FreeBSD Manual Pages
SQ(1) User Commands SQ(1) NAME sq key generate - Generate a new key SYNOPSIS sq key generate [OPTIONS] DESCRIPTION Generate a new key. Generating a key is the prerequisite to receiving encrypted messages and creating signatures. There are a few parameters to this process, but we provide reasonable defaults for most users. When generating a key, we also generate a revocation certificate. This can be used in case the key is superseded, lost, or compromised. This is saved alongside the key. By default a key expires after 3 years. Using the `--expiry=` argument specific validity periods may be defined. It allows for providing a point in time for validity to end or a validity duration. `sq key generate` respects the reference time set by the top-level `--time` argument. It sets the creation time of the key, any subkeys, and the binding signatures to the reference time. OPTIONS Subcommand options --allow-non-canonical-userids Don't reject user IDs that are not in canonical form. Canonical user IDs are of the form `Name (Comment) <localpart@exam- ple.org>`. -c, --cipher-suite=CIPHER-SUITE Select the cryptographic algorithms for the key [default: cv25519] [possible values: rsa3k, rsa4k, cv25519] --can-authenticate Add an authentication-capable subkey (default) --can-encrypt=PURPOSE Add an encryption-capable subkey. Encryption-capable subkeys can be marked as suitable for transport encryption, storage encryp- tion, or both, i.e., universal. [default: universal] [possible values: transport, storage, universal] --can-sign Add a signing-capable subkey (default) --cannot-authenticate Add no authentication-capable subkey --cannot-encrypt Add no encryption-capable subkey --cannot-sign Add no signing-capable subkey --expiry=EXPIRY Define EXPIRY for the key as ISO 8601 formatted string or custom duration. If an ISO 8601 formatted string is provided, the va- lidity period reaches from the reference time (may be set using `--time`) to the provided time. Custom durations starting from the reference time may be set using `N[ymwds]`, for N years, months, weeks, days, or seconds. The special keyword `never` sets an unlimited expiry. [default: 94670781s] --no-userids Create a key without any user IDs -o, --output=FILE Write to FILE or stdout if omitted --rev-cert=FILE or - Write the revocation certificate to FILE. mandatory if OUTFILE is `-` or not specified. [default: <OUTFILE>.rev] -u, --userid=EMAIL Add a user ID to the key --with-password Protect the key with a password Global options See sq(1) for a description of the global options. EXAMPLES Generate a key sq key generate --userid '<juliet@example.org>' Generate a key protecting it with a password sq key generate --userid '<juliet@example.org>' \ --with-password Generate a key whose creation time is June 9, 2011 at midnight UTC sq key generate --time 20110609 --userid Noam \ --output noam.pgp Generate a key, and save it in a file instead of in the key store. sq key generate --userid '<juliet@example.org>' \ --output juliet-secret.key Then, extract the certificate for distribution sq toolbox extract-cert --output juliet-secret.pgp SEE ALSO sq(1), sq-key(1). For the full documentation see <https://book.sequoia-pgp.org>. VERSION 0.36.0 (sequoia-openpgp 1.20.0) Sequoia PGP 0.36.0 SQ(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | VERSION
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-key-generate&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>