sq-decrypt - Man Page


sq-decrypt — Decrypts a message

Decrypts a message using either supplied keys, or by prompting for a password.  If message tampering is detected, an error is returned. See below for details.

If certificates are supplied using the "--signer-cert" option, any signatures that are found are checked using these certificates. Verification is only successful if there is no bad signature, and the number of successfully verified signatures reaches the threshold configured with the "--signatures" parameter.

If the signature verification fails, or if message tampering is detected, the program terminates with an exit status indicating failure.  In addition to that, the last 25 MiB of the message are withheld, i.e. if the message is smaller than 25 MiB, no output is produced, and if it is larger, then the output will be truncated.

The converse operation is "sq encrypt".


sq decrypt [Flags] [Options] [--] [FILE]


-h,  --help

Prints help information


Prints the session key to stderr


Prints a packet dump to stderr

-x,  --hex

Prints a hexdump (implies --dump)


-o,  --output FILE

Writes to FILE or stdout if omitted

-n,  --signatures N

Sets the threshold of valid signatures to N. The message will only be considered verified if this threshold is reached. [default: 1 if at least one signer cert file is given, 0 otherwise]

--signer-cert CERT

Verifies signatures with CERT

--recipient-key KEY

Decrypts with KEY



Reads from FILE or stdin if omitted


# Decrypt a file using a secret key

$ sq decrypt --recipient-key juliet.pgp ciphertext.pgp

# Decrypt a file verifying signatures

$ sq decrypt --recipient-key juliet.pgp --signer-cert romeo.pgp ciphertext.pgp

# Decrypt a file using a password

$ sq decrypt ciphertext.pgp

See Also

For the full documentation see <https://docs.sequoia-pgp.org/sq/>.

sq(1), sq-armor(1), sq-autocrypt(1), sq-certify(1), sq-dearmor(1), sq-decrypt(1), sq-encrypt(1), sq-inspect(1), sq-key(1), sq-keyring(1), sq-keyserver(1), sq-packet(1), sq-sign(1), sq-verify(1), sq-wkd(1)


Azul <azul@sequoia-pgp.org>
Igor Matuszewski <igor@sequoia-pgp.org>
Justus Winter <justus@sequoia-pgp.org>
Kai Michaelis <kai@sequoia-pgp.org>
Neal H. Walfield <neal@sequoia-pgp.org>
Nora Widdecke <nora@sequoia-pgp.org>
Wiktor Kwapisiewicz <wiktor@sequoia-pgp.org>

Referenced By

sq(1), sq-armor(1), sq-autocrypt(1), sq-autocrypt-decode(1), sq-autocrypt-encode-sender(1), sq-certify(1), sq-dearmor(1), sq-decrypt(1), sq-encrypt(1), sq-inspect(1), sq-key(1), sq-key-adopt(1), sq-key-attest-certifications(1), sq-key-extract-cert(1), sq-key-generate(1), sq-keyring(1), sq-keyring-filter(1), sq-keyring-join(1), sq-keyring-list(1), sq-keyring-merge(1), sq-keyring-split(1), sq-keyserver(1), sq-keyserver-get(1), sq-keyserver-send(1), sq-packet(1), sq-packet-decrypt(1), sq-packet-dump(1), sq-packet-join(1), sq-packet-split(1), sq-sign(1), sq-verify(1), sq-wkd(1), sq-wkd-generate(1), sq-wkd-get(1), sq-wkd-url(1).