Previous: , Up: Helper Tools   [Contents][Index]

9.11 Encrypt or sign files into an archive

gpgtar encrypts or signs files into an archive. It is an gpg-ized tar using the same format as used by PGP’s PGP Zip.

gpgtar is invoked this way:

gpgtar [options] filename1 [filename2, ...] directory [directory2, ...]

gpgtar understands these options:


Put given files and directories into a vanilla “ustar” archive.


Extract all files from a vanilla “ustar” archive.


Encrypt given files and directories into an archive. This option may be combined with option --symmetric for an archive that may be decrypted via a secret key or a passphrase.


Extract all files from an encrypted archive.


Make a signed archive from the given files and directories. Thsi can be combined with option --encrypt to create a signed and then encrypted archive.


List the contents of the specified archive.


Encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is AES-128, but may be chosen with the --cipher-algo option to gpg.

--recipient user
-r user

Encrypt for user id user. For details see gpg.

--local-user user
-u user

Use user as the key to sign with. For details see gpg.

--output file
-o file

Write the archive to the specified file file.


Enable extra informational output.


Try to be as quiet as possible.


Skip all crypto operations and create or extract vanilla “ustar” archives.


Do not actually output the extracted files.

--directory dir
-C dir

Extract the files into the directory dir. The default is to take the directory name from the input filename. If no input filename is known a directory named GPGARCH is used.

--files-from file
-T file

Take the file names to work from the file file; one file per line.


Modify option --files-from to use a binary nul instead of a linefeed to separate file names.


This option has no effect becuase OpenPGP encryption and signing is the default.


This option is reserved and shall not be used. It will eventually be used to encrypt or sign using the CMS protocol; but that is not yet implemented.

--set-filename file

Use the last component of file as the output directory. The default is to take the directory name from the input filename. If no input filename is known a directory named GPGARCH is used. This option is deprecated in favor of option --directory.

--gpg gpgcmd

Use the specified command gpgcmd instead of gpg.

--gpg-args args

Pass the specified extra options to gpg.

--tar-args args

Assume args are standard options of the command tar and parse them. The only supported tar options are "–directory", "–files-from", and "–null" This is an obsolete options because those supported tar options can also be given directly.


Print version of the program and exit.


Display a brief help page and exit.

The program returns 0 if everything was fine, 1 otherwise.

Some examples:

Encrypt the contents of directory mydocs for user Bob to file test1:

gpgtar --encrypt --output test1 -r Bob mydocs

List the contents of archive test1:

gpgtar --list-archive test1

Previous: , Up: Helper Tools   [Contents][Index]