Provided by: sq_1.2.0-1_amd64 bug

NAME
       sq key revoke - Revoke a certificate


SYNOPSIS
       sq key revoke [OPTIONS]


DESCRIPTION
       Revoke a certificate.

       Creates a revocation certificate for a certificate.

       If  `--revoker`  or  `--revoker-file`  is  provided,  then  that  key  is  used  to create the revocation
       certificate.  If that key is different from the certificate that is being  revoked,  this  results  in  a
       third-party  revocation.  This is normally only useful if the owner of the certificate designated the key
       to be a designated revoker.

       `sq key revoke` respects the reference time set by the top-level `--time` argument.  When  set,  it  uses
       the  specified  time  instead  of  the current time when determining what keys are valid, and it sets the
       revocation certificate's creation time to the reference time instead of the current time.


OPTIONS
   Subcommand options
       --cert=FINGERPRINT|KEYID
              Revoke the key with the specified fingerprint or key ID

       --cert-email=EMAIL
              Revoke the key where a user ID includes the specified email address

       --cert-file=PATH
              Revoke the key read from PATH

       --cert-userid=USERID
              Revoke the key with the specified user ID

       --message=MESSAGE
              A short, explanatory text

              The text is shown to a viewer of the revocation certificate, and explains why the certificate  has
              been  revoked.   For  instance,  if Alice has created a new key, she would generate a `superseded`
              revocation certificate for her old key,  and  might  include  the  message  `I've  created  a  new
              certificate, $FINGERPRINT, please use that in the future.`

       --output=FILE
              Write to the specified FILE

              If  not  specified,  and the certificate was read from the certificate store, imports the modified
              certificate into the cert store.  If not specified, and the certificate  was  read  from  a  file,
              writes the modified certificate to stdout.

       --reason=REASON
              The reason for the revocation

              If  the  reason  happened  in the past, you should specify that using the `--time` argument.  This
              allows OpenPGP implementations to more accurately reason about artifacts whose validity depends on
              the validity of the certificate.

              [possible values: compromised, superseded, retired, unspecified]

       --revoker=FINGERPRINT|KEYID
              Use key with the specified fingerprint or key ID to create the revocation certificate

              Sign the revocation certificate using the  specified  key.   By  default,  the  certificate  being
              revoked is used.  Using this option, it is possible to create a third-party revocation.

       --revoker-email=EMAIL
              Use key where a user ID includes the specified email address to create the revocation certificate

              Sign  the  revocation  certificate  using  the  specified  key.  By default, the certificate being
              revoked is used.  Using this option, it is possible to create a third-party revocation.

       --revoker-file=PATH
              Read key from PATH to create the revocation certificate

              Sign the revocation certificate using the  specified  key.   By  default,  the  certificate  being
              revoked is used.  Using this option, it is possible to create a third-party revocation.

       --revoker-userid=USERID
              Use key with the specified user ID to create the revocation certificate

              Sign  the  revocation  certificate  using  the  specified  key.  By default, the certificate being
              revoked is used.  Using this option, it is possible to create a third-party revocation.

       --signature-notation NAME VALUE
              Add a notation to the signature

              A user-defined notation's name  must  be  of  the  form  `name@a.domain.you.control.org`.  If  the
              notation's  name  starts with a `!`, then the notation is marked as being critical.  If a consumer
              of a signature doesn't understand a critical notation, then it will  ignore  the  signature.   The
              notation is marked as being human readable.

   Global options
       See sq(1) for a description of the global options.


EXAMPLES
       Revoke Alice's key, indicating that there is a new certificate.

              sq key revoke --cert EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
                     --reason superseded --message \
                     "My new cert is C5999E8191BF7B503653BE958B1F7910D01F86E5"

       Revoke the key, indicating that the secret key material was compromised.

              sq key revoke --cert EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
                     --reason compromised --message \
                     "Computer attacked, secret key material compromised"


SEE ALSO
       sq(1), sq-key(1).

       For the full documentation see <https://book.sequoia-pgp.org>.


VERSION
       1.2.0 (sequoia-openpgp 1.22.0)

Sequoia PGP                                           1.2.0                                                SQ(1)