Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Commands using gpg from sorted by
Terminal - Commands using gpg - 36 results
x=KEY; gpg --keyserver subkeys.pgp.net --recv $x; gpg --export --armor $x | sudo apt-key add -
2013-11-26 10:49:32
User: sxiii
Functions: gpg sudo
1

Replace KEY with GPG key. This command will load GPG key and add it to your system so you can use software from third party repos etc.

echo 'HelloWorld!' | gpg --symmetric | base64
2013-07-06 08:30:35
User: ryanchapman
Functions: echo gpg
Tags: GPG
0

Need to encrypt something from the command line? I've used this before to encrypt passwords with a master password that was shared amongst a team.

To decrypt:

~$ echo -n 'jA0EAwMCPdknsznAww5gySL1/quqhXg6QgQkIz5abzGP5EZgTbXCFU+y6dP8ySWovytc' | base64 --decode | gpg --decrypt

gpg: CAST5 encrypted data

Enter passphrase: secret

gpg: encrypted with 1 passphrase

HelloWorld!

tar zcf - foo | gpg -c --cipher-algo aes256 -o foo.tgz.gpg
2013-03-13 09:44:39
User: skkzsh
Functions: gpg tar
0

Decrypt with:

gpg -o- foo.tgz.gpg | tar zxvf -
echo "ls" > script.bash; gpg -c script.bash; cat script.bash.gpg | gpg -d --no-mdc-warning | bash
2013-03-10 09:34:12
User: betsubetsu
Functions: cat echo gpg
-2

echo "ls" > script.bash;

This is my script, a simple 'ls'.

gpg -c script.bash;

Here I encrypt and passord-protect my script. This creates file script.bash.gpg.

cat script.bash.gpg | gpg -d --no-mdc-warning | bash

Here I open file script.bash.gpg, decrypt it and execute it.

for i in `gpg --list-sigs | perl -ne 'if(/User ID not found/){s/^.+([a-fA-F0-9]{8}).*/\1/; print}' | sort | uniq`; do gpg --keyserver-options no-auto-key-retrieve --recv-keys $i; done
2013-03-10 09:15:15
User: hank
Functions: gpg perl sort
Tags: bash GPG sed fetch
0

The original command doesn't work for me - does something weird with sed (-r) and xargs (-i) with underscores all over...

This one works in OSX Lion. I haven't tested it anywhere else, but if you have bash, gpg and perl, it should work.

read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)
2013-03-10 08:59:45
User: rodolfoap
Functions: cat chmod echo gpg read sed wc
5

(Please see sample output for usage)

Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.:

myscript --> myscript.crypt

You can execute myscript.crypt only if you know the password. If you die, your script dies with you.

If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string).

Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner.

Sorry for the chmod on parentheses, I dont like "-" at the end.

Thanks flatcap for the subshell abbreviation to /dev/null

echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure
2013-03-09 11:16:48
User: rodolfoap
Functions: chmod echo gpg sed stat
6

(Please see sample output for usage)

script.bash is your script, which will be crypted to script.secure

script.bash --> script.secure

You can execute script.secure only if you know the password. If you die, your script dies with you.

If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string).

Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner.

gpg --export 0xDEADBEEF | gpg --list-packets | grep -Pzao ':signature packet:.*\n\t.*sigclass 0x20(\n\t.*)*'
2013-03-05 14:11:11
User: claudius
Functions: gpg grep
Tags: GPG revocation
0

Shows a sigclass 0x20 (Key revocation) signature packet on a key, including all subpackets. Subpacket 2 is the date of revocation, subpacket 26 the relevant policy, subpacket 29 the reason of revocation (cf. http://rfc.askapache.com/rfc4880/rfc4880.html#section-5.2.3.23 ) and subpacket 16 the issuer of the revocation certificate (usually should be the same as the revoked key).

gpg -c sensitive.txt; gpg sensitive.txt.gpg
gpg -c <filename>
2011-11-21 06:26:59
User: Dhinesh
Functions: gpg
Tags: Security
3

This will encrypt your single file and create a filename.gpg file.

Option: * -c : Encrypt with symmetric cipher

To decrypt

dhinesh@ubuntu:~$ gpg -c sample.rb.gpg

gpg -d file.txt.gpg -o file.txt
gpg --verify file.txt.asc file.txt
gpg -c file.txt
gpg -ser 'myfriend@gmail.com' file.txt
2011-09-17 04:51:02
User: kev
Functions: gpg
Tags: GPG
-3

-s

Make a signature.

-e

Encrypt data.

-r

Encrypt for user id name.

gpg -ab file.txt
gpg -e --default-recipient-self <SENSITIVE_FILE> && shred -zu "$_"
2011-07-24 05:51:47
User: h3xx
Functions: gpg shred
Tags: GPG shred
0

Make sure the file contents can't be retrieved if anyone gets ahold of your physical hard drive.

With hard drive partition:

gpg --default-recipient-self -o /path/to/encrypted_backup.gpg -e /dev/sdb1 && shred -z /dev/sdb1

WARNING/disclaimer: Be sure you... F&%k it--just don't try this.

gpg --list-sigs | sed -rn '/User ID not found/s/^sig.+([a-FA-F0-9]{8}).*/\1/p' | xargs -i_ gpg --keyserver-options no-auto-key-retrieve --recv-keys _
2011-07-22 16:31:25
User: lingo
Functions: gpg sed xargs
Tags: GPG sed fetch
0

For instance, if people have signed your key, this will fetch the signers' keys.

gpg --gen-random --armor 1 30
2011-07-20 15:32:49
User: atoponce
Functions: gpg
9

According to the gpg(1) manual:

--gen-random 0|1|2 count

Emit count random bytes of the given quality level 0, 1 or 2. If count is not given or zero, an endless sequence of random bytes will be emitted. If used with --armor the output will be base64 encoded. PLEASE, don't use this command unless you know what you are doing; it may remove precious entropy from the system!

If your entropy pool is critical for various operations on your system, then using this command is not recommended to generate a secure password. With that said, regenerating entropy is as simple as:

du -s /

This is a quick way to generate a strong, base64 encoded, secure password of arbitrary length, using your entropy pool (example above shows a 30-character long password).

gpg --refresh-keys
sudo apt-get update 2> /tmp/keymissing; for key in $(grep "NO_PUBKEY" /tmp/keymissing |sed "s/.*NO_PUBKEY //"); do echo -e "\nProcessing key: $key"; gpg --keyserver pool.sks-keyservers.net --recv $key && gpg --export --armor $key |sudo apt-key add -; done
2011-03-30 08:18:54
User: Bonster
Functions: echo gpg grep sed sudo
5

You can choose these mirror servers to get gpg keys, if the official one ever goes offline

keyserver.ubuntu.com

pool.sks-keyservers.net

subkeys.pgp.net

pgp.mit.edu

keys.nayr.net

keys.gnupg.net

wwwkeys.en.pgp.net #(replace with your country code fr, en, de,etc)

function cpaste () { gpg -o - -a -c $1 | curl -s -F 'sprunge=<-' http://sprunge.us } function dpaste () { curl -s $1 | gpg -o - -d }
2011-02-26 11:22:08
User: gml
Functions: gpg
1

create simple encrypted notes to yourself using a passphrase on sprunge.us

tar -cvz /<path>/ | gpg --encrypt --recipient <keyID> > /<backup-path>/backup_`date +%d_%m_%Y`.tar.gz.gpg
2011-02-23 14:19:08
User: kaiserkailua
Functions: gpg tar
Tags: GPG tar.gz
1

Create a encrypted tar.gz file from a directory on the fly. The encryption is done by GPG with a public key. The resulting filename is tagged with the date of creation. Very usefull for encrypted snapshots of folders.

dd if=/dev/sdb | pigz | gpg -r <recipient1> -r <recipient2> -e --homedir /home/to/.gnupg | nc remote_machine 6969
2010-12-31 19:24:37
User: brainstorm
Functions: dd gpg
3

Acquires a bit-by-bit data image, gzip-compresses it on multiple cores (pigz) and encrypts the data for multiple recipients (gpg -e -r). It finally sends it off to a remote machine.

info gpg |less
2010-07-01 23:44:15
Functions: gpg info
Tags: less info
1

I like man pages, and I like using `less(1)` as my pager. However, most GNU software keeps the manual in the 'GNU Texinfo' format, and I'm not a fan of the info(1) interface. Just give me less.

This command will print out the info(1) pages, using the familiar interface of less!

nice -n19 dump -0af - /<filesystem> -z9|gpg -e -r <gpg key id>|cstream -v 1 -t 60k|ssh <user@host> "cat > backup.img"
2009-10-29 18:27:25
User: din7
Functions: dump gpg nice ssh
2

This command will nicely dump a filesystem to STDOUT, compress it, encrypt it with the gpg key of your choice, throttle the the data stream to 60kb/s and finally use ssh to copy the contents to an image on a remote machine.