1SQ(1)                            USER COMMANDS                           SQ(1)
2
3
4

NAME

6       sq - A command-line frontend for Sequoia, an implementation of OpenPGP
7
8       Functionality  is  grouped and available using subcommands.  Currently,
9       this interface is completely stateless.  Therefore, you need to  supply
10       all configuration and certificates explicitly on each invocation.
11
12       OpenPGP  data  can  be  provided in binary or ASCII armored form.  This
13       will be handled automatically.  Emitted OpenPGP data is  ASCII  armored
14       by default.
15
16       We  use  the term "certificate", or cert for short, to refer to OpenPGP
17       keys that do not contain secrets.  Conversely, we use the term "key" to
18       refer to OpenPGP keys that do contain secrets.
19
20

SYNOPSIS

22       sq [FLAGS] [OPTIONS] <SUBCOMMAND>
23

FLAGS

25       -h, --help
26              Prints help information
27
28
29       -V, --version
30              Prints version information
31
32
33       -f, --force
34              Overwrites existing files
35

OPTIONS

37       --known-notation NOTATION
38              Adds  NOTATION to the list of known notations. This is used when
39              validating signatures. Signatures that  have  unknown  notations
40              with the critical bit set are considered invalid.
41

SUBCOMMANDS

43       help   Prints this message or the help of the given subcommand(s)
44
45
46       decrypt
47              Decrypts a message
48
49              Decrypts  a  message using either supplied keys, or by prompting
50              for a password.  If message tampering is detected, an  error  is
51              returned.  See below for details.
52
53              If  certificates  are supplied using the "--signer-cert" option,
54              any signatures that are found are checked using  these  certifi‐
55              cates.   Verification is only successful if there is no bad sig‐
56              nature, and  the  number  of  successfully  verified  signatures
57              reaches the threshold configured with the "--signatures" parame‐
58              ter.
59
60              If the signature verification fails, or if message tampering  is
61              detected,  the program terminates with an exit status indicating
62              failure.  In addition to that, the last 25 MiB  of  the  message
63              are  withheld,  i.e.  if  the message is smaller than 25 MiB, no
64              output is produced, and if it is larger, then the output will be
65              truncated.
66
67              The converse operation is "sq encrypt".
68
69
70       encrypt
71              Encrypts a message
72
73              Encrypts  a  message  for  any number of recipients and with any
74              number of passwords,  optionally  signing  the  message  in  the
75              process.
76
77              The converse operation is "sq decrypt".
78
79
80       sign   Signs messages or data files
81
82              Creates signed messages or detached signatures.  Detached signa‐
83              tures are often used to sign software packages.
84
85              The converse operation is "sq verify".
86
87
88       verify Verifies signed messages or detached signatures
89
90              When verifying signed messages, the message is written to stdout
91              or the file given to --output.
92
93              When a detached message is verified, no output is produced.  De‐
94              tached signatures are often used to sign software packages.
95
96              Verification is only successful if there is  no  bad  signature,
97              and  the  number of successfully verified signatures reaches the
98              threshold configured with the "--signatures" parameter.  If  the
99              verification  fails,  the program terminates with an exit status
100              indicating failure.  In addition to that, the last 25 MiB of the
101              message  are  withheld,  i.e.  if the message is smaller than 25
102              MiB, no output is produced, and if it is larger, then the output
103              will be truncated.
104
105              The converse operation is "sq sign".
106
107
108       armor  Converts binary to ASCII
109
110              To  make  encrypted data easier to handle and transport, OpenPGP
111              data can be transformed to an ASCII representation called  ASCII
112              Armor.   sq  emits  armored data by default, but this subcommand
113              can be used to convert existing OpenPGP data  to  its  ASCII-en‐
114              coded representation.
115
116              The converse operation is "sq dearmor".
117
118
119       dearmor
120              Converts ASCII to binary
121
122              To  make  encrypted data easier to handle and transport, OpenPGP
123              data can be transformed to an ASCII representation called  ASCII
124              Armor.   sq transparently handles armored data, but this subcom‐
125              mand can be used to explicitly  convert  existing  ASCII-encoded
126              OpenPGP data to its binary representation.
127
128              The converse operation is "sq armor".
129
130
131       inspect
132              Inspects data, like file(1)
133
134              It  is  often  difficult  to  tell from cursory inspection using
135              cat(1) or file(1) what kind of OpenPGP one is looking at.   This
136              subcommand  inspects  the  data  and  provides  a meaningful hu‐
137              man-readable description of it.
138
139
140       key    Manages keys
141
142              We use the term "key" to refer to OpenPGP keys that  do  contain
143              secrets.   This  subcommand  provides primitives to generate and
144              otherwise manipulate keys.
145
146              Conversely, we use the term "certificate", or cert for short, to
147              refer  to  OpenPGP  keys  that  do not contain secrets.  See "sq
148              keyring" for operations on certificates.
149
150
151       keyring
152              Manages collections of keys or certs
153
154              Collections of keys or certficicates (also known  as  "keyrings"
155              when they contain secret key material, and "certrings" when they
156              don't) are any number of concatenated certificates.   This  sub‐
157              command  provides  tools to list, split, join, merge, and filter
158              keyrings.
159
160              Note: In the documentation of this subcommand, we sometimes  use
161              the terms keys and certs interchangeably.
162
163
164       certify
165              Certifies a User ID for a Certificate
166
167              Using  a  certification  a keyholder may vouch for the fact that
168              another certificate legitimately belongs to a user id.   In  the
169              context  of  emails this means that the same entity controls the
170              key and the email address.  These kind  of  certifications  form
171              the basis for the Web Of Trust.
172
173              This  command  emits the certificate with the new certification.
174              The updated certificate has to  be  distributed,  preferably  by
175              sending  it to the certificate holder for attestation.  See also
176              "sq key attest-certification".
177
178
179       packet Low-level packet manipulation
180
181              An OpenPGP data stream consists of packets.  These  tools  allow
182              working with packet streams.  They are mostly of interest to de‐
183              velopers, but "sq packet dump" may be helpful to a  wider  audi‐
184              ence  both  to  provide  valuable  information in bug reports to
185              OpenPGP-related software, and as a learning tool.
186
187
188       keyserver
189              Interacts with keyservers
190
191
192       wkd    Interacts with Web Key Directories
193
194
195       autocrypt
196              Communicates certificates using Autocrypt
197
198              Autocrypt is a standard for mail user agents to  provide  conve‐
199              nient end-to-end encryption of emails.  This subcommand provides
200              a limited way to produce and consume headers that  are  used  by
201              Autocrypt to communicate certificates between clients.
202
203              See https://autocrypt.org/
204

SEE ALSO

206       For the full documentation see <https://docs.sequoia-pgp.org/sq/>.
207
208       sq(1), sq-armor(1), sq-autocrypt(1), sq-certify(1), sq-dearmor(1),
209       sq-decrypt(1), sq-encrypt(1), sq-inspect(1), sq-key(1), sq-keyring(1),
210       sq-keyserver(1), sq-packet(1), sq-sign(1), sq-verify(1), sq-wkd(1)
211
212
213

AUTHORS

215         Azul <azul@sequoia-pgp.org>
216         Igor Matuszewski <igor@sequoia-pgp.org>
217         Justus Winter <justus@sequoia-pgp.org>
218         Kai Michaelis <kai@sequoia-pgp.org>
219         Neal H. Walfield <neal@sequoia-pgp.org>
220         Nora Widdecke <nora@sequoia-pgp.org>
221         Wiktor Kwapisiewicz <wiktor@sequoia-pgp.org>
222
223
224
2250.24.0 (SEQUOIA-OPENPGP 1.0.0)    MARCH 2021                             SQ(1)
Impressum