symbol  Asset 1

Using the RNP command-line tool

Generating an RSA Private Key

By default rnpkeys --generate-key will generate 2048-bit RSA key.

export keydir=/tmp
rnpkeys --generate-key --homedir=${keydir}

rnpkeys: generated keys in directory ${keydir}/6ed2d908150b82e7

In case you’re curious, 6ed2d…​ is the key fingerprint.

In order to use fully featured key pair generation --expert flag should be used. With this flag added to rnpkeys --generate-key user has a possibility to generate keypair for any supported algorithm and/or key size.

Example:

> export keydir=/tmp
> rnpkeys --generate-key --expert --homedir=${keydir}

Please select what kind of key you want:
    (1)  RSA (Encrypt or Sign)
    (19) ECDSA
    (22) EDDSA
> 19

Please select which elliptic curve you want:
    (1) NIST P-256
    (2) NIST P-384
    (3) NIST P-521
> 2

Generating a new key...
signature  384/ECDSA d45592277b75ada1 2017-06-21
Key fingerprint: 4244 2969 07ca 42f7 b6d8 1636 d455 9227 7b75 ada1
uid              ECDSA 384-bit key <flowher@localhost>
rnp: generated keys in directory /tmp/.rnp
Enter password for d45592277b75ada1:
Repeat password for d45592277b75ada1:
>

Listing Keys

export keyringdir=${keydir}/MYFINGERPRINT
rnpkeys --list-keys --homedir=${keyringdir}

1 key found
...

Signing a File

Signing in binary format

rnp --sign --homedir=${keyringdir} ${filename}

Creates ${filename}.gpg which is an OpenPGP message that includes the message together with the signature as a 'signed message'.

This type of file can be verified by:

  • rnp --verify --homedir=${keyringdir} ${filename}.gpg

Signing in binary detatched format

rnp --sign --detach --homedir=${keyringdir} ${filename}

Creates ${filename}.sig which is an OpenPGP message in binary format, that only contains the signature.

This type of file can be verified by:

  • rnp --verify --homedir=${keyringdir} ${filename}.sig

Signing in Armored (ASCII-Armored) format

rnp --sign --armor --homedir=${keyringdir} ${filename}

Creates ${filename}.asc which is an OpenPGP message in ASCII-armored format, including the message together with the signature as a 'signed message'.

This type of file can be verified by:

  • rnp --verify --homedir=${keyringdir} ${filename}.asc

Other options

  • --clearsign option will append a separate PGP Signaure to the end of the message (the new output)

  • --detach option will append a separate PGP Signaure to the end of the message (the new output)

Encrypt

rnp --encrypt --homedir=${keyringdir} ${filename}

Creates ${filename}.gpg.

Decrypt

rnp --decrypt --homedir=${keyringdir} ${filename}.gpg

Creates ${filename}.

Check binary version

The output of rnp --version contains the git hash of the version the binary was built from, which value is generated when cmake runs.

Consequently, a release tarball generated with make dist will contain this hash version.