1SQ-KEY(1) USER COMMANDS SQ-KEY(1)
2
6 sq-key - Manages keys
7 We use the term "key" to refer to OpenPGP keys that do contain secrets.
9 This subcommand provides primitives to generate and otherwise manipu‐
10 late keys.
11 Conversely, we use the term "certificate", or cert for short, to refer
13 to OpenPGP keys that do not contain secrets. See "sq keyring" for op‐
14 erations on certificates.
15
18 sq key [FLAGS] <SUBCOMMAND>
19
21 -h, --help
22 Prints help information
23
25 help Prints this message or the help of the given subcommand(s)
26 generate
29 Generates a new key
30 Generating a key is the prerequisite to receiving encrypted mes‐
32 sages and creating signatures. There are a few parameters to
33 this process, but we provide reasonable defaults for most users.
34 When generating a key, we also generate a revocation certifi‐
36 cate. This can be used in case the key is superseded, lost, or
37 compromised. It is a good idea to keep a copy of this in a safe
38 place.
39 After generating a key, use "sq key extract-cert" to get the
41 certificate corresponding to the key. The key must be kept se‐
42 cure, while the certificate should be handed out to correspon‐
43 dents, e.g. by uploading it to a keyserver.
44 extract-cert
47 Converts a key to a cert
48 After generating a key, use this command to get the certificate
50 corresponding to the key. The key must be kept secure, while
51 the certificate should be handed out to correspondents, e.g. by
52 uploading it to a keyserver.
53 adopt Binds keys from one certificate to another
56 This command allows one to transfer primary keys and subkeys
58 into an existing certificate. Say you want to transition to a
59 new certificate, but have an authentication subkey on your cur‐
60 rent certificate. You want to keep the authentication subkey
61 because it allows access to SSH servers and updating their con‐
62 figuration is not feasible.
63 attest-certifications
66 Attests to third-party certifications allowing for their distri‐
67 bution
68 To prevent certificate flooding attacks, modern key servers pre‐
70 vent uncontrolled distribution of third-party certifications on
71 certificates. To make the key holder the sovereign over the in‐
72 formation over what information is distributed with the certifi‐
73 cate, the key holder needs to explicitly attest to third-party
74 certifications.
75 After the attestation has been created, the certificate has to
77 be distributed, e.g. by uploading it to a keyserver.
78
80 For the full documentation see <https://docs.sequoia-pgp.org/sq/>.
81 sq(1), sq-armor(1), sq-autocrypt(1), sq-certify(1), sq-dearmor(1),
83 sq-decrypt(1), sq-encrypt(1), sq-inspect(1), sq-key(1),
84 sq-key-adopt(1), sq-key-attest-certifications(1),
85 sq-key-extract-cert(1), sq-key-generate(1), sq-keyring(1),
86 sq-keyring-filter(1), sq-keyring-join(1), sq-keyring-list(1),
87 sq-keyring-merge(1), sq-keyring-split(1), sq-keyserver(1),
88 sq-keyserver-get(1), sq-keyserver-send(1), sq-packet(1), sq-sign(1),
89 sq-verify(1), sq-wkd(1)
90
94 Azul <azul@sequoia-pgp.org>
95 Igor Matuszewski <igor@sequoia-pgp.org>
96 Justus Winter <justus@sequoia-pgp.org>
97 Kai Michaelis <kai@sequoia-pgp.org>
98 Neal H. Walfield <neal@sequoia-pgp.org>
99 Nora Widdecke <nora@sequoia-pgp.org>
100 Wiktor Kwapisiewicz <wiktor@sequoia-pgp.org>
1010.24.0 (SEQUOIA-OPENPGP 1.0.0) MARCH 2021 SQ-KEY(1)