diff --git a/Cargo.lock b/Cargo.lock index b9d0d40c..e79c87b3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2866,6 +2866,7 @@ dependencies = [ "chrono", "clap 4.0.32", "clap_complete", + "clap_mangen", "dirs", "dot-writer", "fehler", diff --git a/Cargo.toml b/Cargo.toml index 550b1aac..a1c234bb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,6 +56,8 @@ anyhow = "1.0.18" clap = { version = "4", features = ["derive", "env", "wrap_help"] } # For an MSVR of 1.63: 4.0.7. clap_complete = "4" +# For an MSVR of 1.63: 0.2.6 +clap_mangen = "0.2" chrono = "0.4.10" sequoia-openpgp = { version = "1.13", default-features = false } sequoia-net = { version = "0.26", default-features = false } diff --git a/build.rs b/build.rs index 84e95466..24f28311 100644 --- a/build.rs +++ b/build.rs @@ -34,6 +34,8 @@ fn main() { let path = clap_complete::generate_to(*shell, &mut sq, "sq", &outdir).unwrap(); println!("cargo:warning=completion file is generated: {:?}", path); }; + + build_man_pages().unwrap(); } fn dump_help(mut cmd: clap::Command) -> Result<()> { @@ -93,3 +95,43 @@ fn dump_help_inner( Ok(()) } + + +fn build_man_pages() -> Result<()> { + // Man page support. + let out_dir = std::path::PathBuf::from( + std::env::var_os("OUT_DIR") + .ok_or(std::io::Error::from(std::io::ErrorKind::NotFound))?); + + let man = clap_mangen::Man::new(sq_cli::build()); + let mut buffer: Vec = Default::default(); + man.render(&mut buffer)?; + + let filename = out_dir.join("sq.1"); + println!("cargo:warning=writing man page to {}", filename.display()); + std::fs::write(filename, buffer)?; + + fn doit(out_dir: &Path, prefix: &str, command: &clap::Command) -> Result<()> { + let man = clap_mangen::Man::new(command.clone()); + let mut buffer: Vec = Default::default(); + man.render(&mut buffer)?; + + let filename = out_dir.join(format!("{}-{}.1", prefix, command.get_name())); + println!("cargo:warning=writing man page to {}", filename.display()); + std::fs::write(filename, buffer)?; + + for sc in command.get_subcommands() { + doit(out_dir, + &format!("{}-{}", prefix, command.get_name()), + sc)?; + } + + Ok(()) + } + + for sc in sq_cli::build().get_subcommands() { + doit(&out_dir, "sq", sc)?; + } + + Ok(()) +} diff --git a/man-sq/sq-armor.1 b/man-sq/sq-armor.1 deleted file mode 100644 index f69fbc36..00000000 --- a/man-sq/sq-armor.1 +++ /dev/null @@ -1,82 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq armor \- Converts binary to ASCII -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBarmor\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Converts binary to ASCII. -.PP -To make encrypted data easier to handle and transport, OpenPGP data -can be transformed to an ASCII representation called ASCII Armor. sq -emits armored data by default, but this subcommand can be used to -convert existing OpenPGP data to its ASCII\-encoded representation. -.PP -The converse operation is "sq dearmor". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-label\fR=\fILABEL\fR -Selects the kind of armor header -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Convert a binary certificate to ASCII -.PP -.nf -.RS -sq armor binary\-juliet.pgp -.RE -.fi -.PP - -.PP -Convert a binary message to ASCII -.PP -.nf -.RS -sq armor binary\-message.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-autocrypt-decode.1 b/man-sq/sq-autocrypt-decode.1 deleted file mode 100644 index 939a44e4..00000000 --- a/man-sq/sq-autocrypt-decode.1 +++ /dev/null @@ -1,70 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq autocrypt decode \- Reads Autocrypt\-encoded certificates -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBautocrypt decode\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Reads Autocrypt\-encoded certificates. -.PP -Given an autocrypt header (or an key\-gossip header), this command -extracts the certificate encoded within it. -.PP -The converse operation is "sq autocrypt encode\-sender". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Extract all certificates from a mail -.PP -.nf -.RS -sq autocrypt decode autocrypt.eml -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-autocrypt-encode-sender.1 b/man-sq/sq-autocrypt-encode-sender.1 deleted file mode 100644 index db70deb3..00000000 --- a/man-sq/sq-autocrypt-encode-sender.1 +++ /dev/null @@ -1,96 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq autocrypt encode\-sender \- Encodes a certificate into an Autocrypt header -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBautocrypt encode\-sender\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Encodes a certificate into an Autocrypt header. -.PP -A certificate can be encoded and included in a header of an email -message. This command encodes the certificate, adds the senders email -address (which must match the one used in the "From" header), and the -senders "prefer\-encrypt" state (see the Autocrypt spec for more -information). -.PP -The converse operation is "sq autocrypt decode". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-email\fR=\fIADDRESS\fR -Sets the address [default: primary userid] -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-prefer\-encrypt\fR=\fIPREFER\-ENCRYPT\fR -Sets the prefer\-encrypt attribute -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Encodes a certificate -.PP -.nf -.RS -sq autocrypt encode\-sender juliet.pgp -.RE -.fi -.PP - -.PP -Encodes a certificate with an explicit sender address -.PP -.nf -.RS -sq autocrypt encode\-sender \-\-email juliet@example.org juliet.pgp -.RE -.fi -.PP - -.PP -Encodes a certificate while indicating the willingness to encrypt -.PP -.nf -.RS -sq autocrypt encode\-sender \-\-prefer\-encrypt mutual juliet.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-certify.1 b/man-sq/sq-certify.1 deleted file mode 100644 index c744ae96..00000000 --- a/man-sq/sq-certify.1 +++ /dev/null @@ -1,112 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq certify \- Certifies a User ID for a Certificate -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBcertify\fR [\fIOPTIONS\fR] \fICERTIFIER\-KEY\fR \fICERTIFICATE\fR \fIUSERID\fR -.SH DESCRIPTION -Certifies a User ID for a Certificate. -.PP -Using a certification a keyholder may vouch for the fact that another -certificate legitimately belongs to a user id. In the context of -emails this means that the same entity controls the key and the email -address. These kind of certifications form the basis for the Web Of -Trust. -.PP -This command emits the certificate with the new certification. The -updated certificate has to be distributed, preferably by sending it to -the certificate holder for attestation. See also "sq key -attest\-certification". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-a\fR, \fB\-\-amount\fR=\fITRUST_AMOUNT\fR -Sets the amount of trust -.TP -\fB\-\-allow\-not\-alive\-certifier\fR -Don\*(Aqt fail if the certificate making the certification is not alive. -.TP -\fB\-\-allow\-revoked\-certifier\fR -Don\*(Aqt fail if the certificate making the certification is revoked. -.TP -\fB\-d\fR, \fB\-\-depth\fR=\fITRUST_DEPTH\fR -Sets the trust depth -.TP -\fB\-\-expires\fR=\fITIME\fR -Makes the certification expire at TIME (as ISO 8601) -.TP -\fB\-\-expires\-in\fR=\fIDURATION\fR -Makes the certification expire after DURATION (as N[ymwds]) [default: 5y] -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-l\fR, \fB\-\-local\fR -Makes the certification a local certification -.TP -\fB\-\-non\-revocable\fR -Marks the certification as being non\-revocable -.TP -\fB\-\-notation\fR=\fINAME\fR -Adds a notation to the certification. -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR -Provides parameters for private key store -.TP -\fB\-r\fR, \fB\-\-regex\fR=\fIREGEX\fR -Adds a regular expression to constrain what a trusted introducer can certify -.TP -\fB\-\-time\fR=\fITIME\fR -Sets the certification time to TIME (as ISO 8601) -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Juliet certifies that Romeo controls romeo.pgp and romeo@example.org -.PP -.nf -.RS -sq certify juliet.pgp romeo.pgp "" -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-dearmor.1 b/man-sq/sq-dearmor.1 deleted file mode 100644 index 6cb07b47..00000000 --- a/man-sq/sq-dearmor.1 +++ /dev/null @@ -1,80 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq dearmor \- Converts ASCII to binary -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBdearmor\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Converts ASCII to binary. -.PP -To make encrypted data easier to handle and transport, OpenPGP data -can be transformed to an ASCII representation called ASCII Armor. sq -transparently handles armored data, but this subcommand can be used to -explicitly convert existing ASCII\-encoded OpenPGP data to its binary -representation. -.PP -The converse operation is "sq armor". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Convert a ASCII certificate to binary -.PP -.nf -.RS -sq dearmor ascii\-juliet.pgp -.RE -.fi -.PP - -.PP -Convert a ASCII message to binary -.PP -.nf -.RS -sq dearmor ascii\-message.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-decrypt.1 b/man-sq/sq-decrypt.1 deleted file mode 100644 index 087b3e3b..00000000 --- a/man-sq/sq-decrypt.1 +++ /dev/null @@ -1,124 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq decrypt \- Decrypts a message -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBdecrypt\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Decrypts a message. -.PP -Decrypts a message using either supplied keys, or by prompting for a -password. If message tampering is detected, an error is returned. -See below for details. -.PP -If certificates are supplied using the "\-\-signer\-cert" option, any -signatures that are found are checked using these certificates. -Verification is only successful if there is no bad signature, and the -number of successfully verified signatures reaches the threshold -configured with the "\-\-signatures" parameter. -.PP -If the signature verification fails, or if message tampering is -detected, the program terminates with an exit status indicating -failure. In addition to that, the last 25 MiB of the message are -withheld, i.e. if the message is smaller than 25 MiB, no output is -produced, and if it is larger, then the output will be truncated. -.PP -The converse operation is "sq encrypt". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-dump\fR -Prints a packet dump to stderr -.TP -\fB\-\-dump\-session\-key\fR -Prints the session key to stderr -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-n\fR, \fB\-\-signatures\fR=\fIN\fR -Sets the threshold of valid signatures to N -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR -Provides parameters for private key store -.TP -\fB\-\-recipient\-file\fR=\fIKEY_FILE\fR -Decrypts the message using the key in KEY_FILE -.TP -\fB\-\-session\-key\fR=\fISESSION\-KEY\fR -Decrypts an encrypted message using SESSION\-KEY -.TP -\fB\-\-signer\-file\fR=\fICERT_FILE\fR -Verifies signatures using the certificates in CERT_FILE -.TP -\fB\-\-version\fR -Print version information -.TP -\fB\-x\fR, \fB\-\-hex\fR -Prints a hexdump (implies \-\-dump) -.SH EXAMPLES -.PP - -.PP -Decrypt a file using a secret key -.PP -.nf -.RS -sq decrypt \-\-recipient\-file juliet.pgp ciphertext.pgp -.RE -.fi -.PP - -.PP -Decrypt a file verifying signatures -.PP -.nf -.RS -sq decrypt \-\-recipient\-file juliet.pgp \-\-signer\-file romeo.pgp ciphertext.pgp -.RE -.fi -.PP - -.PP -Decrypt a file using a password -.PP -.nf -.RS -sq decrypt ciphertext.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-encrypt.1 b/man-sq/sq-encrypt.1 deleted file mode 100644 index 86aca621..00000000 --- a/man-sq/sq-encrypt.1 +++ /dev/null @@ -1,114 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq encrypt \- Encrypts a message -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBencrypt\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Encrypts a message. -.PP -Encrypts a message for any number of recipients and with any number of -passwords, optionally signing the message in the process. -.PP -The converse operation is "sq decrypt". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-compression\fR=\fIKIND\fR -Selects compression scheme to use -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-mode\fR=\fIMODE\fR -Selects what kind of keys are considered for encryption. -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR -Provides parameters for private key store -.TP -\fB\-\-recipient\-file\fR=\fICERT_RING_FILE\fR -Encrypts to all certificates in CERT_RING_FILE -.TP -\fB\-s\fR, \fB\-\-symmetric\fR -Adds a password to encrypt with -.TP -\fB\-\-signer\-file\fR=\fIKEY_FILE\fR -Signs the message using the key in KEY_FILE -.TP -\fB\-t\fR, \fB\-\-time\fR=\fITIME\fR -Chooses keys valid at the specified time and sets the signature\*(Aqs creation time -.TP -\fB\-\-use\-expired\-subkey\fR -Falls back to expired encryption subkeys -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Encrypt a file using a certificate -.PP -.nf -.RS -sq encrypt \-\-recipient\-file romeo.pgp message.txt -.RE -.fi -.PP - -.PP -Encrypt a file creating a signature in the process -.PP -.nf -.RS -sq encrypt \-\-recipient\-file romeo.pgp \-\-signer\-file juliet.pgp message.txt -.RE -.fi -.PP - -.PP -Encrypt a file using a password -.PP -.nf -.RS -sq encrypt \-\-symmetric message.txt -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-inspect.1 b/man-sq/sq-inspect.1 deleted file mode 100644 index 8e748a32..00000000 --- a/man-sq/sq-inspect.1 +++ /dev/null @@ -1,100 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq inspect \- Inspects data, like file(1) -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBinspect\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Inspects data, like file(1). -.PP -It is often difficult to tell from cursory inspection using cat(1) or -file(1) what kind of OpenPGP one is looking at. This subcommand -inspects the data and provides a meaningful human\-readable description -of it. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-certifications\fR -Prints third\-party certifications -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-time\fR=\fITIME\fR -Sets the certification time to TIME (as ISO 8601) -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Inspects a certificate -.PP -.nf -.RS -sq inspect juliet.pgp -.RE -.fi -.PP - -.PP -Inspects a certificate ring -.PP -.nf -.RS -sq inspect certs.pgp -.RE -.fi -.PP - -.PP -Inspects a message -.PP -.nf -.RS -sq inspect message.pgp -.RE -.fi -.PP - -.PP -Inspects a detached signature -.PP -.nf -.RS -sq inspect message.sig -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-key-adopt.1 b/man-sq/sq-key-adopt.1 deleted file mode 100644 index 8a86a023..00000000 --- a/man-sq/sq-key-adopt.1 +++ /dev/null @@ -1,81 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq key adopt \- Binds keys from one certificate to another -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey adopt\fR [\fIOPTIONS\fR] \fITARGET\-KEY\fR -.SH DESCRIPTION -Binds keys from one certificate to another. -.PP -This command allows one to transfer primary keys and subkeys into an -existing certificate. Say you want to transition to a new -certificate, but have an authentication subkey on your current -certificate. You want to keep the authentication subkey because it -allows access to SSH servers and updating their configuration is not -feasible. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-allow\-broken\-crypto\fR -Allows adopting keys from certificates using broken cryptography -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-k\fR, \fB\-\-key\fR=\fIKEY\fR -Adds the key or subkey KEY to the TARGET\-KEY -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-r\fR, \fB\-\-keyring\fR=\fIKEY\-RING\fR -Supplies keys for use in \-\-key. -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Adopt an subkey into the new cert -.PP -.nf -.RS -sq key adopt \-\-keyring juliet\-old.pgp \-\-key 0123456789ABCDEF \-\- juliet\-new.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-key-attest-certifications.1 b/man-sq/sq-key-attest-certifications.1 deleted file mode 100644 index fca27801..00000000 --- a/man-sq/sq-key-attest-certifications.1 +++ /dev/null @@ -1,91 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq key attest\-certifications \- Attests to third\-party certifications -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey attest\-certifications\fR [\fIOPTIONS\fR] \fIKEY\fR -.SH DESCRIPTION -Attests to third\-party certifications allowing for their distribution. -.PP -To prevent certificate flooding attacks, modern key servers prevent -uncontrolled distribution of third\-party certifications on -certificates. To make the key holder the sovereign over the -information over what information is distributed with the certificate, -the key holder needs to explicitly attest to third\-party -certifications. -.PP -After the attestation has been created, the certificate has to be -distributed, e.g. by uploading it to a keyserver. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-all\fR -Attests to all certifications [default] -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-none\fR -Removes all prior attestations -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Attest to all certifications present on the key -.PP -.nf -.RS -sq key attest\-certifications juliet.pgp -.RE -.fi -.PP - -.PP -Retract prior attestations on the key -.PP -.nf -.RS -sq key attest\-certifications \-\-none juliet.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-key-extract-cert.1 b/man-sq/sq-key-extract-cert.1 deleted file mode 100644 index 1a74e76a..00000000 --- a/man-sq/sq-key-extract-cert.1 +++ /dev/null @@ -1,80 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq key extract\-cert \- Converts a key to a cert -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey extract\-cert\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Converts a key to a cert. -.PP -After generating a key, use this command to get the certificate -corresponding to the key. The key must be kept secure, while the -certificate should be handed out to correspondents, e.g. by uploading -it to a keyserver. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -First, this generates a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, this extracts the certificate for distribution -.PP -.nf -.RS -sq key extract\-cert \-\-output juliet.cert.pgp juliet.key.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-key-generate.1 b/man-sq/sq-key-generate.1 deleted file mode 100644 index 3abc9027..00000000 --- a/man-sq/sq-key-generate.1 +++ /dev/null @@ -1,144 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq key generate \- Generates a new key -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey generate\fR [\fIOPTIONS\fR] -.SH DESCRIPTION -Generates a new key. -.PP -Generating a key is the prerequisite to receiving encrypted messages -and creating signatures. There are a few parameters to this process, -but we provide reasonable defaults for most users. -.PP -When generating a key, we also generate a revocation certificate. -This can be used in case the key is superseded, lost, or compromised. -It is a good idea to keep a copy of this in a safe place. -.PP -After generating a key, use "sq key extract\-cert" to get the -certificate corresponding to the key. The key must be kept secure, -while the certificate should be handed out to correspondents, e.g. by -uploading it to a keyserver. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-c\fR, \fB\-\-cipher\-suite\fR=\fICIPHER\-SUITE\fR -Selects the cryptographic algorithms for the key -.TP -\fB\-\-can\-authenticate\fR -Adds an authentication\-capable subkey (default) -.TP -\fB\-\-can\-encrypt\fR=\fIPURPOSE\fR -Adds an encryption\-capable subkey [default: universal] -.TP -\fB\-\-can\-sign\fR -Adds a signing\-capable subkey (default) -.TP -\fB\-\-cannot\-authenticate\fR -Adds no authentication\-capable subkey -.TP -\fB\-\-cannot\-encrypt\fR -Adds no encryption\-capable subkey -.TP -\fB\-\-cannot\-sign\fR -Adds no signing\-capable subkey -.TP -\fB\-\-creation\-time\fR=\fICREATION_TIME\fR -Sets the key\*(Aqs creation time to TIME (as ISO 8601) -.TP -\fB\-e\fR, \fB\-\-export\fR=\fIOUTFILE\fR -Writes the key to OUTFILE -.TP -\fB\-\-expires\fR=\fITIME\fR -Makes the key expire at TIME (as ISO 8601) -.TP -\fB\-\-expires\-in\fR=\fIDURATION\fR -Makes the key expire after DURATION (as N[ymwds]) [default: 5y] -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-rev\-cert\fR=\fIFILE or \-\fR -Writes the revocation certificate to FILE -.TP -\fB\-u\fR, \fB\-\-userid\fR=\fIEMAIL\fR -Adds a userid to the key -.TP -\fB\-\-version\fR -Print version information -.TP -\fB\-\-with\-password\fR -Protects the key with a password -.SH EXAMPLES -.PP - -.PP -First, this generates a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, this extracts the certificate for distribution -.PP -.nf -.RS -sq key extract\-cert \-\-output juliet.cert.pgp juliet.key.pgp -.RE -.fi -.PP - -.PP -Generates a key protecting it with a password -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-with\-password -.RE -.fi -.PP - -.PP -Generates a key with multiple userids -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-userid "Juliet Capulet" -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-key-password.1 b/man-sq/sq-key-password.1 deleted file mode 100644 index 14bf461c..00000000 --- a/man-sq/sq-key-password.1 +++ /dev/null @@ -1,94 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq key password \- Changes password protecting secrets -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey password\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Changes password protecting secrets. -.PP -Secret key material in keys can be protected by a password. This -subcommand changes or clears this encryption password. -.PP -To emit the key with unencrypted secrets, either use `\-\-clear` or -supply a zero\-length password when prompted for the new password. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-clear\fR -Emit a key with unencrypted secrets -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -First, generate a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, encrypt the secrets in the key with a password. -.PP -.nf -.RS -sq key password < juliet.key.pgp > juliet.encrypted_key.pgp -.RE -.fi -.PP - -.PP -And remove the password again. -.PP -.nf -.RS -sq key password \-\-clear < juliet.encrypted_key.pgp > juliet.decrypted_key.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-key-userid-add.1 b/man-sq/sq-key-userid-add.1 deleted file mode 100644 index bf24f0c2..00000000 --- a/man-sq/sq-key-userid-add.1 +++ /dev/null @@ -1,90 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq key userid add \- Adds a User ID -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey userid add\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Adds a User ID. -.PP -A User ID can contain a name, like "Juliet" or an email address, like -"". Historically, a name and email address were often -combined as a single User ID, like "Juliet ". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-creation\-time\fR=\fICREATION_TIME\fR -Sets the binding signature creation time to TIME (as ISO 8601) -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR -Provides parameters for private key store -.TP -\fB\-u\fR, \fB\-\-userid\fR=\fIUSERID\fR -User ID to add -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -First, this generates a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, this adds a User ID -.PP -.nf -.RS -sq key userid add \-\-userid "Juliet" juliet.key.pgp \\ -.RE -.fi -.PP - \-\-output juliet\-new.key.pgp -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-key-userid-strip.1 b/man-sq/sq-key-userid-strip.1 deleted file mode 100644 index 8e9171af..00000000 --- a/man-sq/sq-key-userid-strip.1 +++ /dev/null @@ -1,100 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq key userid strip \- Strips a User ID -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey userid strip\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Strips a User ID. -.PP -Note that this operation does not reliably remove User IDs from a -certificate that has already been disseminated! (OpenPGP software -typically appends new information it receives about a certificate -to its local copy of that certificate. Systems that have obtained -a copy of your certificate with the User ID that you are trying to -strip will not drop that User ID from their copy.) -.PP -In most cases, you will want to use the \*(Aqsq revoke userid\*(Aq operation -instead. That issues a revocation for a User ID, which can be used to mark -the User ID as invalidated. -.PP -However, this operation can be useful in very specific cases, in particular: -to remove a mistakenly added User ID before it has been uploaded to key -servers or otherwise shared. -.PP -Stripping a User ID may change how a certificate is interpreted. This -is because information about the certificate like algorithm preferences, -the primary key\*(Aqs key flags, etc. is stored in the User ID\*(Aqs binding -signature. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-u\fR, \fB\-\-userid\fR=\fIUSERID\fR -User IDs to strip -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -First, this generates a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, this strips a User ID -.PP -.nf -.RS -sq key userid strip \-\-userid "" \\ -.RE -.fi -.PP - \-\-output juliet\-new.key.pgp juliet.key.pgp -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-keyring-filter.1 b/man-sq/sq-keyring-filter.1 deleted file mode 100644 index 1ee3db4d..00000000 --- a/man-sq/sq-keyring-filter.1 +++ /dev/null @@ -1,150 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq keyring filter \- Joins keys into a keyring applying a filter -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring filter\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Joins keys into a keyring applying a filter. -.PP -This can be used to filter keys based on given predicates, -e.g. whether they have a user id containing an email address with a -certain domain. Additionally, the keys can be pruned to only include -components matching the predicates. -.PP -If no filters are supplied, everything matches. -.PP -If multiple predicates are given, they are or\*(Aqed, i.e. a key matches -if any of the predicates match. To require all predicates to match, -chain multiple invocations of this command. See EXAMPLES for -inspiration. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-P\fR, \fB\-\-prune\-certs\fR -Removes certificate components not matching the filter -.TP -\fB\-\-domain\fR=\fIFQDN\fR -Matches on email domain FQDN -.TP -\fB\-\-email\fR=\fIADDRESS\fR -Matches on email ADDRESS -.TP -\fB\-\-handle\fR=\fIFINGERPRINT|KEYID\fR -Matches on (sub)key fingerprints and key ids -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-name\fR=\fINAME\fR -Matches on NAME -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-to\-cert\fR -Converts any keys in the input to certificates. Converting a key to a certificate removes secret key material from the key thereby turning it into a certificate. -.TP -\fB\-\-userid\fR=\fIUSERID\fR -Matches on USERID -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Converts a key to a cert (i.e., remove any secret key material) -.PP -.nf -.RS -sq keyring filter \-\-to\-cert cat juliet.pgp -.RE -.fi -.PP - -.PP -Gets the keys with a user id on example.org -.PP -.nf -.RS -sq keyring filter \-\-domain example.org keys.pgp -.RE -.fi -.PP - -.PP -Gets the keys with a user id on example.org or example.net -.PP -.nf -.RS -sq keyring filter \-\-domain example.org \-\-domain example.net keys.pgp -.RE -.fi -.PP - -.PP -Gets the keys with a user id with the name Juliet -.PP -.nf -.RS -sq keyring filter \-\-name Juliet keys.pgp -.RE -.fi -.PP - -.PP -Gets the keys with a user id with the name Juliet on example.org -.PP -.nf -.RS -sq keyring filter \-\-domain example.org keys.pgp | \\ -.RE -.fi -.PP - sq keyring filter \-\-name Juliet -.PP - -.PP -Gets the keys with a user id on example.org, pruning other userids -.PP -.nf -.RS -sq keyring filter \-\-domain example.org \-\-prune\-certs certs.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-keyring-join.1 b/man-sq/sq-keyring-join.1 deleted file mode 100644 index 6430f182..00000000 --- a/man-sq/sq-keyring-join.1 +++ /dev/null @@ -1,70 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq keyring join \- Joins keys or keyrings into a single keyring -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring join\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Joins keys or keyrings into a single keyring. -.PP -Unlike "sq keyring merge", multiple versions of the same key are not -merged together. -.PP -The converse operation is "sq keyring split". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Don\*(Aqt ASCII\-armor the keyring -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Sets the output file to use -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Collect certs for an email conversation -.PP -.nf -.RS -sq keyring join juliet.pgp romeo.pgp alice.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-keyring-list.1 b/man-sq/sq-keyring-list.1 deleted file mode 100644 index e0575f2c..00000000 --- a/man-sq/sq-keyring-list.1 +++ /dev/null @@ -1,75 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq keyring list \- Lists keys in a keyring -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring list\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Lists keys in a keyring. -.PP -Prints the fingerprint as well as the primary userid for every -certificate encountered in the keyring. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-all\-userids\fR -Lists all user ids -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -List all certs -.PP -.nf -.RS -sq keyring list certs.pgp -.RE -.fi -.PP - -.PP -List all certs with a userid on example.org -.PP -.nf -.RS -sq keyring filter \-\-domain example.org certs.pgp | sq keyring list -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-keyring-merge.1 b/man-sq/sq-keyring-merge.1 deleted file mode 100644 index bc75017c..00000000 --- a/man-sq/sq-keyring-merge.1 +++ /dev/null @@ -1,70 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq keyring merge \- Merges keys or keyrings into a single keyring -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring merge\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Merges keys or keyrings into a single keyring. -.PP -Unlike "sq keyring join", the certificates are buffered and multiple -versions of the same certificate are merged together. Where data is -replaced (e.g., secret key material), data from the later certificate -is preferred. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Merge certificate updates -.PP -.nf -.RS -sq keyring merge certs.pgp romeo\-updates.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-keyring-split.1 b/man-sq/sq-keyring-split.1 deleted file mode 100644 index 6d4d3993..00000000 --- a/man-sq/sq-keyring-split.1 +++ /dev/null @@ -1,80 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq keyring split \- Splits a keyring into individual keys -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring split\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Splits a keyring into individual keys. -.PP -Splitting up a keyring into individual keys helps with curating a -keyring. -.PP -The converse operation is "sq keyring join". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-p\fR, \fB\-\-prefix\fR=\fIPREFIX\fR -Writes to files with PREFIX [defaults: "FILE\-" if FILE is set, or "output\-" if read from stdin] -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Split all certs -.PP -.nf -.RS -sq keyring split certs.pgp -.RE -.fi -.PP - -.PP -Split all certs, merging them first to avoid duplicates -.PP -.nf -.RS -sq keyring merge certs.pgp | sq keyring split -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-keyserver-get.1 b/man-sq/sq-keyserver-get.1 deleted file mode 100644 index eb7ff523..00000000 --- a/man-sq/sq-keyserver-get.1 +++ /dev/null @@ -1,51 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq keyserver get \- Retrieves a key -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyserver get\fR [\fIOPTIONS\fR] \fIQUERY\fR -.SH DESCRIPTION -Retrieves a key. -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-keyserver-send.1 b/man-sq/sq-keyserver-send.1 deleted file mode 100644 index 9a3a82e1..00000000 --- a/man-sq/sq-keyserver-send.1 +++ /dev/null @@ -1,45 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq keyserver send \- Sends a key -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyserver send\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Sends a key. -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-version\fR -Print version information -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-packet-decrypt.1 b/man-sq/sq-packet-decrypt.1 deleted file mode 100644 index 8ecf67e6..00000000 --- a/man-sq/sq-packet-decrypt.1 +++ /dev/null @@ -1,81 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq packet decrypt \- Unwraps an encryption container -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBpacket decrypt\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Unwraps an encryption container. -.PP -Decrypts a message, dumping the content of the encryption container -without further processing. The result is a valid OpenPGP message -that can, among other things, be inspected using "sq packet dump". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-dump\-session\-key\fR -Prints the session key to stderr -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR -Provides parameters for private key store -.TP -\fB\-\-recipient\-file\fR=\fIKEY_FILE\fR -Decrypts the message using the key in KEY_FILE -.TP -\fB\-\-session\-key\fR=\fISESSION\-KEY\fR -Decrypts an encrypted message using SESSION\-KEY -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Unwraps the encryption revealing the signed message -.PP -.nf -.RS -sq packet decrypt \-\-recipient\-file juliet.pgp ciphertext.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-packet-dump.1 b/man-sq/sq-packet-dump.1 deleted file mode 100644 index d269f61e..00000000 --- a/man-sq/sq-packet-dump.1 +++ /dev/null @@ -1,109 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq packet dump \- Lists packets -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBpacket dump\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Lists packets. -.PP -Creates a human\-readable description of the packet sequence. -Additionally, it can print cryptographic artifacts, and print the raw -octet stream similar to hexdump(1), annotating specifically which -bytes are parsed into OpenPGP values. -.PP -To inspect encrypted messages, either supply the session key, or see -"sq decrypt \-\-dump" or "sq packet decrypt". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-mpis\fR -Prints cryptographic artifacts -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-session\-key\fR=\fISESSION\-KEY\fR -Decrypts an encrypted message using SESSION\-KEY -.TP -\fB\-\-version\fR -Print version information -.TP -\fB\-x\fR, \fB\-\-hex\fR -Prints a hexdump -.SH EXAMPLES -.PP - -.PP -Prints the packets of a certificate -.PP -.nf -.RS -sq packet dump juliet.pgp -.RE -.fi -.PP - -.PP -Prints cryptographic artifacts of a certificate -.PP -.nf -.RS -sq packet dump \-\-mpis juliet.pgp -.RE -.fi -.PP - -.PP -Prints a hexdump of a certificate -.PP -.nf -.RS -sq packet dump \-\-hex juliet.pgp -.RE -.fi -.PP - -.PP -Prints the packets of an encrypted message -.PP -.nf -.RS -sq packet dump \-\-session\-key AAAABBBBCCCC... ciphertext.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-packet-join.1 b/man-sq/sq-packet-join.1 deleted file mode 100644 index c2a2f0ae..00000000 --- a/man-sq/sq-packet-join.1 +++ /dev/null @@ -1,84 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq packet join \- Joins packets split across files -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBpacket join\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Joins packets split across files. -.PP -Splitting a packet sequence into individual packets, then recombining -them freely with "sq packet join" is a great way to experiment with -OpenPGP data. -.PP -The converse operation is "sq packet split". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-label\fR=\fILABEL\fR -Selects the kind of armor header -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Split a certificate into individual packets -.PP -.nf -.RS -sq packet split juliet.pgp -.RE -.fi -.PP - -.PP -Then join only a subset of these packets -.PP -.nf -.RS -sq packet join juliet.pgp\-[0\-3]* -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-packet-split.1 b/man-sq/sq-packet-split.1 deleted file mode 100644 index ae88bb48..00000000 --- a/man-sq/sq-packet-split.1 +++ /dev/null @@ -1,68 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq packet split \- Splits a message into packets -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBpacket split\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Splits a message into packets. -.PP -Splitting a packet sequence into individual packets, then recombining -them freely with "sq packet join" is a great way to experiment with -OpenPGP data. -.PP -The converse operation is "sq packet join". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-p\fR, \fB\-\-prefix\fR=\fIPREFIX\fR -Writes to files with PREFIX [defaults: "FILE\-" if FILE is set, or "output\-" if read from stdin] -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Split a certificate into individual packets -.PP -.nf -.RS -sq packet split juliet.pgp -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-revoke-certificate.1 b/man-sq/sq-revoke-certificate.1 deleted file mode 100644 index f0b79d6f..00000000 --- a/man-sq/sq-revoke-certificate.1 +++ /dev/null @@ -1,76 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq revoke certificate \- Revoke a certificate -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBrevoke certificate\fR [\fIOPTIONS\fR] \fIREASON\fR \fIMESSAGE\fR -.SH DESCRIPTION -Revokes a certificate. -.PP -Creates a revocation certificate for the certificate. -.PP -If "\-\-revocation\-file" is provided, then that key is used to create -the signature. If that key is different from the certificate being -revoked, this creates a third\-party revocation. This is normally only -useful if the owner of the certificate designated the key to be a -designated revoker. -.PP -If "\-\-revocation\-file" is not provided, then the certificate must -include a certification\-capable key. -.PP - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-certificate\-file\fR=\fIFILE\fR -The certificate to revoke -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-notation\fR=\fINAME\fR -Adds a notation to the certification. -.TP -\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR -Provides parameters for private key store -.TP -\fB\-\-revocation\-file\fR=\fIKEY_FILE\fR -Signs the revocation certificate using the key in KEY_FILE -.TP -\fB\-t\fR, \fB\-\-time\fR=\fITIME\fR -Chooses keys valid at the specified time and sets the revocation certificate\*(Aqs creation time -.TP -\fB\-\-version\fR -Print version information -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-revoke-subkey.1 b/man-sq/sq-revoke-subkey.1 deleted file mode 100644 index 4c98ecd0..00000000 --- a/man-sq/sq-revoke-subkey.1 +++ /dev/null @@ -1,70 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq revoke subkey \- Revoke a subkey -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBrevoke subkey\fR [\fIOPTIONS\fR] \fISUBKEY\fR \fIREASON\fR \fIMESSAGE\fR -.SH DESCRIPTION -Revokes a subkey. -.PP -Creates a revocation certificate for a subkey. -.PP -If "\-\-revocation\-file" is provided, then that key is used to create the signature. If that key is different from the certificate being revoked, this creates a third\-party revocation. This is normally only useful if the owner of the certificate designated the key to be a designated revoker. -.PP -If "\-\-revocation\-file" is not provided, then the certificate must include a certification\-capable key. - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-certificate\-file\fR=\fIFILE\fR -The certificate containing the subkey to revoke -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-notation\fR=\fINAME\fR -Adds a notation to the certification. -.TP -\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR -Provides parameters for private key store -.TP -\fB\-\-revocation\-file\fR=\fIKEY_FILE\fR -Signs the revocation certificate using the key in KEY_FILE -.TP -\fB\-t\fR, \fB\-\-time\fR=\fITIME\fR -Chooses keys valid at the specified time and sets the revocation certificate\*(Aqs creation time -.TP -\fB\-\-version\fR -Print version information -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-revoke-userid.1 b/man-sq/sq-revoke-userid.1 deleted file mode 100644 index 650d8123..00000000 --- a/man-sq/sq-revoke-userid.1 +++ /dev/null @@ -1,70 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq revoke userid \- Revoke a User ID -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBrevoke userid\fR [\fIOPTIONS\fR] \fIUSERID\fR \fIREASON\fR \fIMESSAGE\fR -.SH DESCRIPTION -Revokes a User ID. -.PP -Creates a revocation certificate for a User ID. -.PP -If "\-\-revocation\-key" is provided, then that key is used to create the signature. If that key is different from the certificate being revoked, this creates a third\-party revocation. This is normally only useful if the owner of the certificate designated the key to be a designated revoker. -.PP -If "\-\-revocation\-key" is not provided, then the certificate must include a certification\-capable key. - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-certificate\-file\fR=\fICERT_FILE\fR -The certificate containing the User ID to revoke -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-notation\fR=\fINAME\fR -Adds a notation to the certification. -.TP -\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR -Provides parameters for private key store -.TP -\fB\-\-revocation\-file\fR=\fIKEY_FILE\fR -Signs the revocation certificate using the key in KEY_FILE -.TP -\fB\-t\fR, \fB\-\-time\fR=\fITIME\fR -Chooses keys valid at the specified time and sets the revocation certificate\*(Aqs creation time -.TP -\fB\-\-version\fR -Print version information -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-sign.1 b/man-sq/sq-sign.1 deleted file mode 100644 index 369d270a..00000000 --- a/man-sq/sq-sign.1 +++ /dev/null @@ -1,107 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq sign \- Signs messages or data files -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBsign\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Signs messages or data files. -.PP -Creates signed messages or detached signatures. Detached signatures -are often used to sign software packages. -.PP -The converse operation is "sq verify". -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-a\fR, \fB\-\-append\fR -Appends a signature to existing signature -.TP -\fB\-\-cleartext\-signature\fR -Creates a cleartext signature -.TP -\fB\-\-detached\fR -Creates a detached signature -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-merge\fR=\fISIGNED\-MESSAGE\fR -Merges signatures from the input and SIGNED\-MESSAGE -.TP -\fB\-n\fR, \fB\-\-notarize\fR -Signs a message and all existing signatures -.TP -\fB\-\-notation\fR=\fINAME\fR -Adds a notation to the certification. -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR -Provides parameters for private key store -.TP -\fB\-\-signer\-file\fR=\fIKEY_FILE\fR -Signs the message using the key in KEY_FILE -.TP -\fB\-t\fR, \fB\-\-time\fR=\fITIME\fR -Chooses keys valid at the specified time and sets the signature\*(Aqs creation time -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Create a signed message -.PP -.nf -.RS -sq sign \-\-signer\-file juliet.pgp message.txt -.RE -.fi -.PP - -.PP -Create a detached signature -.PP -.nf -.RS -sq sign \-\-detached \-\-signer\-file juliet.pgp message.txt -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-verify.1 b/man-sq/sq-verify.1 deleted file mode 100644 index ab5698f3..00000000 --- a/man-sq/sq-verify.1 +++ /dev/null @@ -1,100 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq verify \- Verifies signed messages or detached signatures -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBverify\fR [\fIOPTIONS\fR] \fIFILE\fR -.SH DESCRIPTION -Verifies signed messages or detached signatures. -.PP -When verifying signed messages, the message is written to stdout or -the file given to \-\-output. -.PP -When a detached message is verified, no output is produced. Detached -signatures are often used to sign software packages. -.PP -Verification is only successful if there is no bad signature, and the -number of successfully verified signatures reaches the threshold -configured with the "\-\-signatures" parameter. If the verification -fails, the program terminates with an exit status indicating failure. -In addition to that, the last 25 MiB of the message are withheld, -i.e. if the message is smaller than 25 MiB, no output is produced, and -if it is larger, then the output will be truncated. -.PP -The converse operation is "sq sign". -.PP -If you are looking for a standalone program to verify detached -signatures, consider using sequoia\-sqv. -.PP - - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-detached\fR=\fISIG\fR -Verifies a detached signature -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-n\fR, \fB\-\-signatures\fR=\fIN\fR -Sets the threshold of valid signatures to N -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-signer\-file\fR=\fICERT_FILE\fR -Verifies signatures using the certificate in CERT_FILE -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Verify a signed message -.PP -.nf -.RS -sq verify \-\-signer\-file juliet.pgp signed\-message.pgp -.RE -.fi -.PP - -.PP -Verify a detached message -.PP -.nf -.RS -sq verify \-\-signer\-file juliet.pgp \-\-detached message.sig message.txt -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-wkd-direct-url.1 b/man-sq/sq-wkd-direct-url.1 deleted file mode 100644 index f46f6672..00000000 --- a/man-sq/sq-wkd-direct-url.1 +++ /dev/null @@ -1,45 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq wkd direct\-url \- Prints the direct Web Key Directory URL of an email address. -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBwkd direct\-url\fR [\fIOPTIONS\fR] \fIADDRESS\fR -.SH DESCRIPTION -Prints the direct Web Key Directory URL of an email address. -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-version\fR -Print version information -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-wkd-generate.1 b/man-sq/sq-wkd-generate.1 deleted file mode 100644 index 9144ad53..00000000 --- a/man-sq/sq-wkd-generate.1 +++ /dev/null @@ -1,70 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq wkd generate \- Generates a Web Key Directory for the given domain and keys. -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBwkd generate\fR [\fIOPTIONS\fR] \fIWEB\-ROOT\fR \fIFQDN\fR \fICERT\-RING\fR -.SH DESCRIPTION -Generates a Web Key Directory for the given domain and keys. -.PP -If the WKD exists, the new keys will be inserted and it is updated and existing ones will be updated. -.PP -A WKD is per domain, and can be queried using the advanced or the direct method. The advanced method uses a URL with a subdomain \*(Aqopenpgpkey\*(Aq. As per the specification, the advanced method is to be preferred. The direct method may only be used if the subdomain doesn\*(Aqt exist. The advanced method allows web key directories for several domains on one web server. -.PP -The contents of the generated WKD must be copied to a web server so that they are accessible under https://openpgpkey.example.com/.well\-known/openpgp/... for the advanced version, and https://example.com/.well\-known/openpgp/... for the direct version. sq does not copy files to the web server. -.PP - -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-d\fR, \fB\-\-direct\-method\fR -Uses the direct method [default: advanced method] -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-s\fR, \fB\-\-skip\fR -Skips certificates that do not have User IDs for given domain. -.TP -\fB\-\-version\fR -Print version information -.SH EXAMPLES -.PP - -.PP -Generate a WKD in /tmp/wkdroot from certs.pgp for example.com. -.PP -.nf -.RS -sq wkd generate /tmp/wkdroot example.com certs.ppg -.RE -.fi -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-wkd-get.1 b/man-sq/sq-wkd-get.1 deleted file mode 100644 index f33cb121..00000000 --- a/man-sq/sq-wkd-get.1 +++ /dev/null @@ -1,51 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq wkd get \- Queries for certs using Web Key Directory -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBwkd get\fR [\fIOPTIONS\fR] \fIADDRESS\fR -.SH DESCRIPTION -Queries for certs using Web Key Directory. -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-B\fR, \fB\-\-binary\fR -Emits binary data -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR -Writes to FILE or stdout if omitted -.TP -\fB\-\-version\fR -Print version information -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq-wkd-url.1 b/man-sq/sq-wkd-url.1 deleted file mode 100644 index de4b7808..00000000 --- a/man-sq/sq-wkd-url.1 +++ /dev/null @@ -1,45 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq wkd url \- Prints the advanced Web Key Directory URL of an email address. -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBwkd url\fR [\fIOPTIONS\fR] \fIADDRESS\fR -.SH DESCRIPTION -Prints the advanced Web Key Directory URL of an email address. -.SH OPTIONS -.SS "Global options" -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SS "Subcommand options" -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-version\fR -Print version information -.SH "SEE ALSO" -.nh -\fBsq\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle) diff --git a/man-sq/sq.1 b/man-sq/sq.1 deleted file mode 100644 index 7bebbe98..00000000 --- a/man-sq/sq.1 +++ /dev/null @@ -1,1182 +0,0 @@ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.TH SQ 1 0.28.0 Sequoia-PGP "User Commands" -.SH NAME -sq \- A command\-line frontend for Sequoia, an implementation of OpenPGP -.SH SYNOPSIS -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBarmor\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBautocrypt decode\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBautocrypt encode\-sender\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBcertify\fR [\fIOPTIONS\fR] \fICERTIFIER\-KEY\fR \fICERTIFICATE\fR \fIUSERID\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBdane get\fR [\fIOPTIONS\fR] \fIADDRESS\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBdearmor\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBdecrypt\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBencrypt\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBinspect\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey generate\fR [\fIOPTIONS\fR] -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey password\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey userid add\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey userid strip\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey extract\-cert\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey attest\-certifications\fR [\fIOPTIONS\fR] \fIKEY\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkey adopt\fR [\fIOPTIONS\fR] \fITARGET\-KEY\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring list\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring split\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring join\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring merge\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyring filter\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyserver get\fR [\fIOPTIONS\fR] \fIQUERY\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBkeyserver send\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBoutput\-versions\fR [\fIOPTIONS\fR] -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBpacket dump\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBpacket decrypt\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBpacket split\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBpacket join\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBrevoke certificate\fR [\fIOPTIONS\fR] \fIREASON\fR \fIMESSAGE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBrevoke subkey\fR [\fIOPTIONS\fR] \fISUBKEY\fR \fIREASON\fR \fIMESSAGE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBrevoke userid\fR [\fIOPTIONS\fR] \fIUSERID\fR \fIREASON\fR \fIMESSAGE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBsign\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBverify\fR [\fIOPTIONS\fR] \fIFILE\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBwkd generate\fR [\fIOPTIONS\fR] \fIWEB\-ROOT\fR \fIFQDN\fR \fICERT\-RING\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBwkd get\fR [\fIOPTIONS\fR] \fIADDRESS\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBwkd direct\-url\fR [\fIOPTIONS\fR] \fIADDRESS\fR -.br -\fBsq\fR [\fIGLOBAL OPTIONS\fR] \fBwkd url\fR [\fIOPTIONS\fR] \fIADDRESS\fR -.SH DESCRIPTION -A command\-line frontend for Sequoia, an implementation of OpenPGP. -.PP -Functionality is grouped and available using subcommands. Currently, -this interface is completely stateless. Therefore, you need to supply -all configuration and certificates explicitly on each invocation. -.PP -OpenPGP data can be provided in binary or ASCII armored form. This -will be handled automatically. Emitted OpenPGP data is ASCII armored -by default. -.PP -We use the term "certificate", or cert for short, to refer to OpenPGP -keys that do not contain secrets. Conversely, we use the term "key" -to refer to OpenPGP keys that do contain secrets. -.PP - -.SH OPTIONS -.TP -\fB\-f\fR, \fB\-\-force\fR -Overwrites existing files -.TP -\fB\-\-help\fR -Print help information -.TP -\fB\-\-known\-notation\fR=\fINOTATION\fR -Adds NOTATION to the list of known notations -.TP -\fB\-\-output\-format\fR=\fIFORMAT\fR -Produces output in FORMAT, if possible -.TP -\fB\-\-output\-version\fR=\fIVERSION\fR -Produces output variant VERSION. -.TP -\fB\-\-version\fR -Print version information -.SH SUBCOMMANDS -.SS "sq armor" -Converts binary to ASCII. -.PP -To make encrypted data easier to handle and transport, OpenPGP data -can be transformed to an ASCII representation called ASCII Armor. sq -emits armored data by default, but this subcommand can be used to -convert existing OpenPGP data to its ASCII\-encoded representation. -.PP -The converse operation is "sq dearmor". -.PP - - -.SS "sq autocrypt decode" -Reads Autocrypt\-encoded certificates. -.PP -Given an autocrypt header (or an key\-gossip header), this command -extracts the certificate encoded within it. -.PP -The converse operation is "sq autocrypt encode\-sender". -.PP - - -.SS "sq autocrypt encode-sender" -Encodes a certificate into an Autocrypt header. -.PP -A certificate can be encoded and included in a header of an email -message. This command encodes the certificate, adds the senders email -address (which must match the one used in the "From" header), and the -senders "prefer\-encrypt" state (see the Autocrypt spec for more -information). -.PP -The converse operation is "sq autocrypt decode". -.PP - - -.SS "sq certify" -Certifies a User ID for a Certificate. -.PP -Using a certification a keyholder may vouch for the fact that another -certificate legitimately belongs to a user id. In the context of -emails this means that the same entity controls the key and the email -address. These kind of certifications form the basis for the Web Of -Trust. -.PP -This command emits the certificate with the new certification. The -updated certificate has to be distributed, preferably by sending it to -the certificate holder for attestation. See also "sq key -attest\-certification". -.PP - - -.SS "sq dane get" -Queries for certs using DANE. -.SS "sq dearmor" -Converts ASCII to binary. -.PP -To make encrypted data easier to handle and transport, OpenPGP data -can be transformed to an ASCII representation called ASCII Armor. sq -transparently handles armored data, but this subcommand can be used to -explicitly convert existing ASCII\-encoded OpenPGP data to its binary -representation. -.PP -The converse operation is "sq armor". -.PP - - -.SS "sq decrypt" -Decrypts a message. -.PP -Decrypts a message using either supplied keys, or by prompting for a -password. If message tampering is detected, an error is returned. -See below for details. -.PP -If certificates are supplied using the "\-\-signer\-cert" option, any -signatures that are found are checked using these certificates. -Verification is only successful if there is no bad signature, and the -number of successfully verified signatures reaches the threshold -configured with the "\-\-signatures" parameter. -.PP -If the signature verification fails, or if message tampering is -detected, the program terminates with an exit status indicating -failure. In addition to that, the last 25 MiB of the message are -withheld, i.e. if the message is smaller than 25 MiB, no output is -produced, and if it is larger, then the output will be truncated. -.PP -The converse operation is "sq encrypt". -.PP - - -.SS "sq encrypt" -Encrypts a message. -.PP -Encrypts a message for any number of recipients and with any number of -passwords, optionally signing the message in the process. -.PP -The converse operation is "sq decrypt". -.PP - - -.SS "sq inspect" -Inspects data, like file(1). -.PP -It is often difficult to tell from cursory inspection using cat(1) or -file(1) what kind of OpenPGP one is looking at. This subcommand -inspects the data and provides a meaningful human\-readable description -of it. -.PP - - -.SS "sq key adopt" -Binds keys from one certificate to another. -.PP -This command allows one to transfer primary keys and subkeys into an -existing certificate. Say you want to transition to a new -certificate, but have an authentication subkey on your current -certificate. You want to keep the authentication subkey because it -allows access to SSH servers and updating their configuration is not -feasible. -.PP - - -.SS "sq key attest-certifications" -Attests to third\-party certifications allowing for their distribution. -.PP -To prevent certificate flooding attacks, modern key servers prevent -uncontrolled distribution of third\-party certifications on -certificates. To make the key holder the sovereign over the -information over what information is distributed with the certificate, -the key holder needs to explicitly attest to third\-party -certifications. -.PP -After the attestation has been created, the certificate has to be -distributed, e.g. by uploading it to a keyserver. -.PP - - -.SS "sq key extract-cert" -Converts a key to a cert. -.PP -After generating a key, use this command to get the certificate -corresponding to the key. The key must be kept secure, while the -certificate should be handed out to correspondents, e.g. by uploading -it to a keyserver. -.PP - - -.SS "sq key generate" -Generates a new key. -.PP -Generating a key is the prerequisite to receiving encrypted messages -and creating signatures. There are a few parameters to this process, -but we provide reasonable defaults for most users. -.PP -When generating a key, we also generate a revocation certificate. -This can be used in case the key is superseded, lost, or compromised. -It is a good idea to keep a copy of this in a safe place. -.PP -After generating a key, use "sq key extract\-cert" to get the -certificate corresponding to the key. The key must be kept secure, -while the certificate should be handed out to correspondents, e.g. by -uploading it to a keyserver. -.PP - - -.SS "sq key password" -Changes password protecting secrets. -.PP -Secret key material in keys can be protected by a password. This -subcommand changes or clears this encryption password. -.PP -To emit the key with unencrypted secrets, either use `\-\-clear` or -supply a zero\-length password when prompted for the new password. -.PP - - -.SS "sq key userid add" -Adds a User ID. -.PP -A User ID can contain a name, like "Juliet" or an email address, like -"". Historically, a name and email address were often -combined as a single User ID, like "Juliet ". -.PP - - -.SS "sq key userid strip" -Strips a User ID. -.PP -Note that this operation does not reliably remove User IDs from a -certificate that has already been disseminated! (OpenPGP software -typically appends new information it receives about a certificate -to its local copy of that certificate. Systems that have obtained -a copy of your certificate with the User ID that you are trying to -strip will not drop that User ID from their copy.) -.PP -In most cases, you will want to use the \*(Aqsq revoke userid\*(Aq operation -instead. That issues a revocation for a User ID, which can be used to mark -the User ID as invalidated. -.PP -However, this operation can be useful in very specific cases, in particular: -to remove a mistakenly added User ID before it has been uploaded to key -servers or otherwise shared. -.PP -Stripping a User ID may change how a certificate is interpreted. This -is because information about the certificate like algorithm preferences, -the primary key\*(Aqs key flags, etc. is stored in the User ID\*(Aqs binding -signature. -.PP - - -.SS "sq keyring filter" -Joins keys into a keyring applying a filter. -.PP -This can be used to filter keys based on given predicates, -e.g. whether they have a user id containing an email address with a -certain domain. Additionally, the keys can be pruned to only include -components matching the predicates. -.PP -If no filters are supplied, everything matches. -.PP -If multiple predicates are given, they are or\*(Aqed, i.e. a key matches -if any of the predicates match. To require all predicates to match, -chain multiple invocations of this command. See EXAMPLES for -inspiration. -.PP - - -.SS "sq keyring join" -Joins keys or keyrings into a single keyring. -.PP -Unlike "sq keyring merge", multiple versions of the same key are not -merged together. -.PP -The converse operation is "sq keyring split". -.PP - - -.SS "sq keyring list" -Lists keys in a keyring. -.PP -Prints the fingerprint as well as the primary userid for every -certificate encountered in the keyring. -.PP - - -.SS "sq keyring merge" -Merges keys or keyrings into a single keyring. -.PP -Unlike "sq keyring join", the certificates are buffered and multiple -versions of the same certificate are merged together. Where data is -replaced (e.g., secret key material), data from the later certificate -is preferred. -.PP - - -.SS "sq keyring split" -Splits a keyring into individual keys. -.PP -Splitting up a keyring into individual keys helps with curating a -keyring. -.PP -The converse operation is "sq keyring join". -.PP - - -.SS "sq keyserver get" -Retrieves a key. -.SS "sq keyserver send" -Sends a key. -.SS "sq output-versions" -List supported output versions. -.SS "sq packet decrypt" -Unwraps an encryption container. -.PP -Decrypts a message, dumping the content of the encryption container -without further processing. The result is a valid OpenPGP message -that can, among other things, be inspected using "sq packet dump". -.PP - - -.SS "sq packet dump" -Lists packets. -.PP -Creates a human\-readable description of the packet sequence. -Additionally, it can print cryptographic artifacts, and print the raw -octet stream similar to hexdump(1), annotating specifically which -bytes are parsed into OpenPGP values. -.PP -To inspect encrypted messages, either supply the session key, or see -"sq decrypt \-\-dump" or "sq packet decrypt". -.PP - - -.SS "sq packet join" -Joins packets split across files. -.PP -Splitting a packet sequence into individual packets, then recombining -them freely with "sq packet join" is a great way to experiment with -OpenPGP data. -.PP -The converse operation is "sq packet split". -.PP - - -.SS "sq packet split" -Splits a message into packets. -.PP -Splitting a packet sequence into individual packets, then recombining -them freely with "sq packet join" is a great way to experiment with -OpenPGP data. -.PP -The converse operation is "sq packet join". -.PP - - -.SS "sq revoke certificate" -Revokes a certificate. -.PP -Creates a revocation certificate for the certificate. -.PP -If "\-\-revocation\-file" is provided, then that key is used to create -the signature. If that key is different from the certificate being -revoked, this creates a third\-party revocation. This is normally only -useful if the owner of the certificate designated the key to be a -designated revoker. -.PP -If "\-\-revocation\-file" is not provided, then the certificate must -include a certification\-capable key. -.PP - -.SS "sq revoke subkey" -Revokes a subkey. -.PP -Creates a revocation certificate for a subkey. -.PP -If "\-\-revocation\-file" is provided, then that key is used to create the signature. If that key is different from the certificate being revoked, this creates a third\-party revocation. This is normally only useful if the owner of the certificate designated the key to be a designated revoker. -.PP -If "\-\-revocation\-file" is not provided, then the certificate must include a certification\-capable key. - -.SS "sq revoke userid" -Revokes a User ID. -.PP -Creates a revocation certificate for a User ID. -.PP -If "\-\-revocation\-key" is provided, then that key is used to create the signature. If that key is different from the certificate being revoked, this creates a third\-party revocation. This is normally only useful if the owner of the certificate designated the key to be a designated revoker. -.PP -If "\-\-revocation\-key" is not provided, then the certificate must include a certification\-capable key. - -.SS "sq sign" -Signs messages or data files. -.PP -Creates signed messages or detached signatures. Detached signatures -are often used to sign software packages. -.PP -The converse operation is "sq verify". -.PP - - -.SS "sq verify" -Verifies signed messages or detached signatures. -.PP -When verifying signed messages, the message is written to stdout or -the file given to \-\-output. -.PP -When a detached message is verified, no output is produced. Detached -signatures are often used to sign software packages. -.PP -Verification is only successful if there is no bad signature, and the -number of successfully verified signatures reaches the threshold -configured with the "\-\-signatures" parameter. If the verification -fails, the program terminates with an exit status indicating failure. -In addition to that, the last 25 MiB of the message are withheld, -i.e. if the message is smaller than 25 MiB, no output is produced, and -if it is larger, then the output will be truncated. -.PP -The converse operation is "sq sign". -.PP -If you are looking for a standalone program to verify detached -signatures, consider using sequoia\-sqv. -.PP - - -.SS "sq wkd direct-url" -Prints the direct Web Key Directory URL of an email address. -.SS "sq wkd generate" -Generates a Web Key Directory for the given domain and keys. -.PP -If the WKD exists, the new keys will be inserted and it is updated and existing ones will be updated. -.PP -A WKD is per domain, and can be queried using the advanced or the direct method. The advanced method uses a URL with a subdomain \*(Aqopenpgpkey\*(Aq. As per the specification, the advanced method is to be preferred. The direct method may only be used if the subdomain doesn\*(Aqt exist. The advanced method allows web key directories for several domains on one web server. -.PP -The contents of the generated WKD must be copied to a web server so that they are accessible under https://openpgpkey.example.com/.well\-known/openpgp/... for the advanced version, and https://example.com/.well\-known/openpgp/... for the direct version. sq does not copy files to the web server. -.PP - -.SS "sq wkd get" -Queries for certs using Web Key Directory. -.SS "sq wkd url" -Prints the advanced Web Key Directory URL of an email address. -.SH EXAMPLES -.SS "sq armor" -.PP - -.PP -Convert a binary certificate to ASCII -.PP -.nf -.RS -sq armor binary\-juliet.pgp -.RE -.fi -.PP - -.PP -Convert a binary message to ASCII -.PP -.nf -.RS -sq armor binary\-message.pgp -.RE -.fi -.PP -.SS "sq autocrypt decode" -.PP - -.PP -Extract all certificates from a mail -.PP -.nf -.RS -sq autocrypt decode autocrypt.eml -.RE -.fi -.PP -.SS "sq autocrypt encode-sender" -.PP - -.PP -Encodes a certificate -.PP -.nf -.RS -sq autocrypt encode\-sender juliet.pgp -.RE -.fi -.PP - -.PP -Encodes a certificate with an explicit sender address -.PP -.nf -.RS -sq autocrypt encode\-sender \-\-email juliet@example.org juliet.pgp -.RE -.fi -.PP - -.PP -Encodes a certificate while indicating the willingness to encrypt -.PP -.nf -.RS -sq autocrypt encode\-sender \-\-prefer\-encrypt mutual juliet.pgp -.RE -.fi -.PP -.SS "sq certify" -.PP - -.PP -Juliet certifies that Romeo controls romeo.pgp and romeo@example.org -.PP -.nf -.RS -sq certify juliet.pgp romeo.pgp "" -.RE -.fi -.PP -.SS "sq dearmor" -.PP - -.PP -Convert a ASCII certificate to binary -.PP -.nf -.RS -sq dearmor ascii\-juliet.pgp -.RE -.fi -.PP - -.PP -Convert a ASCII message to binary -.PP -.nf -.RS -sq dearmor ascii\-message.pgp -.RE -.fi -.PP -.SS "sq decrypt" -.PP - -.PP -Decrypt a file using a secret key -.PP -.nf -.RS -sq decrypt \-\-recipient\-file juliet.pgp ciphertext.pgp -.RE -.fi -.PP - -.PP -Decrypt a file verifying signatures -.PP -.nf -.RS -sq decrypt \-\-recipient\-file juliet.pgp \-\-signer\-file romeo.pgp ciphertext.pgp -.RE -.fi -.PP - -.PP -Decrypt a file using a password -.PP -.nf -.RS -sq decrypt ciphertext.pgp -.RE -.fi -.PP -.SS "sq encrypt" -.PP - -.PP -Encrypt a file using a certificate -.PP -.nf -.RS -sq encrypt \-\-recipient\-file romeo.pgp message.txt -.RE -.fi -.PP - -.PP -Encrypt a file creating a signature in the process -.PP -.nf -.RS -sq encrypt \-\-recipient\-file romeo.pgp \-\-signer\-file juliet.pgp message.txt -.RE -.fi -.PP - -.PP -Encrypt a file using a password -.PP -.nf -.RS -sq encrypt \-\-symmetric message.txt -.RE -.fi -.PP -.SS "sq inspect" -.PP - -.PP -Inspects a certificate -.PP -.nf -.RS -sq inspect juliet.pgp -.RE -.fi -.PP - -.PP -Inspects a certificate ring -.PP -.nf -.RS -sq inspect certs.pgp -.RE -.fi -.PP - -.PP -Inspects a message -.PP -.nf -.RS -sq inspect message.pgp -.RE -.fi -.PP - -.PP -Inspects a detached signature -.PP -.nf -.RS -sq inspect message.sig -.RE -.fi -.PP -.SS "sq key adopt" -.PP - -.PP -Adopt an subkey into the new cert -.PP -.nf -.RS -sq key adopt \-\-keyring juliet\-old.pgp \-\-key 0123456789ABCDEF \-\- juliet\-new.pgp -.RE -.fi -.PP -.SS "sq key attest-certifications" -.PP - -.PP -Attest to all certifications present on the key -.PP -.nf -.RS -sq key attest\-certifications juliet.pgp -.RE -.fi -.PP - -.PP -Retract prior attestations on the key -.PP -.nf -.RS -sq key attest\-certifications \-\-none juliet.pgp -.RE -.fi -.PP -.SS "sq key extract-cert" -.PP - -.PP -First, this generates a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, this extracts the certificate for distribution -.PP -.nf -.RS -sq key extract\-cert \-\-output juliet.cert.pgp juliet.key.pgp -.RE -.fi -.PP -.SS "sq key generate" -.PP - -.PP -First, this generates a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, this extracts the certificate for distribution -.PP -.nf -.RS -sq key extract\-cert \-\-output juliet.cert.pgp juliet.key.pgp -.RE -.fi -.PP - -.PP -Generates a key protecting it with a password -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-with\-password -.RE -.fi -.PP - -.PP -Generates a key with multiple userids -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-userid "Juliet Capulet" -.RE -.fi -.PP -.SS "sq key password" -.PP - -.PP -First, generate a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, encrypt the secrets in the key with a password. -.PP -.nf -.RS -sq key password < juliet.key.pgp > juliet.encrypted_key.pgp -.RE -.fi -.PP - -.PP -And remove the password again. -.PP -.nf -.RS -sq key password \-\-clear < juliet.encrypted_key.pgp > juliet.decrypted_key.pgp -.RE -.fi -.PP -.SS "sq key userid add" -.PP - -.PP -First, this generates a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, this adds a User ID -.PP -.nf -.RS -sq key userid add \-\-userid "Juliet" juliet.key.pgp \\ -.RE -.fi -.PP - \-\-output juliet\-new.key.pgp -.PP -.SS "sq key userid strip" -.PP - -.PP -First, this generates a key -.PP -.nf -.RS -sq key generate \-\-userid "" \-\-export juliet.key.pgp -.RE -.fi -.PP - -.PP -Then, this strips a User ID -.PP -.nf -.RS -sq key userid strip \-\-userid "" \\ -.RE -.fi -.PP - \-\-output juliet\-new.key.pgp juliet.key.pgp -.PP -.SS "sq keyring filter" -.PP - -.PP -Converts a key to a cert (i.e., remove any secret key material) -.PP -.nf -.RS -sq keyring filter \-\-to\-cert cat juliet.pgp -.RE -.fi -.PP - -.PP -Gets the keys with a user id on example.org -.PP -.nf -.RS -sq keyring filter \-\-domain example.org keys.pgp -.RE -.fi -.PP - -.PP -Gets the keys with a user id on example.org or example.net -.PP -.nf -.RS -sq keyring filter \-\-domain example.org \-\-domain example.net keys.pgp -.RE -.fi -.PP - -.PP -Gets the keys with a user id with the name Juliet -.PP -.nf -.RS -sq keyring filter \-\-name Juliet keys.pgp -.RE -.fi -.PP - -.PP -Gets the keys with a user id with the name Juliet on example.org -.PP -.nf -.RS -sq keyring filter \-\-domain example.org keys.pgp | \\ -.RE -.fi -.PP - sq keyring filter \-\-name Juliet -.PP - -.PP -Gets the keys with a user id on example.org, pruning other userids -.PP -.nf -.RS -sq keyring filter \-\-domain example.org \-\-prune\-certs certs.pgp -.RE -.fi -.PP -.SS "sq keyring join" -.PP - -.PP -Collect certs for an email conversation -.PP -.nf -.RS -sq keyring join juliet.pgp romeo.pgp alice.pgp -.RE -.fi -.PP -.SS "sq keyring list" -.PP - -.PP -List all certs -.PP -.nf -.RS -sq keyring list certs.pgp -.RE -.fi -.PP - -.PP -List all certs with a userid on example.org -.PP -.nf -.RS -sq keyring filter \-\-domain example.org certs.pgp | sq keyring list -.RE -.fi -.PP -.SS "sq keyring merge" -.PP - -.PP -Merge certificate updates -.PP -.nf -.RS -sq keyring merge certs.pgp romeo\-updates.pgp -.RE -.fi -.PP -.SS "sq keyring split" -.PP - -.PP -Split all certs -.PP -.nf -.RS -sq keyring split certs.pgp -.RE -.fi -.PP - -.PP -Split all certs, merging them first to avoid duplicates -.PP -.nf -.RS -sq keyring merge certs.pgp | sq keyring split -.RE -.fi -.PP -.SS "sq packet decrypt" -.PP - -.PP -Unwraps the encryption revealing the signed message -.PP -.nf -.RS -sq packet decrypt \-\-recipient\-file juliet.pgp ciphertext.pgp -.RE -.fi -.PP -.SS "sq packet dump" -.PP - -.PP -Prints the packets of a certificate -.PP -.nf -.RS -sq packet dump juliet.pgp -.RE -.fi -.PP - -.PP -Prints cryptographic artifacts of a certificate -.PP -.nf -.RS -sq packet dump \-\-mpis juliet.pgp -.RE -.fi -.PP - -.PP -Prints a hexdump of a certificate -.PP -.nf -.RS -sq packet dump \-\-hex juliet.pgp -.RE -.fi -.PP - -.PP -Prints the packets of an encrypted message -.PP -.nf -.RS -sq packet dump \-\-session\-key AAAABBBBCCCC... ciphertext.pgp -.RE -.fi -.PP -.SS "sq packet join" -.PP - -.PP -Split a certificate into individual packets -.PP -.nf -.RS -sq packet split juliet.pgp -.RE -.fi -.PP - -.PP -Then join only a subset of these packets -.PP -.nf -.RS -sq packet join juliet.pgp\-[0\-3]* -.RE -.fi -.PP -.SS "sq packet split" -.PP - -.PP -Split a certificate into individual packets -.PP -.nf -.RS -sq packet split juliet.pgp -.RE -.fi -.PP -.SS "sq sign" -.PP - -.PP -Create a signed message -.PP -.nf -.RS -sq sign \-\-signer\-file juliet.pgp message.txt -.RE -.fi -.PP - -.PP -Create a detached signature -.PP -.nf -.RS -sq sign \-\-detached \-\-signer\-file juliet.pgp message.txt -.RE -.fi -.PP -.SS "sq verify" -.PP - -.PP -Verify a signed message -.PP -.nf -.RS -sq verify \-\-signer\-file juliet.pgp signed\-message.pgp -.RE -.fi -.PP - -.PP -Verify a detached message -.PP -.nf -.RS -sq verify \-\-signer\-file juliet.pgp \-\-detached message.sig message.txt -.RE -.fi -.PP -.SS "sq wkd generate" -.PP - -.PP -Generate a WKD in /tmp/wkdroot from certs.pgp for example.com. -.PP -.nf -.RS -sq wkd generate /tmp/wkdroot example.com certs.ppg -.RE -.fi -.PP -.SH "SEE ALSO" -.nh -\fBsq\-armor\fR(1), \fBsq\-autocrypt\-decode\fR(1), \fBsq\-autocrypt\-encode\-sender\fR(1), \fBsq\-certify\fR(1), \fBsq\-dane\-get\fR(1), \fBsq\-dearmor\fR(1), \fBsq\-decrypt\fR(1), \fBsq\-encrypt\fR(1), \fBsq\-inspect\fR(1), \fBsq\-key\-adopt\fR(1), \fBsq\-key\-attest\-certifications\fR(1), \fBsq\-key\-extract\-cert\fR(1), \fBsq\-key\-generate\fR(1), \fBsq\-key\-password\fR(1), \fBsq\-key\-userid\-add\fR(1), \fBsq\-key\-userid\-strip\fR(1), \fBsq\-keyring\-filter\fR(1), \fBsq\-keyring\-join\fR(1), \fBsq\-keyring\-list\fR(1), \fBsq\-keyring\-merge\fR(1), \fBsq\-keyring\-split\fR(1), \fBsq\-keyserver\-get\fR(1), \fBsq\-keyserver\-send\fR(1), \fBsq\-output\-versions\fR(1), \fBsq\-packet\-decrypt\fR(1), \fBsq\-packet\-dump\fR(1), \fBsq\-packet\-join\fR(1), \fBsq\-packet\-split\fR(1), \fBsq\-revoke\-certificate\fR(1), \fBsq\-revoke\-subkey\fR(1), \fBsq\-revoke\-userid\fR(1), \fBsq\-sign\fR(1), \fBsq\-verify\fR(1), \fBsq\-wkd\-direct\-url\fR(1), \fBsq\-wkd\-generate\fR(1), \fBsq\-wkd\-get\fR(1), \fBsq\-wkd\-url\fR(1). -.hy -.PP -For the full documentation see . -.SH VERSION -0.28.0 (sequoia\-openpgp 1.13.0, using Nettle)