1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
| | #compdef gpg gpgv gpg-zip gpg2=gpg
local curcontext="$curcontext" state line expl ret=1
local -a args allopts dups extra
typeset -A opt_args
if [[ $service = gpg-zip ]]; then
args=(
'--gpg[command to use instead of gpg]:command:_command'
'--gpg-args[gpg arguments]:gpg arguments:'
'--tar[command to use instead of tar]:command:_command'
'--tar-args[tar arguments]:tar arguments:'
'--list-archive[list archive contents]'
)
else
allopts=( $(_call_program options $words[1] --dump-options) )
args=(
'(-q --quiet)*'{-v,--verbose}'[increase amount of output]'
'(-q --quiet -v --verbose)'{-q,--quiet}'[reduce amount of output]'
'--keyring=[add specified file to list of keyrings]:file:_files'
'--'{status,logger}'-fd:file descriptor:_file_descriptors'
'--homedir:directory:_directories'
)
fi
[[ $service = gpgv ]] || args+=(
'(-e --encrypt)'{-e,--encrypt}'[encrypt data. this option may be combined with --sign]'
{-d,--decrypt}'[decrypt file or stdin]'
'(-c --symmetric)'{-c,--symmetric}'[encrypt with symmetric cipher only]'
'(-s --sign)'{-s,--sign}'[make a signature]'
'*'{-r+,--recipient}'[specify user to encrypt for]:recipient:->public-keys'
'(-u --local-user)'{-u+,--local-user}'[use name as the user ID to sign]:user attachment:_users'
'(-o --output)'{-o+,--output}'[write output to file]:output file:_files'
'(-h --help)'{-h,--help}'[display usage information]'
'--version[print info on program version and supported algorithms]'
)
[[ $service = gpg ]] && args+=(
'--decrypt-files[decrypt multiple files]'
'(-b --detach-sign)'{-b,--detach-sign}'[make a detached signature]'
--clear{,-}sign'[make a clear text signature]'
'--store[store only]'
'--verify[verify a signature]'
'--verify-files[verify a list of files]'
'(-f --encrypt-files)'{-f,--encrypt-files}'[encrypt files]'
'(-k --list-keys)'{-k,--list-keys}'[list all keys]'
'--list-public-keys[list all public keys]'
'(-K --list-secret-keys)'{-K,--list-secret-keys}'[list all secret keys]'
--list-sig{,nature}s'[lists keys and signatures]:key attachment:->public-keys'
'--list-options[modify what the various --list-* commands show]: :->option-list'
--check-sig{,nature}s'[list key, signatures and check them]:key attachment:->public-keys'
'--fingerprint[list all keys with their fingerprints]:key attachment:->public-keys'
'--list-packets[list only the sequence of packets]'
'--gen-key[generate a new pair key]'
'--edit-key[interactively edit a key]:key attachment:->public-keys'
'--sign-key[sign a key]:key attachment:->public-keys'
'--lsign-key[sign a key but mark as non-exportable]:key attachment:->public-keys'
'--delete-keys[remove key from public keyring]:key attachment:->public-keys'
'--delete-secret-keys[remove key from public & private keyring]:key attachment:->secret-keys'
'--delete-secret-and-public-keys:key attachment:->secret-keys'
'--gen-revoke[generate a revocation certificate]'
'--desig-revoke[generate a designated revocation certificate]'
'--passwd[change a passphrase]'
'--export[export all keys from all keyrings]'
'--send-keys[send keys to a keyserver]:key attachment:->public-keyids'
'--export-secret-keys:key attachment:->secret-keys'
'--export-secret-subkeys:key attachment:->secret-keys'
'--import[import a gpg key from a file]:attachment (file):_files'
'--fast-import[import a file without adding to trustdb]:attachment (file):_files'
'--fetch-keys[fetch key at URIs]:uri:'
--rec{eive,v}-keys'[receive a list of keys from a keyserver]:key attachment:->public-keyids'
'--refresh-keys[update all keys from a keyserver]'
'--search-keys[search for keys on a key server]'
'--update-trustdb[update the trust database]'
'--check-trustdb[unattended trust database update]'
'--fix-trustdb[fix a corrupted trust database]'
'--export-ownertrust[list the assigned ownertrust values in ASCII format]:file:_files'
'--import-ownertrust[update the trustdb with a file]:file:_files'
'--dearmor[de-Armor a file or stdin]'
'--enarmor[en-Armor a file or stdin]'
'--print-md[print message digests]:algorithm:->ciphers::file:_files'
'--print-mds[print message digests]::file:_files'
'--tofu-policy:policy:(good unknown bad ask auto):*:keys:->public-keys'
'--tofu-default-policy:policy:(good unknown bad ask auto)'
'--quick-generate-key:user-id: :algorithm:(default future-default rsa dsa elg ed25519 cv25519): : _values -s , usage - default sign auth encr::expiration'
'--quick-add-key:fingerprint: :algorithm:(default future-default rsa dsa elg ed25519 cv25519): : _values -s , usage - default sign auth encr::expiration'
'--gen-random:quality level:(0 1 2):count (bytes)' '--gen-prime'
'--warranty[print warranty info]'
'(-a --armor)'{-a,--armor}'[create ASCII armored output]'
'--default-key[specify default user ID for signatures]:key:->secret-keys'
'--default-recipient[specify default recipient]:recipient:->public-keys'
'--default-recipient-self[use default key as default recipient]'
'--no-default-recipient[reset default recipient]'
'*--encrypt-to[specify recipient]:key:->public-keys'
'(--encrypt-to)--no-encrypt-to[disable the use of all --encrypt-to keys]'
'--group[set up email aliases]:spec'
'-z[specify compression level]:compression level:((0\:no\ compression 1\:minimum 2 3 4 5 6\:default 7 8 9\:maximum))'
'(-t --textmode)'{-t,--textmode}'[use canonical text mode]'
'(-n --dry-run)'{-n,--dry-run}"[don't make any changes]"
'(-i --interactive --batch)'{-i,--interactive}'[prompt before overwriting files]'
'(-i --interactive --no-batch)--batch[use batch mode]'
'--no-tty[never output to tty]'
'(--batch)--no-batch[disable batch mode]'
'(--no)--yes[assume "yes" on most questions]'
'(--yes)--no[assume "no" on most questions]'
'--default-cert-check-level:check level:((0\:no\ claim 1\:no\ verification 2\:casual\ verification 3\:extensive\ verification))'
'--trusted-key[assume that the specified key is trustworthy]:long key id'
'--always-trust[skip key validation]'
'--keyserver[specify key server to use]:key server:_hosts'
'--keyserver-options[specify keyserver options]:options'
'--import-options[specify options for importing keys]:options'
'--export-options[specify options for exporting keys]:options'
'--photo-viewer:command:_command_names -e'
'--exec-path:path:_dir_list'
'--show-keyring[display keyring name when listing keys]'
'--secret-keyring[add specified file to list of secret keyrings]:file:_files'
'--charset:character set:(iso-8859-1 iso-8859-2 koi8-r utf-8)'
'--utf8-strings' '--no-utf8-strings[arguments are not in UTF8]'
'(--no-options)--options[specify file to read options from]:options file:_files'
"(--options)--no-options[don't read options file]"
'--log-file[write server mode logs to file]:file:_files'
'--'{attribute,passphrase,command}'-fd:file descriptor:_file_descriptors'
'--sk-comments[include secret key comments when exporting keys]'
'(--emit-version)--no-emit-version[omit version string in clear text signatures]'
'(--no-emit-version)--emit-version[force writing of version string in clear text signatures]'
'(-N --notation-data)'{-N,--notation-data}'[put parameter in signature]:name=value'
'(--no-show-notation)--show-notation[show key signature notations]'
"(--show-notation)--no-show-notation[don't show key signature notations]"
'--set-policy-url:policy URL'
'--set-filename[specify file which is stored in messages]:file:_files'
'--completes-needed:number' '--marginals-needed:number' '--max-cert-depth:number'
'--'{{,disable-,s2k-}cipher,{,s2k-,cert-}digest,disable-pubkey}'-algo:cipher:->ciphers'
'--s2k-mode:value'
'--compress-algo:compression algorithm:((0\:disable\ compression 1\:zlib 2\:rfc1950))'
'--personal-'{cipher,digest,compress}'-preferences:string'
--{card-edit,edit-card}'[present smartcard menu]' '--card-status[show smartcard content]'
'--change-pin[present menu to change smartcard pin]'
'--list-config[display internal configuration parameters]'
'--hidden-recipient[hidden recipient]:recipient:->public-keys'
'--default-preference-list:string'
'--fetch-keys:URIs'
'--hidden-encrypt-to:recipient:->public-keys'
'--compress-level:integer'
'--bzip2-compress-level:integer'
'--default-cert-level:integer'
'--max-output[maximum output generated when processing file]:bytes:'
'--gpg-agent-info[override GPG_AGENT_INFO]:'
'--primary-keyring:file:_files'
'--verify-options: :->verify-options'
'--debug:flags:' '--status-file:file:_files'
'--attribute-file:file:_files' '--load-extension:file:_files'
'--s2k-count:integer'
'--sig-notation:name=value:' '--cert-notation:name=value:'
'--passphrase-file:file:_files' '--passphrase-repeat:integer:'
'--command-file:file:_files' '--trustdb-name:file:_files'
'--trust-model:trust model:(pgp classic tofu tofu+pgp direct always auto)'
'--sig-policy-url:string:' '--cert-policy-url:string:'
'--sig-keyserver-url:string:' '--comment[comment]:comment:'
'--no-comments[disable comments]'
'--logger-file[write log to file]:file:_files'
'--rebuild-keydb-caches[create signature caches in keyring]'
'--default-keyserver-url:name:'
'--display-charset[set native charset]:charset:((iso-8859-1 iso-8859-2 iso-8859-15 koi8-r utf-8))'
'--ungroup[remove group]:group name:'
'--no-groups[remove all entries from --group list]'
'--enable-progress-filter[enable progress status output]'
'--multifile[process multiple files]'
'--keyid-format[key id format]:key format:((short 0xshort long 0xlong))'
'--exit-on-status-write-error[exit immediately on error write]'
'--limit-card-insert-tries:integer'
'--reader-port[card reader port]:port'
'--ctapi-driver[file to use to access smartcard reader]:file:_files'
'--pcsc-driver[file to use to access smartcard reader]:file:_files'
'--auto-key-locate:parameters'
'--auto-key-import[import missing key from a signature]'
'--include-key-block[include the public key in signatures]'
'--disable-dirmngr[disable all access to the dirmngr]'
'--dump-options[show all options]'
)
extra=( ${${${args#\([^\)]#\)}#\*}%%[=:\[]*} )
extra=( ${allopts:|extra} )
_arguments -C -s -S -A "-*" $args $extra '*:args:->args' && ret=0
if [[ $state = args ]]; then
if (( ${+opt_args[--export]} || ${+opt_args[-k]} || ${+opt_args[--list-keys]} || ${+opt_args[--list-public-keys]} )); then
state=public-keys
elif (( ${+opt_args[--list-secret-keys]} )); then
state=secret-keys
else
_files && return
fi
fi
# We need to keep some arguments to get a consistent list of keys
# etc.
local -a needed
integer krind=${words[(I)--keyring(|=*)]}
needed=(${words[(r)--no-default-keyring]})
if (( krind )); then
# We have a --keyring option. We can't be completing its
# argument because that was handled above, so it must be complete.
if [[ $words[krind] = --keyring ]]; then
if [[ -n $words[krind+1] ]]; then
needed+=(--keyring=$words[krind+1])
fi
else
needed+=($words[krind])
fi
fi
case "$state" in
public-keys)
local public_keys_lines=(${(f)"$(_call_program public-keys ${(q)words[1]} ${(q)needed} --list-public-keys --list-options no-show-photos --with-colons)"})
local -a uids emails
local i j parts current_uid
for (( i = 1; i < ${#public_keys_lines[@]}; ++i )); do
parts=("${(@s.:.)public_keys_lines[$i]}")
if [[ ${parts[1]} == "fpr" ]]; then
current_uid="${parts[10]}"
i=$((i + 1))
parts=("${(@s.:.)public_keys_lines[$i]}")
while [[ ${parts[1]} == "uid" ]]; do
uids+=("${current_uid}")
emails+=("${parts[10]}")
i=$((i + 1))
parts=("${(@s.:.)public_keys_lines[$i]}")
done
fi
done
_describe -t public-keys 'public key' emails uids
;;
secret-keys)
local secret_keys_lines=(${(f)"$(_call_program secret-keys ${(q)words[1]} ${(q)needed} --list-secret-keys --list-options no-show-photos --with-colons)"})
local -a uids emails
local i j parts current_uid
for (( i = 1; i < ${#secret_keys_lines[@]}; ++i )); do
parts=("${(@s.:.)secret_keys_lines[$i]}")
if [[ ${parts[1]} == "fpr" ]]; then
current_uid="${parts[10]}"
i=$((i + 1))
parts=("${(@s.:.)secret_keys_lines[$i]}")
while [[ ${parts[1]} == "uid" ]]; do
uids+=("${current_uid}")
emails+=("${parts[10]}")
i=$((i + 1))
parts=("${(@s.:.)secret_keys_lines[$i]}")
done
fi
done
_describe -t secret-keys 'secret key' emails uids
;;
ciphers)
_wanted ciphers expl cipher compadd \
${${(s.,.)${(M)${(f)${"$(_call_program ciphers ${(q)words[1]} ${(q)needed} --version)"}//,$'\n' #/, }:#Cipher*}#*:}# } && return
;;
(public-keyids)
local public_keys_lines=(${(f)"$(_call_program public-keyids ${(q)words[1]} ${(q)needed} --list-public-keys --list-options no-show-photos --with-colons)"})
local -a uids emails
local i j parts current_uid
for (( i = 1; i < ${#public_keys_lines[@]}; ++i )); do
parts=("${(@s.:.)public_keys_lines[$i]}")
if [[ ${parts[1]} == "fpr" ]]; then
current_uid="${parts[10]}"
i=$((i + 1))
parts=("${(@s.:.)public_keys_lines[$i]}")
while [[ ${parts[1]} == "uid" ]]; do
uids+=("${current_uid}")
emails+=("${parts[10]}")
i=$((i + 1))
parts=("${(@s.:.)public_keys_lines[$i]}")
done
fi
done
_describe -t public-keyids 'public key' emails uids
;;
(option-list)
_sequence _wanted options expl option \
compadd - {no-,}show-{photos,usage,policy-urls,{std,user}-notations,keyserver-urls,uid-validity,unusable-{uids,subkeys},keyring,sig-{expire,subpackets}} && return
;;
(verify-options)
_sequence _wanted options expl option \
compadd - {no-,}show-{photos,policy-urls,{std,user}-notations,keyserver-urls,uid-validity,unusable-uids,primary-uid-only} {no-,}pka-{lookups,trust-increase} && return
;;
esac
return ret
|