| SQ(1) | User Commands | SQ(1) |
NAME¶
sq sign - Sign messages or data files
SYNOPSIS¶
sq sign [OPTIONS] FILE
DESCRIPTION¶
Sign messages or data files.
Creates signed messages or detached signatures. Detached signatures are often used to sign software packages.
The converse operation is `sq verify`.
`sq sign` respects the reference time set by the top-level `--time` argument. When set, it uses the specified time instead of the current time, when determining what keys are valid, and it sets the signature's creation time to the reference time instead of the current time.
OPTIONS¶
Subcommand options¶
- --append
- Append a signature to existing signature
- --binary
- Emit binary data
- --cleartext
- Create a cleartext-signed message
- --merge=SIGNED-MESSAGE
- Merge signatures from the input and SIGNED-MESSAGE
- --message
- Create an inline-signed message
- --mode=MODE
- Select the signature mode
- Signatures can be made in binary mode or in text mode. Text mode normalizes line endings, which makes signatures more robust when a text is transported over a channel which may change line endings. In doubt, create binary signatures.
- [default: binary]
- [possible values: binary, text]
- --notarize
- Sign a message and all existing signatures
- --output=FILE
- Write to FILE or stdout if omitted
- [default: -]
- --signature-file
- Create a detached signature file
- --signature-notation NAME VALUE
- Add a notation to the signature. A user-defined notation's name must be of the form `name@a.domain.you.control.org`. If the notation's name starts with a `!`, then the notation is marked as being critical. If a consumer of a signature doesn't understand a critical notation, then it will ignore the signature. The notation is marked as being human readable.
- --signer=FINGERPRINT|KEYID
- Create the signature using the key with the specified fingerprint or key ID
- --signer-email=EMAIL
- Create the signature using the key where a user ID includes the specified email address
- --signer-file=PATH
- Create the signature using the key read from PATH
- --signer-userid=USERID
- Create the signature using the key with the specified user ID
-
FILE - Read from FILE or stdin if FILE is '-'
- [default: -]
Global options¶
See sq(1) for a description of the global options.
EXAMPLES¶
Create a signed message.
sq sign --signer-file juliet-secret.pgp --message document.txt
Create a detached signature.
sq sign --signer-file juliet-secret.pgp --signature-file \
document.txt
Create a signature with the specified creation time.
sq sign --signer-file juliet-secret.pgp --time 2024-02-29 \
--signature-file document.txt
SEE ALSO¶
For the full documentation see <https://book.sequoia-pgp.org>.
VERSION¶
0.40.0 (sequoia-openpgp 1.21.2)
| 0.40.0 | Sequoia PGP |