Provided by: sq_0.37.0-1_amd64 bug

NAME
       sq key generate - Generate a new key


SYNOPSIS
       sq key generate [OPTIONS]


DESCRIPTION
       Generate a new key.

       Generating  a key is the prerequisite to receiving encrypted messages and creating signatures.  There are
       a few parameters to this process, but we provide reasonable defaults for most users.

       When generating a key, we also generate a revocation certificate.  This can be used in case  the  key  is
       superseded, lost, or compromised.  It is a good idea to keep a copy of this in a safe place.

       After  generating  a  key, use `sq toolbox extract-cert` to get the certificate corresponding to the key.
       The key must be kept secure, while the certificate should  be  handed  out  to  correspondents,  e.g.  by
       uploading it to a key server.

       By  default a key expires after 3 years.  Using the `--expiry=` argument specific validity periods may be
       defined.  It allows for providing a point in time for validity to end or a validity duration.

       `sq key generate` respects the reference time set by  the  top-level  `--time`  argument.   It  sets  the
       creation time of the key, any subkeys, and the binding signatures to the reference time.


OPTIONS
   Subcommand options
       -c, --cipher-suite=CIPHER-SUITE
              Select the cryptographic algorithms for the key

       --can-authenticate
              Add an authentication-capable subkey (default)

       --can-encrypt=PURPOSE
              Add  an  encryption-capable  subkey.  Encryption-capable  subkeys  can  be  marked as suitable for
              transport encryption, storage encryption, or both, i.e., universal. [default: universal]

       --can-sign
              Add a signing-capable subkey (default)

       --cannot-authenticate
              Add no authentication-capable subkey

       --cannot-encrypt
              Add no encryption-capable subkey

       --cannot-sign
              Add no signing-capable subkey

       --expiry=EXPIRY
              Define EXPIRY for the key as ISO 8601  formatted  string  or  custom  duration.  If  an  ISO  8601
              formatted  string  is  provided,  the  validity period reaches from the reference time (may be set
              using `--time`) to the provided time. Custom durations starting from the reference time may be set
              using `N[ymwds]`, for N years, months, weeks, days, or seconds. The special keyword  `never`  sets
              an unlimited expiry.

       -o, --output=FILE
              Write to FILE or stdout if omitted

       --rev-cert=FILE or -
              Write the revocation certificate to FILE. mandatory if OUTFILE is `-`. [default: <OUTFILE>.rev]

       -u, --userid=EMAIL
              Add a userid to the key

       --with-password
              Protect the key with a password

   Global options
       See sq(1) for a description of the global options.


EXAMPLES
       First, generate a key

              sq key generate --userid '<juliet@example.org>' \
                     --output juliet.key.pgp

       Then, extract the certificate for distribution

              sq toolbox extract-cert --output juliet.cert.pgp juliet.key.pgp

       Generate a key protecting it with a password

              sq key generate --userid '<juliet@example.org>' --with-password

       Generate a key with multiple userids

              sq key generate --userid '<juliet@example.org>' \
                     --userid 'Juliet Capulet'

       Generate a key whose creation time is June 9, 2011 at midnight UTC

              sq key generate --time 20110609 --userid Noam \
                     --output noam.pgp


SEE ALSO
       sq(1), sq-key(1).

       For the full documentation see <https://book.sequoia-pgp.org>.


VERSION
       0.34.0 (sequoia-openpgp 1.19.0)

Sequoia PGP                                          0.34.0                                                SQ(1)