Scroll to navigation

encrypt(1) Sequoia Manual encrypt(1)


encrypt - Encrypts a message


encrypt [-o|--output] [-B|--binary] [--recipient-cert] [--signer-key] [--private-key-store] [-s|--symmetric] [--mode] [--compression] [-t|--time] [--use-expired-subkey] [-h|--help] [FILE]


Encrypts a message

Encrypts a message for any number of recipients and with any number of passwords, optionally signing the message in the process.

The converse operation is "sq decrypt".


Writes to FILE or stdout if omitted
Emits binary data
Encrypts for all recipients in CERT-RING
Signs the message with KEY
Provides parameters for private key store
Adds a password to encrypt with. The message can be decrypted with either one of the recipient's keys, or any password.
Selects what kind of keys are considered for encryption. Transport select subkeys marked as suitable for transport encryption, rest selects those for encrypting data at rest, and all selects all encryption-capable subkeys.
Selects compression scheme to use
Chooses keys valid at the specified time and sets the signature's creation time
If a certificate has only expired encryption-capable subkeys, falls back to using the one that expired last
Print help information
Reads from FILE or stdin if omitted


Encrypt a file using a certificate

sq encrypt --recipient-cert romeo.pgp message.txt

Encrypt a file creating a signature in the process

sq encrypt --recipient-cert romeo.pgp --signer-key juliet.pgp message.txt

Encrypt a file using a password

sq encrypt --symmetric message.txt


For the full documentation see <>.

sq(1) sq-armor(1) sq-autocrypt(1) sq-certify(1) sq-dearmor(1) sq-decrypt(1) sq-inspect(1) sq-key(1) sq-keyring(1) sq-keyserver(1) sq-packet(1) sq-revoke(1) sq-sign(1) sq-verify(1) sq-wkd(1)

July 2022 sq 0.26.0