| SQ-KEY-GENERATE(1) | USER COMMANDS | SQ-KEY-GENERATE(1) |
NAME¶
sq-key-generate - Generates a new key
Generating a key is the prerequisite to receiving encrypted messages and creating signatures. There are a few parameters to this process, but we provide reasonable defaults for most users.
When generating a key, we also generate a revocation certificate. This can be used in case the key is superseded, lost, or compromised. It is a good idea to keep a copy of this in a safe place.
After generating a key, use "sq key extract-cert" to get the certificate corresponding to the key. The key must be kept secure, while the certificate should be handed out to correspondents, e.g. by uploading it to a keyserver.
SYNOPSIS¶
sq key generate [FLAGS] [OPTIONS]
FLAGS¶
- -h, --help
- Prints help information
- --with-password
- Protects the key with a password
- --can-sign
- Adds a signing-capable subkey (default)
- --cannot-sign
- Adds no signing-capable subkey
- --cannot-encrypt
- Adds no encryption-capable subkey
OPTIONS¶
- -u, --userid EMAIL
- Adds a userid to the key
- -c, --cipher-suite CIPHER-SUITE
- Selects the cryptographic algorithms for the key [default: cv25519] [possible values: rsa3k, rsa4k, cv25519]
- --expires TIME
- Makes the key expire at TIME (as ISO 8601). Use "never" to create keys that do not expire.
- --expires-in DURATION
- Makes the key expire after DURATION. Either "N[ymwd]", for N years, months, weeks, or days, or "never".
- --can-encrypt PURPOSE
- Adds an encryption-capable subkey. Encryption-capable subkeys can be marked as suitable for transport encryption, storage encryption, or both. [default: universal] [possible values: transport, storage, universal]
- -e, --export OUTFILE
- Writes the key to OUTFILE
- --rev-cert FILE or -
- Writes the revocation certificate to FILE. mandatory if OUTFILE is "-". [default: <OUTFILE>.rev]
EXAMPLES¶
- # First, this generates a key
- $ sq key generate --userid "<juliet@example.org>" --export juliet.key.pgp
- # Then, this extracts the certificate for distribution
- $ sq key extract-cert --output juliet.cert.pgp juliet.key.pgp
- # Generates a key protecting it with a password
- $ sq key generate --userid "<juliet@example.org>" --with-password
- # Generates a key with multiple userids
- $ sq key generate --userid "<juliet@example.org>" --userid "Juliet Capulet"
SEE ALSO¶
For the full documentation see <https://docs.sequoia-pgp.org/sq/>.
sq(1), sq-armor(1), sq-autocrypt(1), sq-certify(1), sq-dearmor(1), sq-decrypt(1), sq-encrypt(1), sq-inspect(1), sq-key(1), sq-key-adopt(1), sq-key-attest-certifications(1), sq-key-extract-cert(1), sq-key-generate(1), sq-keyring(1), sq-keyring-filter(1), sq-keyring-join(1), sq-keyring-list(1), sq-keyring-merge(1), sq-keyring-split(1), sq-packet(1), sq-sign(1), sq-verify(1)
AUTHORS¶
Azul <azul@sequoia-pgp.org> Igor Matuszewski <igor@sequoia-pgp.org> Justus Winter <justus@sequoia-pgp.org> Kai Michaelis <kai@sequoia-pgp.org> Neal H. Walfield <neal@sequoia-pgp.org> Nora Widdecke <nora@sequoia-pgp.org> Wiktor Kwapisiewicz <wiktor@sequoia-pgp.org>
| JANUARY 2021 | 0.24.0 (SEQUOIA-OPENPGP 1.0.0) |