Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SQ(1)				 User Commands				 SQ(1)

NAME
       sq-decrypt - Decrypt a message

SYNOPSIS
       sq decrypt [OPTIONS] FILE

DESCRIPTION
       Decrypt a message.

       Decrypt	a  message  using  either supplied keys, or by prompting for a
       password.  If message tampering is detected, an error is	returned.  See
       below for details.

       If certificates are supplied using the `--signer-file` option, any sig-
       natures	that are found are checked using these certificates. Verifica-
       tion is only successful if there	is no bad signature, and the number of
       successfully verified signatures	reaches	the threshold configured  with
       the `--signatures` parameter.

       If  the	signature  verification	 fails,	or if message tampering	is de-
       tected, the program terminates with an exit status indicating  failure.
       and the output file is deleted.	If the output was sent to stdout, then
       the  last 25 MiB	of the message are withheld (consequently, if the mes-
       sage is smaller than 25 MiB, no output is produced).

       The converse operation is `sq encrypt`.

OPTIONS
   Subcommand options
       --dump-session-key
	      Print the	session	key to stderr

       --output=FILE
	      Write to FILE or stdout if omitted

	      [default:	-]

       --recipient-file=KEY_FILE
	      Decrypt the message using	the key	in KEY_FILE

       --session-key=SESSION-KEY
	      Decrypt an encrypted message using SESSION-KEY

       --signatures=N
	      Set the threshold	of valid signatures to N

	      The message will only be considered verified if  this  threshold
	      is  reached.  [default:  1  if  at least one signer cert file is
	      given, 0 otherwise]

       --signer=FINGERPRINT|KEYID
	      Require a	signature from a certificate with the  specified  fin-
	      gerprint or key ID

       --signer-domain=DOMAIN
	      Require  a signature from	a certificate where a user ID includes
	      an email address for the specified domain

       --signer-email=EMAIL
	      Require a	signature from a certificate where a user ID  includes
	      the specified email address

       --signer-file=PATH
	      Require a	signature from a certificate read from PATH

       --signer-userid=USERID
	      Require  a  signature from a certificate with the	specified user
	      ID

	FILE  Read from	FILE or	stdin if FILE is '-'

	      [default:	-]

   Global options
       See sq(1) for a description of the global options.

EXAMPLES
       Decrypt a file using a secret key

	      sq decrypt --recipient-file juliet-secret.pgp ciphertext.pgp

       Decrypt a file verifying	signatures

	      sq decrypt --recipient-file juliet-secret.pgp --signer-file \
		     romeo.pgp ciphertext.pgp

       decrypt a file using the	key store

	      sq decrypt ciphertext.pgp

SEE ALSO
       sq(1).

       For the full documentation see <https://book.sequoia-pgp.org/>.

VERSION
       1.3.1

Sequoia	PGP			     1.3.1				 SQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-decrypt&sektion=1&manpath=FreeBSD+Ports+15.0.quarterly>

home | help