FreeBSD Manual Pages
SQ(1) User Commands SQ(1) NAME sq key subkey - Manage Subkeys SYNOPSIS sq key subkey add [OPTIONS] FILE sq key subkey revoke [OPTIONS] SUBKEY REASON MESSAGE DESCRIPTION Manage Subkeys. Add new subkeys to an existing key. SUBCOMMANDS sq key subkey add Add a newly generated Subkey. A subkey has one or more flags. `--can-sign` sets the signing flag, and means that the key may be used for signing. `--can-authenticate` sets the authentication flags, and means that the key may be used for au- thentication (e.g., as an SSH key). These two flags may be combined. `--can-encrypt=storage` sets the storage encryption flag, and means that the key may be used for storage encryption. `--can-encrypt=trans- port` sets the transport encryption flag, and means that the key may be used for transport encryption. `--can-encrypt=universal` sets both the storage and the transport encryption flag, and means that the key may be used for both storage and transport encryption. Only one of the en- cryption flags may be used and it can not be combined with the signing or authentication flag. At least one flag must be chosen. When using `--with-password`, `sq` prompts the user for a password, that is used to encrypt the subkey. The password for the subkey may be different from that of the primary key. Furthermore the subkey may use one of several available cipher suites, that can be selected using `--cipher-suite`. By default a new subkey never expires. However, its validity period is limited by that of the primary key it is added for. Using the `--ex- piry` argument specific validity periods may be defined. It allows for providing a point in time for validity to end or a validity duration. `sq key subkey add` respects the reference time set by the top-level `--time` argument. It sets the creation time of the subkey to the spec- ified time. sq key subkey revoke Revoke a subkey. Creates a revocation certificate for a subkey. If `--revocation-file` is provided, then that key is used to create the signature. If that key is different from the certificate being re- voked, this creates a third-party revocation. This is normally only useful if the owner of the certificate designated the key to be a des- ignated revoker. If `--revocation-file` is not provided, then the certificate must in- clude a certification-capable key. `sq key subkey revoke` respects the reference time set by the top-level `--time` argument. When set, it uses the specified time instead of the current time, when determining what keys are valid, and it sets the re- vocation certificate's creation time to the reference time instead of the current time. EXAMPLES sq key subkey add First, generate a key sq key generate --userid '<juliet@example.org>' \ --output juliet.key.pgp Add a new Subkey for universal encryption which expires at the same time as the primary key sq key subkey add --output juliet-new.key.pgp \ --can-encrypt universal juliet.key.pgp Add a new Subkey for signing using the rsa3k cipher suite which expires in five days sq key subkey add --output juliet-new.key.pgp --can-sign \ --expiry 5d --cipher-suite rsa3k juliet.key.pgp SEE ALSO sq(1), sq-key(1), sq-key-subkey-add(1), sq-key-subkey-revoke(1). For the full documentation see <https://book.sequoia-pgp.org>. VERSION 0.36.0 (sequoia-openpgp 1.20.0) Sequoia PGP 0.36.0 SQ(1)
NAME | SYNOPSIS | DESCRIPTION | SUBCOMMANDS | EXAMPLES | SEE ALSO | VERSION
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-key-subkey&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>