpenPGP-compatible signatures and encryption. + +== SYNOPSIS + +*rnp* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ [_INPUT_FILE_, ...] ... + + +== DESCRIPTION + +The _rnp_ command-line utility is part of the _RNP_ suite and +provides OpenPGP signing and encryption functionality +compliant with IETF RFC 4880. + +_rnp_ does not allow manipulation of keys or keyrings -- +please use _rnpkeys(1)_ for that purpose. + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* if *--output* option is given output is written to the path specified (or to the *stdout* if *-* is used) +* to the _INPUT_FILE_ with a removed or added file extension (_.pgp_, _.gpg_, _.asc_, _.sig_), depending on operation. +* to the _stdout_ if input was read from the _stdin_. + +If output file already exists, it will *not* be overwritten, unless *--overwrite* option is given. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + + +=== ENCRYPTION AND SIGNING + +*-e*, *--encrypt*:: +Encrypt data with public key(s), and optionally sign, if the *--sign* command is added. + ++ +You would likely want to specify one or more *--recipient*(s) or pick a *--cipher* (instead of the default). ++ +Additional options: + +*--recipient*::: +Specify one or more recipients. + +*--cipher*::: +Select a specific cipher. + +*-z 0..9*, *--zlib*, *--zip*, *--bzip*::: +Select a compression algorithm and level. + +*--armor*::: +Output ASCII data instead of binary via the *--armor* option. If the input file is _file.ext_, and *--output* is not specified, then the data will be written (depending on *--armor* option) to _file.ext.pgp_ or _file.ext.asc_. + + +*--no-wrap*::: +Do not wrap the output in a literal data packet. This could be used to encrypt a file which is already signed or encrypted. +By default this would also disable compression, use option *-z* to override. + +*--overwrite*::: +If the destination file already exists, and the *--overwrite* option is not given, the caller will be asked for the permission to overwrite or to provide a new file name. Please see the *OPTIONS* section for more information. + +*-c*, *--symmetric*:: +Encrypt data with password(s). + ++ +Can be combined with the commands *--encrypt* and *--sign*. ++ +Options that apply to the *--encrypt* command also apply here. ++ +Additional options: + +*--passwords*::: +Encryption to multiple passwords is possible with *--passwords* option. Each password would be asked via stdin/tty unless *--password* or *--pass-fd* is specified. + + +*-s*, *--sign*:: +Digitally sign data, using one or more secret keys you own. + ++ +Public-key or password-based encryption may be added via the *--encrypt* and *--symmetric* commands. + ++ +Additional options: + +*-u*, *--userid*::: +By default, the first secret key you own will be selected for signing. Apply this option to select a different key or to use multiple keys. + +*--detach*::: +By default, the signature is stored together with signed data. This option detaches the data signature to a separate file (_file.ext.sig_). + +*--hash*::: +You may want to use *--hash* option to override default hash algorithm settings. As with encryption, output may be converted to ascii via the *--armor* option. + ++ +Compression options also apply here. Since the secret key is usually stored encrypted, you will be asked for the password to decrypt it via _stdin_/_tty_ unless *--password* or *--pass-fd* is specified. + +*--allow-weak-hash*::: +Allow usage of a weak hash algorithm. + +*--allow-sha1-key-sigs*::: +Allow usage of a SHA-1 key signatures. + +*--clearsign*:: +Digitally sign text data, producing human-readable output with the signature attached. + ++ +In this mode, data cannot be additionally encrypted or compressed. ++ +Other signing options, *--hash*, *-u*, *--password*, can still be used here. + +=== DECRYPTION AND VERIFICATION + +*-d*, *--decrypt*:: +Decrypt and verify data from the _INPUT_FILE_ or stdin. + ++ +If the data is signed, signature verification information will be printed to _stdout_/_tty_. ++ +Additional options: + +*--output*::: +Override the default output selection with a file name or stdout specifier (*_-_*). For the default output path selection see the *BASICS* section. + +*--password*, *--pass-fd*::: +Depending on encryption options, you may be asked for the password of one of your secret keys, or for the encryption password. These options override that behavior such that you can input the password through automated means. + +*-v*, *--verify*:: +Verify signature(s) without writing embedded data out, if any (unless option _--output_ is specified). + ++ +To verify the detached signature of a file _file.ext_, the detached signature file in the file name pattern of _file.ext.sig_ or _file.ext.asc_ must exist. + ++ +Also you may use option *--source* to specify the exact source for the signed data. + ++ +If data is encrypted, you may be asked for password as in the *--decrypt* command. + +=== OTHER COMMANDS + +*--list-packets*:: +Show detailed information about the OpenPGP data in _INPUT_FILE_ or stdin. +Useful for curiosity, troubleshooting or debugging. + ++ +Additional options can be used: + +*--json*::: output JSON data instead of human-readable information +*--grips*::: print out key fingerprints and grips +*--mpi*::: print out all MPI values +*--raw*::: print raw, hex-encoded packets too + +*--enarmor*[=_msg_|_pubkey_|_seckey_|_sign_]:: +Convert binary data to the ASCII-armored as per OpenPGP standard. +This includes the `-----BEGIN PGP MESSAGE-----` header and footer, +and Base64-encoded data. + ++ +Output for _file.ext_ will be written to _file.ext.asc_ (if it does not exist) +or to _stdout_. + ++ +The following OpenPGP headers may be specified: ++ +-- +*msg* (default) ::: _-----BEGIN PGP MESSAGE-----_ +*pubkey*::: _-----BEGIN PGP PUBLIC KEY BLOCK-----_ +*seckey*::: _-----BEGIN PGP SECRET KEY BLOCK-----_ +*sign*::: _-----BEGIN PGP SIGNATURE-----_ +-- ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +*--dearmor*:: +Attempts to convert data from an armored format to the binary format. + ++ +The _file.ext.asc_ output file would be written to _file.ext_. +If the destination file already exists, it will prompt the user +for a new filename. ++ +Additional options: + +*--overwrite*::: +Forcefully overwrite existing destination file if it exists. + +*--output*::: +Specify destination file path. + + +== OPTIONS + +*--home*, *--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*-f*, *--keyfile* _PATH_:: +Instead of loading keyrings, use key(s) from the file specified. + +*-u*, *--userid* _KEY_:: +Specify one or more signing keys, searching for it via the given value _KEY_. +See *rnpkeys(1)* on how to find valid values. + +*-r*, *--recipient* _KEY_:: +Add the message recipient, i.e. the public key to which message will be encrypted to. +See *rnpkeys(1)* on how to find valid values. + +*--armor*, *--ascii*:: +Apply ASCII armoring to the output, so that the resulting output +can be transferred as plain text. + ++ +See IETF RFC 4880 for more details. + +*--detach*, *--detached*:: +Create a detached signature. + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +If not specified, the output filename will be guessed from +the input filename/extension or the command will prompt the user +via _stdin_/_tty_. + +*--overwrite*:: +Overwrite already existing files without prompt. + +*--source*:: +Specify signed data for the detached signature verification (_-_ and _env:_ substitutions may be used here). + + +*--hash* _ALGORITHM_:: +Set hash algorithm which to be used for signing and derivation +of the encryption key from a password. + ++ +The default value is _SHA256_. + +*--cipher* _ALGORITHM_:: +Set the symmetric algorithm used during encryption. + ++ +The default value is _AES256_. + +*--aead* [_EAX_, _OCB_]:: +Enable AEAD encryption and select algorithm to be used. +Warning: EAX mode is deprecated and should not be used. + +*--aead-chunk-bits* _BITS_:: +Change AEAD chunk size bits, from 0 to 16 (actual chunk size would be 1 << (6 + bits)). See OpenPGP documentation for the details. + + +*--zip*, *--zlib*, *--bzip2*:: +Select corresponding algorithm to compress data with. +Please refer to IETF RFC 4880 for details. + +*-z* _0..9_:: +Set compression level for the compression algorithms. + ++ +*9* is the highest compression level, where *0* disables compression. ++ +The default value is *6*. + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--passwords* _COUNT_:: +Set the number of passwords for *--symmetric* encryption. + ++ +While not commonly used, you may encrypt a message to any reasonable number of passwords. + +*--creation* _TIME_:: +Override signature creation time. + ++ +By default, creation time is set to the current local computer time. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +*--expiration* _TIME_:: +Set signature expiration time, counting from the creation time. + ++ +By default, signatures do not expire. + ++ +A specific expiration time can be specified as: + +*** expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +*** hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +*** number of seconds. + +*--keystore-format* _GPG_|_KBX_|_G10_|_G21_:: +Set keystore format. + ++ +RNP automatically detects the keystore format. + ++ +This option allows the auto-detection behavior to be overridden. + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* may be specified in the same way as *--creation*. + +*--set-filename* _FNAME_:: +Override or set a file name, stored inside of OpenPGP message. + ++ +By default RNP will store input filename (or empty string for *stdin*/*env* input) in the resulting OpenPGP message during encryption or embedded signing. +This option allows the user to override this filename. Special value *_CONSOLE* may be used for "for your eyes only"-message. Refer to OpenPGP documentation for details. + +*--allow-hidden* :: +Allow hidden recipient support. + ++ +Sender of an encrypted message may wish to hide recipient's key by setting a Key ID field to all zeroes. +In this case receiver has to try every available secret key, checking for a valid decrypted session key. This option is disabled by default. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnp_ command. + +=== EXAMPLE 1 + +*rnp* *--homedir* _.rnp_ *--encrypt* *-r* _0x6E69636B6F6C6179_ +*--output* _document.txt.encrypted_ _document.txt_ + +Load keyrings from the _.rnp_ folder, +encrypt the _document.txt_ file using the +key with keyid _0x6E69636B6F6C6179_. + +=== EXAMPLE 2 + +*rnp* *--keyfile* _john-sec.asc_ *-s* *--detach* *--hash* _SHA512_ _document.txt_ + +Generate a detached signature over the file _document.txt_, using the +secret key stored in the file. +Additionally override the hash algorithm to _SHA512_. + +=== EXAMPLE 3 + +*rnp* *--keyfile* _john-pub.asc_ *--verify* _document.txt.sig_ + +Verify detached signature, using the key stored in the _john-pub.asc_ file. +The signed data is assumed to be available from the file _document.txt_. + +=== EXAMPLE 4 + +*rnp* *-e* *-c* *-s* *--passwords* _3_ +*-r* _0x526F6E616C642054_ +*-r* "_john@doe.com_" +*-u* _0x44616E69656C2057_ +_document.txt_ + +Encrypt _document.txt_ with 2 keys (specified via _keyid_ +_0x526F6E616C642054_ and _userid_ _john@doe.com_), and 3 passwords, +so *any* of these may be used to decrypt the resulting file. + +Additionally, the message will be signed with key _0x44616E69656C2057_. + +=== EXAMPLE 5 + +*printf* _"Message"_ | *rnp* *--keyfile* _env:PGP_ENCRYPTION_KEY_ *-e* *-* *--armor* + +Encrypt message, passed via stdin, using the key, stored in environment variable *PGP_ENCRYPTION_KEY*, add ascii armoring, and print result to the stdout. + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + +== SEE ALSO + +*rnpkeys(1)*, *librnp(3)* diff --git a/_man_pages/v0.18.0/rnpkeys.1.adoc b/_man_pages/v0.18.0/rnpkeys.1.adoc new file mode 100644 index 0000000..ffa27c0 --- /dev/null +++ b/_man_pages/v0.18.0/rnpkeys.1.adoc @@ -0,0 +1,462 @@ +--- +title: rnpkeys(1) +excerpt: man page for rnpkeys(1), version 0.18.0 +version: 0.18.0 +permalink: /docs/0.18.0/rnpkeys.1/ +--- +:release-version: 0.18.0 +:man manual: RNP Manual +:man source: RNP 0.18.0 + +== NAME + +RNPKEYS - OpenPGP key management utility. + +== SYNOPSIS + +*rnpkeys* [_--homedir_ _dir_] [_OPTIONS_] _COMMAND_ + +== DESCRIPTION + +The _rnpkeys_ command-line utility is part of the _RNP_ suite and +provides OpenPGP key management functionality, including: + +* key listing; +* key generation; +* key import/export; and +* key editing. + + +=== BASICS + +By default, *rnp* will apply a _COMMAND_, additionally configured with _OPTIONS_, +to all _INPUT_FILE_(s) or _stdin_ if no _INPUT_FILE_ is given. +There are some special cases for _INPUT_FILE_ : + +* _-_ (dash) substitutes to _stdin_ +* env:VARIABLE_NAME substitutes to the contents of environment variable VARIABLE_NAME + +Depending on the input, output may be written: + +* to the specified file with a removed or added file extension (_.pgp_, _.asc_, _.sig_); or +* to _stdout_. + +Without the *--armor* option, output will be in binary. + +If _COMMAND_ requires public or private keys, *rnp* will look for the keyrings in *~/.rnp*. The options *--homedir* and *--keyfile* override this (see below). + +If _COMMAND_ needs a password, *rnp* will ask for it via *stdin* or *tty*, +unless the *--password* or *--pass-fd* option was specified. + + +By default, *rnpkeys* will use keyrings stored in the _~/.rnp_ directory. + +This behavior may be overridden with the _--homedir_ option. + +If _COMMAND_ needs a password, the command will prompt the caller +via _stdin_ or _tty_, unless the *--password* or *--pass-fd* +options were also used. + +=== SPECIFYING KEYS + +Most *rnpkeys* commands require a key locator or a filter, +representing one or more keys. + +It may be specified in one of the following ways: + +*userid*:: +Or just part of the *userid*. +For *"Alice "*, the following methods are considered identical: + +** _alice_ +** _alice@rnpgp_ +** _rnpgp.com_ + +*keyid*:: +Or its right-most 8 characters. With or without _0x_ at the beginning and spaces/tabs inside. Such as: + +** _0x725F6F2D6D5F6120_ +** _"725F6F2D 6D5F6120"_ +** _0x6D5F6120_ + +*key fingerprint*: The 40-character key fingerprint, such as: + +** _"0x416E746F 6E537669 72696465 6E6B6F20"_ + + + +== COMMANDS + +=== INFORMATIONAL + +*-h*, *--help*:: +Displays a short help message. No options are expected. + +*-V*, *--version*:: +Displays version information. No options are expected. + +*-l*, *--list-keys*:: +List out keys and some brief information about each. + ++ +Additional options: + +*--with-sigs*::: +Additionally display signatures of listed keys. + + +=== KEY GENERATION + +*-g*, *--generate-key*:: +Generate a new keypair. + ++ +Without additional options, an RSA primary key pair with an RSA sub-key pair will be generated, and prompting for the encryption password afterwards. ++ +Additional options: + +*--numbits*::: +Overrides the default key size. For RSA it is *3072* bits. + +*--expiration* _TIME_::: +Set key and subkey expiration time, counting from the creation time. + ++ +By default generated keys do not expire. + ++ +Expiration time can be specified as: + +* expiration date in the ISO 8601:2019 date format (_yyyy-mm-dd_); or +* hours/days/months/years since creation time with the syntax of _20h_/_30d_/_1m_/_1y_; +* number of seconds. + +*--expert*::: +Select key algorithms interactively and override default settings. + +*--userid*::: +Specifies the _userid_ to be used in generation. + +*--hash*::: +Specify the hash algorithm used in generation. + +*--cipher*::: +Specify the encryption algorithm used in generation. + +*--s2k-iterations*::: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + + +*--s2k-msec*::: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + +*--allow-weak-hash*::: +Allow usage of a weak hash algorithm. + +*--allow-sha1-key-sigs*::: +Allow usage of a SHA-1 key signatures. + + +=== KEY/SIGNATURE IMPORT + +*--import*, *--import-keys*, *--import-sigs*:: +Import keys or signatures. + ++ +While *rnpkeys* automatically detects the input data format, +one may still wish to specify whether the input provides keys or signatures. + ++ +By default, the import process will stop on the first discovered +erroneous key or signature. + ++ +Additional options: + +*--permissive*::: +Skip errored or unsupported packets during the import process. + +=== KEY/SIGNATURE EXPORT + +*--export-key* [*--userid*=_FILTER_] [_FILTER_]:: +Export key(s). Only export keys that match _FILTER_ if _FILTER_ is given. + ++ +If filter matches a primary key, the subkeys of the primary key are also exported. ++ +By default, key data is written to _stdout_ in ASCII-armored format. ++ +Additional options: + +*--output* _PATH_::: +Specifies output to be written to a file name instead of _stdout_. + +*--secret*::: +Without this option specified, the command will only export public key(s). +This option must be provided to export secret key(s). + +*--export-rev* _KEY_:: +Export the revocation signature for a specified secret key. + ++ +The revocation signature can be used later in a case of key loss or compromise. ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation. + +*--rev-reason*::: +Specifies reason for key revocation. + + +=== KEY MANIPULATION + +*--revoke-key* _KEY_:: +Issue revocation signature for the secret key, and save it in the keyring. + ++ +Revoked keys cannot be used further. + ++ +Additional options: + +*--rev-type*::: +Specifies type of key revocation, see *options* section for the available values. + +*--rev-reason*::: +Specifies reason for key revocation. + + +*--remove-key* _KEY_:: +Remove the specified key. + ++ +If a primary key is specified, then all of its subkeys are also removed. + ++ +If the specified key is a secret key, then it will not be deleted without +confirmation. ++ +Additional options: + +*--force*::: +Forces removal of a secret key without prompting the user. + +*--edit-key* _KEY_:: +Edit or update information, associated with a key. Should be accompanied with editing option. + ++ +Currently the following options are available: + ++ +*--add-subkey*::: +Generate and add a new subkey to the existing primary key. All additional options for the +*--generate-key* command apply for subkey generation as well, except *--userid*. + +*--check-cv25519-bits*::: +Check whether least significant/most significant bits of Curve25519 ECDH subkey are correctly set. +RNP internally sets those bits to required values (3 least significant bits and most significant bit must be zero) during decryption, +however other implementations (GnuPG) may require those bits to be set in key material. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--fix-cv25519-bits*::: +Set least significant/most significant bits of Curve25519 ECDH subkey to the correct values, and save a key. +So later export of the key would ensure compatibility with other implementations (like GnuPG). +This operation would require the password for your secret key. +Since version 0.16.0 of RNP generated secret key is stored with bits set to a needed value, +however, this may be needed to fix older keys or keys generated by other implementations. +_KEY_ must specify the exact subkey via keyid or fingerprint. + +*--set-expire* _TIME_::: +Set key expiration time. See the description of the *--expiration* option for possible time formats. +Setting argument to 0 removes key expiration, the key would never expire. It is not recommended +due to security reasons. + +=== OPTIONS + +*--homedir* _DIR_:: +Change homedir (where RNP looks for keyrings) to the specified value. + ++ +The default homedir is _~/.rnp_ . + +*--output* _PATH_:: +Write data processing related output to the file specified. + ++ +Combine it with *--overwrite* to overwrite file if it already exists. + +*--overwrite*:: +Overwrite output file if it already exists. + ++ + +*--userid* _USERID_:: +Use the specified _userid_ during key generation and in some +key-searching operations. + +*--numbits* _BITS_:: +Specify size in bits for the generated key and subkey. + ++ +_bits_ may be in range *1024*-*16384*, as long as the public key algorithm +does not place additional limits. + +*--cipher* _ALGORITHM_:: +Set the key encryption algorithm. This is only used in key generation. + ++ +The default value is _AES256_. + +*--hash* _ALGORITHM_:: +Use the specified hash algorithm for signatures and derivation of the encrypting key from password for secret key encryption. + ++ +The default value is _SHA256_. + +*--expert*:: +Use the *expert key generation* mode, allowing the selection of +key/subkey algorithms. + ++ +The following types of keys can be generated in this mode: + ++ +-- +** *DSA* key with *ElGamal* encryption subkey +** *DSA* key with *RSA* subkey +** *ECDSA* key with *ECDH* subkey +** *EdDSA* key with *x25519* subkey +** *SM2* key with subkey +-- ++ +Specifically, for *ECDSA* and *ECDH* the underlying curve can also be specified: + ++ +-- +** _NIST P-256_, _NIST P-384_, _NIST P-521_ +** _brainpoolP256r1_, _brainpoolP384r1_, _brainpoolP512r1_ +** _secp256k1_ +-- + +*--pass-fd* _FD_:: +Specify a file descriptor to read passwords from instead of from _stdin_/_tty_. + ++ +Useful for automated or non-interactive sessions. + +*--password* _PASSWORD_:: +Use the specified password when it is needed. + ++ +WARNING: Not recommended for production use due to potential security issues. +Use *--pass-fd* for batch operations instead. + +*--with-sigs*:: +Print signature information when listing keys via the *-l* command. + +*--force*:: +Force actions to happen without prompting the user. + ++ +This applies to cases such as secret key removal, revoking an already revoked key and so on. + +*--permissive*:: +Skip malformed or unknown keys/signatures during key import. + ++ +By default, *rnpkeys* will stop on the first erroring packet +and exit with an error. + +*--rev-type* _TYPE_:: +Use the specified type during revocation signature generation instead of the default _0_. + ++ +The following values are supported: + ++ +-- +** 0, or "no": no revocation type specified. +** 1, or "superseded": key was superseded with another key. +** 2, or "compromised": key was compromised and no longer valid. +** 3, or "retired": key is retired. +-- ++ +Please refer to *IETF RFC 4880* for details. + +*--rev-reason* _REASON_:: +Add the specified human-readable revocation _REASON_ to the +signature instead of an empty string. + +*--s2k-iterations* _NUMBER_:: +Specify the number of iterations for the S2K (string-to-key) process. + ++ +This is used during the derivation of the symmetric key, which +encrypts a secret key from the password. + ++ +Please refer to IETF RFC 4880 for further details. + +*--s2k-msec* _NUMBER_:: +Specify that *rnpkeys* should automatically pick a +*--s2k-iterations* value such that the single key derivation operation +would take _NUMBER_ of milliseconds on the current system. + ++ +For example, setting it to _2000_ would mean that each secret key +decryption operation would take around 2 seconds (on the current machine). + +*--notty*:: +Disable use of tty. + ++ +By default RNP would detect whether TTY is attached and use it for user prompts. + ++ +This option overrides default behaviour so user input may be passed in batch mode. + +*--current-time* _TIME_:: +Override system's time with a specified value. + ++ +By default RNP uses system's time in all signature/key checks, however in some scenarios it could be needed to override this. + ++ +*TIME* could be specified in the ISO 8601-1:2019 date format (_yyyy-mm-dd_), or in the UNIX timestamp format. + +== EXIT STATUS + +_0_:: + Success. + +_Non-zero_:: + Failure. + +== EXAMPLES + +The following examples demonstrate method of usage of the _rnpkeys_ command. + +=== EXAMPLE 1: IMPORT EXISTING KEYS FROM THE GNUPG + +Following oneliner may be used to import all public keys from the GnuPG: + +*gpg* *-a* *--export* | *rnpkeys* *--import* _-_ + +To import all secret keys the following command should be used (please note, that you'll be asked for secret key password(s)): + +*gpg* *-a* *--export-secret-keys* | *rnpkeys* *--import* _-_ + +=== EXAMPLE 2: GENERATE A NEW KEY + +This example generates a new key with specified userid and expiration. +Also it enables "expert" mode, allowing the selection of key/subkey algorithms. + +*rnpkeys* *--generate* *--userid* *"john@doe.com"* *--expert* *--expiration* *1y* + +== BUGS + +Please report _issues_ via the RNP public issue tracker at: +https://github.com/rnpgp/rnp/issues. + +_Security reports_ or _security-sensitive feedback_ should be reported +according to the instructions at: +https://www.rnpgp.org/feedback. + + +== AUTHORS + +*RNP* is an open source project led by Ribose and has +received contributions from numerous individuals and +organizations. + + +== RESOURCES + +*Web site*: https://www.rnpgp.org + +*Source repository*: https://github.com/rnpgp/rnp + + +== COPYING + +Copyright \(C) 2017-2021 Ribose. +The RNP software suite is _freely licensed_: +please refer to the *LICENSE* file for details. + + + +== SEE ALSO + +*rnp(1)*, *librnp(3)* diff --git a/_plugins/README.md b/_plugins/README.md new file mode 100644 index 0000000..0993808 --- /dev/null +++ b/_plugins/README.md @@ -0,0 +1,95 @@ +# RNP Man Pages Generator Plugin + +This Jekyll plugin automatically downloads and processes RNP manual pages from GitHub releases during the Jekyll build process, replacing the previous Makefile-based approach. + +## Features + +- **Automatic Download**: Downloads man pages from RNP GitHub releases +- **Smart Caching**: Caches downloaded content to avoid unnecessary API calls +- **Version Management**: Processes all RNP releases and organizes by version +- **Jekyll Integration**: Converts AsciiDoc files with proper Jekyll front matter +- **Permalink Generation**: Creates unique URLs for each version's man pages +- **Latest Symlink**: Maintains a 'latest' symlink pointing to the newest version + +## Configuration + +The plugin can be configured in `_config.yml`: + +```yaml +rnp: + man_pages: + enabled: true # Enable/disable the plugin (default: true) + include_prereleases: false # Include pre-release versions (default: false) + cache_duration: 86400 # Cache duration in seconds (default: 24 hours) + github: + token: "your_token_here" # GitHub token for API access (optional) +``` + +You can also set the GitHub token via the `GITHUB_TOKEN` environment variable. + +## How It Works + +1. **Release Discovery**: Uses GitHub API to fetch all RNP releases +2. **Archive Processing**: Downloads release archives and extracts man pages +3. **Content Processing**: Converts AsciiDoc titles to Jekyll front matter +4. **Caching**: Stores metadata to avoid re-downloading unchanged releases +5. **Index Generation**: Creates a version index page with links to all versions +6. **Symlink Creation**: Creates a 'latest' symlink for easy access + +## File Structure + +The plugin generates the following structure in `_man_pages/`: + +``` +_man_pages/ +├── index.md # Version index page +├── latest/ # Symlink to latest version +├── v0.17.1/ +│ ├── rnp.1.adoc +│ ├── rnpkeys.1.adoc +│ └── librnp.3.adoc +├── v0.17.0/ +│ └── ... +└── ... +``` + +## URLs + +Each man page gets a unique permalink: +- `/docs/{version}/{page}/` (e.g., `/docs/0.17.1/rnp.1/`) + +## Caching + +The plugin maintains a `.man_pages_cache.json` file to track: +- When each version was last processed +- Release publication dates +- Cache timestamps + +This ensures efficient builds by only processing new or updated releases. + +## Dependencies + +The plugin requires these Ruby gems (already in Gemfile): +- `octokit` - GitHub API client +- `rubyzip` - ZIP file processing +- `net-http` - HTTP requests + +## Error Handling + +The plugin includes robust error handling: +- Network failures are logged but don't stop the build +- Missing man pages in older releases are handled gracefully +- Existing man pages are preserved if the plugin fails + +## Development + +To force a fresh download (useful for testing): +```bash +rm -f .man_pages_cache.json +bundle exec jekyll build +``` + +To see debug output: +```bash +JEKYLL_LOG_LEVEL=debug bundle exec jekyll build +``` diff --git a/_plugins/man_pages_generator.rb b/_plugins/man_pages_generator.rb new file mode 100644 index 0000000..34a3e69 --- /dev/null +++ b/_plugins/man_pages_generator.rb @@ -0,0 +1,352 @@ +require 'octokit' +require 'zip' +require 'fileutils' +require 'tempfile' +require 'json' +require 'digest' +require 'net/http' +require 'uri' + +module Jekyll + class ManPagesGenerator < Generator + safe true + priority :highest + + def generate(site) + @site = site + @config = site.config['rnp'] || {} + + # Default configuration + @enabled = @config.dig('man_pages', 'enabled') != false + @include_prereleases = @config.dig('man_pages', 'include_prereleases') || false + @cache_duration = @config.dig('man_pages', 'cache_duration') || 86400 + @github_token = @config.dig('man_pages', 'github', 'token') || ENV['GITHUB_TOKEN'] + + return unless @enabled + + Jekyll.logger.info "ManPages:", "Generating man pages for all RNP releases" + + begin + @github_client = GitHubClient.new(@github_token) + @release_manager = ReleaseManager.new(@github_client, @include_prereleases) + @cache_manager = CacheManager.new(@site.source, @cache_duration) + @archive_processor = ArchiveProcessor.new(@github_client) + @man_page_processor = ManPageProcessor.new + @version_index_generator = VersionIndexGenerator.new + + ensure_man_pages_directory + process_all_releases + generate_version_index + create_latest_symlink + + rescue => e + Jekyll.logger.error "ManPages:", "Failed to generate man pages: #{e.message}" + Jekyll.logger.error "ManPages:", e.backtrace.join("\n") if Jekyll.env == 'development' + Jekyll.logger.warn "ManPages:", "Continuing with existing man pages if available" + end + end + + private + + def ensure_man_pages_directory + @man_pages_dir = File.join(@site.source, '_man_pages') + FileUtils.mkdir_p(@man_pages_dir) unless Dir.exist?(@man_pages_dir) + end + + def process_all_releases + releases = @release_manager.get_all_releases + Jekyll.logger.info "ManPages:", "Found #{releases.length} releases to process" + + releases.each do |release| + version = release[:tag_name].sub(/^v/, '') + version_dir = File.join(@man_pages_dir, "v#{version}") + + if @cache_manager.should_update_version?(version, release[:published_at]) + Jekyll.logger.info "ManPages:", "Processing RNP v#{version}..." + process_release(release, version_dir) + @cache_manager.update_version_cache(version, release[:published_at]) + else + Jekyll.logger.debug "ManPages:", "Skipping v#{version} (cached and fresh)" + end + end + end + + def process_release(release, version_dir) + FileUtils.mkdir_p(version_dir) + + archive_data = @archive_processor.download_release_archive(release[:zipball_url]) + man_pages = @archive_processor.extract_man_pages(archive_data) + + man_pages.each do |filename, content| + version = release[:tag_name].sub(/^v/, '') + processed_content = @man_page_processor.process_content(content, filename, version) + output_path = File.join(version_dir, filename) + File.write(output_path, processed_content) + end + + Jekyll.logger.info "ManPages:", "Successfully processed #{man_pages.length} man pages for v#{release[:tag_name].sub(/^v/, '')}" + end + + def generate_version_index + releases = @release_manager.get_all_releases + index_content = @version_index_generator.generate_index(releases) + index_path = File.join(@man_pages_dir, 'index.md') + File.write(index_path, index_content) + Jekyll.logger.info "ManPages:", "Generated version index with #{releases.length} versions" + end + + def create_latest_symlink + releases = @release_manager.get_all_releases + return if releases.empty? + + latest_version = releases.first[:tag_name].sub(/^v/, '') + latest_dir = "v#{latest_version}" + symlink_path = File.join(@man_pages_dir, 'latest') + + # Remove existing symlink if it exists + File.unlink(symlink_path) if File.symlink?(symlink_path) + + # Create new symlink + File.symlink(latest_dir, symlink_path) + Jekyll.logger.info "ManPages:", "Created 'latest' symlink pointing to v#{latest_version}" + end + end + + class GitHubClient + def initialize(token = nil) + @client = Octokit::Client.new(access_token: token) + @client.auto_paginate = true + end + + def get_releases(repo) + @client.releases(repo) + end + + def download_file(url) + uri = URI(url) + redirect_count = 0 + max_redirects = 5 + + loop do + Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http| + request = Net::HTTP::Get.new(uri) + response = http.request(request) + + case response.code + when '200' + return response.body + when '301', '302', '303', '307', '308' + redirect_count += 1 + if redirect_count > max_redirects + raise "Too many redirects (#{redirect_count}) for #{url}" + end + + location = response['location'] + if location.nil? + raise "Redirect response missing location header for #{url}" + end + + uri = URI(location) + Jekyll.logger.debug "ManPages:", "Following redirect to #{uri}" + next + else + raise "Failed to download #{url}: HTTP #{response.code}" + end + end + end + end + end + + class ReleaseManager + def initialize(github_client, include_prereleases = false) + @github_client = github_client + @include_prereleases = include_prereleases + @repo = 'rnpgp/rnp' + end + + def get_all_releases + releases = @github_client.get_releases(@repo) + + # Filter out prereleases if not wanted + releases = releases.reject(&:prerelease) unless @include_prereleases + + # Convert to hash format and sort by version (newest first) + releases.map do |release| + { + tag_name: release.tag_name, + name: release.name, + published_at: release.published_at, + zipball_url: release.zipball_url, + prerelease: release.prerelease + } + end.sort_by { |r| Gem::Version.new(r[:tag_name].sub(/^v/, '')) } + end + end + + class ArchiveProcessor + def initialize(github_client) + @github_client = github_client + end + + def download_release_archive(zipball_url) + @github_client.download_file(zipball_url) + end + + def extract_man_pages(archive_data) + man_pages = {} + + Tempfile.create(['rnp', '.zip']) do |temp_file| + temp_file.binmode + temp_file.write(archive_data) + temp_file.rewind + + Zip::File.open(temp_file.path) do |zip_file| + zip_file.each do |entry| + next unless entry.file? + next unless entry.name.match?(/\.(1|3)\.adoc$/) + + filename = File.basename(entry.name) + content = entry.get_input_stream.read + man_pages[filename] = content + end + end + end + + man_pages + end + end + + class ManPageProcessor + def process_content(content, filename, version) + lines = content.lines + + # Remove lines 2-3 (metadata lines) if they exist + if lines.length >= 3 + lines = [lines[0]] + lines[3..-1] + end + + content = lines.join + + # Replace version placeholders + content = content.gsub('{component-version}', version) + content = content.gsub('{release-version}', version) + + # Convert AsciiDoc title to Jekyll front matter + if content.match(/^= (.+)$/) + title = $1 + + # Generate permalink based on version and filename + base_name = File.basename(filename, '.adoc') + permalink = "/docs/#{version}/#{base_name}/" + + # Create Jekyll front matter + front_matter = [ + "---", + "title: #{title}", + "excerpt: man page for #{title}, version #{version}", + "version: #{version}", + "permalink: #{permalink}", + "---" + ].join("\n") + + # Replace the AsciiDoc title with front matter + content = content.sub(/^= .+$/, front_matter) + end + + content + end + end + + class CacheManager + def initialize(source_dir, cache_duration) + @source_dir = source_dir + @cache_duration = cache_duration + @cache_file = File.join(source_dir, '.man_pages_cache.json') + load_cache + end + + def should_update_version?(version, published_at) + return true unless @cache_data['versions'] + + version_cache = @cache_data['versions'][version] + return true unless version_cache + + cached_time = Time.parse(version_cache['cached_at']) + published_time = Time.parse(published_at.to_s) + + # Update if cache expired or if the published date is newer than cached + return true if Time.now - cached_time > @cache_duration + return true if published_time > Time.parse(version_cache['published_at']) + + false + end + + def update_version_cache(version, published_at) + @cache_data['versions'] ||= {} + @cache_data['versions'][version] = { + 'cached_at' => Time.now.iso8601, + 'published_at' => published_at.to_s + } + save_cache + end + + private + + def load_cache + if File.exist?(@cache_file) + begin + @cache_data = JSON.parse(File.read(@cache_file)) + rescue + @cache_data = {} + end + else + @cache_data = {} + end + end + + def save_cache + File.write(@cache_file, JSON.pretty_generate(@cache_data)) + end + end + + class VersionIndexGenerator + def generate_index(releases) + content = [ + "---", + "title: RNP Man Pages", + "excerpt: Manual pages for all RNP versions", + "layout: docs-index", + "---", + "", + "# RNP Manual Pages", + "", + "This page provides access to manual pages for all versions of RNP.", + "", + "## Available Versions", + "" + ] + + releases.each do |release| + version = release[:tag_name].sub(/^v/, '') + published_date = Time.parse(release[:published_at].to_s).strftime('%Y-%m-%d') + + content << "### [RNP v#{version}](v#{version}/) #{release[:prerelease] ? '(Pre-release)' : ''}" + content << "Released: #{published_date}" + content << "" + content << "- [rnp.1](/docs/#{version}/rnp.1/) - RNP command-line tool" + content << "- [rnpkeys.1](/docs/#{version}/rnpkeys.1/) - RNP key management tool" + content << "- [librnp.3](/docs/#{version}/librnp.3/) - RNP library API" + content << "" + end + + content << "## Latest Version" + content << "" + unless releases.empty? + latest_version = releases.first[:tag_name].sub(/^v/, '') + content << "The latest stable version is [RNP v#{latest_version}](latest/), which is an alias for [v#{latest_version}](v#{latest_version}/)." + end + + content.join("\n") + end + end +end diff --git a/assets/css/style.scss b/assets/css/style.scss index 7e26004..dcf1251 100644 --- a/assets/css/style.scss +++ b/assets/css/style.scss @@ -44,6 +44,12 @@ body { } } } + > footer { + .parent-hub-plug .logo { + width: 100px; + fill: white; + } + } } } diff --git a/assets/librepgp-logo.svg b/assets/librepgp-logo.svg index 63fa81a..bd11b8c 100644 --- a/assets/librepgp-logo.svg +++ b/assets/librepgp-logo.svg @@ -1 +1 @@ -AAA0OGp1bWIAAAAeanVtZGMycGEAEQAQgAAAqgA4m3EDYzJwYQAAADQSanVtYgAAAEdqdW1kYzJtYQARABCAAACqADibcQN1cm46dXVpZDpiZjllYWUwZC1lMWY4LTRlYTMtYTMyZi1hNTk4NzYyMmMxMGUAAAABqGp1bWIAAAApanVtZGMyYXMAEQAQgAAAqgA4m3EDYzJwYS5hc3NlcnRpb25zAAAAAMpqdW1iAAAAJmp1bWRjYm9yABEAEIAAAKoAOJtxA2MycGEuYWN0aW9ucwAAAACcY2JvcqFnYWN0aW9uc4GjZmFjdGlvbmtjMnBhLmVkaXRlZG1zb2Z0d2FyZUFnZW50bUFkb2JlIEZpcmVmbHlxZGlnaXRhbFNvdXJjZVR5cGV4Rmh0dHA6Ly9jdi5pcHRjLm9yZy9uZXdzY29kZXMvZGlnaXRhbHNvdXJjZXR5cGUvdHJhaW5lZEFsZ29yaXRobWljTWVkaWEAAACtanVtYgAAAChqdW1kY2JvcgARABCAAACqADibcQNjMnBhLmhhc2guZGF0YQAAAAB9Y2JvcqVqZXhjbHVzaW9uc4GiZXN0YXJ0GQEWZmxlbmd0aBlFoGRuYW1lbmp1bWJmIG1hbmlmZXN0Y2FsZ2ZzaGEyNTZkaGFzaFggRmWTQjzYVg9dG9p/vK0FAqPH4e1opbPmPft0i4il6P1jcGFkSQAAAAAAAAAAAAAAAgtqdW1iAAAAJGp1bWRjMmNsABEAEIAAAKoAOJtxA2MycGEuY2xhaW0AAAAB32Nib3KoaGRjOnRpdGxlb0dlbmVyYXRlZCBJbWFnZWlkYzpmb3JtYXRtaW1hZ2Uvc3ZnK3htbGppbnN0YW5jZUlEeCx4bXA6aWlkOjZmOTE5NGY0LTQwOTItNDVjZC1hMGRiLTk2OWYxYjJiNDJmMm9jbGFpbV9nZW5lcmF0b3J4NkFkb2JlX0lsbHVzdHJhdG9yLzI4LjEgYWRvYmVfYzJwYS8wLjcuNiBjMnBhLXJzLzAuMjUuMnRjbGFpbV9nZW5lcmF0b3JfaW5mb4G/ZG5hbWVxQWRvYmUgSWxsdXN0cmF0b3JndmVyc2lvbmQyOC4x/2lzaWduYXR1cmV4GXNlbGYjanVtYmY9YzJwYS5zaWduYXR1cmVqYXNzZXJ0aW9uc4KiY3VybHgnc2VsZiNqdW1iZj1jMnBhLmFzc2VydGlvbnMvYzJwYS5hY3Rpb25zZGhhc2hYIOusZuFqg598YJzpOfX+1iNBgqddK8SSEhBG9CJk0CvBomN1cmx4KXNlbGYjanVtYmY9YzJwYS5hc3NlcnRpb25zL2MycGEuaGFzaC5kYXRhZGhhc2hYIHTHgg8DMgltCEtJ6ytN0AqYIjPNedb+pOxA8I4i+2r0Y2FsZ2ZzaGEyNTYAADAQanVtYgAAAChqdW1kYzJjcwARABCAAACqADibcQNjMnBhLnNpZ25hdHVyZQAAAC/gY2JvctKEWQzCogE4JBghglkGEDCCBgwwggP0oAMCAQICEH/ydB/Rxt5DtZR6jmVwnp4wDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMR0wGwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEiMCAGA1UEAxMZQWRvYmUgUHJvZHVjdCBTZXJ2aWNlcyBHMzAeFw0yNDAxMTEwMDAwMDBaFw0yNTAxMTAyMzU5NTlaMH8xETAPBgNVBAMMCGNhaS1wcm9kMRMwEQYDVQQKDApBZG9iZSBJbmMuMREwDwYDVQQHDAhTYW4gSm9zZTETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxIDAeBgkqhkiG9w0BCQEWEWNhaS1vcHNAYWRvYmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA79MAp32GPZZBw7MpK0xuxWJZ2BwXMrmpbg+bvVC487/hbE1ji4PDYa8/UU8SPRHgW7t1pu3+L6j7EGH8ZBKdMCGug1ZhDmYWwHkX24cm1kPw+Fr73JOJhGUfkGZk6SJ+x1+tYG7TBR5SVMZGAXLSKALfUwQBW8/XeSINlhtG7B9/W+v/FEl5yCJOBQenbQUU9cXhMEg7cDndWAaV1zQSZkVh1zSWWfOaH9rQU3rIP5DL06ziScWA2fe1ONesHL21aJpXnrPjV1GN/2QeMR/jbGYpbO5tWy9r9oUpx4i6KmXlCpJWx1Jk+GaY62QnbbiLFpuY9jz1yq+xylLgm2UlwQIDAQAFo4IBjDCCAYgwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHgYDVR0lBBcwFQYJKoZIhvcvAQEMBggrBgEFBQcDBDCBjgYDVR0gBIGGMIGDMIGABgkqhkiG9y8BAgMwczBxBggrBgEFBQcCAjBlDGNZb3UgYXJlIG5vdCBwZXJtaXR0ZWQgdG8gdXNlIHRoaXMgTGljZW5zZSBDZXJ0aWZpY2F0ZSBleGNlcHQgYXMgcGVybWl0dGVkIGJ5IHRoZSBsaWNlbnNlIGFncmVlbWVudC4wXQYDVR0fBFYwVDBSoFCgToZMaHR0cDovL3BraS1jcmwuc3ltYXV0aC5jb20vY2FfN2E1YzNhMGM3MzExNzQwNmFkZDE5MzEyYmMxYmMyM2YvTGF0ZXN0Q1JMLmNybDA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9wa2ktb2NzcC5zeW1hdXRoLmNvbTAfBgNVHSMEGDAWgBRXKXoyTcz+5DVOwB8kc85zU6vfajANBgkqhkiG9w0BAQsFAAOCAgEAIWPV/Nti76MPfipUnZACP/eVrEv59WObHuWCZHj1By8bGm5UmjTgPQYlXyTj8XE/iY27phgrHg0piDsWDzu5s8B6TKkaMmUvgtk+UgukybbfdtBC6KvtGgy40cO4DkEUoPDitDxT1igbQqdKogAoVKqDEVqnF+CFQQztbGcZhFI9XKTsCQwf9hw7LhJCo6jANBIABNyQtSwWIpPeSEJhPVgWLyKepgQxJMqL6sgYZxGq9pCSQn2gS8pafyQFLByZwEBD/DxytRZZL6b3ZXqF+fZZsE9fsBxpcWFiv8pFvgBQOtCzlSbfG8o7bgBPJXm7mAA8j3t3hDEeEx0Gx8B/9a89pzTebWVrD3SEe0uZl9EbVC++F4EosRJFdYwzuP1iJO1d5I3VxGa9FrVq/FYBGORvvDaTwandizCwae43ozCI97QPEUtS+jJztz1kapHcBsLAh7LxnE82rlmq1o4vfdFsQUz7HEpOkPFkyKohyPTn1FIq4lkJKX3jBA6Na/sxyUZo9uvs4CA+0AeNcTXldyugRUF+mspdbMLiIduigdDLu+LJ3UcxvvLTE3374waDvUD1vzrXVsmJrCxk9CnI/RGmiINSZoDbUQcKPX/PXmCUmMHp0PhnXaanZwSI5Ot0Pit4AnZaU7PvrSQmew1/cp3ZmJcfeB4FGRT3DYprp+lZBqUwggahMIIEiaADAgECAhAMqLZUe4nm0gaJdc2Lm4niMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMSMwIQYDVQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UECxMUQWRvYmUgVHJ1c3QgU2VydmljZXMxGTAXBgNVBAMTEEFkb2JlIFJvb3QgQ0EgRzIwHhcNMTYxMTI5MDAwMDAwWhcNNDExMTI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAbBgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMSIwIAYDVQQDExlBZG9iZSBQcm9kdWN0IFNlcnZpY2VzIEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtx8uvb0Js1xIbP4Mg65sAepReCWkgD6Jp7GyiGTa9ol2gfn5HfOV/HiYjZiOz+TuHFU+DXNad86xEqgVeGVMlvIHGe/EHcKBxvEDXdlTXB5zIEkfl0/SGn7J6vTX8MNybfSi95eQDUOZ9fjCaq+PBFjS5ZfeNmzi/yR+MsA0jKKoWarSRCFFFBpUFQWfAgLyXOyxOnXQOQudjxNj6Wu0X0IB13+IH11WcKcWEWXM4j4jh6hLy29Cd3EoVG3oxcVenMF/EMgD2tXjx4NUbTNB1/g9+MR6Nw5Mhp5k/g3atNExAxhtugC+T3SDShSEJfs2quiiRUHtX3RhOcK1s1OJgT5s2s9xGy5/uxVpcAIaK2KiDJXW3xxN8nXPmk1NSVu/mxtfapr4TvSJbhrU7UA3qhQY9n4On2sbH1X1Tw+7LTek8KCA5ZDghOERPiIp/Jt893qov1bE5rJkagcVg0Wqjh89NhCaBA8VyRt3ovlGyCKdNV2UL3bn5vdFsTk7qqmp9makz1/SuVXYxIf6L6+8RXOatXWaPkmucuLE1TPOeP7S1N5JToFCs80l2D2EtxoQXGCR48K/cTUR5zV/fQ+hdIOzoo0nFn77Y8Ydd2k7/x9BE78pmoeMnw6VXYfXCuWEgj6p7jpbLoxQMoWMCVzlg72WVNhJFlSw4aD8fc6ezeECAwEAAaOCATQwggEwMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5hZG9iZS5jb20vYWRvYmVyb290ZzIuY3JsMA4GA1UdDwEB/wQEAwIBBjAUBgNVHSUEDTALBgkqhkiG9y8BAQcwVwYDVR0gBFAwTjBMBgkqhkiG9y8BAgMwPzA9BggrBgEFBQcCARYxaHR0cHM6Ly93d3cuYWRvYmUuY29tL21pc2MvcGtpL3Byb2Rfc3ZjZV9jcHMuaHRtbDAkBgNVHREEHTAbpBkwFzEVMBMGA1UEAxMMU1lNQy00MDk2LTMzMB0GA1UdDgQWBBRXKXoyTcz+5DVOwB8kc85zU6vfajAfBgNVHSMEGDAWgBSmHOFtVCRMqI9Icr9uqYzV5Owx1DANBgkqhkiG9w0BAQsFAAOCAgEAcc7lB4ym3C3cyOA7ZV4AkoGV65UgJK+faThdyXzxuNqlTQBlOyXBGFyevlm33BsGO1mDJfozuyLyT2+7IVxWFvW5yYMV+5S1NeChMXIZnCzWNXnuiIQSdmPD82TEVCkneQpFET4NDwSxo8/ykfw6Hx8fhuKz0wjhjkWMXmK3dNZXIuYVcbynHLyJOzA+vWU3sH2T0jPtFp7FN39GZne4YG0aVMlnHhtHhxaXVCiv2RVoR4w1QtvKHQpzfPObR53Cl74iLStGVFKPwCLYRSpYRF7J6vVS/XxW4LzvN2b6VEKOcvJmN3LhpxFRl3YYzW+dwnwtbuHW6WJlmjffbLm1MxLFGlG95aCz31X8wzqYNsvb9+5AXcv8Ll69tLXmO1OtsY/3wILNUEp4VLZTE3wqm3n8hMnClZiiKyZCS7L4E0mClbx+BRSMH3eVo6jgve41/fK3FQM4QCNIkpGs7FjjLy+ptC+JyyWqcfvORrFV/GOgB5hD+G5ghJcIpeigD/lHsCRYsOa5sFdqREhwIWLmSWtNwfLZdJ3dkCc7yRpm3gal6qRfTkYpxTNxxKyvKbkaJDoxR9vtWrC3iNrQd9VvxC3TXtuzoHbqumeqgcAqefWF9u6snQ4Q9FkXzeuJArNuSvPIhgBjVtggH0w0vm/lmCQYiC/Y12GeCxfgYlL33buiZnNpZ1RzdKFpdHN0VG9rZW5zgaFjdmFsWQ43MIIOMzADAgEAMIIOKgYJKoZIhvcNAQcCoIIOGzCCDhcCAQMxDzANBglghkgBZQMEAgEFADCBgwYLKoZIhvcNAQkQAQSgdARyMHACAQEGCWCGSAGG/WwHATAxMA0GCWCGSAFlAwQCAQUABCDgA3+4DS+waCTP7i1Hn7dLc90xY4bf2h60phjS9eJPRgIRAPSZyDXE7ELdtRmg/tMNKtAYDzIwMjQwNzI0MTYwMDExWgIJAMPtB4UOduCEoIILvTCCBQcwggLvoAMCAQICEAUenpHXHpEKu+Q9XO3Q3dkwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTAeFw0yMzA5MDgwMDAwMDBaFw0zNDEyMDcyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjEwMC4GA1UEAxMnRGlnaUNlcnQgQWRvYmUgQUFUTCBUaW1lc3RhbXAgUmVzcG9uZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETSyuUfkD/7Xn8wWXVqw2HxDxO5s6wRV+7SqUmsXSyaO3AvUh4dn8AHsnn27VOumGjUEM3zmV9NjfSs0Gx9P6bKOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGogj57IbzAdBgNVHQ4EFgQUsDWqVsMhqYvO07i8ixYlV53vNOEwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEFBQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAeCuMQseEEIRYlILJFfuWwvQL0smBtfWvJVjJI1HEeQxHYuoLs9BlEmAM1H6Qminw/m/YHOn+MyvPDhTiljqti/cjwekWUlri4HBRMhSAdamLxfF3UkQRf3g844OLsfJJ6RfrQDTnkGjMVvsYZVrFvQut5BNFeeSvqCA81Q9f0aH7ZJw7GVN1BAuBluR1i/GjcCnpzL2uJmKNHE5mqI7JZLExSGArF4rPCsVbpdt7RrA2E5RdnMjFziLGkrNZIi2k8nfRmIFCfj1TcANhOeyFs31mRMDWkd/82i/ZlS+912RnxRi/Cj28G8tMO+eYAGdEwEppdgCzdkK/D0KQM85ZN5QkwVEC2ZTHnaiFoDecPxsInpR+lDakV851KHClvoYq/SD4GBx0gbYsc8nRR+av5eamBmCr8ciB7SGNwIAOmMOCrbPgHQvjG0ADUzwytTHTaHFvvXTicUqoy6/nMlNCXeyDCpdTI/73MdA/3L9nkXH8BBas5cJbnp1Xs/hwUEmXzMeqKeWGQ5K1nWbbb70eWr54LSEnaWQXUu7NF0klv/nUteg8pGeikUOeDpemgPt4brDhikDH34/TQm5SgGxhKt2y4WLJbJBAYECeMjr2CBtItxb6EnK26KdrFrBWUi0mRLZ5XlnhezE+Dt/za5GR203SFMd4j3cI3c5Z5F5ucrswggauMIIElqADAgECAhAHNje3JFR82Ees/ShmKl5bMA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0yMjAzMjMwMDAwMDBaFw0zNzAzMjIyMzU5NTlaMGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGhjUGSbPBPXJJUVXHJQPE8pE3qZdRodbSg9GeTKJtoLDMg/la9hGhRBVCX6SI82j6ffOciQt/nR+eDzMfUBMLJnOWbfhXqAJ9/UO0hNoR8XOxs+4rgISKIhjf69o9xBd/qxkrPkLcZ47qUT3w1lbU5ygt69OxtXXnHwZljZQp09nsad/ZkIdGAHvbREGJ3HxqV3rwN3mfXazL6IRktFLydkf3YYMZ3V+0VAshaG43IbtArF+y3kp9zvU5EmfvDqVjbOSmxR3NNg1c1eYbqMFkdECnwHLFuk4fsbVYTXn+149zk6wsOeKlSNbwsDETqVcplicu9Yemj052FVUmcJgmf6AaRyBD40NjgHt1biclkJg6OBGz9vae5jtb7IHeIhTZgirHkr+g3uM+onP65x9abJTyUpURK1h0QCirc0PO30qhHGs4xSnzyqqWc0Jon7ZGs506o9UD4L/wojzKQtwYSH8UNM/STKvvmz3+DrhkKvp1KCRB7UK/BZxmSVJQ9FHzNklNiyDSLFc1eSuo80VgvCONWPfcYd6T/jnA+bIwpUzX6ZhKWD7TA4j+s4/TXkt2ElGTyYwMO1uKIqjBJgj5FBASA31fI7tk42PgpuE+9sJ0sj8eCXbsq11GdeJgo1gJASgADoRU7s7pXcheMBK9Rp6103a50g5rmQzSM7TNsQIDAQABo4IBXTCCAVkwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUuhbZbU2FL3MpdpovdYxqII+eyG8wHwYDVR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMIMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNybDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggIBAH1ZjsCTtm+YqUQiAX5m1tghQuGwGC4QTRPPMFPOvxj7x1Bd4ksp+3CKDaopafxpwc8dB+k+YMjYC+VcW9dth/qEICU0MWfNthKWb8RQTGIdDAiCqBa9qVbPFXONASIlzpVpP0d3+3J0FNf/q0+KLHqrhc1DX+1gtqpPkWaeLJ7giqzl/Yy8ZCaHbJK9nXzQcAp876i8dU+6WvepELJd6f8oVInw1YpxdmXazPByoyP6wCeCRK6ZJxurJB4mwbfeKuv2nrF5mYGjVoarCkXJ38SNoOeY+/umnXKvxMfBwWpx2cYTgAnEtp/Nh4cku0+jSbl3ZpHxcpzpSwJSpzd+k1OsOx0ISQ+UzTl63f8lY5knLD0/a6fxZsNBzU+2QJshIUDQtxMkzdwdeDrknq3lNHGS1yZr5Dhzq6YBT70/O3itTK37xJV77QpfMzmHQXh6OOmc4d0j/R0o08f56PGYX/sr2H7yRp11LB4nLCbbbxV7HhmLNriT1ObyF5lZynDwN7+YAN8gFk8n+2BnFqFmut1VwDophrCYoCvtlUG3OtUVmDG0YgkPCr2B2RP+v6TR81fZvAT6gt4y3wSJ8ADNXcL50CN/AAvkdgIm2fBldkKmKYcJRyvmfxqkhQ/8mJb2VVQrH4D6wPIOK+XW+6kvRBVK5xMOHds3OBqhK/bt1nz8MYIBuDCCAbQCAQEwdzBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBAhAFHp6R1x6RCrvkPVzt0N3ZMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjQwNzI0MTYwMDExWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBTZGrkz/het6YIephP1pDpxTj5+fTAvBgkqhkiG9w0BCQQxIgQghhYVbfVeHjAoGX8X/cWmiGNRIc5c1PZwWUMbaLqSN6gwNwYLKoZIhvcNAQkQAi8xKDAmMCQwIgQggtrxlJV7NoQCRY/VJwBp/mLHFFb6nguGq/gn6FMgJ9kwCgYIKoZIzj0EAwIERzBFAiAW3d1UZYVfA7GIGnx1QIoaCRVAvZGBuHZrcjl38TglUAIhAKwcstfQ0yz/LfQR5Ms3l8ix6mvcdKluqDhAowwUUcH8Y3BhZFkTswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPZZAQBaDkObXPx5oH33zO7jpEyM1gwHNGqfS5yTaA0mNBKLmTFA4PmkfK0FSr97LPAClsdna/utY5yeIiJZBW4lwzmrn2Zwu/JtqXTXhqQ5pilBHa/3LT2JQ49rk6Dlcp3UsGyq4qVxhvj7Jcy4K88RbKfm7c4n0QyjCtDrR8ymybvDhMGmpA8QB3FiJ0YOGJijFm2Q7/cmyjMUBnT/j6hK++2nqqdYovqli0sNyfe6vZdKDUvOgUuEg1ZSzF9Y6CdAVKZLcorXAhvUAgLKzdgDHNzDtSVulI7YBlVFCiGmSnQwzwlsztZvCTO3CCAYkhWO3I78JhebhSX4poiB/+E4BGMP \ No newline at end of file +AAA0Rmp1bWIAAAAeanVtZGMycGEAEQAQgAAAqgA4m3EDYzJwYQAAADQganVtYgAAAEdqdW1kYzJtYQARABCAAACqADibcQN1cm46dXVpZDo0YjE2NzAyMi04NWM3LTQ0YzEtODAxOC1kNmVmNzU0OTZhODcAAAABtWp1bWIAAAApanVtZGMyYXMAEQAQgAAAqgA4m3EDYzJwYS5hc3NlcnRpb25zAAAAANdqdW1iAAAAJmp1bWRjYm9yABEAEIAAAKoAOJtxA2MycGEuYWN0aW9ucwAAAACpY2JvcqFnYWN0aW9uc4GjZmFjdGlvbmtjMnBhLmVkaXRlZG1zb2Z0d2FyZUFnZW50bUFkb2JlIEZpcmVmbHlxZGlnaXRhbFNvdXJjZVR5cGV4U2h0dHA6Ly9jdi5pcHRjLm9yZy9uZXdzY29kZXMvZGlnaXRhbHNvdXJjZXR5cGUvY29tcG9zaXRlV2l0aFRyYWluZWRBbGdvcml0aG1pY01lZGlhAAAArWp1bWIAAAAoanVtZGNib3IAEQAQgAAAqgA4m3EDYzJwYS5oYXNoLmRhdGEAAAAAfWNib3KlamV4Y2x1c2lvbnOBomVzdGFydBkBFmZsZW5ndGgZRbRkbmFtZW5qdW1iZiBtYW5pZmVzdGNhbGdmc2hhMjU2ZGhhc2hYILe/0avOIZd3NwbJ9K+lfGbI6xGxCfR46GY3JGfBL6S4Y3BhZEkAAAAAAAAAAAAAAAIManVtYgAAACRqdW1kYzJjbAARABCAAACqADibcQNjMnBhLmNsYWltAAAAAeBjYm9yqGhkYzp0aXRsZW9HZW5lcmF0ZWQgSW1hZ2VpZGM6Zm9ybWF0bWltYWdlL3N2Zyt4bWxqaW5zdGFuY2VJRHgseG1wOmlpZDoxMGFmNzA4Yi1lMDRiLTQ2MzEtYTE1ZC00OWRiYzgxZjNlMzJvY2xhaW1fZ2VuZXJhdG9yeDdBZG9iZV9JbGx1c3RyYXRvci8yOS43IGFkb2JlX2MycGEvMC4xMi4yIGMycGEtcnMvMC4zMi41dGNsYWltX2dlbmVyYXRvcl9pbmZvgb9kbmFtZXFBZG9iZSBJbGx1c3RyYXRvcmd2ZXJzaW9uZDI5Ljf/aXNpZ25hdHVyZXgZc2VsZiNqdW1iZj1jMnBhLnNpZ25hdHVyZWphc3NlcnRpb25zgqJjdXJseCdzZWxmI2p1bWJmPWMycGEuYXNzZXJ0aW9ucy9jMnBhLmFjdGlvbnNkaGFzaFggSmnBvf+o3kEweL4k7cz4MTrB0WSVNFZxoA1rBrM31K+iY3VybHgpc2VsZiNqdW1iZj1jMnBhLmFzc2VydGlvbnMvYzJwYS5oYXNoLmRhdGFkaGFzaFggaOc/ezemBtCClB4GE4T7XAbWk3RxDGgq3Q/uuV2Ol3xjYWxnZnNoYTI1NgAAMBBqdW1iAAAAKGp1bWRjMmNzABEAEIAAAKoAOJtxA2MycGEuc2lnbmF0dXJlAAAAL+BjYm9y0oRZDO+iATgkGCGCWQY9MIIGOTCCBCGgAwIBAgIQFY3/J6wj0rglS05jNx4dnjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAbBgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMSIwIAYDVQQDExlBZG9iZSBQcm9kdWN0IFNlcnZpY2VzIEczMB4XDTI0MTAxNTAwMDAwMFoXDTI1MTAxNTIzNTk1OVowgasxEzARBgNVBAMMCkFkb2JlIEMyUEExKDAmBgNVBAsMH0NvbnRlbnQgQXV0aGVudGljaXR5IEluaXRpYXRpdmUxEzARBgNVBAoMCkFkb2JlIEluYy4xETAPBgNVBAcMCFNhbiBKb3NlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEgMB4GCSqGSIb3DQEJARYRY2FpLW9wc0BhZG9iZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDEMGB0H09cukxc/Dmg2BiQVYM8/VpJ+2H1Nk8g0605CWGnW/iH6EzFlYWORndElG6hIGuxJJgFoR+IMwqKyL+w7G4UcoFX/+XWu/dKuOuLEA1ciWqMZ0hjJ1oxoVr/mi8XP+bj5JTPRxxjOrD69IDO5HJIaemCbwaaP5IQlwv8YgfOpT1tTLc2yLNjahjbzKPfatuQ6p4ANIznU6ogkqWgQEUV7HMy6fOlT4rawuqF6hHwUkxpHR8Zdr+CpHOGSIEWHBSEs9L2zr5MKfPT1RkyVdt0b+IUqPdQ8VQOOqHTC0WBzPbgOtSVpZ6KW0oei7KYEe6KvO+Y4bRW1I96nE5AgMBAAGjggGMMIIBiDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAeBgNVHSUEFzAVBgkqhkiG9y8BAQwGCCsGAQUFBwMEMIGOBgNVHSAEgYYwgYMwgYAGCSqGSIb3LwECAzBzMHEGCCsGAQUFBwICMGUMY1lvdSBhcmUgbm90IHBlcm1pdHRlZCB0byB1c2UgdGhpcyBMaWNlbnNlIENlcnRpZmljYXRlIGV4Y2VwdCBhcyBwZXJtaXR0ZWQgYnkgdGhlIGxpY2Vuc2UgYWdyZWVtZW50LjBdBgNVHR8EVjBUMFKgUKBOhkxodHRwOi8vcGtpLWNybC5zeW1hdXRoLmNvbS9jYV83YTVjM2EwYzczMTE3NDA2YWRkMTkzMTJiYzFiYzIzZi9MYXRlc3RDUkwuY3JsMDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAYYbaHR0cDovL3BraS1vY3NwLnN5bWF1dGguY29tMB8GA1UdIwQYMBaAFFcpejJNzP7kNU7AHyRzznNTq99qMA0GCSqGSIb3DQEBCwUAA4ICAQCquXoUtD5z0thp/SKDJOASs0v1eaaJ6JPeiEoV68ncE3uRaRkPXOdtXDdedfm2BBoqr4CJIKV03FgQqpT5Gr0uvboYaCUFIDSz8OzaTD7YuWdOaiMAcIfcK9VFuEYcetqyGad+DCYXVNKRpaTs3ESFu33BCiIQyQtJB4zhLgK77XvoXMR3L7POQORFap5I5A7+obZZG2j+8irfQQJ/q/oW1rMkjUJYiqEErmgmKhI1suwJUmFqvdRxr0PXW6N5lbiTaM8KyfOuJOYWpV+13eTZJdRCDvBBxBxd8oEi1Zm3zO2fQhihnMlrXH2X129coAm82wOjPi4N6tLzP2vMuwRC/MvXI9tOnj7/qZNMBayhoO2aRmCbdf6x989fdfMwWZ/MgeJh9SNrmcorZuzg/vW2K3/VT8UPbF2WnNlK6lGoIwbP5RN5cjwis3llH/4XytKyZEBK2OeCDP/AO5zBwOUltjj9EqrcGsCLgtqYswh/Cj91svnlMOUg53scJ+ZKBptzVY7QqOLctb9Vmc/1UbxaJQb5aq03U5AgBmYVQ5Z1dAYtqD4jU5pnUFckM2wmJdyDZMY0FIQ+jjgCR+f0zMUYrIHlS6sw3g0fSqVqaGuEqJXT5vvcWPHffQ/9+vEGbPHk2kBCE0qSzH4XjPVLwDLWjZMEiSR4AVsPPLx/8XG7K1kGpTCCBqEwggSJoAMCAQICEAyotlR7iebSBol1zYubieIwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMR0wGwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEZMBcGA1UEAxMQQWRvYmUgUm9vdCBDQSBHMjAeFw0xNjExMjkwMDAwMDBaFw00MTExMjgyMzU5NTlaMHUxCzAJBgNVBAYTAlVTMSMwIQYDVQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UECxMUQWRvYmUgVHJ1c3QgU2VydmljZXMxIjAgBgNVBAMTGUFkb2JlIFByb2R1Y3QgU2VydmljZXMgRzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3Hy69vQmzXEhs/gyDrmwB6lF4JaSAPomnsbKIZNr2iXaB+fkd85X8eJiNmI7P5O4cVT4Nc1p3zrESqBV4ZUyW8gcZ78QdwoHG8QNd2VNcHnMgSR+XT9Iafsnq9Nfww3Jt9KL3l5ANQ5n1+MJqr48EWNLll942bOL/JH4ywDSMoqhZqtJEIUUUGlQVBZ8CAvJc7LE6ddA5C52PE2Ppa7RfQgHXf4gfXVZwpxYRZcziPiOHqEvLb0J3cShUbejFxV6cwX8QyAPa1ePHg1RtM0HX+D34xHo3DkyGnmT+Ddq00TEDGG26AL5PdINKFIQl+zaq6KJFQe1fdGE5wrWzU4mBPmzaz3EbLn+7FWlwAhorYqIMldbfHE3ydc+aTU1JW7+bG19qmvhO9IluGtTtQDeqFBj2fg6faxsfVfVPD7stN6TwoIDlkOCE4RE+Iin8m3z3eqi/VsTmsmRqBxWDRaqOHz02EJoEDxXJG3ei+UbIIp01XZQvdufm90WxOTuqqan2ZqTPX9K5VdjEh/ovr7xFc5q1dZo+Sa5y4sTVM854/tLU3klOgUKzzSXYPYS3GhBcYJHjwr9xNRHnNX99D6F0g7OijScWfvtjxh13aTv/H0ETvymah4yfDpVdh9cK5YSCPqnuOlsujFAyhYwJXOWDvZZU2EkWVLDhoPx9zp7N4QIDAQABo4IBNDCCATAwEgYDVR0TAQH/BAgwBgEB/wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmFkb2JlLmNvbS9hZG9iZXJvb3RnMi5jcmwwDgYDVR0PAQH/BAQDAgEGMBQGA1UdJQQNMAsGCSqGSIb3LwEBBzBXBgNVHSAEUDBOMEwGCSqGSIb3LwECAzA/MD0GCCsGAQUFBwIBFjFodHRwczovL3d3dy5hZG9iZS5jb20vbWlzYy9wa2kvcHJvZF9zdmNlX2Nwcy5odG1sMCQGA1UdEQQdMBukGTAXMRUwEwYDVQQDEwxTWU1DLTQwOTYtMzMwHQYDVR0OBBYEFFcpejJNzP7kNU7AHyRzznNTq99qMB8GA1UdIwQYMBaAFKYc4W1UJEyoj0hyv26pjNXk7DHUMA0GCSqGSIb3DQEBCwUAA4ICAQBxzuUHjKbcLdzI4DtlXgCSgZXrlSAkr59pOF3JfPG42qVNAGU7JcEYXJ6+WbfcGwY7WYMl+jO7IvJPb7shXFYW9bnJgxX7lLU14KExchmcLNY1ee6IhBJ2Y8PzZMRUKSd5CkURPg0PBLGjz/KR/DofHx+G4rPTCOGORYxeYrd01lci5hVxvKccvIk7MD69ZTewfZPSM+0WnsU3f0Zmd7hgbRpUyWceG0eHFpdUKK/ZFWhHjDVC28odCnN885tHncKXviItK0ZUUo/AIthFKlhEXsnq9VL9fFbgvO83ZvpUQo5y8mY3cuGnEVGXdhjNb53CfC1u4dbpYmWaN99subUzEsUaUb3loLPfVfzDOpg2y9v37kBdy/wuXr20teY7U62xj/fAgs1QSnhUtlMTfCqbefyEycKVmKIrJkJLsvgTSYKVvH4FFIwfd5WjqOC97jX98rcVAzhAI0iSkazsWOMvL6m0L4nLJapx+85GsVX8Y6AHmEP4bmCElwil6KAP+UewJFiw5rmwV2pESHAhYuZJa03B8tl0nd2QJzvJGmbeBqXqpF9ORinFM3HErK8puRokOjFH2+1asLeI2tB31W/ELdNe27Ogduq6Z6qBwCp59YX27qydDhD0WRfN64kCs25K88iGAGNW2CAfTDS+b+WYJBiIL9jXYZ4LF+BiUvfdu6Nmc2lnVHN0oWl0c3RUb2tlbnOBoWN2YWxZDlowgg5WMAMCAQAwgg5NBgkqhkiG9w0BBwKggg4+MIIOOgIBAzEPMA0GCWCGSAFlAwQCAQUAMIGDBgsqhkiG9w0BCRABBKB0BHIwcAIBAQYJYIZIAYb9bAcBMDEwDQYJYIZIAWUDBAIBBQAEIMCs6ho9OhBEIkmBvWbwyyM1kj16rfFwimiFWrNt4QUlAhEAyRgsfxu02iul26URaL5hhxgPMjAyNTA4MTUxMDM2MDNaAgkA6s0RpdeBMDOgggvaMIIFHjCCAwagAwIBAgIQCRkNwSych9sy/Qq1UL3tSzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUgQ0ExMB4XDTI1MDYxMTAwMDAwMFoXDTM2MDkxMDIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTcwNQYDVQQDEy5BZG9iZSBTSEEyNTYgRUNDMjU2IFRpbWVzdGFtcCBSZXNwb25kZXIgMjAyNSAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOpnJ1dlI70vziNfGsnAg894iynDv+TyM/WLDFvlk7Q9uI3eKNW5ux1vNXfywrXuGdLS7mGcY4R0fYSexTBGp8qOCAZUwggGRMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCB2oaNucRWPdJUNrqQspDY/WBkVMB8GA1UdIwQYMBaAFO9vU0rp5AZ8esrikFb2L9RJ7MtOMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDCBlQYIKwYBBQUHAQEEgYgwgYUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBdBggrBgEFBQcwAoZRaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0VGltZVN0YW1waW5nUlNBNDA5NlNIQTI1NjIwMjVDQTEuY3J0MF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFRpbWVTdGFtcGluZ1JTQTQwOTZTSEEyNTYyMDI1Q0ExLmNybDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggIBAEqc/irOueTptp7riY2S4C96BV8XhZnvnY8IgXVT5ByEr+H0Q17Tv1IBTuzrp/rOjqDa2CkOhsWkS1Lttw5qwnhMrwXROUV/wgBLSuO9z7A7KPHNbZpI6g0h84MQ0bMKF/xB1iLEka4yTPEVgeyndyj42tI7mbZBVaSc6o5P3aifVGqsoinyqwkYsCKS1NQnQURZ4+rsSU34dMu8c6/q1jjx1TCTXsxed4iaPcIvkEjl9nnuma23SgGB1jvLDPhGRtL8zWlnqlDdS5U4Oe0NTyqSgsYgpioKrMRl5knForGT84xLlDsqyw/TiY8r1zvEnh73+sTxcIZwhN4HNnnbB+0AlXbCdzqSmeyTLm8CNhsKiPTIMBpyiRt+ZPvL0BPTC84lQ99IuMvI8jknTGn3lx2LxsdGhgMAjmzNnsxkpp3VVq/Qz4dXBmpjQK401JHFkRdMqNFMycHRteFUKj5eZ5Y/9rS6pNtOg09hbCDECgmuNlCWyIUtoXS8ZxzfEqZKcnlOtoFOFU+WUVmqpm78PuEBSIB0KFj3jDsDaVR6n1gKHG9r+27KJoLyqDHeeZIxo253LeucYpBGkjHuU5RozZn6M26tQQvDixfXqgOi+GVtWYnkSSD9GAYvRIkF+Zh9CzcjVgPwroGIHfW8c0RxfvUaFV/Gq/N9xHwaRj7EUh5MMIIGtDCCBJygAwIBAgIQDcesVwX/IZkuQEMiDDpJhjANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjUwNTA3MDAwMDAwWhcNMzgwMTE0MjM1OTU5WjBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUgQ0ExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtHgx0wqYQXK+PEbAHKx126NGaHS0URedTa2NDZS1mZaDLFTtQ2oRjzUXMmxCqvkbsDpz4aH+qbxeLho8I6jY3xL1IusLopuW2qftJYJaDNs1+JH7Z+QdSKWM06qchUP+AbdJgMQB3h2DZ0Mal5kYp77jYMVQXSZH++0trj6Ao+xh/AS7sQRuQL37QXbDhAktVJMQbzIBHYJBYgzWIjk8eDrYhXDEpKk7RdoX0M980EpLtlrNyHw0Xm+nt5pnYJU3Gmq6bNMI1I7Gb5IBZK4ivbVCiZv7PNBYqHEpNVWC2ZQ8BbfnFRQVESYOszFI2Wv82wnJRfN20VRS3hpLgIR4hjzL0hpoYGk81coWJ+KdPvMvaB0WkE/2qHxJ0ucS638ZxqU14lDnki7CcoKCz6eum5A19WZQHkqUJfdkDjHkccpL6uoG8pbF0LJAQQZxst7VvwDDjAmSFTUms+wV/FbWBqi7fTJnjq3hj0XbQcd8hjj/q8d6ylgxCZSKi17yVp2NL+cnT6Toy+rN+nM8M7LnLqCrO2JP3oW//1sfuZDKiDEb1AQ8es9Xr/u6bDTnYCTKIsDq1BtmXUqEG1NqzJKS4kOmxkYp2WyODi7vQTCBZtVFJfVZ3j7OgWmnhFr4yUozZtqgPrHRVHhGNKlYzyjlroPxul+bgIspzOwbtmsgY1MCAwEAAaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFO9vU0rp5AZ8esrikFb2L9RJ7MtOMB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQAXzvsWgBz+Bz0RdnEwvb4LyLU0pn/N0IfFiBowf0/Dm1wGc/Do7oVMY2mhXZXjDNJQa8j00DNqhCT3t+s8G0iP5kvN2n7Jd2E4/iEIUBO41P5F448rSYJ59Ib61eoalhnd6ywFLerycvZTAz40y8S4F3/a+Z1jEMK/DMm/axFSgoR8n6c3nuZB9BfBwAQYK9FHaoq2e26MHvVY9gCDA/JYsq7pGdogP8HRtrYfctSLANEBfHU16r3J05qX3kId+ZOczgj5kjatVB+NdADVZKON/gnZruMvNYY2o1f4MXRJDMdTSlOLh0HCn2cQLwQCqjFbqrXuvTPSegOOzr4EWj7PtspIHBldNE2K9i697cvaiIo2p61Ed2p8xMJb82Yosn0z4y25xUbI7GIN/TpVfHIqQ6Ku/qjTY6hc3hsXMrS+U0yy+GWqAXam4ToWd2UQ1KYT70kZjE4YtL8Pbzg0c1ugMZyZZd/BdHLiRu7hAWE6bTEm4XYRkA6Tl4KSFLFk43esaUeqGkH/wyW4N7OigizwJWeukcyIPbAvjSabnf7+Pu0VrFgoiovRDiyx3zEdmcif/sYQsfch28bZeUz2rtY/9TCA6TD8dC3JE3rYkrhLULy7Dc90G6e8BlqmyIjlgp2+VqsS9/wQD7yFylIz0scmbKvFoW2jNrbM1pD2T7m3XDGCAb4wggG6AgEBMH0waTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0IFRpbWVTdGFtcGluZyBSU0E0MDk2IFNIQTI1NiAyMDI1IENBMQIQCRkNwSych9sy/Qq1UL3tSzANBglghkgBZQMEAgEFAKCB0TAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MDgxNTEwMzYwM1owKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQU14e6eSljn7jBL0qmFlF0y+ClgPMwLwYJKoZIhvcNAQkEMSIEIKHruGB6UokqdFVmHxPmMhWlSTMyszJUPO+/B/L2VED1MDcGCyqGSIb3DQEJEAIvMSgwJjAkMCIEINMjr+Jf3T0W8m8vJZ585InbhtLZqrB7JvWYNwhgiVZ4MAoGCCqGSM49BAMCBEcwRQIgXEV2Z/R0A7FoeEhaRMMOD2bWgE3/Ww9UaNgY3gHForACIQDLXkkvCKcLKbM23A4XxeQ4mBnRRyB8B5Ovqho1/8G+1WVyVmFsc6Fob2NzcFZhbHOBWQjYMIII1AoBAKCCCM0wggjJBgkrBgEFBQcwAQEEggi6MIIItjCBnqIWBBQXKZNy/6f7WDL/suCOsO2oUAb6rRgPMjAyNTA4MTMyMTUzMDNaMHMwcTBJMAkGBSsOAwIaBQAEFLvfcyV72yOix06JXd/8EYWom4sBBBRXKXoyTcz+5DVOwB8kc85zU6vfagIQFY3/J6wj0rglS05jNx4dnoAAGA8yMDI1MDgxMzIxNTMwM1qgERgPMjAyNTA4MjAyMTUzMDNaMA0GCSqGSIb3DQEBCwUAA4ICAQBlp30Bc8O0n7TV2/A54vJDtQ0aOMuemMVuYr+UdUTt9WPYdB3LvA9+IwFe/rY4kmXw8W7bqDJ6dwVuSFwSGsHq5aGeElkzDLW00VaJn5wXQ4vIwK7TwPkpGHzH0o3ibMniinenyL7FBj2T9nRywiyzrz+xQn8hXFlfoF7IfdxKDik9NnDVq0GfXKMJeBiBWy2daXrQUs6XrRMep7jN6RjiIuau+5PkKJOB8Xv/IiHvt+Ldk1FFaighS0CZRl7mfDWhdwPF0j3IhpBvyAUCdOM3i6pp2Ume0IlHHdDmPiGohhN+4vvvbMqTOjuzlGHpEKh3ACW0Kd5wuFHLh07zbgkQr5jy+Z8HZn1WvhtrIucDDEIg+L5F5ZZ+4t1OtehjoRuPd2RSLF9icEfte0O32rVCU1O00xPd3/by3maC+xRHJKI5CVa5HR1gsDndF064ZrQB5y69zUkW5zKyuZHq7+XZD9ihfypH4ehiYtVqWIgyDVDx7e9OwSvgn6lIbKVZQqKU+8o3YT23cbwIHUuNvMmqr9oqBiiZNJUfQmi/1rp8wIr/XtVbxy2wkk5DOVV6Z6nTPKxz4tXrGRYLeSssdd+/BnCDbar3EZ2eIhypDke7LNiTCONZP2WlRC79N+3uU5TB2MCsoJSA3qMHGpU2Bgw8ALpgbPeo+Cxv64EJ4OnZmKCCBf0wggX5MIIF9TCCA92gAwIBAgIUXd1NQV0yf6Bwg8rU+mNqVOzkhXgwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMR0wGwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEiMCAGA1UEAxMZQWRvYmUgUHJvZHVjdCBTZXJ2aWNlcyBHMzAeFw0yNTA3MTUyMDMyMDhaFw0yNTEwMTMyMDMyMDhaMHoxCzAJBgNVBAYTAlVTMSMwIQYDVQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDFGMEQGA1UEAxM9QWRvYmUgUHJvZHVjdCBTZXJ2aWNlcyBHMyBPQ1NQIFJlc3BvbmRlciAyMDI1LTA3LTE1VDIwOjMyOjA4WjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKLmRsLd1ahdUcMN/eWI1G/LbC5QNS3icbnk2brWQOxhbk99e3OZMRS3elGH7mCxCW7qSCgm0n8Kl6v5fAM5L8RFJyVSI1HvijAp1h3wFZLpdf8Zx5xAopT//6Z8csg2IQRsgmfIVXx6x1rQ/w2pTOBXACqnIVTEggDC84q/C8hEOs9Ec+k6Rd37ntp72SawMiwCYTs4QKN/NZA4upvX552jxOJWnmC6FhojkHKctfKu+NNYlBhxYvD2G1D9ofYIbjzCp49NkIyFf97s5X7GaNP364+5BJODfThoXrZnb8GnD8oQMP+PQNHaOotBdqW4doW2qJ1AYcLt5UpSW2V4tlOofqcrAAfhCTAzH0Q0/U/8DkITHB5/0VZ7lxGW9i2r163pkec9E0/+5OFtCT585u3v+L0Zvv5PzxKrVoNDfowJbN6FBPZWRim11s9sTlsbVXdQqZIrd6vKYN3vfHND1xOPSLGd+GDzFHvrdjgmbnn+7+0+1tUqC4+8+DgrVrhkeXeLseIf+1qvOglOWl2K9c49p+Uf8e1A7iXfSQClyBgMDf01IFA+UEnQGx17TEOE0+0rUuiGdkm14qZ1MS9MZfKk84negesPKW0Tp0o6/+IHt/q+SOZvH0Eo/3hFLe27gJ7RTXfj0c1RQuBM5jL/bdbS2N8ikf3oxxECxQzcyqhTAgMBAAGjeDB2MB0GA1UdDgQWBBQXKZNy/6f7WDL/suCOsO2oUAb6rTAfBgNVHSMEGDAWgBRXKXoyTcz+5DVOwB8kc85zU6vfajAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEATHTjXThfJSfb3U+60TD6GMV43I2Z37blRU6e7MIdLqkgcmSFV5hu16dWNVFDwNR8z5Gg8kVcoKf6CAlbGWUw9HEQAe/29Mg9FXCljMfzq/T01x3Jzlk+mjUzup+7EMevROH3s6J+29k4tFyGdsbNQgsvGYBTzhcFk+dkHNC1rLq503To6pV9OylQR3GCEm7jAbiy7jnXBApX1W1JyT4oRmXONs1MAzef6nfs5esmw1115gI1E6Og2XF/Z1eqoHYDh26S+rW9E2ZypQCMIXhkQVpCw4d4L2b3xdrbYBCHYHqfESViYSXW9ifQRfA1TguUV13V5ZxYDJxy2XqFJhbPmlmU5eW33XJ9xD67xyVEgeLPvamb6ij18Nx5Dlov3n7OEOQHJNtlztgIlW4JZYmPvSNfnOp8932k5t0A8/+d5nX5d4xMAWXu0YJOT8xtKxIIPGnY5v2h/nD6OKhTx4rYvGxjtHEBThIQDw6HTa5/GnnDsVxbQLEvMxCXroilsWuyNga9FyVDgoBmIdb7ff1zMOEBHbGbf1tbxTc6XhMuFza9y3XYDVVD3IWrU8o/CVhiIqF1n/n4dJuuFYkV+ebPhVDixok3oBgkfwC4ADerve6nFvdGEKchXTk6y+qFsQYO64YEgt24OiyOOmWDCu5FRTH3pHTtwq+f3KHQW3A57TdjcGFkWQp3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9lkBACq6zAfCqo+R1PRbXqb+yuZHDot3MY0ZyJOWBs9XpNmP4Bk/5adB3Na9Luwn4JiVT8jYtfjFlcS0SOYOsNSdDZG4BqlQZN5Mx7SoXi+BhYlP4mFKXmxZvfS87jbx8ch3tHzMcLG6OzEmWLaAXdzZZWY5oiAUTApzsjM6dqJtOgiyC+RFRaEmQ0Mp+2PRfLqT07FJ1yhJ1MroFO7/1k/n2Idx6BG6UnX9a2Ix7oJry5zHDxajxXe3YbmJlR8er3SEex0sB7lWtqLRKCYE7/EQUhNGw6hUndjxlFmxpEuo0YJee4Qkaa9Ky6utewCgplaA3C1lo38hW10GM+s59ksRVlo= \ No newline at end of file diff --git a/parent-hub/assets/symbol.svg b/parent-hub/assets/symbol.svg new file mode 100644 index 0000000..2503298 --- /dev/null +++ b/parent-hub/assets/symbol.svg @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/parent-hub/title.html b/parent-hub/title.html new file mode 100644 index 0000000..e69de29