| sshd-openpgp-auth-revoke(1) | General Commands Manual | sshd-openpgp-auth-revoke(1) |
NAME
sshd-openpgp-auth-revoke - Revoke subkeys of an OpenPGP certificate
SYNOPSIS
sshd-openpgp-auth revoke [-a|--all] [-f|--fingerprint] [-m|--message] [-o|--openpgp-dir] [-r|--reason] [-s|--stdout] [-S|--subkey-fingerprint] [-t|--time] [-h|--help]
DESCRIPTION
Revoke subkeys of an OpenPGP certificate
By default this command revokes the subkeys of an OpenPGP certificate in /var/lib/sshd-openpgp-auth/. If more than one OpenPGP certificate is found in the target directory, an OpenPGP fingerprint must be specified.
OPTIONS
- -a, --all
- Revoke all subkeys of the chosen OpenPGP certificate
- -f, --fingerprint=FINGERPRINT
- An OpenPGP fingerprint to identify a specific certificate
May also be specified with the SOA_FINGERPRINT
environment variable.
- -m, --message=MESSAGE
- An optional message for the revocation
May also be specified with the
SOA_REVOCATION_MESSAGE environment variable.
- -o, --openpgp-dir=DIR
- A custom directory in which to look for OpenPGP certificates (defaults to "/var/lib/sshd-openpgp-auth/")
May also be specified with the SOA_OPENPGP_DIR
environment variable.
- -r, --reason=REASON
- A custom revocation reason (defaults to "superseded"). One of "compromised" (Hard), "retired" (Soft), "superseded" (Soft).
May also be specified with the
SOA_REVOCATION_REASON environment variable.
- -s, --stdout
- Output the OpenPGP certificate to stdout instead of a file
- -S, --subkey-fingerprint=SUBKEY_FINGERPRINT
- An OpenPGP fingerprint to identify a specific subkey. This option can be provided more than once
May also be specified with the
SOA_SUBKEY_FINGERPRINT environment variable.
- -t, --time=TIME
- A custom reference time formatted as an RFC3339 string (defaults to now)
May also be specified with the SOA_TIME
environment variable.
- -h, --help
- Print help (see a summary with '-h')
| sshd-openpgp-auth-revoke |