| revoke(1) | Sequoia Manual | revoke(1) |
revoke - Generates revocation certificates
revoke [-h|--help] <subcommands>
Generates revocation certificates.
A revocation certificate indicates that a certificate, a subkey, a User ID, or a signature should not be used anymore.
A revocation certificate includes two fields, a type and a human-readable explanation, which allows the issuer to indicate why the revocation certificate was issued. It is important to set the type field accurately as this allows an OpenPGP implementation to better reason about artifacts whose validity relies on the revoked object. For instance, if a certificate is retired, it is reasonable to consider signatures that it made prior to its retirement as still being valid. However, if a certificate's secret key material is compromised, any signatures that it made should be considered potentially forged, as they could have been made by an attacker and backdated.
As the intent of a revocation certificate is to stop others from using a certificate, it is necessary to distribute the revocation certificate. One effective way to do this is to upload the revocation certificate to a keyserver.
Revoke a certificate.
sq revoke certificate --time 20220101 --certificate juliet.pgp \
Revoke a User ID.
sq revoke userid --time 20220101 --certificate juliet.pgp \
For the full documentation see <https://docs.sequoia-pgp.org/sq/>.
sq(1) sq-armor(1) sq-autocrypt(1) sq-certify(1) sq-dearmor(1) sq-decrypt(1) sq-encrypt(1) sq-inspect(1) sq-key(1) sq-keyring(1) sq-keyserver(1) sq-packet(1) sq-revoke-certificate(1) sq-revoke-subkey(1) sq-revoke-userid(1) sq-sign(1) sq-verify(1) sq-wkd(1)
| July 2022 | sq 0.26.0 |