gnupg: gpgtar
10.10 Encrypt or sign files into an archive
===========================================
‘gpgtar’ encrypts or signs files into an archive. It is an gpg-ized tar
using the same format as used by PGP's PGP Zip.
‘gpgtar’ is invoked this way:
gpgtar [options] FILENAME1 [FILENAME2, ...] DIRECTORY [DIRECTORY2, ...]
‘gpgtar’ understands these options:
‘--create’
Put given files and directories into a vanilla "ustar" archive.
‘--extract’
Extract all files from a vanilla "ustar" archive. If no file name
is given (or it is "-") the archive is taken from stdin.
‘--encrypt’
‘-e’
Encrypt given files and directories into an archive. This option
may be combined with option ‘--symmetric’ for an archive that may
be decrypted via a secret key or a passphrase.
‘--decrypt’
‘-d’
Extract all files from an encrypted archive. If no file name is
given (or it is "-") the archive is taken from stdin.
‘--sign’
‘-s’
Make a signed archive from the given files and directories. This
can be combined with option ‘--encrypt’ to create a signed and then
encrypted archive.
‘--list-archive’
‘-t’
List the contents of the specified archive. If no file name is
given (or it is "-") the archive is taken from stdin.
‘--symmetric’
‘-c’
Encrypt with a symmetric cipher using a passphrase. The default
symmetric cipher used is AES-128, but may be chosen with the
‘--cipher-algo’ option to ‘gpg’.
‘--recipient USER’
‘-r USER’
Encrypt for user id USER. For details see ‘gpg’.
‘--local-user USER’
‘-u USER’
Use USER as the key to sign with. For details see ‘gpg’.
‘--output FILE’
‘-o FILE’
Write the archive to the specified file FILE.
‘--verbose’
‘-v’
Enable extra informational output.
‘--quiet’
‘-q’
Try to be as quiet as possible.
‘--skip-crypto’
Skip all crypto operations and create or extract vanilla "ustar"
archives.
‘--dry-run’
Do not actually output the extracted files.
‘--directory DIR’
‘-C DIR’
Extract the files into the directory DIR. The default is to take
the directory name from the input filename. If no input filename
is known a directory named ‘GPGARCH’ is used. For tarball
creation, switch to directory DIR before performing any operations.
‘--files-from FILE’
‘-T FILE’
Take the file names to work from the file FILE; one file per line.
‘--null’
Modify option ‘--files-from’ to use a binary nul instead of a
linefeed to separate file names.
‘--utf8-strings’
Assume that the file names read by ‘--files-from’ are UTF-8
encoded. This option has an effect only on Windows where the
active code page is otherwise assumed.
‘--openpgp’
This option has no effect because OpenPGP encryption and signing is
the default.
‘--cms’
This option is reserved and shall not be used. It will eventually
be used to encrypt or sign using the CMS protocol; but that is not
yet implemented.
‘--batch’
Use batch mode. Never ask but use the default action. This option
is passed directly to ‘gpg’.
‘--yes’
Assume "yes" on most questions. Often used together with ‘--batch’
to overwrite existing files. This option is passed directly to
‘gpg’.
‘--no’
Assume "no" on most questions. This option is passed directly to
‘gpg’.
‘--require-compliance’
This option is passed directly to ‘gpg’.
‘--status-fd N’
Write special status strings to the file descriptor N. See the
file DETAILS in the documentation for a listing of them.
‘--with-log’
When extracting an encrypted tarball also write a log file with the
gpg output to a file named after the extraction directory with the
suffix ".log".
‘--set-filename FILE’
Use the last component of FILE as the output directory. The
default is to take the directory name from the input filename. If
no input filename is known a directory named ‘GPGARCH’ is used.
This option is deprecated in favor of option ‘--directory’.
‘--no-compress’
This option tells gpg to disable compression (i.e. using option
-z0). It is useful for archiving only large files which are are
already compressed (e.g. a set of videos).
‘--gpg GPGCMD’
Use the specified command GPGCMD instead of ‘gpg’.
‘--gpg-args ARGS’
Pass the specified extra options to ‘gpg’.
‘--tar-args ARGS’
Assume ARGS are standard options of the command ‘tar’ and parse
them. The only supported tar options are "-directory",
"-files-from", and "-null" This is an obsolete options because
those supported tar options can also be given directly.
‘--tar COMMAND’
This is a dummy option for backward compatibility.
‘--version’
Print version of the program and exit.
‘--help’
Display a brief help page and exit.
The program returns 0 if everything was fine, 1 otherwise.
Some examples:
Encrypt the contents of directory ‘mydocs’ for user Bob to file ‘test1’:
gpgtar --encrypt --output test1 -r Bob mydocs
List the contents of archive ‘test1’:
gpgtar --list-archive test1