Provided by: sq_0.37.0-1_amd64 
NAME
sq encrypt - Encrypt a message
SYNOPSIS
sq encrypt [OPTIONS] FILE
DESCRIPTION
Encrypt a message.
Encrypt a message for any number of recipients and with any number of passwords,
optionally signing the message in the process.
The converse operation is `sq decrypt`.
`sq encrypt` respects the reference time set by the top-level `--time` argument. It uses
the reference time when selecting encryption keys, and it sets the signature's creation
time to the reference time.
OPTIONS
Subcommand options
-B, --binary
Emit binary data
--compression=KIND
Select compression scheme to use
--encrypt-for=PURPOSE
Select what kind of keys are considered for encryption. 'transport' selects
subkeys marked as suitable for transport encryption, 'storage' selects those for
encrypting data at rest, and 'universal' selects all encryption-capable subkeys.
-o, --output=FILE
Write to FILE or stdout if omitted
--private-key-store=KEY_STORE
Provide parameters for private key store
--recipient-cert=FINGERPRINT|KEYID
Encrypt to the named certificates
--recipient-email=EMAIL
Encrypt to all certificates that can be authenticated for the specified email
address
--recipient-file=CERT_RING_FILE
Encrypt to all certificates in CERT_RING_FILE
--recipient-userid=USERID
Encrypt to all certificates that can be authenticated for the specified User ID
-s, --symmetric
Prompt to add a password to encrypt with. When using this option, the user is
asked to provide a password, which is used to encrypt the message. This option can
be provided more than once to provide more than one password. The encrypted data
can afterwards be decrypted with either one of the recipient's keys, or one of the
provided passwords.
--set-metadata-filename
Set the filename of the encrypted file as metadata. Do note, that this metadata is
not signed and as such relying on it - on sender or receiver side - is generally
considered dangerous.
--set-metadata-time=TIME
Set time for encrypted file as metadata. Allows setting TIME either as ISO 8601
formatted string or by providing custom keywords. With `none`, the metadata is not
set. With `file-creation`, the metadata is set to the file's creation timestamp.
With `file-modification`, the metadata is set to the file's last modification
timestamp. With `message-creation`, the metadata is set to the creation timestamp
of the message for which the metadata is added. Do note, that this metadata is not
signed and as such relying on it - on sender or receiver side - is generally
considered dangerous.
--signer-file=KEY_FILE
Sign the message using the key in KEY_FILE
--signer-key=KEYID|FINGERPRINT
Sign the message using the specified key on the key store
--use-expired-subkey
If a certificate has only expired encryption-capable subkeys, fall back to using
the one that expired last
FILE Read from FILE or stdin if omitted
Global options
See sq(1) for a description of the global options.
EXAMPLES
Encrypt a file using a certificate
sq encrypt --recipient-file romeo.pgp message.txt
Encrypt a file creating a signature in the process
sq encrypt --recipient-file romeo.pgp --signer-file juliet.pgp \
message.txt
Encrypt a file using a password
sq encrypt --symmetric message.txt
SEE ALSO
sq(1).
For the full documentation see <https://book.sequoia-pgp.org>.
VERSION
0.34.0 (sequoia-openpgp 1.19.0)