From ArchWiki

Stateless OpenPGP (SOP) is a standard for commandline interface (CLI) tools to perform OpenPGP operations. It is defined in a dedicated IETF draft outlining its features and syntax.

Many SOP implementations exist and are cross-tested in an interoperability test suite.

Although implementations provide executables of differing names, they all have the same CLI and the core functionality can be used interchangeably.

Installation

Several implementations are available for installation:

Tips and tricks

The below examples assume, that the name of the SOP executable (e.g. rsop or sqop) is stored in the environment variable $SOP.

Create a private key

To create an OpenPGP transferable secret key (aka. private key) with the User ID <archie@example.org> use:

$ $SOP generate-key "<archie@example.org>" > archie.tsk

Extract certificate

To extract the certificate (aka. public key) from the created transferable secret key use:

$ $SOP extract-cert > archie.cert < archie.tsk

Create detached signature

To create a detached signature for a message use:

$ echo "Hello world" | $SOP sign archie.tsk > msg.sig

Verify detached signature

To verify the detached signature, provide the original message, the signature as well as the OpenPGP certificate:

$ echo "Hello world" | $SOP verify msg.sig archie.cert
2024-02-27T17:36:28Z 12b7169b5fc99d1a2d546b8755d1f4d8a355f3cb 12b7169b5fc99d1a2d546b8755d1f4d8a355f3cb mode:binary

Encrypt a message

Messages can be encrypted by providing the message and the OpenPGP certificate of the recipient:

$ echo "Hello world" | $SOP encrypt archie.cert > encrypted.msg

Decrypt a message

Recipients of encrypted messages can decrypt them by providing the encrypted message and their transferable secret key:

$ $SOP decrypt archie.tsk < encrypted.msg
Hello world

Create cleartext signed message

Cleartext signed messages can be created by providing the message and the signer's transferable secret key:

$ echo "Hello world" | $SOP inline-sign --as clearsigned archie.tsk
-----BEGIN PGP SIGNED MESSAGE-----

Hello world

-----BEGIN PGP SIGNATURE-----

wnUEARYKAB0WIQQStxabX8mdGi1Ua4dV0fTYo1XzywUCZd4eOgAKCRBV0fTYo1Xz
yyqJAQDUD/lbhqOHL/O0cjtytXQXnMOx5twW3FT3RJPlu9JZUAEA2OAMhzLmX6Bb
mXz8Tu0eApqbxu64ksieL8YNN20IwQs=
=77wU
-----END PGP SIGNATURE-----

See also