Provided by: sq_0.40.0-1_amd64 bug

NAME
       sq decrypt - Decrypt a message


SYNOPSIS
       sq decrypt [OPTIONS] FILE


DESCRIPTION
       Decrypt a message.

       Decrypt  a message using either supplied keys, or by prompting for a password.  If message
       tampering is detected, an error is returned. See below for details.

       If certificates are supplied using the `--signer-file` option,  any  signatures  that  are
       found are checked using these certificates. Verification is only successful if there is no
       bad signature, and the number of successfully verified signatures  reaches  the  threshold
       configured with the `--signatures` parameter.

       If  the  signature  verification  fails,  or if message tampering is detected, the program
       terminates with an exit status indicating failure.  and the output file  is  deleted.   If
       the  output  was  sent  to  stdout,  then  the  last  25  MiB  of the message are withheld
       (consequently, if the message is smaller than 25 MiB, no output is produced).

       The converse operation is `sq encrypt`.


OPTIONS
   Subcommand options
       --dump-session-key
              Print the session key to stderr

       --output=FILE
              Write to FILE or stdout if omitted

              [default: -]

       --recipient-file=KEY_FILE
              Decrypt the message using the key in KEY_FILE

       --session-key=SESSION-KEY
              Decrypt an encrypted message using SESSION-KEY

       --signatures=N
              Set the threshold of valid signatures to N. The message  will  only  be  considered
              verified if this threshold is reached. [default: 1 if at least one signer cert file
              is given, 0 otherwise]

       --signer=FINGERPRINT|KEYID
              Require a signature from a certificate with the specified fingerprint or key ID

       --signer-domain=DOMAIN
              Require a signature from a certificate where a user ID includes  an  email  address
              for the specified domain

       --signer-email=EMAIL
              Require a signature from a certificate where a user ID includes the specified email
              address

       --signer-file=PATH
              Require a signature from a certificate read from PATH

       --signer-userid=USERID
              Require a signature from a certificate with the specified user ID

        FILE  Read from FILE or stdin if FILE is '-'

              [default: -]

   Global options
       See sq(1) for a description of the global options.


EXAMPLES
       Decrypt a file using a secret key

              sq decrypt --recipient-file juliet-secret.pgp ciphertext.pgp

       Decrypt a file verifying signatures

              sq decrypt --recipient-file juliet-secret.pgp --signer-file \
                     romeo.pgp ciphertext.pgp

       Decrypt a file using the key store

              sq decrypt ciphertext.pgp


SEE ALSO
       sq(1).

       For the full documentation see <https://book.sequoia-pgp.org>.


VERSION
       0.40.0 (sequoia-openpgp 1.21.2)