A GnuPG Shell
gpgkeys is a Python program that allows to conveniently manage GnuPG keys and keyrings from the command line. It comes in the form of a shell, with commands resembling GnuPG CLI commands and their options. Its main feature is end-to-end tab completion.
The GnuPG CLI is very powerful – and with great power comes great incomprehensibility.
gpgkeys makes key management easy by:
Everything in gpgkeys can be tab completed: commands, help topics, option flags, key ids, user names, file names, shell commands, and keyserver URLs.
$ gpgkeys gpgkeys 1.23 (type help for help) gpgkeys> help Available commands (type help <topic>): ======================================= EOF del export genkey import lsign refresh shell checksig dump fdump genrevoke list quit search sign clear edit fetch help listsig recv send version Shortcut commands (type help <topic>): ====================================== ! . ? e ll ls gpgkeys> help export Usage: export <keyspec> Options: --armor --clean --minimal --output --secret Export keys to stdout or to a file gpgkeys> ls Stefan pub 1024R/E1F438AD 1995-10-03 uid Stefan H. Holek (RSA) <firstname.lastname@example.org> pub 1024D/355A2D28 2001-11-04 uid Stefan H. Holek <email@example.com> sub 2048g/A27E0DBC 2004-10-27 gpgkeys> export --armor 355A2D28 > stefan.asc gpgkeys> .ls alice.asc stefan.asc
Command lines prefixed with ‘.’ or ‘!’ are executed by the shell. You can use cd to change the current directory, umask to change the umask, and of course everything else:
gpgkeys> .cd subdir/ gpgkeys> .pwd /home/stefan/subdir
You can use input/output redirects and pipes:
gpgkeys> export 355A2D28 | pgpdump | less
To see the commands sent to GnuPG, run gpgkeys with the -v option:
$ gpgkeys -v gpgkeys 1.23 (type help for help) gpgkeys> ls 355A2D28 gpgkeys: gpg --list-keys 355A2D28 pub 1024D/355A2D28 2001-11-04 uid Stefan H. Holek <firstname.lastname@example.org> sub 2048g/A27E0DBC 2004-10-27
For everything you ever wanted to know about GnuPG commands, type:
gpgkeys> .man gpg
gpgkeys can be invoked with arguments, in which case it does not enter the command loop:
$ gpgkeys export --armor 355A2D28 > stefan.asc
For the send, recv, search, and refresh commands to work, at least one keyserver should be configured in gpg.conf. For example:
keyserver ldap://keyserver.pgp.com keyserver hkp://pool.sks-keyservers.net
The last keyserver in gpg.conf becomes the default keyserver. All keyservers become available for completion after the --keyserver option.
OpenPGP allows user IDs to be either Latin-1 or UTF-8 encoded. To find keys with non-ASCII IDs, GnuPG requires search strings to be encoded the right way.
gpgkeys’ key completion keeps track of the original encodings, and every name you tab-complete will automatically be encoded the way GnuPG expects. You may sometimes see ‘?’ characters in place of non-ASCII characters on the command line, which are a result of the above and no reason for concern.
Installation requires Python 2.5 or higher, including Python 3.3.
To install the gpgkeys script, type:
Then put it on your system PATH by e.g. symlinking it to /usr/local/bin.
The gpg command must be available on the system PATH.