Sequoia PGP Manual Pages

1.3.1

NAME

sq-decrypt - Decrypt a message

SYNOPSIS


sq decrypt [OPTIONS] FILE

DESCRIPTION

Decrypt a message.

Decrypt a message using either supplied keys, or by prompting for a password. If message tampering is detected, an error is returned. See below for details.

If certificates are supplied using the --signer-file option, any signatures that are found are checked using these certificates. Verification is only successful if there is no bad signature, and the number of successfully verified signatures reaches the threshold configured with the --signatures parameter.

If the signature verification fails, or if message tampering is detected, the program terminates with an exit status indicating failure. and the output file is deleted. If the output was sent to stdout, then the last 25 MiB of the message are withheld (consequently, if the message is smaller than 25 MiB, no output is produced).

The converse operation is sq encrypt.

OPTIONS

Subcommand options

--dump-session-key

Print the session key to stderr

--output=FILE

Write to FILE or stdout if omitted

[default: -]

--recipient-file=KEY_FILE

Decrypt the message using the key in KEY_FILE

--session-key=SESSION-KEY

Decrypt an encrypted message using SESSION-KEY

--signatures=N

Set the threshold of valid signatures to N

The message will only be considered verified if this threshold is reached. [default: 1 if at least one signer cert file is given, 0 otherwise]

--signer=FINGERPRINT|KEYID

Require a signature from a certificate with the specified fingerprint or key ID

--signer-domain=DOMAIN

Require a signature from a certificate where a user ID includes an email address for the specified domain

--signer-email=EMAIL

Require a signature from a certificate where a user ID includes the specified email address

--signer-file=PATH

Require a signature from a certificate read from PATH

--signer-userid=USERID

Require a signature from a certificate with the specified user ID

FILE

Read from FILE or stdin if FILE is '-'

[default: -]

Global options

See sq(1) for a description of the global options.

EXAMPLES

Decrypt a file using a secret key

sq decrypt --recipient-file juliet-secret.pgp ciphertext.pgp

Decrypt a file verifying signatures

sq decrypt --recipient-file juliet-secret.pgp --signer-file \
romeo.pgp ciphertext.pgp

decrypt a file using the key store

sq decrypt ciphertext.pgp

SEE ALSO

sq(1).

For the full documentation see <https://book.sequoia-pgp.org/>.

VERSION

1.3.1