Sequoia PGP Manual Pages

1.3.1

NAME

sq-sign - Sign messages or data files

SYNOPSIS


sq sign [OPTIONS] FILE

DESCRIPTION

Sign messages or data files.

Creates signed messages or detached signatures. Detached signatures are often used to sign software packages.

The converse operation is sq verify.

sq sign respects the reference time set by the top-level --time argument. When set, it uses the specified time instead of the current time, when determining what keys are valid, and it sets the signature's creation time to the reference time instead of the current time.

OPTIONS

Subcommand options

--append

Append a signature to existing signature

--binary

Emit binary data

--cleartext

Create a cleartext-signed message

--merge=SIGNED-MESSAGE

Merge signatures from the input and SIGNED-MESSAGE

--message

Create an inline-signed message

--mode=MODE

Select the signature mode

Signatures can be made in binary mode or in text mode. Text mode normalizes line endings, which makes signatures more robust when a text is transported over a channel which may change line endings. In doubt, create binary signatures.

[default: binary]

[possible values: binary, text]

--notarize

Sign a message and all existing signatures

--output=FILE

Write to FILE or stdout if omitted

[default: -]

--signature-file=SIG

Create a detached signature file

--signature-notation NAME VALUE

Add a notation to the signature

A user-defined notation's name must be of the form name@a.domain.you.control.org. If the notation's name starts with a !, then the notation is marked as being critical. If a consumer of a signature doesn't understand a critical notation, then it will ignore the signature. The notation is marked as being human readable.

--signer=FINGERPRINT|KEYID

Create the signature using the key with the specified fingerprint or key ID

--signer-email=EMAIL

Create the signature using the key where a user ID includes the specified email address

--signer-file=PATH

Create the signature using the key read from PATH

--signer-self

Sign using your default signer keys

This adds the certificates listed in the configuration file under sign.signer-self to the list of signer keys.

Currently, the list of keys to be added is empty.

--signer-userid=USERID

Create the signature using the key with the specified user ID

FILE

Read from FILE or stdin if FILE is '-'

[default: -]

Global options

See sq(1) for a description of the global options.

EXAMPLES

Create a signed message.

sq sign --signer-file juliet-secret.pgp --message document.txt

Create a detached signature.

sq sign --signer-file juliet-secret.pgp \
--signature-file=document.txt.sig document.txt

SEE ALSO

sq(1).

For the full documentation see <https://book.sequoia-pgp.org/>.

VERSION

1.3.1