Provided by: sq_1.2.0-1_amd64 bug

NAME

       sq key userid revoke - Revoke a user ID

SYNOPSIS

       sq key userid revoke [OPTIONS]

DESCRIPTION

       Revoke a user ID.

       Creates a revocation certificate for a user ID.

       If  `--revoker`  or  `--revoker-file`  is  provided,  then  that  key  is  used  to create the revocation
       certificate.  If that key is different from the certificate that is being  revoked,  this  results  in  a
       third-party  revocation.  This is normally only useful if the owner of the certificate designated the key
       to be a designated revoker.

       To revoke a user ID, the certificate must be valid under the current policy.  If the certificate  is  not
       valid  under  the  current  policy,  consider revoking the whole certificate, or fixing it using `sq cert
       lint` after verifying the certificate's integrity.  If the certificate is valid under the current policy,
       but the user ID you want to revoke isn't, you can still revoke the user ID using `--add-userid`.

       `sq key userid revoke` respects the reference time set by the top-level `--time` argument.  When set,  it
       uses the specified time instead of the current time when determining what keys are valid, and it sets the
       revocation certificate's creation time to the reference time instead of the current time.

OPTIONS

   Subcommand options
       --add-email=EMAIL
              Use a user ID with the specified email address

              The  user  ID  consists of just the email address.  The email address does not have to appear in a
              self-signed user ID.

       --add-userid=USERID
              Use the specified user ID

              The specified user ID does not need to be self signed.

              Because using a user ID that is not self-signed is often a mistake, you need to use this option to
              explicitly opt in.

       --allow-non-canonical-userids
              Don't reject new user IDs that are not in canonical form

              Canonical user IDs are of the form `Name (Comment) <localpart@example.org>`.

       --cert=FINGERPRINT|KEYID
              Revoke the user ID from the key with the specified fingerprint or key ID

       --cert-email=EMAIL
              Revoke the user ID from the key where a user ID includes the specified email address

       --cert-file=PATH
              Revoke the user ID from the key read from PATH

       --cert-userid=USERID
              Revoke the user ID from the key with the specified user ID

       --email=EMAIL
              Use a user ID consisting of just the email address, if the email address occurs in  a  self-signed
              user ID

       --message=MESSAGE
              A short, explanatory text

              The  text is shown to a viewer of the revocation certificate, and explains why the certificate has
              been revoked.  For instance, if Alice has left the organization,  it  might  say  who  to  contact
              instead.

       --output=FILE
              Write to the specified FILE

              If  not  specified,  and the certificate was read from the certificate store, imports the modified
              certificate into the cert store.  If not specified, and the certificate  was  read  from  a  file,
              writes the modified certificate to stdout.

       --reason=REASON
              The reason for the revocation

              If  the  reason  happened  in the past, you should specify that using the `--time` argument.  This
              allows OpenPGP implementations to more accurately reason about artifacts whose validity depends on
              the validity of the user ID.

              [possible values: retired, unspecified]

       --revoker=FINGERPRINT|KEYID
              Use key with the specified fingerprint or key ID to create the revocation certificate

              Sign the revocation certificate using the  specified  key.   By  default,  the  certificate  being
              revoked is used.  Using this option, it is possible to create a third-party revocation.

       --revoker-email=EMAIL
              Use key where a user ID includes the specified email address to create the revocation certificate

              Sign  the  revocation  certificate  using  the  specified  key.  By default, the certificate being
              revoked is used.  Using this option, it is possible to create a third-party revocation.

       --revoker-file=PATH
              Read key from PATH to create the revocation certificate

              Sign the revocation certificate using the  specified  key.   By  default,  the  certificate  being
              revoked is used.  Using this option, it is possible to create a third-party revocation.

       --revoker-userid=USERID
              Use key with the specified user ID to create the revocation certificate

              Sign  the  revocation  certificate  using  the  specified  key.  By default, the certificate being
              revoked is used.  Using this option, it is possible to create a third-party revocation.

       --signature-notation NAME VALUE
              Add a notation to the signature

              A user-defined notation's name  must  be  of  the  form  `name@a.domain.you.control.org`.  If  the
              notation's  name  starts with a `!`, then the notation is marked as being critical.  If a consumer
              of a signature doesn't understand a critical notation, then it will  ignore  the  signature.   The
              notation is marked as being human readable.

       --userid=USERID
              Use the specified self-signed user ID

              The specified user ID must be self signed.

       --userid-by-email=EMAIL
              Use the self-signed user ID with the specified email address

   Global options
       See sq(1) for a description of the global options.

EXAMPLES

       Retire a user ID on Alice's key.

              sq key userid revoke --cert \
                     EB28F26E2739A4870ECC47726F0073F60FD0CBF0 --userid \
                     "Alice <alice@example.org>" --reason retired --message \
                     "No longer at example.org."

SEE ALSO

       sq(1), sq-key(1), sq-key-userid(1).

       For the full documentation see <https://book.sequoia-pgp.org>.

VERSION

       1.2.0 (sequoia-openpgp 1.22.0)

Sequoia PGP                                           1.2.0                                                SQ(1)