Provided by: sq_0.37.0-1_amd64 bug

NAME
       sq key subkey - Manage Subkeys


SYNOPSIS
       sq key subkey add [OPTIONS] FILE
       sq key subkey revoke [OPTIONS] SUBKEY REASON MESSAGE


DESCRIPTION
       Manage Subkeys.

       Add new subkeys to an existing key.


SUBCOMMANDS
   sq key subkey add
       Add a newly generated Subkey.

       A  subkey  has  one or more flags. `--can-sign` sets the signing flag, and means that the key may be used
       for signing. `--can-authenticate` sets the authentication flags, and means that the key may be  used  for
       authentication (e.g., as an SSH key). These two flags may be combined.

       `--can-encrypt=storage`  sets the storage encryption flag, and means that the key may be used for storage
       encryption. `--can-encrypt=transport` sets the transport encryption flag, and means that the key  may  be
       used  for  transport  encryption.   `--can-encrypt=universal`  sets  both  the  storage and the transport
       encryption flag, and means that the key may be used for both storage and transport encryption.  Only  one
       of the encryption flags may be used and it can not be combined with the signing or authentication flag.

       At least one flag must be chosen.

       When  using  `--with-password`, `sq` prompts the user for a password, that is used to encrypt the subkey.
       The password for the subkey may be different from that of the primary key.

       Furthermore the subkey may use one of several  available  cipher  suites,  that  can  be  selected  using
       `--cipher-suite`.

       By default a new subkey never expires. However, its validity period is limited by that of the primary key
       it  is added for.  Using the `--expiry` argument specific validity periods may be defined.  It allows for
       providing a point in time for validity to end or a validity duration.

       `sq key subkey add` respects the reference time set by the  top-level  `--time`  argument.  It  sets  the
       creation time of the subkey to the specified time.

   sq key subkey revoke
       Revoke a subkey.

       Creates a revocation certificate for a subkey.

       If  `--revocation-file`  is  provided,  then  that  key  is used to create the signature.  If that key is
       different from the certificate being revoked, this creates a third-party revocation.   This  is  normally
       only useful if the owner of the certificate designated the key to be a designated revoker.

       If `--revocation-file` is not provided, then the certificate must include a certification-capable key.

       `sq  key subkey revoke` respects the reference time set by the top-level `--time` argument.  When set, it
       uses the specified time instead of the current time, when determining what keys are valid,  and  it  sets
       the revocation certificate's creation time to the reference time instead of the current time.


EXAMPLES
   sq key subkey add
       First, generate a key

              sq key generate --userid '<juliet@example.org>' \
                     --output juliet.key.pgp

       Add a new Subkey for universal encryption which expires at the same time as the primary key

              sq key subkey add --output juliet-new.key.pgp \
                     --can-encrypt universal juliet.key.pgp

       Add a new Subkey for signing using the rsa3k cipher suite which expires in five days

              sq key subkey add --output juliet-new.key.pgp --can-sign \
                     --expiry 5d --cipher-suite rsa3k juliet.key.pgp


SEE ALSO
       sq(1), sq-key(1), sq-key-subkey-add(1), sq-key-subkey-revoke(1).

       For the full documentation see <https://book.sequoia-pgp.org>.


VERSION
       0.34.0 (sequoia-openpgp 1.19.0)

Sequoia PGP                                          0.34.0                                                SQ(1)