| SQ(1) | User Commands | SQ(1) |
NAME¶
sq-pki-link-retract - Retract links
SYNOPSIS¶
sq pki link retract [OPTIONS]
DESCRIPTION¶
Retract links.
This command retracts links that were previously created using `sq pki link add` or `sq pki link authorize`. See that subcommand's documentation for more details. Note: this is called `retract` and not `remove`, because the certifications are not removed. Instead a new certification is added, which says that the binding has not been authenticated.
`sq pki link retract` respects the reference time set by the top-level `--time` argument. This causes a link to be retracted as of a particular time instead of the current time.
OPTIONS¶
Subcommand options¶
- --all
- Use all self-signed user IDs
- --cert=FINGERPRINT|KEYID
- Use certificates with the specified fingerprint or key ID
- --cert-special=SPECIAL
- Use certificates identified by the special name
- [possible values: public-directories, keys.openpgp.org, keys.mailvelope.com, proton.me, wkd, dane, autocrypt, web]
- --email=EMAIL
- Use a user ID with the specified email address
- The user ID consists of just the email address. The email address does not have to appear in a self-signed user ID.
- --recreate
- Recreate signature even if the parameters did not change
- If the link parameters did not change, and thus creating a signature should not be necessary, we omit the operation. This flag can be given to force the signature to be re-created anyway.
- --signature-notation NAME VALUE
- Add a notation to the signature
- A user-defined notation's name must be of the form `name@a.domain.you.control.org`. If the notation's name starts with a `!`, then the notation is marked as being critical. If a consumer of a signature doesn't understand a critical notation, then it will ignore the signature. The notation is marked as being human readable.
- --userid=USERID
- Use the specified user ID
- The specified user ID does not need to be self signed.
- Because using a user ID that is not self-signed is often a mistake, you need to use this option to explicitly opt in.
- --userid-by-email=EMAIL
- Use the self-signed user ID with the specified email address
Global options¶
See sq(1) for a description of the global options.
EXAMPLES¶
Link the certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 with the email address alice@example.org.
sq pki link add \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
--add-email=alice@example.org
Retract the acceptance of certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 and the email address alice@example.org.
sq pki link retract \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
--email=alice@example.org
Retract the acceptance of certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 and any associated user IDs. This effectively invalidates all links.
sq pki link retract \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 --all
SEE ALSO¶
sq(1), sq-pki(1), sq-pki-link(1).
For the full documentation see <https://book.sequoia-pgp.org/>.
VERSION¶
1.3.1
| 1.3.1 | Sequoia PGP |