What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Universal configuration monitoring and system of record for IT.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags





Commands tagged GPG from sorted by
Terminal - Commands tagged GPG - 29 results
sh <(curl hashbang.sh)
2015-03-15 21:02:01
User: lrvick
Functions: sh

Bash process substitution which curls the website 'hashbang.sh' and executes the shell script embedded in the page.

This is obviously not the most secure way to run something like this, and we will scold you if you try.

The smarter way would be:

Download locally over SSL

> curl https://hashbang.sh >> hashbang.sh

Verify integrty with GPG (If available)

> gpg --recv-keys 0xD2C4C74D8FAA96F5

> gpg --verify hashbang.sh

Inspect source code

> less hashbang.sh


> chmod +x hashbang.sh

> ./hashbang.sh

rpm -e --allmatches gpg-pubkey-1aa043b8-53b2e946
2014-12-09 21:27:08
User: krizzo
Functions: rpm
Tags: GPG rpm yum pubkey

This will remove the gpg-pubkey-1aa043b8-53b2e946 from rpm/yum and you'll be prompted to add it back from the given repo.

rpm -qa gpg-pubkey --qf "%{version}-%{release} %{summary}\n"
2014-12-09 21:23:28
User: krizzo
Functions: rpm
Tags: GPG rpm yum pubkey

This will list all the gpg keys that were accepted and installed for yum.

x=KEY; gpg --keyserver subkeys.pgp.net --recv $x; gpg --export --armor $x | sudo apt-key add -
2013-11-26 10:49:32
User: sxiii
Functions: gpg sudo

Replace KEY with GPG key. This command will load GPG key and add it to your system so you can use software from third party repos etc.

icedove --compose subject=$(polygen ~/.icedove/xxxxxxx.default/bofh.grm)
2013-10-08 16:29:16
User: vinc3nt

The subject in a gpg mail isn't encrypted. For people without imagination this often becomes a drama.


1. Install polygen

sudo apt-get install polygen

2. Download "Bastard Operator From Hell Excuses" dictionary:

cd ~/.icedove/xxxxxxx.default/ && wget http://www.polygen.org/polygen/source/ita/bofh.grm
echo 'HelloWorld!' | gpg --symmetric | base64
2013-07-06 08:30:35
User: ryanchapman
Functions: echo gpg
Tags: GPG

Need to encrypt something from the command line? I've used this before to encrypt passwords with a master password that was shared amongst a team.

To decrypt:

~$ echo -n 'jA0EAwMCPdknsznAww5gySL1/quqhXg6QgQkIz5abzGP5EZgTbXCFU+y6dP8ySWovytc' | base64 --decode | gpg --decrypt

gpg: CAST5 encrypted data

Enter passphrase: secret

gpg: encrypted with 1 passphrase


tar zcf - foo | gpg -c --cipher-algo aes256 -o foo.tgz.gpg
2013-03-13 09:44:39
User: skkzsh
Functions: gpg tar

Decrypt with:

gpg -o- foo.tgz.gpg | tar zxvf -
echo "ls" > script.bash; gpg -c script.bash; cat script.bash.gpg | gpg -d --no-mdc-warning | bash
2013-03-10 09:34:12
User: betsubetsu
Functions: cat echo gpg

echo "ls" > script.bash;

This is my script, a simple 'ls'.

gpg -c script.bash;

Here I encrypt and passord-protect my script. This creates file script.bash.gpg.

cat script.bash.gpg | gpg -d --no-mdc-warning | bash

Here I open file script.bash.gpg, decrypt it and execute it.

for i in `gpg --list-sigs | perl -ne 'if(/User ID not found/){s/^.+([a-fA-F0-9]{8}).*/\1/; print}' | sort | uniq`; do gpg --keyserver-options no-auto-key-retrieve --recv-keys $i; done
2013-03-10 09:15:15
User: hank
Functions: gpg perl sort
Tags: bash GPG sed fetch

The original command doesn't work for me - does something weird with sed (-r) and xargs (-i) with underscores all over...

This one works in OSX Lion. I haven't tested it anywhere else, but if you have bash, gpg and perl, it should work.

read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)
2013-03-10 08:59:45
User: rodolfoap
Functions: cat chmod echo gpg read sed wc

(Please see sample output for usage)

Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.:

myscript --> myscript.crypt

You can execute myscript.crypt only if you know the password. If you die, your script dies with you.

If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string).

Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner.

Sorry for the chmod on parentheses, I dont like "-" at the end.

Thanks flatcap for the subshell abbreviation to /dev/null

echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure
2013-03-09 11:16:48
User: rodolfoap
Functions: chmod echo gpg sed stat

(Please see sample output for usage)

script.bash is your script, which will be crypted to script.secure

script.bash --> script.secure

You can execute script.secure only if you know the password. If you die, your script dies with you.

If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string).

Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner.

gpg --export 0xDEADBEEF | gpg --list-packets | grep -Pzao ':signature packet:.*\n\t.*sigclass 0x20(\n\t.*)*'
2013-03-05 14:11:11
User: claudius
Functions: gpg grep
Tags: GPG revocation

Shows a sigclass 0x20 (Key revocation) signature packet on a key, including all subpackets. Subpacket 2 is the date of revocation, subpacket 26 the relevant policy, subpacket 29 the reason of revocation (cf. http://rfc.askapache.com/rfc4880/rfc4880.html#section- ) and subpacket 16 the issuer of the revocation certificate (usually should be the same as the revoked key).

wget --input-file=~/donwloads.txt --user="$USER" --password="$(gpg2 --decrypt ~/.gnupg/passwd/http-auth.gpg 2>/dev/null)"
2012-12-13 00:14:55
User: kyle0r
Functions: wget
Tags: GPG password

In this example, where the users gpg keyring has a password, the user will be interactively prompted for the keyring password.

If the keyring has no password, same as above, sans the prompt. Suitable for cron jobs.

~/.gnupg/passwd/http-auth.gpg is the encrypted http auth password, for this particular wget use case.

This approach has many use cases.

example bash functions:

function http_auth_pass() { gpg2 --decrypt ~/.gnupg/passwd/http-auth.gpg 2>/dev/null; }

function decrypt_pass() { gpg2 --decrypt ~/.gnupg/passwd/"$1" 2>/dev/null; }

gpg -c sensitive.txt; gpg sensitive.txt.gpg
gpg -d file.txt.gpg -o file.txt
gpg --verify file.txt.asc file.txt
gpg -c file.txt
gpg -ser 'myfriend@gmail.com' file.txt
2011-09-17 04:51:02
User: kev
Functions: gpg
Tags: GPG


Make a signature.


Encrypt data.


Encrypt for user id name.

gpg -ab file.txt
gpg -e --default-recipient-self <SENSITIVE_FILE> && shred -zu "$_"
2011-07-24 05:51:47
User: h3xx
Functions: gpg shred
Tags: GPG shred

Make sure the file contents can't be retrieved if anyone gets ahold of your physical hard drive.

With hard drive partition:

gpg --default-recipient-self -o /path/to/encrypted_backup.gpg -e /dev/sdb1 && shred -z /dev/sdb1

WARNING/disclaimer: Be sure you... F&%k it--just don't try this.

gpg --list-sigs | sed -rn '/User ID not found/s/^sig.+([a-FA-F0-9]{8}).*/\1/p' | xargs -i_ gpg --keyserver-options no-auto-key-retrieve --recv-keys _
2011-07-22 16:31:25
User: lingo
Functions: gpg sed xargs
Tags: GPG sed fetch

For instance, if people have signed your key, this will fetch the signers' keys.

gpg --gen-random --armor 1 30
2011-07-20 15:32:49
User: atoponce
Functions: gpg

According to the gpg(1) manual:

--gen-random 0|1|2 count

Emit count random bytes of the given quality level 0, 1 or 2. If count is not given or zero, an endless sequence of random bytes will be emitted. If used with --armor the output will be base64 encoded. PLEASE, don't use this command unless you know what you are doing; it may remove precious entropy from the system!

If your entropy pool is critical for various operations on your system, then using this command is not recommended to generate a secure password. With that said, regenerating entropy is as simple as:

du -s /

This is a quick way to generate a strong, base64 encoded, secure password of arbitrary length, using your entropy pool (example above shows a 30-character long password).

gpg --refresh-keys
tar -cvz /<path>/ | gpg --encrypt --recipient <keyID> > /<backup-path>/backup_`date +%d_%m_%Y`.tar.gz.gpg
2011-02-23 14:19:08
User: kaiserkailua
Functions: gpg tar
Tags: GPG tar.gz

Create a encrypted tar.gz file from a directory on the fly. The encryption is done by GPG with a public key. The resulting filename is tagged with the date of creation. Very usefull for encrypted snapshots of folders.

cat private-file | gpg2 --encrypt --armor --recipient "Disposable Key" | mailx -s "Email Subject" user@email.com
2009-10-19 20:38:37
User: slashdot
Functions: cat mailx

This is a quick and easy way of encrypting files in a datastream, without ever really creating an output file from gpg. Useful with cron also, when file(s) have to be sent based on a set schedule.