FreeBSD Manual Pages
SQ(1) User Commands SQ(1) NAME sq-key-subkey-bind - Bind keys from one certificate to another SYNOPSIS sq key subkey bind [OPTIONS] DESCRIPTION Bind keys from one certificate to another. This command allows the user to attach a primary key or a subkey at- tached to one certificate to another certificate. Say you want to transition to a new certificate, but have an authentication subkey on your current certificate that you want to keep because it allows access a server and updating its configuration is not feasible. This command makes it easy to attach the subkey to the new certificate. After the operation, the key is bound both to the old certificate and to the new one. To remove secret key material from the old certifi- cate, use `sq key subkey delete` or `sq key delete`, as appropriate. To revoke the old subkey or key, use `sq key subkey revoke` or `sq key revoke`, respectively. OPTIONS Subcommand options --allow-broken-crypto Allow adopting keys from certificates using broken cryptography --can-authenticate Set the authentication-capable flag --can-encrypt=PURPOSE Set the encryption-capable flag Encryption-capable subkeys can be marked as suitable for trans- port encryption, storage encryption, or both, i.e., universal. [default: universal] [possible values: transport, storage, universal] --can-sign Set the signing-capable flag --cannot-authenticate Don't set the authentication-capable flag --cannot-encrypt Don't set the encryption-capable flag --cannot-sign Don't set the signing-capable flag --cert=FINGERPRINT|KEYID Add the specified subkeys on the key with the specified finger- print or key ID --cert-email=EMAIL Add the specified subkeys on the key where a user ID includes the specified email address --cert-file=PATH Add the specified subkeys to the key read from PATH --cert-userid=USERID Add the specified subkeys on the key with the specified user ID --creation-time=CREATION_TIME Make bound subkeys have the specified creation time Normally, the key's creation time is preserved. The exception is if the key's creation time is the Unix epoch. In that case, the current time is used. This option allows setting the key's creation time to a speci- fied value. Note: changing a key's creation time also changes its fingerprint. Changing the fingerprint will make it impossi- ble to look up the key for the purpose of signature verifica- tion, for example. --expiration=EXPIRATION Sets the expiration time EXPIRATION is either an ISO 8601 formatted date with an optional time or a custom duration. A duration takes the form `N[ymwds]`, where the letters stand for years, months, weeks, days, and seconds, respectively. Alternatively, the keyword `never` does not set an expiration time. [default: never] --key=KEY Add the key or subkey KEY to the certificate --output=FILE Write to the specified FILE If not specified, and the certificate was read from the certifi- cate store, imports the modified certificate into the cert store. If not specified, and the certificate was read from a file, writes the modified certificate to stdout. Global options See sq(1) for a description of the global options. EXAMPLES Bind Alice's old authentication subkey to Alice's new certificate. sq key subkey bind \ --cert=C5999E8191BF7B503653BE958B1F7910D01F86E5 \ --key=0D45C6A756A038670FDFD85CB1C82E8D27DB23A1 Bind a bare key to Alice's certificate. A bare key is a public key without any components or signatures. This simplifies working with raw keys, e.g., keys generated on an OpenPGP card, a TPM device, etc. sq key subkey bind --keyring=bare.pgp \ --cert=C5999E8191BF7B503653BE958B1F7910D01F86E5 \ --key=B321BA8F650CB16443E06826DBFA98A78CF6562F \ --can-encrypt=universal SEE ALSO sq(1), sq-key(1), sq-key-subkey(1). For the full documentation see <https://book.sequoia-pgp.org/>. VERSION 1.3.1 Sequoia PGP 1.3.1 SQ(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | VERSION
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-key-subkey-bind&sektion=1&manpath=FreeBSD+Ports+15.0.quarterly>