= Using the RNP command-line interface == Generating an RSA private key By default, `rnpkeys --generate-key` generates a 2048-bit RSA key. [source,console] ---- export keydir=/tmp rnpkeys --generate-key --homedir=${keydir} ---- => [source,console] ---- rnpkeys: generated keys in directory ${keydir}/6ed2d908150b82e7 ---- NOTE: Here `6ed2d...` is the key fingerprint. In order to use fully-featured key-pair generation, the `--expert` flag should be used. With this flag added to `rnpkeys --generate-key`, the user will be able to generate a key-pair for any supported algorithm and/or key size. Example: [source,console] ---- > export keydir=/tmp > rnpkeys --generate-key --expert --homedir=${keydir} Please select what kind of key you want: (1) RSA (Encrypt or Sign) (19) ECDSA (22) EDDSA > 19 Please select which elliptic curve you want: (1) NIST P-256 (2) NIST P-384 (3) NIST P-521 > 2 Generating a new key... signature 384/ECDSA d45592277b75ada1 2017-06-21 Key fingerprint: 4244 2969 07ca 42f7 b6d8 1636 d455 9227 7b75 ada1 uid ECDSA 384-bit key rnp: generated keys in directory /tmp/.rnp Enter password for d45592277b75ada1: Repeat password for d45592277b75ada1: > ---- == Listing keys [source,console] ---- export keyringdir=${keydir}/MYFINGERPRINT rnpkeys --list-keys --homedir=${keyringdir} ---- => [source,console] ---- 1 key found ... ---- == Signing a file === Signing in binary format [source,console] ---- rnp --sign --homedir=${keyringdir} ${filename} ---- => Creates `${filename}.gpg` which is an OpenPGP message that includes the message together with the signature as a 'signed message'. This type of file can be verified with: * `rnp --verify --homedir=${keyringdir} ${filename}.gpg` === Signing in binary detached format [source,console] ---- rnp --sign --detach --homedir=${keyringdir} ${filename} ---- => Creates `${filename}.sig` which is an OpenPGP message in binary format, that only contains the signature. This type of file can be verified with: * `rnp --verify --homedir=${keyringdir} ${filename}.sig` === Signing in armored ("`ASCII-armored`") format [source,console] ---- rnp --sign --armor --homedir=${keyringdir} ${filename} ---- => Creates `${filename}.asc` which is an OpenPGP message in ASCII-armored format, including the message together with the signature as a "`signed message`". This type of file can be verified with: * `rnp --verify --homedir=${keyringdir} ${filename}.asc` === Other options `--clearsign`:: appends a separate OpenPGP signature to the end of the newly signed message. `--detach`:: saves the OpenPGP signature in a separate file from the newly signed message. == Encrypt [source,console] ---- rnp --encrypt --homedir=${keyringdir} ${filename} ---- => Creates `${filename}.gpg`, which is an encrypted OpenPGP message. == Decrypt [source,console] ---- rnp --decrypt --homedir=${keyringdir} ${filename}.gpg ---- => Creates `${filename}`, the decrypted form of the `${filename}.gpg` encrypted OpenPGP message. == Check version The output of `rnp --version` contains the `git` hash of the version the binary was built from, of which value is generated when `cmake` runs. Consequently, a release tarball generated with `make dist` will contain this hash version.