//! A command-line frontend for Sequoia.
//!
//! # Usage
//!
//! ```text
//! A command-line frontend for Sequoia, an implementation of OpenPGP
//!
//! Functionality is grouped and available using subcommands.  Currently,
//! this interface is completely stateless.  Therefore, you need to supply
//! all configuration and certificates explicitly on each invocation.
//!
//! OpenPGP data can be provided in binary or ASCII armored form.  This
//! will be handled automatically.  Emitted OpenPGP data is ASCII armored
//! by default.
//!
//! We use the term "certificate", or cert for short, to refer to OpenPGP
//! keys that do not contain secrets.  Conversely, we use the term "key"
//! to refer to OpenPGP keys that do contain secrets.
//!
//! USAGE:
//!     sq [OPTIONS] <SUBCOMMAND>
//!
//! OPTIONS:
//!     -f, --force
//!             Overwrites existing files
//!
//!     -h, --help
//!             Print help information
//!
//!         --known-notation <NOTATION>
//!             Adds NOTATION to the list of known notations. This is used when
//!             validating signatures. Signatures that have unknown notations with
//!             the critical bit set are considered invalid.
//!
//!     -V, --version
//!             Print version information
//!
//! SUBCOMMANDS:
//!     encrypt
//!             Encrypts a message
//!     decrypt
//!             Decrypts a message
//!     sign
//!             Signs messages or data files
//!     verify
//!             Verifies signed messages or detached signatures
//!     key
//!             Manages keys
//!     keyring
//!             Manages collections of keys or certs
//!     certify
//!             Certifies a User ID for a Certificate
//!     autocrypt
//!             Communicates certificates using Autocrypt
//!     keyserver
//!             Interacts with keyservers
//!     wkd
//!             Interacts with Web Key Directories
//!     armor
//!             Converts binary to ASCII
//!     dearmor
//!             Converts ASCII to binary
//!     inspect
//!             Inspects data, like file(1)
//!     packet
//!             Low-level packet manipulation
//!     revoke
//!             Generates revocation certificates
//!     help
//!             Print this message or the help of the given subcommand(s)
//! ```
//!
//! ## Subcommand encrypt
//!
//! ```text
//! Encrypts a message
//!
//! Encrypts a message for any number of recipients and with any number of
//! passwords, optionally signing the message in the process.
//!
//! The converse operation is "sq decrypt".
//!
//! USAGE:
//!     sq encrypt [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!         --compression <KIND>
//!             Selects compression scheme to use
//! 
//!             [default: pad]
//!             [possible values: none, pad, zip, zlib, bzip2]
//!
//!     -h, --help
//!             Print help information
//!
//!         --mode <MODE>
//!             Selects what kind of keys are considered for encryption.  Transport
//!             select subkeys marked as suitable for transport encryption, rest
//!             selects those for encrypting data at rest, and all selects all
//!             encryption-capable subkeys.
//! 
//!             [default: all]
//!             [possible values: transport, rest, all]
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!         --private-key-store <KEY_STORE>
//!             Provides parameters for private key store
//!
//!         --recipient-cert <CERT-RING>
//!             Encrypts for all recipients in CERT-RING
//!
//!     -s, --symmetric
//!             Adds a password to encrypt with.  The message can be decrypted with
//!             either one of the recipient's keys, or any password.
//!
//!         --signer-key <KEY>
//!             Signs the message with KEY
//!
//!     -t, --time <TIME>
//!             Chooses keys valid at the specified time and sets the signature's
//!             creation time
//!
//!         --use-expired-subkey
//!             If a certificate has only expired encryption-capable subkeys, falls
//!             back to using the one that expired last
//!
//! EXAMPLES:
//!
//! # Encrypt a file using a certificate
//! $ sq encrypt --recipient-cert romeo.pgp message.txt
//!
//! # Encrypt a file creating a signature in the process
//! $ sq encrypt --recipient-cert romeo.pgp --signer-key juliet.pgp message.txt
//!
//! # Encrypt a file using a password
//! $ sq encrypt --symmetric message.txt
//! ```
//!
//! ## Subcommand decrypt
//!
//! ```text
//! Decrypts a message
//!
//! Decrypts a message using either supplied keys, or by prompting for a
//! password.  If message tampering is detected, an error is returned.
//! See below for details.
//!
//! If certificates are supplied using the "--signer-cert" option, any
//! signatures that are found are checked using these certificates.
//! Verification is only successful if there is no bad signature, and the
//! number of successfully verified signatures reaches the threshold
//! configured with the "--signatures" parameter.
//!
//! If the signature verification fails, or if message tampering is
//! detected, the program terminates with an exit status indicating
//! failure.  In addition to that, the last 25 MiB of the message are
//! withheld, i.e. if the message is smaller than 25 MiB, no output is
//! produced, and if it is larger, then the output will be truncated.
//!
//! The converse operation is "sq encrypt".
//!
//! USAGE:
//!     sq decrypt [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!         --dump
//!             Prints a packet dump to stderr
//!
//!         --dump-session-key
//!             Prints the session key to stderr
//!
//!     -h, --help
//!             Print help information
//!
//!     -n, --signatures <N>
//!             Sets the threshold of valid signatures to N. The message will only
//!             be considered verified if this threshold is reached. [default: 1 if
//!             at least one signer cert file is given, 0 otherwise]
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!         --private-key-store <KEY_STORE>
//!             Provides parameters for private key store
//!
//!         --recipient-key <KEY>
//!             Decrypts with KEY
//!
//!         --signer-cert <CERT>
//!             Verifies signatures with CERT
//!
//!     -x, --hex
//!             Prints a hexdump (implies --dump)
//!
//! EXAMPLES:
//!
//! # Decrypt a file using a secret key
//! $ sq decrypt --recipient-key juliet.pgp ciphertext.pgp
//!
//! # Decrypt a file verifying signatures
//! $ sq decrypt --recipient-key juliet.pgp --signer-cert romeo.pgp ciphertext.pgp
//!
//! # Decrypt a file using a password
//! $ sq decrypt ciphertext.pgp
//! ```
//!
//! ## Subcommand sign
//!
//! ```text
//! Signs messages or data files
//!
//! Creates signed messages or detached signatures.  Detached signatures
//! are often used to sign software packages.
//!
//! The converse operation is "sq verify".
//!
//! USAGE:
//!     sq sign [OPTIONS] [--] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -a, --append
//!             Appends a signature to existing signature
//!
//!     -B, --binary
//!             Emits binary data
//!
//!         --cleartext-signature
//!             Creates a cleartext signature
//!
//!         --detached
//!             Creates a detached signature
//!
//!     -h, --help
//!             Print help information
//!
//!         --merge <SIGNED-MESSAGE>
//!             Merges signatures from the input and SIGNED-MESSAGE
//!
//!     -n, --notarize
//!             Signs a message and all existing signatures
//!
//!         --notation <NAME> <VALUE>
//!             Adds a notation to the certification.  A user-defined notation's
//!             name must be of the form "name@a.domain.you.control.org". If the
//!             notation's name starts with a !, then the notation is marked as
//!             being critical.  If a consumer of a signature doesn't understand a
//!             critical notation, then it will ignore the signature.  The notation
//!             is marked as being human readable.
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!         --private-key-store <KEY_STORE>
//!             Provides parameters for private key store
//!
//!         --signer-key <KEY>
//!             Signs using KEY
//!
//!     -t, --time <TIME>
//!             Chooses keys valid at the specified time and sets the signature's
//!             creation time
//!
//! EXAMPLES:
//!
//! # Create a signed message
//! $ sq sign --signer-key juliet.pgp message.txt
//!
//! # Create a detached signature
//! $ sq sign --detached --signer-key juliet.pgp message.txt
//! ```
//!
//! ## Subcommand verify
//!
//! ```text
//! Verifies signed messages or detached signatures
//!
//! When verifying signed messages, the message is written to stdout or
//! the file given to --output.
//!
//! When a detached message is verified, no output is produced.  Detached
//! signatures are often used to sign software packages.
//!
//! Verification is only successful if there is no bad signature, and the
//! number of successfully verified signatures reaches the threshold
//! configured with the "--signatures" parameter.  If the verification
//! fails, the program terminates with an exit status indicating failure.
//! In addition to that, the last 25 MiB of the message are withheld,
//! i.e. if the message is smaller than 25 MiB, no output is produced, and
//! if it is larger, then the output will be truncated.
//!
//! The converse operation is "sq sign".
//!
//! USAGE:
//!     sq verify [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!         --detached <SIG>
//!             Verifies a detached signature
//!
//!     -h, --help
//!             Print help information
//!
//!     -n, --signatures <N>
//!             Sets the threshold of valid signatures to N. If this threshold is
//!             not reached, the message will not be considered verified.
//! 
//!             [default: 1]
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!         --signer-cert <CERT>
//!             Verifies signatures with CERT
//!
//! EXAMPLES:
//!
//! # Verify a signed message
//! $ sq verify --signer-cert juliet.pgp signed-message.pgp
//!
//! # Verify a detached message
//! $ sq verify --signer-cert juliet.pgp --detached message.sig message.txt
//!
//! SEE ALSO:
//!
//! If you are looking for a standalone program to verify detached
//! signatures, consider using sequoia-sqv.
//! ```
//!
//! ## Subcommand key
//!
//! ```text
//! Manages keys
//!
//! We use the term "key" to refer to OpenPGP keys that do contain
//! secrets.  This subcommand provides primitives to generate and
//! otherwise manipulate keys.
//!
//! Conversely, we use the term "certificate", or cert for short, to refer
//! to OpenPGP keys that do not contain secrets.  See "sq keyring" for
//! operations on certificates.
//!
//! USAGE:
//!     sq key <SUBCOMMAND>
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//! SUBCOMMANDS:
//!     generate
//!             Generates a new key
//!     password
//!             Changes password protecting secrets
//!     extract-cert
//!             Converts a key to a cert
//!     attest-certifications
//!             Attests to third-party certifications
//!     adopt
//!             Binds keys from one certificate to another
//!     help
//!             Print this message or the help of the given subcommand(s)
//! ```
//!
//! ### Subcommand key generate
//!
//! ```text
//! Generates a new key
//!
//! Generating a key is the prerequisite to receiving encrypted messages
//! and creating signatures.  There are a few parameters to this process,
//! but we provide reasonable defaults for most users.
//!
//! When generating a key, we also generate a revocation certificate.
//! This can be used in case the key is superseded, lost, or compromised.
//! It is a good idea to keep a copy of this in a safe place.
//!
//! After generating a key, use "sq key extract-cert" to get the
//! certificate corresponding to the key.  The key must be kept secure,
//! while the certificate should be handed out to correspondents, e.g. by
//! uploading it to a keyserver.
//!
//! USAGE:
//!     sq key generate [OPTIONS] --export <OUTFILE>
//!
//! OPTIONS:
//!     -c, --cipher-suite <CIPHER-SUITE>
//!             Selects the cryptographic algorithms for the key
//! 
//!             [default: cv25519]
//!             [possible values: rsa3k, rsa4k, cv25519]
//!
//!         --can-authenticate
//!             Adds an authentication-capable subkey (default)
//!
//!         --can-encrypt <PURPOSE>
//!             Adds an encryption-capable subkey. Encryption-capable subkeys can be
//!             marked as suitable for transport encryption, storage encryption, or
//!             both. [default: universal]
//! 
//!             [possible values: transport, storage, universal]
//!
//!         --can-sign
//!             Adds a signing-capable subkey (default)
//!
//!         --cannot-authenticate
//!             Adds no authentication-capable subkey
//!
//!         --cannot-encrypt
//!             Adds no encryption-capable subkey
//!
//!         --cannot-sign
//!             Adds no signing-capable subkey
//!
//!         --creation-time <CREATION_TIME>
//!             Sets the key's creation time to TIME.  TIME is interpreted as an ISO
//!             8601
//!             timestamp.  To set the creation time to June 9, 2011 at midnight
//!             UTC,
//!             you can do:
//! 
//!             $ sq key generate --creation-time 20110609 --export noam.pgp
//! 
//!             To include a time, add a T, the time and optionally the timezone
//!             (the
//!             default timezone is UTC):
//! 
//!             $ sq key generate --creation-time 20110609T1938+0200 --export
//!             noam.pgp
//!
//!     -e, --export <OUTFILE>
//!             Writes the key to OUTFILE
//!
//!         --expires <TIME>
//!             Makes the key expire at TIME (as ISO 8601). Use "never" to create
//!             keys that do not expire.
//!
//!         --expires-in <DURATION>
//!             Makes the key expire after DURATION. Either "N[ymwds]", for N years,
//!             months, weeks, days, seconds, or "never".
//!
//!     -h, --help
//!             Print help information
//!
//!         --rev-cert <FILE or ->
//!             Writes the revocation certificate to FILE. mandatory if OUTFILE is
//!             "-". [default: <OUTFILE>.rev]
//!
//!     -u, --userid <EMAIL>
//!             Adds a userid to the key
//!
//!         --with-password
//!             Protects the key with a password
//!
//! EXAMPLES:
//!
//! # First, this generates a key
//! $ sq key generate --userid "<juliet@example.org>" --export juliet.key.pgp
//!
//! # Then, this extracts the certificate for distribution
//! $ sq key extract-cert --output juliet.cert.pgp juliet.key.pgp
//!
//! # Generates a key protecting it with a password
//! $ sq key generate --userid "<juliet@example.org>" --with-password
//!
//! # Generates a key with multiple userids
//! $ sq key generate --userid "<juliet@example.org>" --userid "Juliet Capulet"
//! ```
//!
//! ### Subcommand key password
//!
//! ```text
//! Changes password protecting secrets
//!
//! Secret key material in keys can be protected by a password.  This
//! subcommand changes or clears this encryption password.
//!
//! To emit the key with unencrypted secrets, either use `--clear` or
//! supply a zero-length password when prompted for the new password.
//!
//! USAGE:
//!     sq key password [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!         --clear
//!             Emit a key with unencrypted secrets
//!
//!     -h, --help
//!             Print help information
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//! EXAMPLES:
//!
//! # First, generate a key
//! $ sq key generate --userid "<juliet@example.org>" --export juliet.key.pgp
//!
//! # Then, encrypt the secrets in the key with a password.
//! $ sq key password < juliet.key.pgp > juliet.encrypted_key.pgp
//!
//! # And remove the password again.
//! $ sq key password --clear < juliet.encrypted_key.pgp > juliet.decrypted_key.pgp
//! ```
//!
//! ### Subcommand key extract-cert
//!
//! ```text
//! Converts a key to a cert
//!
//! After generating a key, use this command to get the certificate
//! corresponding to the key.  The key must be kept secure, while the
//! certificate should be handed out to correspondents, e.g. by uploading
//! it to a keyserver.
//!
//! USAGE:
//!     sq key extract-cert [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!     -h, --help
//!             Print help information
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//! EXAMPLES:
//!
//! # First, this generates a key
//! $ sq key generate --userid "<juliet@example.org>" --export juliet.key.pgp
//!
//! # Then, this extracts the certificate for distribution
//! $ sq key extract-cert --output juliet.cert.pgp juliet.key.pgp
//! ```
//!
//! ### Subcommand key attest-certifications
//!
//! ```text
//!
//! Attests to third-party certifications allowing for their distribution
//!
//! To prevent certificate flooding attacks, modern key servers prevent
//! uncontrolled distribution of third-party certifications on
//! certificates.  To make the key holder the sovereign over the
//! information over what information is distributed with the certificate,
//! the key holder needs to explicitly attest to third-party
//! certifications.
//!
//! After the attestation has been created, the certificate has to be
//! distributed, e.g. by uploading it to a keyserver.
//!
//! USAGE:
//!     sq key attest-certifications [OPTIONS] [KEY]
//!
//! ARGS:
//!     <KEY>
//!             Changes attestations on KEY
//!
//! OPTIONS:
//!         --all
//!             Attests to all certifications [default]
//!
//!     -B, --binary
//!             Emits binary data
//!
//!     -h, --help
//!             Print help information
//!
//!         --none
//!             Removes all prior attestations
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//! EXAMPLES:
//!
//! # Attest to all certifications present on the key
//! $ sq key attest-certifications juliet.pgp
//!
//! # Retract prior attestations on the key
//! $ sq key attest-certifications --none juliet.pgp
//! ```
//!
//! ### Subcommand key adopt
//!
//! ```text
//! Binds keys from one certificate to another
//!
//! This command allows one to transfer primary keys and subkeys into an
//! existing certificate.  Say you want to transition to a new
//! certificate, but have an authentication subkey on your current
//! certificate.  You want to keep the authentication subkey because it
//! allows access to SSH servers and updating their configuration is not
//! feasible.
//!
//! USAGE:
//!     sq key adopt [OPTIONS] --key <KEY> [TARGET-KEY]
//!
//! ARGS:
//!     <TARGET-KEY>
//!             Adds keys to TARGET-KEY
//!
//! OPTIONS:
//!         --allow-broken-crypto
//!             Allows adopting keys from certificates using broken cryptography
//!
//!     -B, --binary
//!             Emits binary data
//!
//!     -h, --help
//!             Print help information
//!
//!     -k, --key <KEY>
//!             Adds the key or subkey KEY to the TARGET-KEY
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!     -r, --keyring <KEY-RING>
//!             Supplies keys for use in --key.
//!
//! EXAMPLES:
//!
//! # Adopt an subkey into the new cert
//! $ sq key adopt --keyring juliet-old.pgp --key 0123456789ABCDEF -- juliet-new.pgp
//! ```
//!
//! ## Subcommand keyring
//!
//! ```text
//! Manages collections of keys or certs
//!
//! Collections of keys or certficicates (also known as "keyrings" when
//! they contain secret key material, and "certrings" when they don't) are
//! any number of concatenated certificates.  This subcommand provides
//! tools to list, split, join, merge, and filter keyrings.
//!
//! Note: In the documentation of this subcommand, we sometimes use the
//! terms keys and certs interchangeably.
//!
//! USAGE:
//!     sq keyring <SUBCOMMAND>
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//! SUBCOMMANDS:
//!     list
//!             Lists keys in a keyring
//!     split
//!             Splits a keyring into individual keys
//!     join
//!             Joins keys or keyrings into a single keyring
//!     merge
//!             Merges keys or keyrings into a single keyring
//!     filter
//!             Joins keys into a keyring applying a filter
//!     help
//!             Print this message or the help of the given subcommand(s)
//! ```
//!
//! ### Subcommand keyring list
//!
//! ```text
//! Lists keys in a keyring
//!
//! Prints the fingerprint as well as the primary userid for every
//! certificate encountered in the keyring.
//!
//! USAGE:
//!     sq keyring list [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!         --all-userids
//!             Lists all user ids, even those that are expired, revoked, or not
//!             valid under the standard policy.
//!
//!     -h, --help
//!             Print help information
//!
//! EXAMPLES:
//!
//! # List all certs
//! $ sq keyring list certs.pgp
//!
//! # List all certs with a userid on example.org
//! $ sq keyring filter --domain example.org certs.pgp | sq keyring list
//! ```
//!
//! ### Subcommand keyring split
//!
//! ```text
//! Splits a keyring into individual keys
//!
//! Splitting up a keyring into individual keys helps with curating a
//! keyring.
//!
//! The converse operation is "sq keyring join".
//!
//! USAGE:
//!     sq keyring split [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!     -h, --help
//!             Print help information
//!
//!     -p, --prefix <PREFIX>
//!             Writes to files with PREFIX [defaults: "FILE-" if FILE is set, or
//!             "output-" if read from stdin]
//!
//! EXAMPLES:
//!
//! # Split all certs
//! $ sq keyring split certs.pgp
//!
//! # Split all certs, merging them first to avoid duplicates
//! $ sq keyring merge certs.pgp | sq keyring split
//! ```
//!
//! ### Subcommand keyring join
//!
//! ```text
//! Joins keys or keyrings into a single keyring
//!
//! Unlike "sq keyring merge", multiple versions of the same key are not
//! merged together.
//!
//! The converse operation is "sq keyring split".
//!
//! USAGE:
//!     sq keyring join [OPTIONS] [FILE]...
//!
//! ARGS:
//!     <FILE>...
//!             Sets the input files to use
//!
//! OPTIONS:
//!     -B, --binary
//!             Don't ASCII-armor the keyring
//!
//!     -h, --help
//!             Print help information
//!
//!     -o, --output <FILE>
//!             Sets the output file to use
//!
//! EXAMPLES:
//!
//! # Collect certs for an email conversation
//! $ sq keyring join juliet.pgp romeo.pgp alice.pgp
//! ```
//!
//! ### Subcommand keyring merge
//!
//! ```text
//! Merges keys or keyrings into a single keyring
//!
//! Unlike "sq keyring join", the certificates are buffered and multiple
//! versions of the same certificate are merged together.  Where data is
//! replaced (e.g., secret key material), data from the later certificate
//! is preferred.
//!
//! USAGE:
//!     sq keyring merge [OPTIONS] [FILE]...
//!
//! ARGS:
//!     <FILE>...
//!             Reads from FILE
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!     -h, --help
//!             Print help information
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//! EXAMPLES:
//!
//! # Merge certificate updates
//! $ sq keyring merge certs.pgp romeo-updates.pgp
//! ```
//!
//! ### Subcommand keyring filter
//!
//! ```text
//! Joins keys into a keyring applying a filter
//!
//! This can be used to filter keys based on given predicates,
//! e.g. whether they have a user id containing an email address with a
//! certain domain.  Additionally, the keys can be pruned to only include
//! components matching the predicates.
//!
//! If no filters are supplied, everything matches.
//!
//! If multiple predicates are given, they are or'ed, i.e. a key matches
//! if any of the predicates match.  To require all predicates to match,
//! chain multiple invocations of this command.  See EXAMPLES for
//! inspiration.
//!
//! USAGE:
//!     sq keyring filter [OPTIONS] [FILE]...
//!
//! ARGS:
//!     <FILE>...
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!         --domain <FQDN>
//!             Parses user ids into name and email address and case-sensitively
//!             matches on the domain of the email address, requiring an exact
//!             match.
//!
//!         --email <ADDRESS>
//!             Parses user ids into name and email address and case-sensitively
//!             matches on the email address, requiring an exact match.
//!
//!     -h, --help
//!             Print help information
//!
//!         --handle <FINGERPRINT|KEYID>
//!             Matches on both primary keys and subkeys, including those
//!             certificates that match the given fingerprint or key id.
//!
//!         --name <NAME>
//!             Parses user ids into name and email and case-sensitively matches on
//!             the name, requiring an exact match.
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!     -P, --prune-certs
//!             Removes certificate components not matching the filter
//!
//!         --to-cert
//!             Converts any keys in the input to certificates.  Converting a key to
//!             a certificate removes secret key material from the key thereby
//!             turning it into a certificate.
//!
//!         --userid <USERID>
//!             Case-sensitively matches on the user id, requiring an exact match.
//!
//! EXAMPLES:
//!
//! # Converts a key to a cert (i.e., remove any secret key material)
//! $ sq keyring filter --to-cert cat juliet.pgp
//!
//! # Gets the keys with a user id on example.org
//! $ sq keyring filter --domain example.org keys.pgp
//!
//! # Gets the keys with a user id on example.org or example.net
//! $ sq keyring filter --domain example.org --domain example.net keys.pgp
//!
//! # Gets the keys with a user id with the name Juliet
//! $ sq keyring filter --name Juliet keys.pgp
//!
//! # Gets the keys with a user id with the name Juliet on example.org
//! $ sq keyring filter --domain example.org keys.pgp | \
//!   sq keyring filter --name Juliet
//!
//! # Gets the keys with a user id on example.org, pruning other userids
//! $ sq keyring filter --domain example.org --prune-certs certs.pgp
//! ```
//!
//! ## Subcommand certify
//!
//! ```text
//! Certifies a User ID for a Certificate
//!
//! Using a certification a keyholder may vouch for the fact that another
//! certificate legitimately belongs to a user id.  In the context of
//! emails this means that the same entity controls the key and the email
//! address.  These kind of certifications form the basis for the Web Of
//! Trust.
//!
//! This command emits the certificate with the new certification.  The
//! updated certificate has to be distributed, preferably by sending it to
//! the certificate holder for attestation.  See also "sq key
//! attest-certification".
//!
//! USAGE:
//!     sq certify [OPTIONS] <CERTIFIER-KEY> <CERTIFICATE> <USERID>
//!
//! ARGS:
//!     <CERTIFIER-KEY>
//!             Creates the certification using CERTIFIER-KEY.
//!
//!     <CERTIFICATE>
//!             Certifies CERTIFICATE.
//!
//!     <USERID>
//!             Certifies USERID for CERTIFICATE.
//!
//! OPTIONS:
//!     -a, --amount <TRUST_AMOUNT>
//!             Sets the amount of trust.  Values between 1 and 120 are meaningful.
//!             120 means fully trusted.  Values less than 120 indicate the degree
//!             of trust.  60 is usually used for partially trusted.  The default is
//!             120.
//!
//!         --allow-not-alive-certifier
//!             Allows the key to make a certification even if the current time is
//!             prior to its creation time or the current time is at or after its
//!             expiration time.
//!
//!         --allow-revoked-certifier
//!             Don't fail if the certificate making the certification is revoked.
//!
//!     -B, --binary
//!             Emits binary data
//!
//!     -d, --depth <TRUST_DEPTH>
//!             Sets the trust depth (sometimes referred to as the trust level).  0
//!             means a normal certification of <CERTIFICATE, USERID>.  1 means
//!             CERTIFICATE is also a trusted introducer, 2 means CERTIFICATE is a
//!             meta-trusted introducer, etc.  The default is 0.
//!
//!         --expires <TIME>
//!             Makes the certification expire at TIME (as ISO 8601). Use "never" to
//!             create certifications that do not expire.
//!
//!         --expires-in <DURATION>
//!             Makes the certification expire after DURATION. Either "N[ymwds]",
//!             for N years, months, weeks, days, seconds, or "never".  [default:
//!             5y]
//!
//!     -h, --help
//!             Print help information
//!
//!     -l, --local
//!             Makes the certification a local certification.  Normally, local
//!             certifications are not exported.
//!
//!         --non-revocable
//!             Marks the certification as being non-revocable. That is, you cannot
//!             later revoke this certification.  This should normally only be used
//!             with an expiration.
//!
//!         --notation <NAME> <VALUE>
//!             Adds a notation to the certification.  A user-defined notation's
//!             name must be of the form "name@a.domain.you.control.org". If the
//!             notation's name starts with a !, then the notation is marked as
//!             being critical.  If a consumer of a signature doesn't understand a
//!             critical notation, then it will ignore the signature.  The notation
//!             is marked as being human readable.
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!         --private-key-store <KEY_STORE>
//!             Provides parameters for private key store
//!
//!     -r, --regex <REGEX>
//!             Adds a regular expression to constrain what a trusted introducer can
//!             certify.  The regular expression must match the certified User ID in
//!             all intermediate introducers, and the certified certificate.
//!             Multiple regular expressions may be specified.  In that case, at
//!             least one must match.
//!
//!         --time <TIME>
//!             Sets the certification time to TIME.  TIME is interpreted as an ISO
//!             8601
//!             timestamp.  To set the certification time to June 9, 2011 at
//!             midnight UTC,
//!             you can do:
//! 
//!             $ sq certify --time 20130721 neal.pgp ada.pgp ada
//! 
//!             To include a time, add a T, the time and optionally the timezone
//!             (the
//!             default timezone is UTC):
//! 
//!             $ sq certify --time 20130721T0550+0200 neal.pgp ada.pgp ada
//!
//! EXAMPLES:
//!
//! # Juliet certifies that Romeo controls romeo.pgp and romeo@example.org
//! $ sq certify juliet.pgp romeo.pgp "<romeo@example.org>"
//! ```
//!
//! ## Subcommand autocrypt
//!
//! ```text
//! Communicates certificates using Autocrypt
//!
//! Autocrypt is a standard for mail user agents to provide convenient
//! end-to-end encryption of emails.  This subcommand provides a limited
//! way to produce and consume headers that are used by Autocrypt to
//! communicate certificates between clients.
//!
//! See https://autocrypt.org/
//!
//! USAGE:
//!     sq autocrypt <SUBCOMMAND>
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//! SUBCOMMANDS:
//!     decode
//!             Reads Autocrypt-encoded certificates
//!     encode-sender
//!             Encodes a certificate into an Autocrypt header
//!     help
//!             Print this message or the help of the given subcommand(s)
//! ```
//!
//! ### Subcommand autocrypt decode
//!
//! ```text
//! Reads Autocrypt-encoded certificates
//!
//! Given an autocrypt header (or an key-gossip header), this command
//! extracts the certificate encoded within it.
//!
//! The converse operation is "sq autocrypt encode-sender".
//!
//! USAGE:
//!     sq autocrypt decode [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!     -h, --help
//!             Print help information
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//! EXAMPLES:
//!
//! # Extract all certificates from a mail
//! $ sq autocrypt decode autocrypt.eml
//! ```
//!
//! ### Subcommand autocrypt encode-sender
//!
//! ```text
//! Encodes a certificate into an Autocrypt header
//!
//! A certificate can be encoded and included in a header of an email
//! message.  This command encodes the certificate, adds the senders email
//! address (which must match the one used in the "From" header), and the
//! senders "prefer-encrypt" state (see the Autocrypt spec for more
//! information).
//!
//! The converse operation is "sq autocrypt decode".
//!
//! USAGE:
//!     sq autocrypt encode-sender [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!         --email <ADDRESS>
//!             Sets the address [default: primary userid]
//!
//!     -h, --help
//!             Print help information
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!         --prefer-encrypt <PREFER-ENCRYPT>
//!             Sets the prefer-encrypt attribute
//! 
//!             [default: nopreference]
//!             [possible values: nopreference, mutual]
//!
//! EXAMPLES:
//!
//! # Encodes a certificate
//! $ sq autocrypt encode-sender juliet.pgp
//!
//! # Encodes a certificate with an explicit sender address
//! $ sq autocrypt encode-sender --email juliet@example.org juliet.pgp
//!
//! # Encodes a certificate while indicating the willingness to encrypt
//! $ sq autocrypt encode-sender --prefer-encrypt mutual juliet.pgp
//! ```
//!
//! ## Subcommand keyserver
//!
//! ```text
//! Interacts with keyservers
//!
//! USAGE:
//!     sq keyserver [OPTIONS] <SUBCOMMAND>
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//!     -p, --policy <NETWORK-POLICY>
//!             Sets the network policy to use [default: encrypted] [possible
//!             values: offline, anonymized, encrypted, insecure]
//!
//!     -s, --server <URI>
//!             Sets the keyserver to use
//!
//! SUBCOMMANDS:
//!     get     Retrieves a key
//!     help    Print this message or the help of the given subcommand(s)
//!     send    Sends a key
//! ```
//!
//! ### Subcommand keyserver get
//!
//! ```text
//! Retrieves a key
//!
//! USAGE:
//!     sq keyserver get [OPTIONS] <QUERY>
//!
//! ARGS:
//!     <QUERY>    Retrieve certificate(s) using QUERY. This may be a
//!                fingerprint, a KeyID, or an email address.
//!
//! OPTIONS:
//!     -B, --binary           Emits binary data
//!     -h, --help             Print help information
//!     -o, --output <FILE>    Writes to FILE or stdout if omitted
//! ```
//!
//! ### Subcommand keyserver send
//!
//! ```text
//! Sends a key
//!
//! USAGE:
//!     sq keyserver send [FILE]
//!
//! ARGS:
//!     <FILE>    Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -h, --help    Print help information
//! ```
//!
//! ## Subcommand wkd
//!
//! ```text
//! Interacts with Web Key Directories
//!
//! USAGE:
//!     sq wkd [OPTIONS] <SUBCOMMAND>
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//!     -p, --policy <NETWORK-POLICY>
//!             Sets the network policy to use [default: encrypted] [possible
//!             values: offline, anonymized, encrypted, insecure]
//!
//! SUBCOMMANDS:
//!     direct-url    Prints the direct Web Key Directory URL of an email
//!                       address.
//!     generate      Generates a Web Key Directory for the given domain and
//!                       keys.
//!     get           Queries for certs using Web Key Directory
//!     help          Print this message or the help of the given subcommand(s)
//!     url           Prints the advanced Web Key Directory URL of an email
//!                       address.
//! ```
//!
//! ### Subcommand wkd direct-url
//!
//! ```text
//! Prints the direct Web Key Directory URL of an email address.
//!
//! USAGE:
//!     sq wkd direct-url <ADDRESS>
//!
//! ARGS:
//!     <ADDRESS>    Queries for ADDRESS
//!
//! OPTIONS:
//!     -h, --help    Print help information
//! ```
//!
//! ### Subcommand wkd generate
//!
//! ```text
//! Generates a Web Key Directory for the given domain and keys.  If the WKD exists,
//! the new keys will be inserted and it is updated and existing ones will be
//! updated.
//!
//!
//!
//!         A WKD is per domain, and can be queried using the advanced or the direct
//! method. The advanced method uses a URL with a subdomain 'openpgpkey'. As per the
//! specification, the advanced method is to be preferred. The direct method may
//! only be used if the subdomain doesn't exist. The advanced method allows web key
//! directories for several domains on one web server.
//!
//!
//!
//!         The contents of the generated WKD must be copied to a web server so that
//! they are accessible under https://openpgpkey.example.com/.well-known/openpgp/...
//! for the advanced version, and https://example.com/.well-known/openpgp/... for
//! the direct version. sq does not copy files to the web server.
//!
//! USAGE:
//!     sq wkd generate [OPTIONS] <WEB-ROOT> <FQDN> [CERT-RING]
//!
//! ARGS:
//!     <WEB-ROOT>
//!             Writes the WKD to WEB-ROOT. Transfer this directory to the
//!             webserver.
//!
//!     <FQDN>
//!             Generates a WKD for a fully qualified domain name for email
//!
//!     <CERT-RING>
//!             Adds certificates from CERT-RING to the WKD
//!
//! OPTIONS:
//!     -d, --direct-method
//!             Uses the direct method [default: advanced method]
//!
//!     -h, --help
//!             Print help information
//!
//!     -s, --skip
//!             Skips certificates that do not have User IDs for given domain.
//!
//! EXAMPLES:
//!
//! # Generate a WKD in /tmp/wkdroot from certs.pgp for example.com.
//! $ sq wkd generate /tmp/wkdroot example.com certs.ppg
//! ```
//!
//! ### Subcommand wkd get
//!
//! ```text
//! Queries for certs using Web Key Directory
//!
//! USAGE:
//!     sq wkd get [OPTIONS] <ADDRESS>
//!
//! ARGS:
//!     <ADDRESS>    Queries a cert for ADDRESS
//!
//! OPTIONS:
//!     -B, --binary    Emits binary data
//!     -h, --help      Print help information
//! ```
//!
//! ### Subcommand wkd url
//!
//! ```text
//! Prints the advanced Web Key Directory URL of an email address.
//!
//! USAGE:
//!     sq wkd url <ADDRESS>
//!
//! ARGS:
//!     <ADDRESS>    Queries for ADDRESS
//!
//! OPTIONS:
//!     -h, --help    Print help information
//! ```
//!
//! ## Subcommand armor
//!
//! ```text
//! Converts binary to ASCII
//!
//! To make encrypted data easier to handle and transport, OpenPGP data
//! can be transformed to an ASCII representation called ASCII Armor.  sq
//! emits armored data by default, but this subcommand can be used to
//! convert existing OpenPGP data to its ASCII-encoded representation.
//!
//! The converse operation is "sq dearmor".
//!
//! USAGE:
//!     sq armor [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//!         --label <LABEL>
//!             Selects the kind of armor header
//! 
//!             [default: auto]
//!             [possible values: auto, message, cert, key, sig, file]
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//! EXAMPLES:
//!
//! # Convert a binary certificate to ASCII
//! $ sq armor binary-juliet.pgp
//!
//! # Convert a binary message to ASCII
//! $ sq armor binary-message.pgp
//! ```
//!
//! ## Subcommand dearmor
//!
//! ```text
//! Converts ASCII to binary
//!
//! To make encrypted data easier to handle and transport, OpenPGP data
//! can be transformed to an ASCII representation called ASCII Armor.  sq
//! transparently handles armored data, but this subcommand can be used to
//! explicitly convert existing ASCII-encoded OpenPGP data to its binary
//! representation.
//!
//! The converse operation is "sq armor".
//!
//! USAGE:
//!     sq dearmor [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//! EXAMPLES:
//!
//! # Convert a ASCII certificate to binary
//! $ sq dearmor ascii-juliet.pgp
//!
//! # Convert a ASCII message to binary
//! $ sq dearmor ascii-message.pgp
//! ```
//!
//! ## Subcommand inspect
//!
//! ```text
//! Inspects data, like file(1)
//!
//! It is often difficult to tell from cursory inspection using cat(1) or
//! file(1) what kind of OpenPGP one is looking at.  This subcommand
//! inspects the data and provides a meaningful human-readable description
//! of it.
//!
//! USAGE:
//!     sq inspect [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!         --certifications
//!             Prints third-party certifications
//!
//!     -h, --help
//!             Print help information
//!
//! EXAMPLES:
//!
//! # Inspects a certificate
//! $ sq inspect juliet.pgp
//!
//! # Inspects a certificate ring
//! $ sq inspect certs.pgp
//!
//! # Inspects a message
//! $ sq inspect message.pgp
//!
//! # Inspects a detached signature
//! $ sq inspect message.sig
//! ```
//!
//! ## Subcommand packet
//!
//! ```text
//! Low-level packet manipulation
//!
//! An OpenPGP data stream consists of packets.  These tools allow working
//! with packet streams.  They are mostly of interest to developers, but
//! "sq packet dump" may be helpful to a wider audience both to provide
//! valuable information in bug reports to OpenPGP-related software, and
//! as a learning tool.
//!
//! USAGE:
//!     sq packet <SUBCOMMAND>
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//! SUBCOMMANDS:
//!     dump
//!             Lists packets
//!     decrypt
//!             Unwraps an encryption container
//!     split
//!             Splits a message into packets
//!     join
//!             Joins packets split across files
//!     help
//!             Print this message or the help of the given subcommand(s)
//! ```
//!
//! ### Subcommand packet dump
//!
//! ```text
//!
//! Lists packets
//!
//! Creates a human-readable description of the packet sequence.
//! Additionally, it can print cryptographic artifacts, and print the raw
//! octet stream similar to hexdump(1), annotating specifically which
//! bytes are parsed into OpenPGP values.
//!
//! To inspect encrypted messages, either supply the session key, or see
//! "sq decrypt --dump" or "sq packet decrypt".
//!
//! USAGE:
//!     sq packet dump [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//!         --mpis
//!             Prints cryptographic artifacts
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!         --session-key <SESSION-KEY>
//!             Decrypts an encrypted message using SESSION-KEY
//!
//!     -x, --hex
//!             Prints a hexdump
//!
//! EXAMPLES:
//!
//! # Prints the packets of a certificate
//! $ sq packet dump juliet.pgp
//!
//! # Prints cryptographic artifacts of a certificate
//! $ sq packet dump --mpis juliet.pgp
//!
//! # Prints a hexdump of a certificate
//! $ sq packet dump --hex juliet.pgp
//!
//! # Prints the packets of an encrypted message
//! $ sq packet dump --session-key AAAABBBBCCCC... ciphertext.pgp
//! ```
//!
//! ### Subcommand packet decrypt
//!
//! ```text
//! Unwraps an encryption container
//!
//! Decrypts a message, dumping the content of the encryption container
//! without further processing.  The result is a valid OpenPGP message
//! that can, among other things, be inspected using "sq packet dump".
//!
//! USAGE:
//!     sq packet decrypt [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!         --dump-session-key
//!             Prints the session key to stderr
//!
//!     -h, --help
//!             Print help information
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//!         --private-key-store <KEY_STORE>
//!             Provides parameters for private key store
//!
//!         --recipient-key <KEY>
//!             Decrypts the message with KEY
//!
//! EXAMPLES:
//!
//! # Unwraps the encryption revealing the signed message
//! $ sq packet decrypt --recipient-key juliet.pgp ciphertext.pgp
//! ```
//!
//! ### Subcommand packet split
//!
//! ```text
//! Splits a message into packets
//!
//! Splitting a packet sequence into individual packets, then recombining
//! them freely with "sq packet join" is a great way to experiment with
//! OpenPGP data.
//!
//! The converse operation is "sq packet join".
//!
//! USAGE:
//!     sq packet split [OPTIONS] [FILE]
//!
//! ARGS:
//!     <FILE>
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//!     -p, --prefix <PREFIX>
//!             Writes to files with PREFIX [defaults: "FILE-" if FILE is set, or
//!             "output-" if read from stdin]
//!
//! EXAMPLES:
//!
//! # Split a certificate into individual packets
//! $ sq packet split juliet.pgp
//! ```
//!
//! ### Subcommand packet join
//!
//! ```text
//! Joins packets split across files
//!
//! Splitting a packet sequence into individual packets, then recombining
//! them freely with "sq packet join" is a great way to experiment with
//! OpenPGP data.
//!
//! The converse operation is "sq packet split".
//!
//! USAGE:
//!     sq packet join [OPTIONS] [FILE]...
//!
//! ARGS:
//!     <FILE>...
//!             Reads from FILE or stdin if omitted
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!     -h, --help
//!             Print help information
//!
//!         --label <LABEL>
//!             Selects the kind of armor header
//! 
//!             [default: auto]
//!             [possible values: auto, message, cert, key, sig, file]
//!
//!     -o, --output <FILE>
//!             Writes to FILE or stdout if omitted
//!
//! EXAMPLES:
//!
//! # Split a certificate into individual packets
//! $ sq packet split juliet.pgp
//!
//! # Then join only a subset of these packets
//! $ sq packet join juliet.pgp-[0-3]*
//! ```
//!
//! ## Subcommand revoke
//!
//! ```text
//! Generates revocation certificates.
//!
//! A revocation certificate indicates that a certificate, a subkey, a
//! User ID, or a signature should not be used anymore.
//!
//! A revocation certificate includes two fields, a type and a
//! human-readable explanation, which allows the issuer to indicate why
//! the revocation certificate was issued.  It is important to set the
//! type field accurately as this allows an OpenPGP implementation to
//! better reason about artifacts whose validity relies on the revoked
//! object.  For instance, if a certificate is retired, it is reasonable
//! to consider signatures that it made prior to its retirement as still
//! being valid.  However, if a certificate's secret key material is
//! compromised, any signatures that it made should be considered
//! potentially forged, as they could have been made by an attacker and
//! backdated.
//!
//! As the intent of a revocation certificate is to stop others from using
//! a certificate, it is necessary to distribute the revocation
//! certificate.  One effective way to do this is to upload the revocation
//! certificate to a keyserver.
//!
//! USAGE:
//!     sq revoke <SUBCOMMAND>
//!
//! OPTIONS:
//!     -h, --help
//!             Print help information
//!
//! SUBCOMMANDS:
//!     certificate
//!             Revoke a certificate
//!     subkey
//!             Revoke a subkey
//!     userid
//!             Revoke a User ID
//!     help
//!             Print this message or the help of the given subcommand(s)
//!
//! EXAMPLES:
//!
//! # Revoke a certificate.
//! $ sq revoke certificate --time 20220101 --certificate juliet.pgp \
//!   compromised "My parents went through my things, and found my backup."
//!
//! # Revoke a User ID.
//! $ sq revoke userid --time 20220101 --certificate juliet.pgp \
//!   "Juliet <juliet@capuleti.it>" retired "I've left the family."
//! ```
//!
//! ### Subcommand revoke certificate
//!
//! ```text
//! Revokes a certificate
//!
//! Creates a revocation certificate for the certificate.
//!
//! If "--revocation-key" is provided, then that key is used to create
//! the signature.  If that key is different from the certificate being
//! revoked, this creates a third-party revocation.  This is normally only
//! useful if the owner of the certificate designated the key to be a
//! designated revoker.
//!
//! If "--revocation-key" is not provided, then the certificate must
//! include a certification-capable key.
//!
//! USAGE:
//!     sq revoke certificate [OPTIONS] <REASON> <MESSAGE>
//!
//! ARGS:
//!     <REASON>
//!             The reason for the revocation.  This must be either: compromised,
//!             superseded, retired, or unspecified:
//! 
//!               - compromised means that the secret key material may have been
//!                 compromised.  Prefer this value if you suspect that the secret
//!                 key has been leaked.
//! 
//!               - superseded means that the owner of the certificate has replaced
//!                 it with a new certificate.  Prefer "compromised" if the secret
//!                 key material has been compromised even if the certificate is
//!             also
//!                 being replaced!  You should include the fingerprint of the new
//!                 certificate in the message.
//! 
//!               - retired means that this certificate should not be used anymore,
//!                 and there is no replacement.  This is appropriate when someone
//!                 leaves an organisation.  Prefer "compromised" if the secret key
//!                 material has been compromised even if the certificate is also
//!                 being retired!  You should include how to contact the owner, or
//!                 who to contact instead in the message.
//! 
//!               - unspecified means that none of the three other three reasons
//!                 apply.  OpenPGP implementations conservatively treat this type
//!                 of revocation similar to a compromised key.
//! 
//!             If the reason happened in the past, you should specify that using
//!             the
//!             --time argument.  This allows OpenPGP implementations to more
//!             accurately reason about objects whose validity depends on the
//!             validity
//!             of the certificate.
//! 
//!             [possible values: compromised, superseded, retired, unspecified]
//!
//!     <MESSAGE>
//!             A short, explanatory text that is shown to a viewer of the
//!             revocation certificate.  It explains why the certificate has been
//!             revoked.  For instance, if Alice has created a new key, she would
//!             generate a 'superseded' revocation certificate for her old key, and
//!             might include the message "I've created a new certificate,
//!             FINGERPRINT, please use that in the future."
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!         --certificate <FILE>
//!             Reads the certificate to revoke from FILE or stdin, if omitted.  It
//!             is an error for the file to contain more than one certificate.
//!
//!     -h, --help
//!             Print help information
//!
//!         --notation <NAME> <VALUE>
//!             Adds a notation to the certification.  A user-defined notation's
//!             name must be of the form "name@a.domain.you.control.org". If the
//!             notation's name starts with a !, then the notation is marked as
//!             being critical.  If a consumer of a signature doesn't understand a
//!             critical notation, then it will ignore the signature.  The notation
//!             is marked as being human readable.
//!
//!         --private-key-store <KEY_STORE>
//!             Provides parameters for private key store
//!
//!         --revocation-key <KEY>
//!             Signs the revocation certificate using KEY.  If the key is different
//!             from the certificate, this creates a third-party revocation.  If
//!             this option is not provided, and the certificate includes secret key
//!             material, then that key is used to sign the revocation certificate.
//!
//!     -t, --time <TIME>
//!             Chooses keys valid at the specified time and sets the revocation
//!             certificate's creation time
//! ```
//!
//! ### Subcommand revoke subkey
//!
//! ```text
//! Revokes a subkey
//!
//! Creates a revocation certificate for a subkey.
//!
//! If "--revocation-key" is provided, then that key is used to create the
//! signature.  If that key is different from the certificate being revoked, this
//! creates a third-party revocation.  This is normally only useful if the owner of
//! the certificate designated the key to be a designated revoker.
//!
//! If "--revocation-key" is not provided, then the certificate must include a
//! certification-capable key.
//!
//! USAGE:
//!     sq revoke subkey [OPTIONS] <SUBKEY> <REASON> <MESSAGE>
//!
//! ARGS:
//!     <SUBKEY>
//!             The subkey to revoke.  This must either be the subkey's Key ID or
//!             its fingerprint.
//!
//!     <REASON>
//!             The reason for the revocation.  This must be either: compromised,
//!             superseded, retired, or unspecified:
//! 
//!               - compromised means that the secret key material may have been
//!                 compromised.  Prefer this value if you suspect that the secret
//!                 key has been leaked.
//! 
//!               - superseded means that the owner of the certificate has replaced
//!                 it with a new certificate.  Prefer "compromised" if the secret
//!                 key material has been compromised even if the certificate is
//!                 also being replaced!  You should include the fingerprint of the
//!                 new certificate in the message.
//! 
//!               - retired means that this certificate should not be used anymore,
//!                 and there is no replacement.  This is appropriate when someone
//!                 leaves an organisation.  Prefer "compromised" if the secret key
//!                 material has been compromised even if the certificate is also
//!                 being retired!  You should include how to contact the owner, or
//!                 who to contact instead in the message.
//! 
//!               - unspecified means that none of the three other three reasons
//!                 apply.  OpenPGP implementations conservatively treat this type
//!                 of revocation similar to a compromised key.
//! 
//!             If the reason happened in the past, you should specify that using
//!             the --time argument.  This allows OpenPGP implementations to more
//!             accurately reason about objects whose validity depends on the
//!             validity of the certificate.
//! 
//!             [possible values: compromised, superseded, retired, unspecified]
//!
//!     <MESSAGE>
//!             A short, explanatory text that is shown to a viewer of the
//!             revocation certificate.  It explains why the subkey has been
//!             revoked.  For instance, if Alice has created a new key, she would
//!             generate a 'superseded' revocation certificate for her old key, and
//!             might include the message "I've created a new subkey, please refresh
//!             the certificate.
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!         --certificate <FILE>
//!             Reads the certificate containing the subkey to revoke from FILE or
//!             stdin, if omitted.  It is an error for the file to contain more than
//!             one certificate.
//!
//!     -h, --help
//!             Print help information
//!
//!         --notation <NAME> <VALUE>
//!             Adds a notation to the certification.  A user-defined notation's
//!             name must be of the form "name@a.domain.you.control.org". If the
//!             notation's name starts with a !, then the notation is marked as
//!             being critical.  If a consumer of a signature doesn't understand a
//!             critical notation, then it will ignore the signature.  The notation
//!             is marked as being human readable.
//!
//!         --private-key-store <KEY_STORE>
//!             Provides parameters for private key store
//!
//!         --revocation-key <KEY>
//!             Signs the revocation certificate using KEY.  If the key is different
//!             from the certificate, this creates a third-party revocation.  If
//!             this option is not provided, and the certificate includes secret key
//!             material, then that key is used to sign the revocation certificate.
//!
//!     -t, --time <TIME>
//!             Chooses keys valid at the specified time and sets the revocation
//!             certificate's creation time
//! ```
//!
//! ### Subcommand revoke userid
//!
//! ```text
//! Revokes a User ID
//!
//! Creates a revocation certificate for a User ID.
//!
//! If "--revocation-key" is provided, then that key is used to create the
//! signature.  If that key is different from the certificate being revoked, this
//! creates a third-party revocation.  This is normally only useful if the owner of
//! the certificate designated the key to be a designated revoker.
//!
//! If "--revocation-key" is not provided, then the certificate must include a
//! certification-capable key.
//!
//! USAGE:
//!     sq revoke userid [OPTIONS] <USERID> <REASON> <MESSAGE>
//!
//! ARGS:
//!     <USERID>
//!             The User ID to revoke.  By default, this must exactly match a
//!             self-signed User ID.  Use --force to generate a revocation
//!             certificate for a User ID, which is not self signed.
//!
//!     <REASON>
//!             The reason for the revocation.  This must be either: retired, or
//!             unspecified:
//! 
//!               - retired means that this User ID is no longer valid.  This is
//!                 appropriate when someone leaves an organisation, and the
//!                 organisation does not have their secret key material.  For
//!                 instance, if someone was part of Debian and retires, they would
//!                 use this to indicate that a Debian-specific User ID is no longer
//!                 valid.
//! 
//!               - unspecified means that a different reason applies.
//! 
//!             If the reason happened in the past, you should specify that using
//!             the --time argument.  This allows OpenPGP implementations to more
//!             accurately reason about objects whose validity depends on the
//!             validity of a User ID.
//! 
//!             [possible values: retired, unspecified]
//!
//!     <MESSAGE>
//!             A short, explanatory text that is shown to a viewer of the
//!             revocation certificate.  It explains why the certificate has been
//!             revoked.  For instance, if Alice has created a new key, she would
//!             generate a 'superseded' revocation certificate for her old key, and
//!             might include the message "I've created a new certificate,
//!             FINGERPRINT, please use that in the future."
//!
//! OPTIONS:
//!     -B, --binary
//!             Emits binary data
//!
//!         --certificate <FILE>
//!             Reads the certificate to revoke from FILE or stdin, if omitted.  It
//!             is an error for the file to contain more than one certificate.
//!
//!     -h, --help
//!             Print help information
//!
//!         --notation <NAME> <VALUE>
//!             Adds a notation to the certification.  A user-defined notation's
//!             name must be of the form "name@a.domain.you.control.org". If the
//!             notation's name starts with a !, then the notation is marked as
//!             being critical.  If a consumer of a signature doesn't understand a
//!             critical notation, then it will ignore the signature.  The notation
//!             is marked as being human readable.
//!
//!         --private-key-store <KEY_STORE>
//!             Provides parameters for private key store
//!
//!         --revocation-key <KEY>
//!             Signs the revocation certificate using KEY.  If the key is different
//!             from the certificate, this creates a third-party revocation.  If
//!             this option is not provided, and the certificate includes secret key
//!             material, then that key is used to sign the revocation certificate.
//!
//!     -t, --time <TIME>
//!             Chooses keys valid at the specified time and sets the revocation
//!             certificate's creation time
//! ```
//!
//! ### Subcommand revoke EXAMPLES:
//!
//! ```text
//!
//! USAGE:
//!     sq revoke <SUBCOMMAND>
//!
//! For more information try --help
//! ```
//!
//! ### Subcommand revoke #
//!
//! ```text
//!
//! USAGE:
//!     sq revoke <SUBCOMMAND>
//!
//! For more information try --help
//! ```
//!
//! ### Subcommand revoke compromised
//!
//! ```text
//!
//! USAGE:
//!     sq revoke <SUBCOMMAND>
//!
//! For more information try --help
//! ```
//!
//! ### Subcommand revoke #
//!
//! ```text
//!
//! USAGE:
//!     sq revoke <SUBCOMMAND>
//!
//! For more information try --help
//! ```
//!
//! ### Subcommand revoke "Juliet
//!
//! ```text
//!
//! USAGE:
//!     sq revoke <SUBCOMMAND>
//!
//! For more information try --help
//! ```

#![doc(html_favicon_url = "https://docs.sequoia-pgp.org/favicon.png")]
#![doc(html_logo_url = "https://docs.sequoia-pgp.org/logo.svg")]

include!("sq.rs");