Provided by: sq_0.27.0-2_amd64 bug

NAME

       generate - Generates a new key

SYNOPSIS

       generate [-u|--userid] [-c|--cipher-suite] [--with-password] [--creation-time] [--expires]
       [--expires-in] [--can-sign] [--cannot-sign]  [--can-authenticate]  [--cannot-authenticate]
       [--can-encrypt] [--cannot-encrypt] [-e|--export] [--rev-cert] [-h|--help]

DESCRIPTION

       Generates a new key

       Generating  a  key  is  the  prerequisite  to  receiving  encrypted  messages and creating
       signatures.  There are a few  parameters  to  this  process,  but  we  provide  reasonable
       defaults for most users.

       When  generating  a  key,  we also generate a revocation certificate.  This can be used in
       case the key is superseded, lost, or compromised.  It is a good idea to  keep  a  copy  of
       this in a safe place.

       After  generating a key, use "sq key extract-cert" to get the certificate corresponding to
       the key.  The key must be kept secure, while the  certificate  should  be  handed  out  to
       correspondents, e.g. by uploading it to a keyserver.

OPTIONS

       -u, --userid=EMAIL
              Adds a userid to the key

       -c,   --cipher-suite=CIPHER-SUITE  [default:  cv25519]  [possible  values:  rsa3k,  rsa4k,
       cv25519]
              Selects the cryptographic algorithms for the key

       --with-password
              Protects the key with a password

       --creation-time=CREATION_TIME
              Sets the key's creation  time  to  TIME.   TIME  is  interpreted  as  an  ISO  8601
              timestamp.  To set the creation time to June 9, 2011 at midnight UTC, you can do:

              $ sq key generate --creation-time 20110609 --export noam.pgp

              To  include  a  time,  add  a  T, the time and optionally the timezone (the default
              timezone is UTC):

              $ sq key generate --creation-time 20110609T1938+0200 --export noam.pgp

       --expires=TIME
              Makes the key expire at TIME (as ISO 8601). Use "never" to create keys that do  not
              expire.

       --expires-in=DURATION
              Makes the key expire after DURATION. Either "N[ymwds]", for N years, months, weeks,
              days, seconds, or "never".

       --can-sign
              Adds a signing-capable subkey (default)

       --cannot-sign
              Adds no signing-capable subkey

       --can-authenticate
              Adds an authentication-capable subkey (default)

       --cannot-authenticate
              Adds no authentication-capable subkey

       --can-encrypt=PURPOSE [possible values: transport, storage, universal]
              Adds an encryption-capable subkey. Encryption-capable  subkeys  can  be  marked  as
              suitable   for   transport  encryption,  storage  encryption,  or  both.  [default:
              universal]

       --cannot-encrypt
              Adds no encryption-capable subkey

       -e, --export=OUTFILE
              Writes the key to OUTFILE

       --rev-cert=FILE or -
              Writes the revocation certificate to FILE. mandatory if OUTFILE is  "-".  [default:
              <OUTFILE>.rev]

       -h, --help
              Print help information

EXAMPLES

        First, this generates a key

               sq key generate --userid "<juliet@example.org>" --export juliet.key.pgp

        Then, this extracts the certificate for distribution

               sq key extract-cert --output juliet.cert.pgp juliet.key.pgp

        Generates a key protecting it with a password

               sq key generate --userid "<juliet@example.org>" --with-password

        Generates a key with multiple userids

               sq key generate --userid "<juliet@example.org>" --userid "Juliet Capulet"

SEE ALSO

       For the full documentation see <https://docs.sequoia-pgp.org/sq/>.

       sq(1)  sq-armor(1) sq-autocrypt(1) sq-certify(1) sq-dearmor(1) sq-decrypt(1) sq-encrypt(1)
       sq-inspect(1)       sq-key(1)       sq-key-adopt(1)        sq-key-attest-certifications(1)
       sq-key-extract-cert(1)  sq-key-password(1)  sq-key-userid(1) sq-keyring(1) sq-keyserver(1)
       sq-packet(1) sq-revoke(1) sq-sign(1) sq-verify(1) sq-wkd(1)