sq-encrypt - Man Page

Encrypts a message

Synopsis

sq encrypt [Options] FILE

Description

Encrypts a message.

Encrypts a message for any number of recipients and with any number of passwords, optionally signing the message in the process.

The converse operation is `sq decrypt`.

`sq encrypt` respects the reference time set by the top-level `--time` argument.  It uses the reference time when selecting encryption keys, and it sets the signature's creation time to the reference time.

Options

Subcommand options

-B, --binary

Emits binary data

--compression=KIND

Selects compression scheme to use

--encrypt-for=PURPOSE

Selects what kind of keys are considered for encryption.  'transport' select subkeys marked as suitable for transport encryption, 'storage' selects those for encrypting data at rest, and 'universal' selects all encryption-capable subkeys.

-o, --output=FILE

Writes to FILE or stdout if omitted

--private-key-store=KEY_STORE

Provides parameters for private key store

--recipient-cert=FINGERPRINT|KEYID

Encrypts to the named certificates

--recipient-email=EMAIL

Encrypts to all certificates that can be authenticated for the specified email address

--recipient-file=CERT_RING_FILE

Encrypts to all certificates in CERT_RING_FILE

--recipient-userid=USERID

Encrypts to all certificates that can be authenticated for the specified User ID

-s, --symmetric

Prompts to add a password to encrypt with.  When using this option, the user is asked to provide a password, which is used to encrypt the message. This option can be provided more than once to provide more than one password. The encrypted data can afterwards be decrypted with either one of the recipient's keys, or one of the provided passwords.

--set-metadata-filename

Sets the filename of the encrypted file as metadata.  Do note, that this metadata is not signed and as such relying on it - on sender or receiver side - is generally considered dangerous.

--set-metadata-time=TIME

Sets time for encrypted file as metadata.  Allows setting TIME either as ISO 8601 formatted string or by providing custom keywords.  With `none`, the metadata is not set.  With `file-creation`, the metadata is set to the file's creation timestamp.  With `file-modification`, the metadata is set to the file's last modification timestamp.  With `message-creation`, the metadata is set to the creation timestamp of the message for which the metadata is added.  Do note, that this metadata is not signed and as such relying on it - on sender or receiver side - is generally considered dangerous.

--signer-file=KEY_FILE

Signs the message using the key in KEY_FILE

--signer-key=KEYID|FINGERPRINT

Signs the message using the specified key on the key store

--use-expired-subkey

If a certificate has only expired encryption-capable subkeys, falls back to using the one that expired last

FILE

Reads from FILE or stdin if omitted

Global options

See sq(1) for a description of the global options.

Examples

Encrypt a file using a certificate

    sq encrypt --recipient-file romeo.pgp message.txt

Encrypt a file creating a signature in the process

    sq encrypt --recipient-file romeo.pgp --signer-file juliet.pgp \
    message.txt

Encrypt a file using a password

    sq encrypt --symmetric message.txt

See Also

sq(1).

For the full documentation see <https://book.sequoia-pgp.org>.

Version

0.34.0 (sequoia-openpgp 1.19.0)

Referenced By

sq(1).

0.34.0 Sequoia PGP