Repository files navigation

gpg-tui is aTerminal User Interface forGnuPG.

It aims to ease the key management operations such as listing/exporting/signing by providing an interface along with the command-line fallback for more complex operations. It is not trying to be a full-fledged interface forall the features thatgpg provides but it tries to bring a more interactive approach to key management.

gpg-tui --stylecolored --splash --homedir/etc/pacman.d/gnupg

• Rust:>=1.70.0
• Core dependencies:gnupg,gpgme>=1.12.0,libgpg-error
• Other dependencies:libxcb

Pleases note that the name of these dependencies (packages) might change depending on the distribution/platform.(*)

For installing these dependencies:

• on Arch Linux, runpacman -S gpgme libx11
• on Debian/Ubuntu, runapt-get install libgpgme-dev libx11-dev libxcb-shape0-dev libxcb-xfixes0-dev libxkbcommon-dev
• on Fedora, rundnf install gpgme-devel libX11-devel
• on Void Linux, runxbps-install -S gpgme-devel libxcb-devel libgpg-error-devel gnupg

gpg-tui is available oncrates.io:

cargo install gpg-tui

gpg-tui can be installed from thecommunity repository usingPacman:

pacman -S gpg-tui

gpg-tui is also available onAUR and it can be installed with anAUR helper:

paru -S gpg-tui-git

Or if you prefer, you can clone theAUR packages and compile them withmakepkg:

# clone the AUR repositorygit clone https://aur.archlinux.org/gpg-tui-git.git&&cd gpg-tui-git/# build the packagemakepkg -si

gpg-tui is available forAlpine Edge. It can be installed viaapk after enabling thecommunity repository.

apk add gpg-tui

Available indm9pZCAq overlay

eselect repositoryenable dm9pZCAqemerge --sync dm9pZCAqemerge app-crypt/gpg-tui::dm9pZCAq

To install theHomebrew package, run:

brew install gpg-tui

To update, run:

brew upgrade gpg-tui

See availabletags.

docker pull orhunp/gpg-tui:[tag]

You can also use the following command for a quick launch:

docker run --rm -it -v"$HOME/.gnupg":/app/.gnupg --user 1000:1000 orhunp/gpg-tui --homedir /app/.gnupg

# clone the repositorygit clone https://github.com/orhun/gpg-tui.git&&cd gpg-tui/# build the imagedocker build -t gpg-tui.# run the containerdocker run -it gpg-tui

All required dependencies are automatically fetched and installed independently of the installation method chosen.

# using a portcd /usr/ports/security/gpg-tuimake install

# alternative method using portmasterportmaster security/gpg-tui

# update repository catalogue (if outdated)pkg update# fetch and install the packagepkg install gpg-tui

gpg-tui is available from the mainpkgsrc branch.

pkgin install gpg-tui

cd /usr/pkgsrc/security/gpg-tuimake install

# clone the repositorygit clone https://github.com/orhun/gpg-tui.git&&cd gpg-tui/# build and installcargo install --root"$HOME/.cargo" --path.

See availablereleases that are automated byContinuous Deployment workflow.

gpg-tui [OPTIONS]

Options:  -a, --armor                 Enables ASCII armored output      --splash                Shows the splash screen on startup      --config <path>         Sets the configuration file [env: GPG_TUI_CONFIG=]      --homedir <dir>         Sets the GnuPG home directory [env: GNUPGHOME=]  -o, --outdir <dir>          Sets the output directory [env: OUTDIR=]      --outfile <path>        Sets the template for the output file name [env: OUTFILE=] [default: {type}_{query}.{ext}]  -d, --default-key <key>     Sets the default key to sign with [env: DEFAULT_KEY=]  -t, --tick-rate <ms>        Sets the tick rate of the terminal [env: TICK_RATE=] [default: 250]  -c, --color <color>         Sets the accent color of the terminal [env: COLOR=] [default: gray]  -s, --style <style>         Sets the style of the terminal [env: STYLE=] [default: colored] [possible values: plain, colored]  -f, --file-explorer <app>   Sets the utility for file selection [env: FILE_EXPLORER=] [default: xplr]      --detail-level <level>  Sets the detail level for the keys [env: DETAIL_LEVEL=] [default: minimum] [possible values: minimum, standard, full]      --log-file <path>       Sets the file to save the logs [env: LOG_FILE=]      --select <option>       Enables the selection mode [env: SELECT=] [possible values: row1, row2, key, key-id, key-fingerprint, user-id]  -h, --help                  Print help (see more with '--help')  -V, --version               Print version

It is possible to override the command line arguments with a configuration file.

Seegpg-tui.toml for the default configuration values.

The configuration file can be specified via--config argument orGPG_TUI_CONFIG environment variable. Also, it can be placed to a location wheregpg-tui looks for:

• <config_dir>/gpg-tui.toml
• <config_dir>/gpg-tui/gpg-tui.toml
• <config_dir>/gpg-tui/config

<config_dir> depends on the platform as shown in the following table:

Key bindings can be overridden/customized via usinggeneral.key_bindings setting in theconfiguration file. For example,

key_bindings = [  {keys = ["?","h","f1" ],command =":help" },  {keys = ["C-s","s" ],command =":style colored" },  {keys = ["C-d","C-c","q" ],command =":quit" },]

keys array contains the keycodes which is either a single key (e.g.a), a key combination (e.g. Control-C:C-c, Alt-C:A-c), or a special key (e.g.Backspace,Enter). Available key codes can be found in thecrossterm documentation.

Also, see thelist of commands.

Available keys in the keyring (which can be specified via--homedir argument) are showed on a table. This table consists of 2 columns which arekey information anduser information.

The level of detail that an individual table row shows is determined bydetail levels.

1. Minimum: shows only the primary key and user ID.

[sc--] rsa3072/B14085A20355B74DE0CE0FA1E19F76D037BD65B6  │  [u] Example Key <example@key>

2. Standard: shows all the subkeys and user IDs.

[sc--] rsa3072/B14085A20355B74DE0CE0FA1E19F76D037BD65B6  │  [u] Example Key <example@key>|      └─(2021-05-14)                                    │   └─[u] Other User ID <example@key>[--e-] rsa3072/E56CAC142AE5A979BEECB00FB4F68595CAD4E7E5  │       └─(2021-05-14)

3. Full: shows signatures and notations.

[sc--] rsa3072/B14085A20355B74DE0CE0FA1E19F76D037BD65B6  │  [u] Example Key <example@key>|      └─(2021-05-14)                                    │   │  └─[13] selfsig (2021-05-16)[--e-] rsa3072/E56CAC142AE5A979BEECB00FB4F68595CAD4E7E5  │   │     └─[h] test@notation=xyz       └─(2021-05-14)                                    |   └─[u] Other User ID <example@key>                                                                   ├─[13] selfsig (2021-05-16)                                                                   └─[10] 84C39331F6F85326 Other Signer Key <example@signer> (2021-05-16)

Detail level can be set using--detail-level argument ordetail_level entry in theconfiguration file.

An example table entry for the detail levelfull (which includes subkeys) is explained via reference numbers below.

[sc--]⁰  rsa3072¹/B14085A20355B74DE0CE0FA1E19F76D037BD65B6²|³       └─(2021-05-14)⁴[--e-]⁰*⁶rsa3072¹/E56CAC142AE5A979BEECB00FB4F68595CAD4E7E5²         └─(2021-05-14) -> (2021-05-16)⁴ [exp]⁵

0: Key flags. Determines what the key can do.

• s: sign
• c: certify
• e: encrypt
• a: authenticate

1: Algorithm of the key.

2: Fingerprint of the key.

3: Indicates that the next key is a subkey.

4: Time information of the key:

• creation time (Y-m-d)
• expiration time (Y-m-d)

5: Is the key one of the following?

• [exp]: expired
• [rev]: revoked
• [d]: disabled
• [i]: invalid
• [q]: qualified

6: Star symbol (*) is shown after key flags if the key is selected as the default signing key.

An example table entry for the detail levelfull (which includes other user IDs, signatures and notations) is explained via reference numbers below.

[u]⁰ Test Key <test@test>¹ │²  └─[13]³ selfsig⁴ (2021-05-16)⁶ │             └─[h]⁹ test@notation=xyz⁸ └─[u]⁰ Test Key2 <test2@test2>¹        ├─[13]³ selfsig⁴ (2021-05-16)⁶        └─[10]³ 84C39331F6F85326 Test Key 2 <test2@example.com>⁵ (2021-05-16)⁶ [!x]⁷

0: Validity of the user.

• [q]: undefined
• [n]: never
• [m]: marginal
• [f]: full
• [u]: ultimate
• [?]: unknown

1: User ID. (name +email)

2: Indicates the next user ID.

3: Certification level of the signature.

• [10]: no indication
• [11]: personal belief but no verification
• [12]: casual verification
• [13]: extensive verification

4: Indicates that this is a self signature, whereby the users' own private key was used to sign their public key.

5: Key and user ID of the signer. (key +name +email)

6: Time information of the signature.

• creation time (Y-m-d)
• expiration time (Y-m-d)

7: Is the signature one of the following?

• [exp]: expired
• [rev]: revoked
• [i]: invalid
• [!x]: non-exportable

8: Notation data.

9: Flags associated with the notation data.

• [h]: the notation data is in human readable form
• [!]: the notation data is critical

Press? while running the terminal interface to see information about key bindings and GnuPG configuration.

Use arrow orhjkl keys to scroll and navigate through lists/menus/tabs. Additionally, you can useCtrl-Up/Down combinations orPageUp/PageDown keys to scroll to the top/bottom.

If rows are not fitting on the terminal interface, useAlt + arrow/hjkl keys to individually scroll them.

Most of the actions can be performed using the options menu. Simply pressEnter and select what you want to do.

There's acopy mode for making it easier to copy particular values to the clipboard. To use this mode, pressc followed by one of the key bindings:

• x: Copy the exported key
• i: Copy the key id
• f: Copy the key fingerprint
• u: Copy the user id
• 1,2: Copy the content of the row

Then the value will be copied to the clipboard and the application mode will be reverted tonormal.

PressESC orn to cancel and switch tonormal mode during this operation.

Instead of copying values withcopy mode, you can use thevisual mode which disables the mouse capture. It means that you can select/highlight the text on the interface and copy as you do normally.

visual mode can be used for other purposes such as scrolling via mouse.

In the selection mode, key bindings that are responsible for showing the options menu (e.g.enter) are used for exiting the user interface and printing out the selection to the standard output. This is useful when you want to usegpg-tui in conjunction with shell commands/other tools.

For switching to the selection mode, use the--select argument as follows:

gpg-tui --select<option>

<option> might be one of the following:

• key: Exported key
• key-id: Key ID
• key-fingerprint: Key fingerprint
• user-id: User ID
• row<n>: Contents of the nth row

For example, you can use the following shell function to encrypt a file for the selected recipient (key ID):

functionencrypt() { gpg -e -r$(gpg-tui --select key-id)"$@"; }

PressTab to toggle thedetail level for the selected entry in the list. Number keys (e.g.1,2,3) can be also used to set a specific level.

Presst to toggle the detail level for all entries in the list.

There are couple a of different modes for the size of the tables which changes the details that each entry shows. You can use them key for switching to different modes.

Press/ to search for a value from the currently shown table.

Some of the key management operations such asimporting keysoptionally use a file explorer utility. As default,gpg-tui usesxplr if thexplr binary isinstalled on the system. To change which utility is going to be used,--file-explorer argument can be used or it can be specified in theconfiguration file.

gpg-tui --file-explorer"fzf --color dark"

To view the log messages, pressctrl-l. It will bring up a pane in the TUI for analyzing the logs:

This pane consists of two parts. Left is the target selector and on the right side the logging messages view scrolling up.

The target selector controls:

• Capturing of log messages by the logger.
• Selection of levels for display in the logging message view.

The two columns have the following meaning:

• CodeEWIDT:E stands for Error,W for Warn, and similarly Info, Debug and Trace.
  • Inverted characters (EWIDT) are enabled log levels in the view.
  • Normal characters show enabled capturing of a log level per target.
  • If any of EWIDT are not shown, then the respective log level is not captured.

This logger pane has the following key bindings and they are only activated while the logs are being shown:

For saving the logs to a file, you can use the--log-file argument:

gpg-tui --log-file gpg-tui.log

RUST_LOG environment variable can be used to set the log level accordingly.

RUST_LOG=debug gpg-tui

Every operation on the terminal interface is handled implicitly by the application-specific commands. So it's possible to do certain things by switching to command mode with pressing: and running commands. (similar to Vim)

For example,

• :list pub -> list public keys
• :set armor true -> enable armored output

A full list of commands can be foundhere.

Also you can switch between command mode and search by pressingTab.

Available keys in the keyring are listed on a table as default. They can bescrolled or the listing type (public/secret keys) can be changed by changing the tab via arrow keys.

See theapproach section for more information about the meaning of the table rows.

Pressx to export the selected key to a file. The default output directory is$GNUPGHOME/out and can be changed by either using--homedir or--outdir argument.

Additionally, you can enable/disable armored output by pressinga.

Also, you can export the secret subkeys by using the options menu:

Presss to sign the selected key with the default secret key. This key can be specified with--default-key argument or using the options menu.

This feature usesgpg fallback and runsgpg --sign-key command.

Presse to edit the selected key.

This feature usesgpg fallback and runsgpg --edit-key command. It presents a menu that provides a list of options to change the key details. See theedit-key documentation for more information.

Import operation uses afile explorer for selecting the key(s) to import. Pressi to launch the file explorer (defaults toxplr), and select the key file(s) to import:

If a file explorer is not specified or installed, import operation is done by using the:import command. So pressi to switch to command mode (which will automatically add the import command) and then give it your file(s) to import.

You can also import keys from clipboard using:import-clipboard command or the options menu.

Similar to import, receive operation is also done by using a command which is:receive. So pressf (forfetching keys from a keyserver) and give it your key ID(s).

This feature usesgpg fallback and runsgpg --receive-keys command.

Pressu (foruploading to the keyserver) followed byy (for confirmation) to send the selected key to the default keyserver.

Pressg to generate a new key pair.

This feature usesgpg fallback and runsgpg --full-generate-key command. It presents dialogs for all of the generation options.

PressBackspace followed byy (for confirmation) to delete the selected key from the keyring.

PressCtrl-y for refreshing the keyring.

This feature usesgpg fallback and runsgpg --refresh-keys command.

You can customize the look ofgpg-tui to get rid of itsboring andminimalistic vibe. (!)

To enable colors, you can specify a style with--style argument or pressCtrl-S while running for toggling the style. Currently, only one style is supported which iscolored.

gpg-tui --style colored

If the defaultaccent color of the interface causes problems with your theme or if you just want to change it to something more vivid, you can use--color argument to specify another color in HEX format.

gpg-tui --style colored --color 507030

To disable colors:

gpg-tui --style plain

Alternatively, you can set theNO_COLOR environment variable.

There is a splash screen that shows the project's logo for a couple of seconds if--splash flag is present. It's purely cosmetical.

gpg-tui --splash

To enable colors for the splash screen, use thecolored style.

gpg-tui --splash --style colored

gpg-tui is tested on Linux systems during the development phase. It should be tested on other platforms such as Microsoft Windows and macOS and found issues should be reported for future compatibility with these platforms.

gpg-tui should be more and easily accessible for other platforms/distributions. Thus, it should be packaged for package managers such asHomebrew andAPT. If you're a packager and want to contribute, feel free tosubmit an issue orstart a discussion!

Some of the features ofgpg-tui require the execution of the CLI programgpg in order to operate. This is due to the fact that designing a TUI for the menus that gpg already provides is redundant and time-consuming. Also, in case these menus will change in the future, it is better to rely on the gpg rather than implementing these options using GPGME. On the other hand, gpg has some commands that GPGME doesn't directly provide. (e.g--refresh-keys) So it is more convenient to utilize gpg for these cases.

The plan for the future ofgpg-tui is utilizinggpgwhen it is necessary, depending on whether if it is more convenient for the user.

gpg-tui only aims to dokey management for now, although it can do much more utilizing GPGME and/orgpg. It's due to the design choice and also for setting the boundaries of the project.

• Code of Conduct
• Contribution Guidelines
• Changelog
• List of Commands

• GnuPG Documentation
• Understanding PGP/GPG Key Server Output
• What is the meaning of GnuPG's --list-sigs output?

• Hacker News
• heise online - IT-News

If you findgpg-tui and/or other projects on myGitHub profile useful, consider supporting me onGitHub Sponsors orbecoming a patron!

The MIT License

Copyright © 2021-2024,Orhun Parmaksız