revoke(1) Sequoia Manual revoke(1)

revoke - Generates revocation certificates

revoke [-h|--help] <subcommands>

Generates revocation certificates.

A revocation certificate indicates that a certificate, a subkey, a User ID, or a signature should not be used anymore.

A revocation certificate includes two fields, a type and a human-readable explanation, which allows the issuer to indicate why the revocation certificate was issued. It is important to set the type field accurately as this allows an OpenPGP implementation to better reason about artifacts whose validity relies on the revoked object. For instance, if a certificate is retired, it is reasonable to consider signatures that it made prior to its retirement as still being valid. However, if a certificate's secret key material is compromised, any signatures that it made should be considered potentially forged, as they could have been made by an attacker and backdated.

As the intent of a revocation certificate is to stop others from using a certificate, it is necessary to distribute the revocation certificate. One effective way to do this is to upload the revocation certificate to a keyserver.

Print help information

Revoke a certificate
Revoke a subkey
Revoke a User ID


Revoke a certificate.


sq revoke certificate --time 20220101 --certificate juliet.pgp \
compromised "My parents went through my things, and found my backup."


Revoke a User ID.


sq revoke userid --time 20220101 --certificate juliet.pgp \
"Juliet <juliet@capuleti.it>" retired "I've left the family."

For the full documentation see https://docs.sequoia-pgp.org/sq/.

sq(1) sq-armor(1) sq-autocrypt(1) sq-certify(1) sq-dearmor(1) sq-decrypt(1) sq-encrypt(1) sq-inspect(1) sq-key(1) sq-keyring(1) sq-keyserver(1) sq-packet(1) sq-revoke-certificate(1) sq-revoke-subkey(1) sq-revoke-userid(1) sq-sign(1) sq-verify(1) sq-wkd(1)

July 2022 sq 0.26.0