Using the RNP command-line interface
Generating an RSA private key
By default, rnpkeys --generate-key
generates a 2048-bit RSA key.
export keydir=/tmp
rnpkeys --generate-key --homedir=${keydir}
⇒
rnpkeys: generated keys in directory ${keydir}/6ed2d908150b82e7
Note
|
Here 6ed2d… is the key fingerprint.
|
In order to use fully-featured key-pair generation, the --expert
flag
should be used.
With this flag added to rnpkeys --generate-key
, the user will be
able to generate a key-pair for any supported algorithm and/or key size.
Example:
> export keydir=/tmp
> rnpkeys --generate-key --expert --homedir=${keydir}
Please select what kind of key you want:
(1) RSA (Encrypt or Sign)
(19) ECDSA
(22) EDDSA
> 19
Please select which elliptic curve you want:
(1) NIST P-256
(2) NIST P-384
(3) NIST P-521
> 2
Generating a new key...
signature 384/ECDSA d45592277b75ada1 2017-06-21
Key fingerprint: 4244 2969 07ca 42f7 b6d8 1636 d455 9227 7b75 ada1
uid ECDSA 384-bit key <flowher@localhost>
rnp: generated keys in directory /tmp/.rnp
Enter password for d45592277b75ada1:
Repeat password for d45592277b75ada1:
>
Listing keys
export keyringdir=${keydir}/MYFINGERPRINT
rnpkeys --list-keys --homedir=${keyringdir}
⇒
1 key found
...
Signing a file
Signing in binary format
rnp --sign --homedir=${keyringdir} ${filename}
⇒
Creates ${filename}.gpg
which is an OpenPGP message that includes the
message together with the signature as a 'signed message'.
This type of file can be verified with:
-
rnp --verify --homedir=${keyringdir} ${filename}.gpg
Signing in binary detached format
rnp --sign --detach --homedir=${keyringdir} ${filename}
⇒
Creates ${filename}.sig
which is an OpenPGP message in binary
format, that only contains the signature.
This type of file can be verified with:
-
rnp --verify --homedir=${keyringdir} ${filename}.sig
Signing in armored (“ASCII-armored”) format
rnp --sign --armor --homedir=${keyringdir} ${filename}
⇒
Creates ${filename}.asc
which is an OpenPGP message in ASCII-armored
format, including the message together with the signature as a
“signed message”.
This type of file can be verified with:
-
rnp --verify --homedir=${keyringdir} ${filename}.asc
Other options
--clearsign
-
appends a separate OpenPGP signature to the end of the newly signed message.
--detach
-
saves the OpenPGP signature in a separate file from the newly signed message.
Encrypt
rnp --encrypt --homedir=${keyringdir} ${filename}
⇒
Creates ${filename}.gpg
, which is an encrypted OpenPGP message.
Decrypt
rnp --decrypt --homedir=${keyringdir} ${filename}.gpg
⇒
Creates ${filename}
, the decrypted form of the ${filename}.gpg
encrypted OpenPGP message.
Check version
The output of rnp --version
contains the git
hash of the version
the binary was built from, of which value is generated when cmake
runs.
Consequently, a release tarball generated with make dist
will
contain this hash version.