.ie \n(.g .ds Aq \(aq .el .ds Aq ' .TH nethsm-openpgp-add 1 "nethsm-openpgp-add " .SH NAME nethsm\-openpgp\-add \- Add an OpenPGP certificate for a key .SH SYNOPSIS \fBnethsm openpgp add\fR [\fB\-t\fR|\fB\-\-time\fR] [\fB\-v\fR|\fB\-\-version\fR] [\fB\-\-can\-sign\fR] [\fB\-\-cannot\-sign\fR] [\fB\-a\fR|\fB\-\-auth\-passphrase\-file\fR] [\fB\-c\fR|\fB\-\-config\fR] [\fB\-l\fR|\fB\-\-label\fR] [\fB\-u\fR|\fB\-\-user\fR] [\fB\-h\fR|\fB\-\-help\fR] <\fIKEY_ID\fR> <\fIUSER_ID\fR> .SH DESCRIPTION Add an OpenPGP certificate for a key .PP Creates an OpenPGP certificate for an existing key. The created certificate is then added as the key\*(Aqs certificate (see "nethsm key cert import"). .PP System\-wide users in the "Administrator" and "Operator" role can only add OpenPGP certificates for system\-wide keys. Namespaced users in the "Administrator" and "Operator" role can only add OpenPGP certificates for keys in their own namespace. .PP Requires authentication of a user in the "Operator" role, that has access to the targeted key (see "nethsm key tag" and "nethsm user tag"). Additionally, authentication of a user in the "Administrator" role is needed to import the certificate. .SH OPTIONS .TP \fB\-t\fR, \fB\-\-time\fR=\fITIME\fR The optional creation time of the certificate (defaults to now) .RS May also be specified with the \fBNETHSM_OPENPGP_CREATED_AT\fR environment variable. .RE .TP \fB\-v\fR, \fB\-\-version\fR=\fIVERSION\fR The OpenPGP version the certificate is created with (defaults to "4") One of ["4", "6"]. .RS May also be specified with the \fBNETHSM_OPENPGP_VERSION\fR environment variable. .RE .TP \fB\-\-can\-sign\fR Sets the signing key flag (default to set) If this option is used, the key is created with a component key that has the signing key flag set. .RS May also be specified with the \fBNETHSM_OPENPGP_CERT_GENERATE_CAN_SIGN\fR environment variable. .RE .TP \fB\-\-cannot\-sign\fR Clears the signing key flag If this option is used, the key is created without a component key that has the signing key flag set. .RS May also be specified with the \fBNETHSM_OPENPGP_CERT_GENERATE_CANNOT_SIGN\fR environment variable. .RE .TP \fB\-a\fR, \fB\-\-auth\-passphrase\-file\fR=\fIAUTH_PASSPHRASE_FILE\fR The path to a file containing a passphrase for authentication The passphrase provided in the file must be the one for the user chosen for the command. This option can be provided multiple times, which is needed for commands that require multiple roles at once. With multiple passphrase files ordering matters, as the files are assigned to the respective user provided by the "\-\-user" option. .RS May also be specified with the \fBNETHSM_AUTH_PASSPHRASE_FILE\fR environment variable. .RE .TP \fB\-c\fR, \fB\-\-config\fR=\fICONFIG\fR The path to a custom configuration file If specified, the custom configuration file is used instead of the default configuration file location. .RS May also be specified with the \fBNETHSM_CONFIG\fR environment variable. .RE .TP \fB\-l\fR, \fB\-\-label\fR=\fILABEL\fR A label uniquely identifying a device in the configuration file Must be provided if more than one device is setup in the configuration file. .RS May also be specified with the \fBNETHSM_LABEL\fR environment variable. .RE .TP \fB\-u\fR, \fB\-\-user\fR=\fIUSER\fR A user name which is used for a command Can be provided, if no user name is setup in the configuration file for a device. Must be provided, if several user names of the same target role are setup in the configuration file for a device. This option can be provided multiple times, which is needed for commands that require multiple roles at once. .RS May also be specified with the \fBNETHSM_USER\fR environment variable. .RE .TP \fB\-h\fR, \fB\-\-help\fR Print help (see a summary with \*(Aq\-h\*(Aq) .TP <\fIKEY_ID\fR> The ID of the key to use .RS May also be specified with the \fBNETHSM_KEY_ID\fR environment variable. .RE .TP <\fIUSER_ID\fR> The User ID to use for the key .RS May also be specified with the \fBNETHSM_OPENPGP_USERID\fR environment variable. .RE