From 545fcfb5e0deef8c0c6618fb478fc12294ecfc1d Mon Sep 17 00:00:00 2001 From: Nora Widdecke Date: Thu, 14 Jul 2022 10:38:30 +0200 Subject: sq: Update manpages. - The manpages have been generated with the nora/clap3-man branch. - We needed to fork clap to - add the SEE ALSO section - rename the EXTRA section to EXAMPLES - display possible values (upstream issue https://github.com/clap-rs/clap/issues/3861) - Hide the help subcommand from the subcommands list We will work with upstream to provide the required functionality, so we can use upstream clap again. --- sq/man-sq-autocrypt/sq-armor.1 | 91 ++++---- sq/man-sq-autocrypt/sq-autocrypt-decode.1 | 80 +++---- sq/man-sq-autocrypt/sq-autocrypt-encode-sender.1 | 107 +++++---- sq/man-sq-autocrypt/sq-autocrypt.1 | 80 +++---- sq/man-sq-autocrypt/sq-certify.1 | 137 ++++++----- sq/man-sq-autocrypt/sq-dearmor.1 | 86 +++---- sq/man-sq-autocrypt/sq-decrypt.1 | 133 ++++++----- sq/man-sq-autocrypt/sq-encrypt.1 | 138 +++++------ sq/man-sq-autocrypt/sq-inspect.1 | 106 +++++---- sq/man-sq-autocrypt/sq-key-adopt.1 | 96 ++++---- sq/man-sq-autocrypt/sq-key-attest-certifications.1 | 99 ++++---- sq/man-sq-autocrypt/sq-key-extract-cert.1 | 93 ++++---- sq/man-sq-autocrypt/sq-key-generate.1 | 170 ++++++++------ sq/man-sq-autocrypt/sq-key-password.1 | 79 +++++++ sq/man-sq-autocrypt/sq-key-userid-add.1 | 90 ++++++++ sq/man-sq-autocrypt/sq-key-userid-strip.1 | 88 +++++++ sq/man-sq-autocrypt/sq-key-userid.1 | 48 ++++ sq/man-sq-autocrypt/sq-key.1 | 120 ++++------ sq/man-sq-autocrypt/sq-keyring-filter.1 | 173 ++++++++------ sq/man-sq-autocrypt/sq-keyring-join.1 | 85 +++---- sq/man-sq-autocrypt/sq-keyring-list.1 | 89 +++++--- sq/man-sq-autocrypt/sq-keyring-merge.1 | 81 ++++--- sq/man-sq-autocrypt/sq-keyring-split.1 | 94 ++++---- sq/man-sq-autocrypt/sq-keyring.1 | 111 ++++----- sq/man-sq-autocrypt/sq-keyserver-get.1 | 42 ++++ sq/man-sq-autocrypt/sq-keyserver-send.1 | 36 +++ sq/man-sq-autocrypt/sq-keyserver.1 | 46 ++++ sq/man-sq-autocrypt/sq-packet-decrypt.1 | 93 ++++---- sq/man-sq-autocrypt/sq-packet-dump.1 | 123 +++++----- sq/man-sq-autocrypt/sq-packet-join.1 | 99 ++++---- sq/man-sq-autocrypt/sq-packet-split.1 | 80 ++++--- sq/man-sq-autocrypt/sq-packet.1 | 96 +++----- sq/man-sq-autocrypt/sq-revoke-certificate.1 | 96 ++++++++ sq/man-sq-autocrypt/sq-revoke-subkey.1 | 90 ++++++++ sq/man-sq-autocrypt/sq-revoke-userid.1 | 78 +++++++ sq/man-sq-autocrypt/sq-revoke.1 | 82 +++++++ sq/man-sq-autocrypt/sq-sign.1 | 114 +++++----- sq/man-sq-autocrypt/sq-verify.1 | 103 +++++---- sq/man-sq-autocrypt/sq-wkd-direct-url.1 | 38 ++++ sq/man-sq-autocrypt/sq-wkd-generate.1 | 66 ++++++ sq/man-sq-autocrypt/sq-wkd-get.1 | 44 ++++ sq/man-sq-autocrypt/sq-wkd-url.1 | 38 ++++ sq/man-sq-autocrypt/sq-wkd.1 | 51 +++++ sq/man-sq-autocrypt/sq.1 | 253 ++++++--------------- sq/man-sq-net-autocrypt/sq-armor.1 | 56 ----- sq/man-sq-net-autocrypt/sq-autocrypt-decode.1 | 51 ----- .../sq-autocrypt-encode-sender.1 | 64 ------ sq/man-sq-net-autocrypt/sq-autocrypt.1 | 61 ----- sq/man-sq-net-autocrypt/sq-certify.1 | 98 -------- sq/man-sq-net-autocrypt/sq-dearmor.1 | 53 ----- sq/man-sq-net-autocrypt/sq-decrypt.1 | 90 -------- sq/man-sq-net-autocrypt/sq-encrypt.1 | 85 ------- sq/man-sq-net-autocrypt/sq-inspect.1 | 56 ----- sq/man-sq-net-autocrypt/sq-key-adopt.1 | 66 ------ .../sq-key-attest-certifications.1 | 68 ------ sq/man-sq-net-autocrypt/sq-key-extract-cert.1 | 54 ----- sq/man-sq-net-autocrypt/sq-key-generate.1 | 100 -------- sq/man-sq-net-autocrypt/sq-key.1 | 92 -------- sq/man-sq-net-autocrypt/sq-keyring-filter.1 | 94 -------- sq/man-sq-net-autocrypt/sq-keyring-join.1 | 51 ----- sq/man-sq-net-autocrypt/sq-keyring-list.1 | 44 ---- sq/man-sq-net-autocrypt/sq-keyring-merge.1 | 51 ----- sq/man-sq-net-autocrypt/sq-keyring-split.1 | 54 ----- sq/man-sq-net-autocrypt/sq-keyring.1 | 91 -------- sq/man-sq-net-autocrypt/sq-keyserver-get.1 | 40 ---- sq/man-sq-net-autocrypt/sq-keyserver-send.1 | 32 --- sq/man-sq-net-autocrypt/sq-keyserver.1 | 48 ---- sq/man-sq-net-autocrypt/sq-packet-decrypt.1 | 59 ----- sq/man-sq-net-autocrypt/sq-packet-dump.1 | 72 ------ sq/man-sq-net-autocrypt/sq-packet-join.1 | 60 ----- sq/man-sq-net-autocrypt/sq-packet-split.1 | 49 ---- sq/man-sq-net-autocrypt/sq-packet.1 | 80 ------- sq/man-sq-net-autocrypt/sq-sign.1 | 86 ------- sq/man-sq-net-autocrypt/sq-verify.1 | 76 ------- sq/man-sq-net-autocrypt/sq-wkd-generate.1 | 44 ---- sq/man-sq-net-autocrypt/sq-wkd-get.1 | 36 --- sq/man-sq-net-autocrypt/sq-wkd-url.1 | 32 --- sq/man-sq-net-autocrypt/sq-wkd.1 | 48 ---- sq/man-sq-net-autocrypt/sq.1 | 217 ------------------ sq/man-sq-net/sq-armor.1 | 56 ----- sq/man-sq-net/sq-certify.1 | 98 -------- sq/man-sq-net/sq-dearmor.1 | 53 ----- sq/man-sq-net/sq-decrypt.1 | 90 -------- sq/man-sq-net/sq-encrypt.1 | 85 ------- sq/man-sq-net/sq-inspect.1 | 56 ----- sq/man-sq-net/sq-key-adopt.1 | 66 ------ sq/man-sq-net/sq-key-attest-certifications.1 | 68 ------ sq/man-sq-net/sq-key-extract-cert.1 | 54 ----- sq/man-sq-net/sq-key-generate.1 | 100 -------- sq/man-sq-net/sq-key.1 | 92 -------- sq/man-sq-net/sq-keyring-filter.1 | 94 -------- sq/man-sq-net/sq-keyring-join.1 | 51 ----- sq/man-sq-net/sq-keyring-list.1 | 44 ---- sq/man-sq-net/sq-keyring-merge.1 | 51 ----- sq/man-sq-net/sq-keyring-split.1 | 54 ----- sq/man-sq-net/sq-keyring.1 | 91 -------- sq/man-sq-net/sq-keyserver-get.1 | 40 ---- sq/man-sq-net/sq-keyserver-send.1 | 32 --- sq/man-sq-net/sq-keyserver.1 | 48 ---- sq/man-sq-net/sq-packet-decrypt.1 | 59 ----- sq/man-sq-net/sq-packet-dump.1 | 72 ------ sq/man-sq-net/sq-packet-join.1 | 60 ----- sq/man-sq-net/sq-packet-split.1 | 49 ---- sq/man-sq-net/sq-packet.1 | 80 ------- sq/man-sq-net/sq-sign.1 | 86 ------- sq/man-sq-net/sq-verify.1 | 76 ------- sq/man-sq-net/sq-wkd-generate.1 | 44 ---- sq/man-sq-net/sq-wkd-get.1 | 36 --- sq/man-sq-net/sq-wkd-url.1 | 32 --- sq/man-sq-net/sq-wkd.1 | 48 ---- sq/man-sq-net/sq.1 | 206 ----------------- sq/man-sq/sq-armor.1 | 90 ++++---- sq/man-sq/sq-autocrypt-decode.1 | 55 +++++ sq/man-sq/sq-autocrypt-encode-sender.1 | 77 +++++++ sq/man-sq/sq-autocrypt.1 | 47 ++++ sq/man-sq/sq-certify.1 | 136 ++++++----- sq/man-sq/sq-dearmor.1 | 85 +++---- sq/man-sq/sq-decrypt.1 | 132 ++++++----- sq/man-sq/sq-encrypt.1 | 137 +++++------ sq/man-sq/sq-inspect.1 | 105 +++++---- sq/man-sq/sq-key-adopt.1 | 95 ++++---- sq/man-sq/sq-key-attest-certifications.1 | 98 ++++---- sq/man-sq/sq-key-extract-cert.1 | 92 ++++---- sq/man-sq/sq-key-generate.1 | 169 ++++++++------ sq/man-sq/sq-key-password.1 | 78 +++++++ sq/man-sq/sq-key-userid-add.1 | 89 ++++++++ sq/man-sq/sq-key-userid-strip.1 | 87 +++++++ sq/man-sq/sq-key-userid.1 | 47 ++++ sq/man-sq/sq-key.1 | 119 ++++------ sq/man-sq/sq-keyring-filter.1 | 172 ++++++++------ sq/man-sq/sq-keyring-join.1 | 84 +++---- sq/man-sq/sq-keyring-list.1 | 88 ++++--- sq/man-sq/sq-keyring-merge.1 | 80 ++++--- sq/man-sq/sq-keyring-split.1 | 93 ++++---- sq/man-sq/sq-keyring.1 | 110 ++++----- sq/man-sq/sq-keyserver-get.1 | 41 ++++ sq/man-sq/sq-keyserver-send.1 | 35 +++ sq/man-sq/sq-keyserver.1 | 45 ++++ sq/man-sq/sq-packet-decrypt.1 | 92 ++++---- sq/man-sq/sq-packet-dump.1 | 122 +++++----- sq/man-sq/sq-packet-join.1 | 98 ++++---- sq/man-sq/sq-packet-split.1 | 79 ++++--- sq/man-sq/sq-packet.1 | 95 +++----- sq/man-sq/sq-revoke-certificate.1 | 95 ++++++++ sq/man-sq/sq-revoke-subkey.1 | 89 ++++++++ sq/man-sq/sq-revoke-userid.1 | 77 +++++++ sq/man-sq/sq-revoke.1 | 81 +++++++ sq/man-sq/sq-sign.1 | 113 ++++----- sq/man-sq/sq-verify.1 | 102 +++++---- sq/man-sq/sq-wkd-direct-url.1 | 37 +++ sq/man-sq/sq-wkd-generate.1 | 65 ++++++ sq/man-sq/sq-wkd-get.1 | 43 ++++ sq/man-sq/sq-wkd-url.1 | 37 +++ sq/man-sq/sq-wkd.1 | 50 ++++ sq/man-sq/sq.1 | 240 ++++++------------- 155 files changed, 5219 insertions(+), 7453 deletions(-) create mode 100644 sq/man-sq-autocrypt/sq-key-password.1 create mode 100644 sq/man-sq-autocrypt/sq-key-userid-add.1 create mode 100644 sq/man-sq-autocrypt/sq-key-userid-strip.1 create mode 100644 sq/man-sq-autocrypt/sq-key-userid.1 create mode 100644 sq/man-sq-autocrypt/sq-keyserver-get.1 create mode 100644 sq/man-sq-autocrypt/sq-keyserver-send.1 create mode 100644 sq/man-sq-autocrypt/sq-keyserver.1 create mode 100644 sq/man-sq-autocrypt/sq-revoke-certificate.1 create mode 100644 sq/man-sq-autocrypt/sq-revoke-subkey.1 create mode 100644 sq/man-sq-autocrypt/sq-revoke-userid.1 create mode 100644 sq/man-sq-autocrypt/sq-revoke.1 create mode 100644 sq/man-sq-autocrypt/sq-wkd-direct-url.1 create mode 100644 sq/man-sq-autocrypt/sq-wkd-generate.1 create mode 100644 sq/man-sq-autocrypt/sq-wkd-get.1 create mode 100644 sq/man-sq-autocrypt/sq-wkd-url.1 create mode 100644 sq/man-sq-autocrypt/sq-wkd.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-armor.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-autocrypt-decode.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-autocrypt-encode-sender.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-autocrypt.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-certify.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-dearmor.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-decrypt.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-encrypt.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-inspect.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-key-adopt.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-key-attest-certifications.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-key-extract-cert.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-key-generate.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-key.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-keyring-filter.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-keyring-join.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-keyring-list.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-keyring-merge.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-keyring-split.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-keyring.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-keyserver-get.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-keyserver-send.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-keyserver.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-packet-decrypt.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-packet-dump.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-packet-join.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-packet-split.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-packet.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-sign.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-verify.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-wkd-generate.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-wkd-get.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-wkd-url.1 delete mode 100644 sq/man-sq-net-autocrypt/sq-wkd.1 delete mode 100644 sq/man-sq-net-autocrypt/sq.1 delete mode 100644 sq/man-sq-net/sq-armor.1 delete mode 100644 sq/man-sq-net/sq-certify.1 delete mode 100644 sq/man-sq-net/sq-dearmor.1 delete mode 100644 sq/man-sq-net/sq-decrypt.1 delete mode 100644 sq/man-sq-net/sq-encrypt.1 delete mode 100644 sq/man-sq-net/sq-inspect.1 delete mode 100644 sq/man-sq-net/sq-key-adopt.1 delete mode 100644 sq/man-sq-net/sq-key-attest-certifications.1 delete mode 100644 sq/man-sq-net/sq-key-extract-cert.1 delete mode 100644 sq/man-sq-net/sq-key-generate.1 delete mode 100644 sq/man-sq-net/sq-key.1 delete mode 100644 sq/man-sq-net/sq-keyring-filter.1 delete mode 100644 sq/man-sq-net/sq-keyring-join.1 delete mode 100644 sq/man-sq-net/sq-keyring-list.1 delete mode 100644 sq/man-sq-net/sq-keyring-merge.1 delete mode 100644 sq/man-sq-net/sq-keyring-split.1 delete mode 100644 sq/man-sq-net/sq-keyring.1 delete mode 100644 sq/man-sq-net/sq-keyserver-get.1 delete mode 100644 sq/man-sq-net/sq-keyserver-send.1 delete mode 100644 sq/man-sq-net/sq-keyserver.1 delete mode 100644 sq/man-sq-net/sq-packet-decrypt.1 delete mode 100644 sq/man-sq-net/sq-packet-dump.1 delete mode 100644 sq/man-sq-net/sq-packet-join.1 delete mode 100644 sq/man-sq-net/sq-packet-split.1 delete mode 100644 sq/man-sq-net/sq-packet.1 delete mode 100644 sq/man-sq-net/sq-sign.1 delete mode 100644 sq/man-sq-net/sq-verify.1 delete mode 100644 sq/man-sq-net/sq-wkd-generate.1 delete mode 100644 sq/man-sq-net/sq-wkd-get.1 delete mode 100644 sq/man-sq-net/sq-wkd-url.1 delete mode 100644 sq/man-sq-net/sq-wkd.1 delete mode 100644 sq/man-sq-net/sq.1 create mode 100644 sq/man-sq/sq-autocrypt-decode.1 create mode 100644 sq/man-sq/sq-autocrypt-encode-sender.1 create mode 100644 sq/man-sq/sq-autocrypt.1 create mode 100644 sq/man-sq/sq-key-password.1 create mode 100644 sq/man-sq/sq-key-userid-add.1 create mode 100644 sq/man-sq/sq-key-userid-strip.1 create mode 100644 sq/man-sq/sq-key-userid.1 create mode 100644 sq/man-sq/sq-keyserver-get.1 create mode 100644 sq/man-sq/sq-keyserver-send.1 create mode 100644 sq/man-sq/sq-keyserver.1 create mode 100644 sq/man-sq/sq-revoke-certificate.1 create mode 100644 sq/man-sq/sq-revoke-subkey.1 create mode 100644 sq/man-sq/sq-revoke-userid.1 create mode 100644 sq/man-sq/sq-revoke.1 create mode 100644 sq/man-sq/sq-wkd-direct-url.1 create mode 100644 sq/man-sq/sq-wkd-generate.1 create mode 100644 sq/man-sq/sq-wkd-get.1 create mode 100644 sq/man-sq/sq-wkd-url.1 create mode 100644 sq/man-sq/sq-wkd.1 (limited to 'sq') diff --git a/sq/man-sq-autocrypt/sq-armor.1 b/sq/man-sq-autocrypt/sq-armor.1 index 3b932ce4..479a4527 100644 --- a/sq/man-sq-autocrypt/sq-armor.1 +++ b/sq/man-sq-autocrypt/sq-armor.1 @@ -1,56 +1,63 @@ -.TH SQ-ARMOR "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH armor 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-armor \- Converts binary to ASCII - +armor \- Converts binary to ASCII +.SH SYNOPSIS +\fBarmor\fR [\fB\-o\fR|\fB\-\-output\fR] [\fB\-\-label\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fIFILE\fR] +.SH DESCRIPTION +Converts binary to ASCII +.PP To make encrypted data easier to handle and transport, OpenPGP data can be transformed to an ASCII representation called ASCII Armor. sq emits armored data by default, but this subcommand can be used to convert existing OpenPGP data to its ASCII\-encoded representation. - +.PP The converse operation is "sq dearmor". - -.SH SYNOPSIS -\fBsq armor\fR [FLAGS] [OPTIONS] [\-\-] [FILE] -.SH FLAGS -.TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information .SH OPTIONS .TP -\fB\-o\fR, \fB\-\-output\fR FILE +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR Writes to FILE or stdout if omitted - .TP -\fB\-\-label\fR LABEL -Selects the kind of armor header [default: auto] [possible values: auto, message, cert, key, sig, file] -.SH ARGS +\fB\-\-label\fR=\fILABEL\fR [default: auto] [possible values: auto, message, cert, key, sig, file] +Selects the kind of armor header +.TP +\fB\-h\fR, \fB\-\-help\fR +Print help information .TP -FILE +[\fIFILE\fR] Reads from FILE or stdin if omitted .SH EXAMPLES -.TP -# Convert a binary certificate to ASCII -\fB$ sq armor binary\-juliet.pgp\fR -.TP -# Convert a binary message to ASCII -\fB$ sq armor binary\-message.pgp\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-keyring(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + Convert a binary certificate to ASCII +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq armor binary\-juliet.pgp +.RE +.fi +.PP + Convert a binary message to ASCII +.PP +.nf +.RS + sq armor binary\-message.pgp +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-autocrypt(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-autocrypt-decode.1 b/sq/man-sq-autocrypt/sq-autocrypt-decode.1 index f45bd0e1..d762c707 100644 --- a/sq/man-sq-autocrypt/sq-autocrypt-decode.1 +++ b/sq/man-sq-autocrypt/sq-autocrypt-decode.1 @@ -1,51 +1,55 @@ -.TH SQ-AUTOCRYPT-DECODE "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH decode 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-autocrypt\-decode \- Reads Autocrypt\-encoded certificates - +decode \- Reads Autocrypt\-encoded certificates +.SH SYNOPSIS +\fBdecode\fR [\fB\-o\fR|\fB\-\-output\fR] [\fB\-B\fR|\fB\-\-binary\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fIFILE\fR] +.SH DESCRIPTION +Reads Autocrypt\-encoded certificates +.PP Given an autocrypt header (or an key\-gossip header), this command extracts the certificate encoded within it. - +.PP The converse operation is "sq autocrypt encode\-sender". - -.SH SYNOPSIS -\fBsq autocrypt decode\fR [FLAGS] [OPTIONS] [\-\-] [FILE] -.SH FLAGS +.SH OPTIONS .TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information - +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR +Writes to FILE or stdout if omitted .TP \fB\-B\fR, \fB\-\-binary\fR Emits binary data -.SH OPTIONS .TP -\fB\-o\fR, \fB\-\-output\fR FILE -Writes to FILE or stdout if omitted -.SH ARGS +\fB\-h\fR, \fB\-\-help\fR +Print help information .TP -FILE +[\fIFILE\fR] Reads from FILE or stdin if omitted .SH EXAMPLES -.TP -# Extract all certificates from a mail -\fB$ sq autocrypt decode autocrypt.eml\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-autocrypt\-decode(1), sq\-autocrypt\-encode\-sender(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-keyring(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + Extract all certificates from a mail +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq autocrypt decode autocrypt.eml +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-autocrypt\-encode\-sender(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-autocrypt-encode-sender.1 b/sq/man-sq-autocrypt/sq-autocrypt-encode-sender.1 index 1878a3f3..04186244 100644 --- a/sq/man-sq-autocrypt/sq-autocrypt-encode-sender.1 +++ b/sq/man-sq-autocrypt/sq-autocrypt-encode-sender.1 @@ -1,64 +1,77 @@ -.TH SQ-AUTOCRYPT-ENCODE-SENDER "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH encode-sender 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-autocrypt\-encode\-sender \- Encodes a certificate into an Autocrypt header - +encode\-sender \- Encodes a certificate into an Autocrypt header +.SH SYNOPSIS +\fBencode\-sender\fR [\fB\-o\fR|\fB\-\-output\fR] [\fB\-\-email\fR] [\fB\-\-prefer\-encrypt\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fIFILE\fR] +.SH DESCRIPTION +Encodes a certificate into an Autocrypt header +.PP A certificate can be encoded and included in a header of an email message. This command encodes the certificate, adds the senders email address (which must match the one used in the "From" header), and the senders "prefer\-encrypt" state (see the Autocrypt spec for more information). - +.PP The converse operation is "sq autocrypt decode". - -.SH SYNOPSIS -\fBsq autocrypt encode\-sender\fR [FLAGS] [OPTIONS] [\-\-] [FILE] -.SH FLAGS -.TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information .SH OPTIONS .TP -\fB\-o\fR, \fB\-\-output\fR FILE +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR Writes to FILE or stdout if omitted - .TP -\fB\-\-email\fR ADDRESS +\fB\-\-email\fR=\fIADDRESS\fR Sets the address [default: primary userid] - .TP -\fB\-\-prefer\-encrypt\fR prefer\-encrypt -Sets the prefer\-encrypt attribute [default: nopreference] [possible values: nopreference, mutual] -.SH ARGS +\fB\-\-prefer\-encrypt\fR=\fIPREFER\-ENCRYPT\fR [default: nopreference] [possible values: nopreference, mutual] +Sets the prefer\-encrypt attribute .TP -FILE +\fB\-h\fR, \fB\-\-help\fR +Print help information +.TP +[\fIFILE\fR] Reads from FILE or stdin if omitted .SH EXAMPLES -.TP -# Encodes a certificate -\fB$ sq autocrypt encode\-sender juliet.pgp\fR -.TP -# Encodes a certificate with an explicit sender address -\fB$ sq autocrypt encode\-sender \-\-email juliet@example.org juliet.pgp\fR -.TP -# Encodes a certificate while indicating the willingness to encrypt -\fB$ sq autocrypt encode\-sender \-\-prefer\-encrypt mutual juliet.pgp\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-autocrypt\-decode(1), sq\-autocrypt\-encode\-sender(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-keyring(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + Encodes a certificate +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq autocrypt encode\-sender juliet.pgp +.RE +.fi +.PP + Encodes a certificate with an explicit sender address +.PP +.nf +.RS + sq autocrypt encode\-sender \-\-email juliet@example.org juliet.pgp +.RE +.fi +.PP + Encodes a certificate while indicating the willingness to encrypt +.PP +.nf +.RS + sq autocrypt encode\-sender \-\-prefer\-encrypt mutual juliet.pgp +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-autocrypt\-decode(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-autocrypt.1 b/sq/man-sq-autocrypt/sq-autocrypt.1 index bd4323c5..20b23ac7 100644 --- a/sq/man-sq-autocrypt/sq-autocrypt.1 +++ b/sq/man-sq-autocrypt/sq-autocrypt.1 @@ -1,61 +1,47 @@ -.TH SQ-AUTOCRYPT "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH autocrypt 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-autocrypt \- Communicates certificates using Autocrypt - +autocrypt \- Communicates certificates using Autocrypt +.SH SYNOPSIS +\fBautocrypt\fR [\fB\-h\fR|\fB\-\-help\fR] <\fIsubcommands\fR> +.SH DESCRIPTION +Communicates certificates using Autocrypt +.PP Autocrypt is a standard for mail user agents to provide convenient end\-to\-end encryption of emails. This subcommand provides a limited way to produce and consume headers that are used by Autocrypt to communicate certificates between clients. - +.PP See https://autocrypt.org/ - -.SH SYNOPSIS -\fBsq autocrypt\fR [FLAGS] -.SH FLAGS +.SH OPTIONS .TP \fB\-h\fR, \fB\-\-help\fR -Prints help information +Print help information .SH SUBCOMMANDS .TP -\fBhelp\fR -Prints this message or the help of the given subcommand(s) - -.TP -\fBdecode\fR +autocrypt\-decode(1) Reads Autocrypt\-encoded certificates - -Given an autocrypt header (or an key\-gossip header), this command -extracts the certificate encoded within it. - -The converse operation is "sq autocrypt encode\-sender". - .TP -\fBencode\-sender\fR +autocrypt\-encode\-sender(1) Encodes a certificate into an Autocrypt header - -A certificate can be encoded and included in a header of an email -message. This command encodes the certificate, adds the senders email -address (which must match the one used in the "From" header), and the -senders "prefer\-encrypt" state (see the Autocrypt spec for more -information). - -The converse operation is "sq autocrypt decode". -.SH SEE ALSO +.SH "SEE ALSO" For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-autocrypt\-decode(1), sq\-autocrypt\-encode\-sender(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-keyring(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 -.nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt\-decode(1) +sq\-autocrypt\-encode\-sender(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-certify.1 b/sq/man-sq-autocrypt/sq-certify.1 index 8ab95775..70a937f2 100644 --- a/sq/man-sq-autocrypt/sq-certify.1 +++ b/sq/man-sq-autocrypt/sq-certify.1 @@ -1,98 +1,111 @@ -.TH SQ-CERTIFY "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH certify 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-certify \- +certify \- Certifies a User ID for a Certificate +.SH SYNOPSIS +\fBcertify\fR [\fB\-o\fR|\fB\-\-output\fR] [\fB\-B\fR|\fB\-\-binary\fR] [\fB\-\-time\fR] [\fB\-d\fR|\fB\-\-depth\fR] [\fB\-a\fR|\fB\-\-amount\fR] [\fB\-r\fR|\fB\-\-regex\fR] [\fB\-l\fR|\fB\-\-local\fR] [\fB\-\-non\-revocable\fR] [\fB\-\-notation\fR] [\fB\-\-expires\fR] [\fB\-\-expires\-in\fR] [\fB\-\-allow\-not\-alive\-certifier\fR] [\fB\-\-allow\-revoked\-certifier\fR] [\fB\-\-private\-key\-store\fR] [\fB\-h\fR|\fB\-\-help\fR] <\fICERTIFIER\-KEY\fR> <\fICERTIFICATE\fR> <\fIUSERID\fR> +.SH DESCRIPTION Certifies a User ID for a Certificate - +.PP Using a certification a keyholder may vouch for the fact that another certificate legitimately belongs to a user id. In the context of emails this means that the same entity controls the key and the email address. These kind of certifications form the basis for the Web Of Trust. - +.PP This command emits the certificate with the new certification. The updated certificate has to be distributed, preferably by sending it to the certificate holder for attestation. See also "sq key attest\-certification". - -.SH SYNOPSIS -\fBsq certify\fR [FLAGS] [OPTIONS] -.SH FLAGS +.SH OPTIONS .TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information - +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR +Writes to FILE or stdout if omitted .TP \fB\-B\fR, \fB\-\-binary\fR Emits binary data +.TP +\fB\-\-time\fR=\fITIME\fR +Sets the certification time to TIME. TIME is interpreted as an ISO 8601 +timestamp. To set the certification time to June 9, 2011 at midnight UTC, +you can do: +$ sq certify \-\-time 20130721 neal.pgp ada.pgp ada + +To include a time, add a T, the time and optionally the timezone (the +default timezone is UTC): + +$ sq certify \-\-time 20130721T0550+0200 neal.pgp ada.pgp ada + +.TP +\fB\-d\fR, \fB\-\-depth\fR=\fITRUST_DEPTH\fR [default: 0] +Sets the trust depth (sometimes referred to as the trust level). 0 means a normal certification of . 1 means CERTIFICATE is also a trusted introducer, 2 means CERTIFICATE is a meta\-trusted introducer, etc. +.TP +\fB\-a\fR, \fB\-\-amount\fR=\fITRUST_AMOUNT\fR [default: 120] +Sets the amount of trust. Values between 1 and 120 are meaningful. 120 means fully trusted. Values less than 120 indicate the degree of trust. 60 is usually used for partially trusted. +.TP +\fB\-r\fR, \fB\-\-regex\fR=\fIREGEX\fR +Adds a regular expression to constrain what a trusted introducer can certify. The regular expression must match the certified User ID in all intermediate introducers, and the certified certificate. Multiple regular expressions may be specified. In that case, at least one must match. .TP \fB\-l\fR, \fB\-\-local\fR Makes the certification a local certification. Normally, local certifications are not exported. - .TP \fB\-\-non\-revocable\fR Marks the certification as being non\-revocable. That is, you cannot later revoke this certification. This should normally only be used with an expiration. -.SH OPTIONS .TP -\fB\-o\fR, \fB\-\-output\fR FILE -Writes to FILE or stdout if omitted - +\fB\-\-notation\fR=\fINAME VALUE\fR +Adds a notation to the certification. A user\-defined notation\*(Aqs name must be of the form "name@a.domain.you.control.org". If the notation\*(Aqs name starts with a !, then the notation is marked as being critical. If a consumer of a signature doesn\*(Aqt understand a critical notation, then it will ignore the signature. The notation is marked as being human readable. .TP -\fB\-d\fR, \fB\-\-depth\fR TRUST_DEPTH -Sets the trust depth (sometimes referred to as the trust level). 0 means a normal certification of . 1 means CERTIFICATE is also a trusted introducer, 2 means CERTIFICATE is a meta\-trusted introducer, etc. The default is 0. - +\fB\-\-expires\fR=\fITIME\fR +Makes the certification expire at TIME (as ISO 8601). Use "never" to create certifications that do not expire. .TP -\fB\-a\fR, \fB\-\-amount\fR TRUST_AMOUNT -Sets the amount of trust. Values between 1 and 120 are meaningful. 120 means fully trusted. Values less than 120 indicate the degree of trust. 60 is usually used for partially trusted. The default is 120. - +\fB\-\-expires\-in\fR=\fIDURATION\fR +Makes the certification expire after DURATION. Either "N[ymwds]", for N years, months, weeks, days, seconds, or "never". [default: 5y] .TP -\fB\-r\fR, \fB\-\-regex\fR REGEX -Adds a regular expression to constrain what a trusted introducer can certify. The regular expression must match the certified User ID in all intermediate introducers, and the certified certificate. Multiple regular expressions may be specified. In that case, at least one must match. - +\fB\-\-allow\-not\-alive\-certifier\fR +Allows the key to make a certification even if the current time is prior to its creation time or the current time is at or after its expiration time. .TP -\fB\-\-notation\fR NAME -Adds a notation to the certification. A user\-defined notation's name must be of the form "name@a.domain.you.control.org". If the notation's name starts with a !, then the notation is marked as being critical. If a consumer of a signature doesn't understand a critical notation, then it will ignore the signature. The notation is marked as being human readable. - +\fB\-\-allow\-revoked\-certifier\fR +Don\*(Aqt fail if the certificate making the certification is revoked. .TP -\fB\-\-expires\fR TIME -Makes the certification expire at TIME (as ISO 8601). Use "never" to create certifications that do not expire. - +\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR +Provides parameters for private key store .TP -\fB\-\-expires\-in\fR DURATION -Makes the certification expire after DURATION. Either "N[ymwd]", for N years, months, weeks, or days, or "never". [default: 5y] -.SH ARGS +\fB\-h\fR, \fB\-\-help\fR +Print help information .TP -CERTIFIER\-KEY -Creates the certificate using CERTIFIER\-KEY. - +<\fICERTIFIER\-KEY\fR> +Creates the certification using CERTIFIER\-KEY. .TP -CERTIFICATE +<\fICERTIFICATE\fR> Certifies CERTIFICATE. - .TP -USERID +<\fIUSERID\fR> Certifies USERID for CERTIFICATE. .SH EXAMPLES -.TP -# Juliet certifies that Romeo controls romeo.pgp and romeo@example.org -\fB$ sq certify juliet.pgp romeo.pgp ""\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-keyring(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + Juliet certifies that Romeo controls romeo.pgp and romeo@example.org +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq certify juliet.pgp romeo.pgp "" +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-dearmor.1 b/sq/man-sq-autocrypt/sq-dearmor.1 index f44e9cc8..1861d2fd 100644 --- a/sq/man-sq-autocrypt/sq-dearmor.1 +++ b/sq/man-sq-autocrypt/sq-dearmor.1 @@ -1,53 +1,61 @@ -.TH SQ-DEARMOR "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH dearmor 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-dearmor \- Converts ASCII to binary - +dearmor \- Converts ASCII to binary +.SH SYNOPSIS +\fBdearmor\fR [\fB\-o\fR|\fB\-\-output\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fIFILE\fR] +.SH DESCRIPTION +Converts ASCII to binary +.PP To make encrypted data easier to handle and transport, OpenPGP data can be transformed to an ASCII representation called ASCII Armor. sq transparently handles armored data, but this subcommand can be used to explicitly convert existing ASCII\-encoded OpenPGP data to its binary representation. - +.PP The converse operation is "sq armor". - -.SH SYNOPSIS -\fBsq dearmor\fR [FLAGS] [OPTIONS] [\-\-] [FILE] -.SH FLAGS -.TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information .SH OPTIONS .TP -\fB\-o\fR, \fB\-\-output\fR FILE +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR Writes to FILE or stdout if omitted -.SH ARGS .TP -FILE +\fB\-h\fR, \fB\-\-help\fR +Print help information +.TP +[\fIFILE\fR] Reads from FILE or stdin if omitted .SH EXAMPLES -.TP -# Convert a ASCII certificate to binary -\fB$ sq dearmor ascii\-juliet.pgp\fR -.TP -# Convert a ASCII message to binary -\fB$ sq dearmor ascii\-message.pgp\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-keyring(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + Convert a ASCII certificate to binary +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq dearmor ascii\-juliet.pgp +.RE +.fi +.PP + Convert a ASCII message to binary +.PP +.nf +.RS + sq dearmor ascii\-message.pgp +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-certify(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-decrypt.1 b/sq/man-sq-autocrypt/sq-decrypt.1 index 43072ba0..bb22a798 100644 --- a/sq/man-sq-autocrypt/sq-decrypt.1 +++ b/sq/man-sq-autocrypt/sq-decrypt.1 @@ -1,90 +1,103 @@ -.TH SQ-DECRYPT "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH decrypt 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-decrypt \- Decrypts a message - +decrypt \- Decrypts a message +.SH SYNOPSIS +\fBdecrypt\fR [\fB\-o\fR|\fB\-\-output\fR] [\fB\-n\fR|\fB\-\-signatures\fR] [\fB\-\-signer\-cert\fR] [\fB\-\-recipient\-key\fR] [\fB\-\-private\-key\-store\fR] [\fB\-\-dump\-session\-key\fR] [\fB\-\-session\-key\fR] [\fB\-\-dump\fR] [\fB\-x\fR|\fB\-\-hex\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fIFILE\fR] +.SH DESCRIPTION +Decrypts a message +.PP Decrypts a message using either supplied keys, or by prompting for a password. If message tampering is detected, an error is returned. See below for details. - +.PP If certificates are supplied using the "\-\-signer\-cert" option, any signatures that are found are checked using these certificates. Verification is only successful if there is no bad signature, and the number of successfully verified signatures reaches the threshold configured with the "\-\-signatures" parameter. - +.PP If the signature verification fails, or if message tampering is detected, the program terminates with an exit status indicating failure. In addition to that, the last 25 MiB of the message are withheld, i.e. if the message is smaller than 25 MiB, no output is produced, and if it is larger, then the output will be truncated. - +.PP The converse operation is "sq encrypt". - -.SH SYNOPSIS -\fBsq decrypt\fR [FLAGS] [OPTIONS] [\-\-] [FILE] -.SH FLAGS +.SH OPTIONS .TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information - +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR +Writes to FILE or stdout if omitted +.TP +\fB\-n\fR, \fB\-\-signatures\fR=\fIN\fR +Sets the threshold of valid signatures to N. The message will only be considered verified if this threshold is reached. [default: 1 if at least one signer cert file is given, 0 otherwise] +.TP +\fB\-\-signer\-cert\fR=\fICERT\fR +Verifies signatures with CERT +.TP +\fB\-\-recipient\-key\fR=\fIKEY\fR +Decrypts with KEY +.TP +\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR +Provides parameters for private key store .TP \fB\-\-dump\-session\-key\fR Prints the session key to stderr - +.TP +\fB\-\-session\-key\fR=\fISESSION\-KEY\fR +Decrypts an encrypted message using SESSION\-KEY .TP \fB\-\-dump\fR Prints a packet dump to stderr - .TP \fB\-x\fR, \fB\-\-hex\fR Prints a hexdump (implies \-\-dump) -.SH OPTIONS .TP -\fB\-o\fR, \fB\-\-output\fR FILE -Writes to FILE or stdout if omitted - -.TP -\fB\-n\fR, \fB\-\-signatures\fR N -Sets the threshold of valid signatures to N. The message will only be considered verified if this threshold is reached. [default: 1 if at least one signer cert file is given, 0 otherwise] - -.TP -\fB\-\-signer\-cert\fR CERT -Verifies signatures with CERT - -.TP -\fB\-\-recipient\-key\fR KEY -Decrypts with KEY -.SH ARGS +\fB\-h\fR, \fB\-\-help\fR +Print help information .TP -FILE +[\fIFILE\fR] Reads from FILE or stdin if omitted .SH EXAMPLES -.TP -# Decrypt a file using a secret key -\fB$ sq decrypt \-\-recipient\-key juliet.pgp ciphertext.pgp\fR -.TP -# Decrypt a file verifying signatures -\fB$ sq decrypt \-\-recipient\-key juliet.pgp \-\-signer\-cert romeo.pgp ciphertext.pgp\fR -.TP -# Decrypt a file using a password -\fB$ sq decrypt ciphertext.pgp\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-keyring(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + Decrypt a file using a secret key +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq decrypt \-\-recipient\-key juliet.pgp ciphertext.pgp +.RE +.fi +.PP + Decrypt a file verifying signatures +.PP +.nf +.RS + sq decrypt \-\-recipient\-key juliet.pgp \-\-signer\-cert romeo.pgp ciphertext.pgp +.RE +.fi +.PP + Decrypt a file using a password +.PP +.nf +.RS + sq decrypt ciphertext.pgp +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-encrypt.1 b/sq/man-sq-autocrypt/sq-encrypt.1 index 639b9976..b4e3b993 100644 --- a/sq/man-sq-autocrypt/sq-encrypt.1 +++ b/sq/man-sq-autocrypt/sq-encrypt.1 @@ -1,85 +1,93 @@ -.TH SQ-ENCRYPT "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH encrypt 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-encrypt \- Encrypts a message - +encrypt \- Encrypts a message +.SH SYNOPSIS +\fBencrypt\fR [\fB\-o\fR|\fB\-\-output\fR] [\fB\-B\fR|\fB\-\-binary\fR] [\fB\-\-recipient\-cert\fR] [\fB\-\-signer\-key\fR] [\fB\-\-private\-key\-store\fR] [\fB\-s\fR|\fB\-\-symmetric\fR] [\fB\-\-mode\fR] [\fB\-\-compression\fR] [\fB\-t\fR|\fB\-\-time\fR] [\fB\-\-use\-expired\-subkey\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fIFILE\fR] +.SH DESCRIPTION +Encrypts a message +.PP Encrypts a message for any number of recipients and with any number of passwords, optionally signing the message in the process. - +.PP The converse operation is "sq decrypt". - -.SH SYNOPSIS -\fBsq encrypt\fR [FLAGS] [OPTIONS] [\-\-] [FILE] -.SH FLAGS +.SH OPTIONS .TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information - +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR +Writes to FILE or stdout if omitted .TP \fB\-B\fR, \fB\-\-binary\fR Emits binary data - -.TP -\fB\-s\fR, \fB\-\-symmetric\fR -Adds a password to encrypt with. The message can be decrypted with either one of the recipient's keys, or any password. - -.TP -\fB\-\-use\-expired\-subkey\fR -If a certificate has only expired encryption\-capable subkeys, falls back to using the one that expired last -.SH OPTIONS -.TP -\fB\-o\fR, \fB\-\-output\fR FILE -Writes to FILE or stdout if omitted - .TP -\fB\-\-recipient\-cert\fR CERT\-RING +\fB\-\-recipient\-cert\fR=\fICERT\-RING\fR Encrypts for all recipients in CERT\-RING - .TP -\fB\-\-signer\-key\fR KEY +\fB\-\-signer\-key\fR=\fIKEY\fR Signs the message with KEY - .TP -\fB\-\-mode\fR MODE -Selects what kind of keys are considered for encryption. Transport select subkeys marked as suitable for transport encryption, rest selects those for encrypting data at rest, and all selects all encryption\-capable subkeys. [default: all] [possible values: transport, rest, all] - +\fB\-\-private\-key\-store\fR=\fIKEY_STORE\fR +Provides parameters for private key store .TP -\fB\-\-compression\fR KIND -Selects compression scheme to use [default: pad] [possible values: none, pad, zip, zlib, bzip2] - +\fB\-s\fR, \fB\-\-symmetric\fR +Adds a password to encrypt with. The message can be decrypted with either one of the recipient\*(Aqs keys, or any password. .TP -\fB\-t\fR, \fB\-\-time\fR TIME -Chooses keys valid at the specified time and sets the signature's creation time -.SH ARGS +\fB\-\-mode\fR=\fIMODE\fR [default: all] [possible values: transport, rest, all] +Selects what kind of keys are considered for encryption. Transport select subkeys marked as suitable for transport encryption, rest selects those for encrypting data at rest, and all selects all encryption\-capable subkeys. .TP -FILE -Reads from FILE or stdin if omitted -.SH EXAMPLES +\fB\-\-compression\fR=\fIKIND\fR [default: pad] [possible values: none, pad, zip, zlib, bzip2] +Selects compression scheme to use .TP -# Encrypt a file using a certificate -\fB$ sq encrypt \-\-recipient\-cert romeo.pgp message.txt\fR +\fB\-t\fR, \fB\-\-time\fR=\fITIME\fR +Chooses keys valid at the specified time and sets the signature\*(Aqs creation time .TP -# Encrypt a file creating a signature in the process -\fB$ sq encrypt \-\-recipient\-cert romeo.pgp \-\-signer\-key juliet.pgp message.txt\fR +\fB\-\-use\-expired\-subkey\fR +If a certificate has only expired encryption\-capable subkeys, falls back to using the one that expired last .TP -# Encrypt a file using a password -\fB$ sq encrypt \-\-symmetric message.txt\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-keyring(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 +\fB\-h\fR, \fB\-\-help\fR +Print help information +.TP +[\fIFILE\fR] +Reads from FILE or stdin if omitted +.SH EXAMPLES + Encrypt a file using a certificate +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq encrypt \-\-recipient\-cert romeo.pgp message.txt +.RE +.fi +.PP + Encrypt a file creating a signature in the process +.PP +.nf +.RS + sq encrypt \-\-recipient\-cert romeo.pgp \-\-signer\-key juliet.pgp message.txt +.RE +.fi +.PP + Encrypt a file using a password +.PP +.nf +.RS + sq encrypt \-\-symmetric message.txt +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-inspect.1 b/sq/man-sq-autocrypt/sq-inspect.1 index eb2bb0e1..c50b4567 100644 --- a/sq/man-sq-autocrypt/sq-inspect.1 +++ b/sq/man-sq-autocrypt/sq-inspect.1 @@ -1,56 +1,74 @@ -.TH SQ-INSPECT "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH inspect 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-inspect \- Inspects data, like file(1) - +inspect \- Inspects data, like file(1) +.SH SYNOPSIS +\fBinspect\fR [\fB\-\-certifications\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fIFILE\fR] +.SH DESCRIPTION +Inspects data, like file(1) +.PP It is often difficult to tell from cursory inspection using cat(1) or file(1) what kind of OpenPGP one is looking at. This subcommand inspects the data and provides a meaningful human\-readable description of it. - -.SH SYNOPSIS -\fBsq inspect\fR [FLAGS] [\-\-] [FILE] -.SH FLAGS -.TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information - +.SH OPTIONS .TP \fB\-\-certifications\fR Prints third\-party certifications -.SH ARGS .TP -FILE +\fB\-h\fR, \fB\-\-help\fR +Print help information +.TP +[\fIFILE\fR] Reads from FILE or stdin if omitted .SH EXAMPLES -.TP -# Inspects a certificate -\fB$ sq inspect juliet.pgp\fR -.TP -# Inspects a certificate ring -\fB$ sq inspect certs.pgp\fR -.TP -# Inspects a message -\fB$ sq inspect message.pgp\fR -.TP -# Inspects a detached signature -\fB$ sq inspect message.sig\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-keyring(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + Inspects a certificate +.PP +.nf +.RS + sq inspect juliet.pgp +.RE +.fi +.PP + Inspects a certificate ring +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq inspect certs.pgp +.RE +.fi +.PP + Inspects a message +.PP +.nf +.RS + sq inspect message.pgp +.RE +.fi +.PP + Inspects a detached signature +.PP +.nf +.RS + sq inspect message.sig +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-key(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-key-adopt.1 b/sq/man-sq-autocrypt/sq-key-adopt.1 index 17a4924f..46e37e67 100644 --- a/sq/man-sq-autocrypt/sq-key-adopt.1 +++ b/sq/man-sq-autocrypt/sq-key-adopt.1 @@ -1,66 +1,70 @@ -.TH SQ-KEY-ADOPT "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH adopt 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-key\-adopt \- +adopt \- Binds keys from one certificate to another +.SH SYNOPSIS +\fBadopt\fR [\fB\-r\fR|\fB\-\-keyring\fR] <\fB\-k\fR|\fB\-\-key\fR> [\fB\-\-allow\-broken\-crypto\fR] [\fB\-o\fR|\fB\-\-output\fR] [\fB\-B\fR|\fB\-\-binary\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fITARGET\-KEY\fR] +.SH DESCRIPTION Binds keys from one certificate to another - +.PP This command allows one to transfer primary keys and subkeys into an existing certificate. Say you want to transition to a new certificate, but have an authentication subkey on your current certificate. You want to keep the authentication subkey because it allows access to SSH servers and updating their configuration is not feasible. - -.SH SYNOPSIS -\fBsq key adopt\fR [FLAGS] [OPTIONS] [TARGET\-KEY] -.SH FLAGS +.SH OPTIONS .TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information - +\fB\-r\fR, \fB\-\-keyring\fR=\fIKEY\-RING\fR +Supplies keys for use in \-\-key. +.TP +\fB\-k\fR, \fB\-\-key\fR=\fIKEY\fR +Adds the key or subkey KEY to the TARGET\-KEY .TP \fB\-\-allow\-broken\-crypto\fR Allows adopting keys from certificates using broken cryptography - +.TP +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR +Writes to FILE or stdout if omitted .TP \fB\-B\fR, \fB\-\-binary\fR Emits binary data -.SH OPTIONS .TP -\fB\-r\fR, \fB\-\-keyring\fR KEY\-RING -Supplies keys for use in \-\-key. - -.TP -\fB\-k\fR, \fB\-\-key\fR KEY -Adds the key or subkey KEY to the TARGET\-KEY - -.TP -\fB\-o\fR, \fB\-\-output\fR FILE -Writes to FILE or stdout if omitted -.SH ARGS +\fB\-h\fR, \fB\-\-help\fR +Print help information .TP -TARGET\-KEY +[\fITARGET\-KEY\fR] Adds keys to TARGET\-KEY .SH EXAMPLES -.TP -# Adopt an subkey into the new cert -\fB$ sq key adopt \-\-keyring juliet\-old.pgp \-\-key 0123456789ABCDEF \-\- juliet\-new.pgp\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-key\-adopt(1), sq\-key\-attest\-certifications(1), sq\-key\-extract\-cert(1), sq\-key\-generate(1), sq\-keyring(1), sq\-keyring\-filter(1), sq\-keyring\-join(1), sq\-keyring\-list(1), sq\-keyring\-merge(1), sq\-keyring\-split(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + Adopt an subkey into the new cert +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq key adopt \-\-keyring juliet\-old.pgp \-\-key 0123456789ABCDEF \-\- juliet\-new.pgp +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-key\-attest\-certifications(1) +sq\-key\-extract\-cert(1) +sq\-key\-generate(1) +sq\-key\-password(1) +sq\-key\-userid(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-key-attest-certifications.1 b/sq/man-sq-autocrypt/sq-key-attest-certifications.1 index 26f68a4a..248547b4 100644 --- a/sq/man-sq-autocrypt/sq-key-attest-certifications.1 +++ b/sq/man-sq-autocrypt/sq-key-attest-certifications.1 @@ -1,68 +1,79 @@ -.TH SQ-KEY-ATTEST-CERTIFICATIONS "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH attest-certifications 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-key\-attest\-certifications \- +attest\-certifications \- Attests to third\-party certifications +.SH SYNOPSIS +\fBattest\-certifications\fR [\fB\-\-none\fR] [\fB\-\-all\fR] [\fB\-o\fR|\fB\-\-output\fR] [\fB\-B\fR|\fB\-\-binary\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fIKEY\fR] +.SH DESCRIPTION +.PP Attests to third\-party certifications allowing for their distribution - +.PP To prevent certificate flooding attacks, modern key servers prevent uncontrolled distribution of third\-party certifications on certificates. To make the key holder the sovereign over the information over what information is distributed with the certificate, the key holder needs to explicitly attest to third\-party certifications. - +.PP After the attestation has been created, the certificate has to be distributed, e.g. by uploading it to a keyserver. - -.SH SYNOPSIS -\fBsq key attest\-certifications\fR [FLAGS] [OPTIONS] [KEY] -.SH FLAGS -.TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information - +.SH OPTIONS .TP \fB\-\-none\fR Removes all prior attestations - .TP \fB\-\-all\fR Attests to all certifications [default] - +.TP +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR +Writes to FILE or stdout if omitted .TP \fB\-B\fR, \fB\-\-binary\fR Emits binary data -.SH OPTIONS .TP -\fB\-o\fR, \fB\-\-output\fR FILE -Writes to FILE or stdout if omitted -.SH ARGS +\fB\-h\fR, \fB\-\-help\fR +Print help information .TP -KEY +[\fIKEY\fR] Changes attestations on KEY .SH EXAMPLES -.TP -# Attest to all certifications present on the key -\fB$ sq key attest\-certifications juliet.pgp\fR -.TP -# Retract prior attestations on the key -\fB$ sq key attest\-certifications \-\-none juliet.pgp\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-key\-adopt(1), sq\-key\-attest\-certifications(1), sq\-key\-extract\-cert(1), sq\-key\-generate(1), sq\-keyring(1), sq\-keyring\-filter(1), sq\-keyring\-join(1), sq\-keyring\-list(1), sq\-keyring\-merge(1), sq\-keyring\-split(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + Attest to all certifications present on the key +.PP +.nf +.RS + sq key attest\-certifications juliet.pgp +.RE +.fi +.PP + Retract prior attestations on the key +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq key attest\-certifications \-\-none juliet.pgp +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-key\-adopt(1) +sq\-key\-extract\-cert(1) +sq\-key\-generate(1) +sq\-key\-password(1) +sq\-key\-userid(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-key-extract-cert.1 b/sq/man-sq-autocrypt/sq-key-extract-cert.1 index 715c1ece..2d571c0e 100644 --- a/sq/man-sq-autocrypt/sq-key-extract-cert.1 +++ b/sq/man-sq-autocrypt/sq-key-extract-cert.1 @@ -1,54 +1,67 @@ -.TH SQ-KEY-EXTRACT-CERT "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH extract-cert 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-key\-extract\-cert \- Converts a key to a cert - +extract\-cert \- Converts a key to a cert +.SH SYNOPSIS +\fBextract\-cert\fR [\fB\-o\fR|\fB\-\-output\fR] [\fB\-B\fR|\fB\-\-binary\fR] [\fB\-h\fR|\fB\-\-help\fR] [\fIFILE\fR] +.SH DESCRIPTION +Converts a key to a cert +.PP After generating a key, use this command to get the certificate corresponding to the key. The key must be kept secure, while the certificate should be handed out to correspondents, e.g. by uploading it to a keyserver. - -.SH SYNOPSIS -\fBsq key extract\-cert\fR [FLAGS] [OPTIONS] [\-\-] [FILE] -.SH FLAGS +.SH OPTIONS .TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information - +\fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR +Writes to FILE or stdout if omitted .TP \fB\-B\fR, \fB\-\-binary\fR Emits binary data -.SH OPTIONS .TP -\fB\-o\fR, \fB\-\-output\fR FILE -Writes to FILE or stdout if omitted -.SH ARGS +\fB\-h\fR, \fB\-\-help\fR +Print help information .TP -FILE +[\fIFILE\fR] Reads from FILE or stdin if omitted .SH EXAMPLES -.TP -# First, this generates a key -\fB$ sq key generate \-\-userid "" \-\-export juliet.key.pgp\fR -.TP -# Then, this extracts the certificate for distribution -\fB$ sq key extract\-cert \-\-output juliet.cert.pgp juliet.key.pgp\fR - -.SH SEE ALSO -For the full documentation see . - -.ad l -.nh -sq(1), sq\-armor(1), sq\-autocrypt(1), sq\-certify(1), sq\-dearmor(1), sq\-decrypt(1), sq\-encrypt(1), sq\-inspect(1), sq\-key(1), sq\-key\-adopt(1), sq\-key\-attest\-certifications(1), sq\-key\-extract\-cert(1), sq\-key\-generate(1), sq\-keyring(1), sq\-keyring\-filter(1), sq\-keyring\-join(1), sq\-keyring\-list(1), sq\-keyring\-merge(1), sq\-keyring\-split(1), sq\-packet(1), sq\-sign(1), sq\-verify(1) - - -.SH AUTHORS -.P -.RS 2 + First, this generates a key +.PP +.nf +.RS + sq key generate \-\-userid "" \-\-export juliet.key.pgp +.RE +.fi +.PP + Then, this extracts the certificate for distribution +.PP .nf -Azul -Igor Matuszewski -Justus Winter -Kai Michaelis -Neal H. Walfield -Nora Widdecke -Wiktor Kwapisiewicz +.RS + sq key extract\-cert \-\-output juliet.cert.pgp juliet.key.pgp +.RE +.fi +.SH "SEE ALSO" +For the full documentation see . +.PP +sq(1) +sq\-armor(1) +sq\-autocrypt(1) +sq\-certify(1) +sq\-dearmor(1) +sq\-decrypt(1) +sq\-encrypt(1) +sq\-inspect(1) +sq\-key(1) +sq\-key\-adopt(1) +sq\-key\-attest\-certifications(1) +sq\-key\-generate(1) +sq\-key\-password(1) +sq\-key\-userid(1) +sq\-keyring(1) +sq\-keyserver(1) +sq\-packet(1) +sq\-revoke(1) +sq\-sign(1) +sq\-verify(1) +sq\-wkd(1) diff --git a/sq/man-sq-autocrypt/sq-key-generate.1 b/sq/man-sq-autocrypt/sq-key-generate.1 index 0e3ebd3a..5232fcb8 100644 --- a/sq/man-sq-autocrypt/sq-key-generate.1 +++ b/sq/man-sq-autocrypt/sq-key-generate.1 @@ -1,100 +1,134 @@ -.TH SQ-KEY-GENERATE "1" "MARCH 2021" "0.24.0 (SEQUOIA-OPENPGP 1.0.0)" "USER COMMANDS" 5 +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.TH generate 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME -sq\-key\-generate \- Generates a new key - +generate \- Generates a new key +.SH SYNOPSIS +\fBgenerate\fR [\fB\-u\fR|\fB\-\-userid\fR] [\fB\-c\fR|\fB\-\-cipher\-suite\fR] [\fB\-\-with\-password\fR] [\fB\-\-creation\-time\fR] [\fB\-\-expires\fR] [\fB\-\-expires\-in\fR] [\fB\-\-can\-sign\fR] [\fB\-\-cannot\-sign\fR] [\fB\-\-can\-authenticate\fR] [\fB\-\-cannot\-authenticate\fR] [\fB\-\-can\-encrypt\fR] [\fB\-\-cannot\-encrypt\fR] [\fB\-e\fR|\fB\-\-export\fR] [\fB\-\-rev\-cert\fR] [\fB\-h\fR|\fB\-\-help\fR] +.SH DESCRIPTION +Generates a new key +.PP Generating a key is the prerequisite to receiving encrypted messages and creating signatures. There are a few parameters to this process, but we provide reasonable defaults for most users. - +.PP When generating a key, we also generate a revocation certificate. This can be used in case the key is superseded, lost, or compromised. It is a good idea to keep a copy of this in a safe place. - +.PP After generating a key, use "sq key extract\-cert" to get the certificate corresponding to the key. The key must be kept secure, while the certificate should be handed out to correspondents, e.g. by uploading it to a keyserver. - -.SH SYNOPSIS -\fBsq key generate\fR [FLAGS] [OPTIONS] -.SH FLAGS +.SH OPTIONS .TP -\fB\-h\fR, \fB\-\-help\fR -Prints help information - +\fB\-u\fR, \fB\-\-userid\fR=\fIEMAIL\fR +Adds a userid to the key +.TP +\fB\-c\fR, \fB\-\-cipher\-suite\fR=\fICIPHER\-SUITE\fR [default: cv25519] [possible values: rsa3k, rsa4k, cv25519] +Selects the cryptographic algorithms for the key .TP \fB\-\-with\-password\fR Protects the key with a password +.TP +\fB\-\-creation\-time\fR=\fICREATION_TIME\fR +Sets the key\*(Aqs creation time to TIME. TIME is interpreted as an ISO 8601 +timestamp. To set the creation time to June 9, 2011 at midnight UTC, +you can do: + +$ sq key generate \-\-creation\-time 20110609 \-\-export noam.pgp +To include a time, add a T, the time and optionally the timezone (the +default timezone is UTC): + +$ sq key generate \-\-creation\-time 20110609T1938+0200 \-\-export noam.pgp + +.TP +\fB\-\-expires\fR=\fITIME\fR +Makes the key expire at TIME (as ISO 8601). Use "never" to create keys that do not expire. +.TP +\fB\-\-expires\-in\fR=\fIDURATION\fR +Makes the key expire after DURATION. Either