gnupg: gpgtar
9.11 Encrypt or sign files into an archive
==========================================
'gpgtar' encrypts or signs files into an archive. It is an gpg-ized tar
using the same format as used by PGP's PGP Zip.
'gpgtar' is invoked this way:
gpgtar [options] FILENAME1 [FILENAME2, ...] DIRECTORY [DIRECTORY2, ...]
'gpgtar' understands these options:
'--create'
Put given files and directories into a vanilla "ustar" archive.
'--extract'
Extract all files from a vanilla "ustar" archive.
'--encrypt'
'-e'
Encrypt given files and directories into an archive. This option
may be combined with option '--symmetric' for an archive that may
be decrypted via a secret key or a passphrase.
'--decrypt'
'-d'
Extract all files from an encrypted archive.
'--sign'
'-s'
Make a signed archive from the given files and directories. This
can be combined with option '--encrypt' to create a signed and then
encrypted archive.
'--list-archive'
'-t'
List the contents of the specified archive.
'--symmetric'
'-c'
Encrypt with a symmetric cipher using a passphrase. The default
symmetric cipher used is AES-128, but may be chosen with the
'--cipher-algo' option to 'gpg'.
'--recipient USER'
'-r USER'
Encrypt for user id USER. For details see 'gpg'.
'--local-user USER'
'-u USER'
Use USER as the key to sign with. For details see 'gpg'.
'--output FILE'
'-o FILE'
Write the archive to the specified file FILE.
'--verbose'
'-v'
Enable extra informational output.
'--quiet'
'-q'
Try to be as quiet as possible.
'--skip-crypto'
Skip all crypto operations and create or extract vanilla "ustar"
archives.
'--dry-run'
Do not actually output the extracted files.
'--directory DIR'
'-C DIR'
Extract the files into the directory DIR. The default is to take
the directory name from the input filename. If no input filename
is known a directory named 'GPGARCH' is used. For tarball
creation, switch to directory DIR before performing any operations.
'--files-from FILE'
'-T FILE'
Take the file names to work from the file FILE; one file per line.
'--null'
Modify option '--files-from' to use a binary nul instead of a
linefeed to separate file names.
'--utf8-strings'
Assume that the file names read by '--files-from' are UTF-8
encoded. This option has an effect only on Windows where the
active code page is otherwise assumed.
'--openpgp'
This option has no effect because OpenPGP encryption and signing is
the default.
'--cms'
This option is reserved and shall not be used. It will eventually
be used to encrypt or sign using the CMS protocol; but that is not
yet implemented.
'--set-filename FILE'
Use the last component of FILE as the output directory. The
default is to take the directory name from the input filename. If
no input filename is known a directory named 'GPGARCH' is used.
This option is deprecated in favor of option '--directory'.
'--gpg GPGCMD'
Use the specified command GPGCMD instead of 'gpg'.
'--gpg-args ARGS'
Pass the specified extra options to 'gpg'.
'--tar-args ARGS'
Assume ARGS are standard options of the command 'tar' and parse
them. The only supported tar options are "-directory",
"-files-from", and "-null" This is an obsolete options because
those supported tar options can also be given directly.
'--version'
Print version of the program and exit.
'--help'
Display a brief help page and exit.
The program returns 0 if everything was fine, 1 otherwise.
Some examples:
Encrypt the contents of directory 'mydocs' for user Bob to file 'test1':
gpgtar --encrypt --output test1 -r Bob mydocs
List the contents of archive 'test1':
gpgtar --list-archive test1