1SQ-KEY-GENERATE(1) USER COMMANDS SQ-KEY-GENERATE(1)
2
6 sq-key-generate - Generates a new key
7 Generating a key is the prerequisite to receiving encrypted messages
9 and creating signatures. There are a few parameters to this process,
10 but we provide reasonable defaults for most users.
11 When generating a key, we also generate a revocation certificate. This
13 can be used in case the key is superseded, lost, or compromised. It is
14 a good idea to keep a copy of this in a safe place.
15 After generating a key, use "sq key extract-cert" to get the certifi‐
17 cate corresponding to the key. The key must be kept secure, while the
18 certificate should be handed out to correspondents, e.g. by uploading
19 it to a keyserver.
20
23 sq key generate [FLAGS] [OPTIONS]
24
26 -h, --help
27 Prints help information
28 --with-password
31 Protects the key with a password
32 --can-sign
35 Adds a signing-capable subkey (default)
36 --cannot-sign
39 Adds no signing-capable subkey
40 --cannot-encrypt
43 Adds no encryption-capable subkey
44
46 -u, --userid EMAIL
47 Adds a userid to the key
48 -c, --cipher-suite CIPHER-SUITE
51 Selects the cryptographic algorithms for the key [default:
52 cv25519] [possible values: rsa3k, rsa4k, cv25519]
53 --expires TIME
56 Makes the key expire at TIME (as ISO 8601). Use "never" to cre‐
57 ate keys that do not expire.
58 --expires-in DURATION
61 Makes the key expire after DURATION. Either "N[ymwd]", for N
62 years, months, weeks, or days, or "never".
63 --can-encrypt PURPOSE
66 Adds an encryption-capable subkey. Encryption-capable subkeys
67 can be marked as suitable for transport encryption, storage en‐
68 cryption, or both. [default: universal] [possible values:
69 transport, storage, universal]
70 -e, --export OUTFILE
73 Writes the key to OUTFILE
74 --rev-cert FILE or -
77 Writes the revocation certificate to FILE. mandatory if OUTFILE
78 is "-". [default: <OUTFILE>.rev]
79
81 # First, this generates a key
82 $ sq key generate --userid "<juliet@example.org>" --export
83 juliet.key.pgp
84 # Then, this extracts the certificate for distribution
86 $ sq key extract-cert --output juliet.cert.pgp juliet.key.pgp
87 # Generates a key protecting it with a password
89 $ sq key generate --userid "<juliet@example.org>" --with-pass‐
90 word
91 # Generates a key with multiple userids
93 $ sq key generate --userid "<juliet@example.org>" --userid
94 "Juliet Capulet"
95
98 For the full documentation see <https://docs.sequoia-pgp.org/sq/>.
99 sq(1), sq-armor(1), sq-autocrypt(1), sq-certify(1), sq-dearmor(1),
101 sq-decrypt(1), sq-encrypt(1), sq-inspect(1), sq-key(1),
102 sq-key-adopt(1), sq-key-attest-certifications(1),
103 sq-key-extract-cert(1), sq-key-generate(1), sq-keyring(1),
104 sq-keyring-filter(1), sq-keyring-join(1), sq-keyring-list(1),
105 sq-keyring-merge(1), sq-keyring-split(1), sq-keyserver(1),
106 sq-keyserver-get(1), sq-keyserver-send(1), sq-packet(1), sq-sign(1),
107 sq-verify(1), sq-wkd(1)
108
112 Azul <azul@sequoia-pgp.org>
113 Igor Matuszewski <igor@sequoia-pgp.org>
114 Justus Winter <justus@sequoia-pgp.org>
115 Kai Michaelis <kai@sequoia-pgp.org>
116 Neal H. Walfield <neal@sequoia-pgp.org>
117 Nora Widdecke <nora@sequoia-pgp.org>
118 Wiktor Kwapisiewicz <wiktor@sequoia-pgp.org>
1190.24.0 (SEQUOIA-OPENPGP 1.0.0) MARCH 2021 SQ-KEY-GENERATE(1)