NAME

       sq-key - Manages keys

       We  use  the term "key" to refer to OpenPGP keys that do contain secrets.  This subcommand
       provides primitives to generate and otherwise manipulate keys.

       Conversely, we use the term "certificate", or cert for short, to  refer  to  OpenPGP  keys
       that do not contain secrets.  See "sq keyring" for operations on certificates.

SYNOPSIS

       sq key [FLAGS] <SUBCOMMAND>

FLAGS

       -h, --help
              Prints help information

SUBCOMMANDS

       help   Prints this message or the help of the given subcommand(s)

       generate
              Generates a new key

              Generating  a  key is the prerequisite to receiving encrypted messages and creating
              signatures.  There are a few parameters to this process, but we provide  reasonable
              defaults for most users.

              When generating a key, we also generate a revocation certificate.  This can be used
              in case the key is superseded, lost, or compromised.  It is a good idea to  keep  a
              copy of this in a safe place.

              After  generating  a  key,  use  "sq  key  extract-cert"  to  get  the  certificate
              corresponding to the key.  The key must  be  kept  secure,  while  the  certificate
              should be handed out to correspondents, e.g. by uploading it to a keyserver.

       extract-cert
              Converts a key to a cert

              After  generating  a  key, use this command to get the certificate corresponding to
              the key.  The key must be kept secure, while the certificate should be  handed  out
              to correspondents, e.g. by uploading it to a keyserver.

       adopt  Binds keys from one certificate to another

              This  command  allows  one  to  transfer  primary keys and subkeys into an existing
              certificate.  Say you want  to  transition  to  a  new  certificate,  but  have  an
              authentication   subkey  on  your  current  certificate.   You  want  to  keep  the
              authentication subkey because it allows access to SSH servers  and  updating  their
              configuration is not feasible.

       attest-certifications
              Attests to third-party certifications allowing for their distribution

              To  prevent  certificate  flooding attacks, modern key servers prevent uncontrolled
              distribution of third-party certifications on certificates.  To make the key holder
              the  sovereign  over  the information over what information is distributed with the
              certificate,  the  key  holder  needs   to   explicitly   attest   to   third-party
              certifications.

              After the attestation has been created, the certificate has to be distributed, e.g.
              by uploading it to a keyserver.

SEE ALSO

       For the full documentation see <https://docs.sequoia-pgp.org/sq/>.

       sq(1), sq-armor(1), sq-autocrypt(1), sq-certify(1), sq-dearmor(1), sq-decrypt(1),
       sq-encrypt(1), sq-inspect(1), sq-key(1), sq-key-adopt(1), sq-key-attest-certifications(1),
       sq-key-extract-cert(1), sq-key-generate(1), sq-keyring(1), sq-keyring-filter(1),
       sq-keyring-join(1), sq-keyring-list(1), sq-keyring-merge(1), sq-keyring-split(1),
       sq-packet(1), sq-sign(1), sq-verify(1)

AUTHORS

         Azul <azul@sequoia-pgp.org>
         Igor Matuszewski <igor@sequoia-pgp.org>
         Justus Winter <justus@sequoia-pgp.org>
         Kai Michaelis <kai@sequoia-pgp.org>
         Neal H. Walfield <neal@sequoia-pgp.org>
         Nora Widdecke <nora@sequoia-pgp.org>
         Wiktor Kwapisiewicz <wiktor@sequoia-pgp.org>