PGP ⚡️
caution
The PGP command is restricted and requires setting the --power
option to be used.
You can pass it explicitly or set it globally by running:
scala-cli config power true
The pgp
sub-commands are low-level commands, exposing the PGP capabilities of
Scala CLI. These capabilities are used in the publish
and publish setup
commands
in particular.
These commands make it possible to
- create PGP keys with
pgp create
- get a key fingerprint with
pgp key-id
- push them to / pull them from key servers with
pgp push
/pgp pull
- sign files with
pgp sign
- verify signatures with
pgp verify
These capabilities rely on the Bouncy Castle library.
Note that sub-commands relying on signing, such as publish
, also allow signing
to be handled using gpg
.
Create key pairs
It's not mandatory, although recomended, to use a password to encrypt your keychains.
$ scala-cli pgp create --email [email protected] --password env:MY_PASSWORD
Wrote public key e259e7e8a23475b3 to key.pub
Wrote secret key to key.skr
See the dedicated page for the various formats
accepted by the --password
option.
Get the fingerprint of a public key
$ scala-cli pgp key-id ./key.pub
e259e7e8a23475b3
Push public keys to key servers
$ scala-cli pgp push key.pub
Key 0xe259e7e8a23475b3 uploaded to http://keyserver.ubuntu.com:11371
Pull public keys from key servers
$ scala-cli pgp pull 0x914d298df8fa4d20
-----BEGIN PGP PUBLIC KEY BLOCK-----
…
-----END PGP PUBLIC KEY BLOCK-----
Sign files
$ scala-cli pgp sign --secret-key file:./key.skr --password value:1234 ./foo
$ cat ./foo.asc
-----BEGIN PGP MESSAGE-----
…
-----END PGP MESSAGE-----
$ scala-cli pgp sign --secret-key file:./key.skr --password value:1234 ./foo --stdout
-----BEGIN PGP MESSAGE-----
…
-----END PGP MESSAGE-----
Verify signatures
$ scala-cli pgp verify --key key.pub foo.asc
foo.asc: valid signature