Provided by: sq_0.27.0-1_amd64 
NAME
generate - Generates a new key
SYNOPSIS
generate [-u|--userid] [-c|--cipher-suite] [--with-password] [--creation-time] [--expires]
[--expires-in] [--can-sign] [--cannot-sign] [--can-authenticate] [--cannot-authenticate]
[--can-encrypt] [--cannot-encrypt] [-e|--export] [--rev-cert] [-h|--help]
DESCRIPTION
Generates a new key
Generating a key is the prerequisite to receiving encrypted messages and creating
signatures. There are a few parameters to this process, but we provide reasonable
defaults for most users.
When generating a key, we also generate a revocation certificate. This can be used in
case the key is superseded, lost, or compromised. It is a good idea to keep a copy of
this in a safe place.
After generating a key, use "sq key extract-cert" to get the certificate corresponding to
the key. The key must be kept secure, while the certificate should be handed out to
correspondents, e.g. by uploading it to a keyserver.
OPTIONS
-u, --userid=EMAIL
Adds a userid to the key
-c, --cipher-suite=CIPHER-SUITE [default: cv25519] [possible values: rsa3k, rsa4k,
cv25519]
Selects the cryptographic algorithms for the key
--with-password
Protects the key with a password
--creation-time=CREATION_TIME
Sets the key's creation time to TIME. TIME is interpreted as an ISO 8601
timestamp. To set the creation time to June 9, 2011 at midnight UTC, you can do:
$ sq key generate --creation-time 20110609 --export noam.pgp
To include a time, add a T, the time and optionally the timezone (the default
timezone is UTC):
$ sq key generate --creation-time 20110609T1938+0200 --export noam.pgp
--expires=TIME
Makes the key expire at TIME (as ISO 8601). Use "never" to create keys that do not
expire.
--expires-in=DURATION
Makes the key expire after DURATION. Either "N[ymwds]", for N years, months, weeks,
days, seconds, or "never".
--can-sign
Adds a signing-capable subkey (default)
--cannot-sign
Adds no signing-capable subkey
--can-authenticate
Adds an authentication-capable subkey (default)
--cannot-authenticate
Adds no authentication-capable subkey
--can-encrypt=PURPOSE [possible values: transport, storage, universal]
Adds an encryption-capable subkey. Encryption-capable subkeys can be marked as
suitable for transport encryption, storage encryption, or both. [default:
universal]
--cannot-encrypt
Adds no encryption-capable subkey
-e, --export=OUTFILE
Writes the key to OUTFILE
--rev-cert=FILE or -
Writes the revocation certificate to FILE. mandatory if OUTFILE is "-". [default:
<OUTFILE>.rev]
-h, --help
Print help information
EXAMPLES
First, this generates a key
sq key generate --userid "<juliet@example.org>" --export juliet.key.pgp
Then, this extracts the certificate for distribution
sq key extract-cert --output juliet.cert.pgp juliet.key.pgp
Generates a key protecting it with a password
sq key generate --userid "<juliet@example.org>" --with-password
Generates a key with multiple userids
sq key generate --userid "<juliet@example.org>" --userid "Juliet Capulet"
SEE ALSO
For the full documentation see <https://docs.sequoia-pgp.org/sq/>.
sq(1) sq-armor(1) sq-autocrypt(1) sq-certify(1) sq-dearmor(1) sq-decrypt(1) sq-encrypt(1)
sq-inspect(1) sq-key(1) sq-key-adopt(1) sq-key-attest-certifications(1)
sq-key-extract-cert(1) sq-key-password(1) sq-key-userid(1) sq-keyring(1) sq-keyserver(1)
sq-packet(1) sq-revoke(1) sq-sign(1) sq-verify(1) sq-wkd(1)