.ie \n(.g .ds Aq \(aq .el .ds Aq ' .TH generate 1 "July 2022" "sq 0.26.0" "Sequoia Manual" .SH NAME generate \- Generates a new key .SH SYNOPSIS \fBgenerate\fR [\fB\-u\fR|\fB\-\-userid\fR] [\fB\-c\fR|\fB\-\-cipher\-suite\fR] [\fB\-\-with\-password\fR] [\fB\-\-creation\-time\fR] [\fB\-\-expires\fR] [\fB\-\-expires\-in\fR] [\fB\-\-can\-sign\fR] [\fB\-\-cannot\-sign\fR] [\fB\-\-can\-authenticate\fR] [\fB\-\-cannot\-authenticate\fR] [\fB\-\-can\-encrypt\fR] [\fB\-\-cannot\-encrypt\fR] [\fB\-e\fR|\fB\-\-export\fR] [\fB\-\-rev\-cert\fR] [\fB\-h\fR|\fB\-\-help\fR] .SH DESCRIPTION Generates a new key .PP Generating a key is the prerequisite to receiving encrypted messages and creating signatures. There are a few parameters to this process, but we provide reasonable defaults for most users. .PP When generating a key, we also generate a revocation certificate. This can be used in case the key is superseded, lost, or compromised. It is a good idea to keep a copy of this in a safe place. .PP After generating a key, use "sq key extract\-cert" to get the certificate corresponding to the key. The key must be kept secure, while the certificate should be handed out to correspondents, e.g. by uploading it to a keyserver. .SH OPTIONS .TP \fB\-u\fR, \fB\-\-userid\fR=\fIEMAIL\fR Adds a userid to the key .TP \fB\-c\fR, \fB\-\-cipher\-suite\fR=\fICIPHER\-SUITE\fR [default: cv25519] [possible values: rsa3k, rsa4k, cv25519] Selects the cryptographic algorithms for the key .TP \fB\-\-with\-password\fR Protects the key with a password .TP \fB\-\-creation\-time\fR=\fICREATION_TIME\fR Sets the key\*(Aqs creation time to TIME. TIME is interpreted as an ISO 8601 timestamp. To set the creation time to June 9, 2011 at midnight UTC, you can do: $ sq key generate \-\-creation\-time 20110609 \-\-export noam.pgp To include a time, add a T, the time and optionally the timezone (the default timezone is UTC): $ sq key generate \-\-creation\-time 20110609T1938+0200 \-\-export noam.pgp .TP \fB\-\-expires\fR=\fITIME\fR Makes the key expire at TIME (as ISO 8601). Use "never" to create keys that do not expire. .TP \fB\-\-expires\-in\fR=\fIDURATION\fR Makes the key expire after DURATION. Either "N[ymwds]", for N years, months, weeks, days, seconds, or "never". .TP \fB\-\-can\-sign\fR Adds a signing\-capable subkey (default) .TP \fB\-\-cannot\-sign\fR Adds no signing\-capable subkey .TP \fB\-\-can\-authenticate\fR Adds an authentication\-capable subkey (default) .TP \fB\-\-cannot\-authenticate\fR Adds no authentication\-capable subkey .TP \fB\-\-can\-encrypt\fR=\fIPURPOSE\fR [possible values: transport, storage, universal] Adds an encryption\-capable subkey. Encryption\-capable subkeys can be marked as suitable for transport encryption, storage encryption, or both. [default: universal] .TP \fB\-\-cannot\-encrypt\fR Adds no encryption\-capable subkey .TP \fB\-e\fR, \fB\-\-export\fR=\fIOUTFILE\fR Writes the key to OUTFILE .TP \fB\-\-rev\-cert\fR=\fIFILE or \-\fR Writes the revocation certificate to FILE. mandatory if OUTFILE is "\-". [default: .rev] .TP \fB\-h\fR, \fB\-\-help\fR Print help information .SH EXAMPLES First, this generates a key .PP .nf .RS sq key generate \-\-userid "" \-\-export juliet.key.pgp .RE .fi .PP Then, this extracts the certificate for distribution .PP .nf .RS sq key extract\-cert \-\-output juliet.cert.pgp juliet.key.pgp .RE .fi .PP Generates a key protecting it with a password .PP .nf .RS sq key generate \-\-userid "" \-\-with\-password .RE .fi .PP Generates a key with multiple userids .PP .nf .RS sq key generate \-\-userid "" \-\-userid "Juliet Capulet" .RE .fi .SH "SEE ALSO" For the full documentation see . .PP sq(1) sq\-armor(1) sq\-autocrypt(1) sq\-certify(1) sq\-dearmor(1) sq\-decrypt(1) sq\-encrypt(1) sq\-inspect(1) sq\-key(1) sq\-key\-adopt(1) sq\-key\-attest\-certifications(1) sq\-key\-extract\-cert(1) sq\-key\-password(1) sq\-key\-userid(1) sq\-keyring(1) sq\-keyserver(1) sq\-packet(1) sq\-revoke(1) sq\-sign(1) sq\-verify(1) sq\-wkd(1)