| SQ(1) | User Commands | SQ(1) |
NAME
sq decrypt - Decrypt a message
SYNOPSIS
sq decrypt [OPTIONS] FILE
DESCRIPTION
Decrypt a message.
Decrypt a message using either supplied keys, or by prompting for a password. If message tampering is detected, an error is returned. See below for details.
If certificates are supplied using the `--signer-file` option, any signatures that are found are checked using these certificates. Verification is only successful if there is no bad signature, and the number of successfully verified signatures reaches the threshold configured with the `--signatures` parameter.
If the signature verification fails, or if message tampering is detected, the program terminates with an exit status indicating failure. and the output file is deleted. If the output was sent to stdout, then the last 25 MiB of the message are withheld (consequently, if the message is smaller than 25 MiB, no output is produced).
The converse operation is `sq encrypt`.
OPTIONS
Subcommand options
- --dump-session-key
- Print the session key to stderr
- --output=FILE
- Write to FILE or stdout if omitted
- [default: -]
- --recipient-file=KEY_FILE
- Decrypt the message using the key in KEY_FILE
- --session-key=SESSION-KEY
- Decrypt an encrypted message using SESSION-KEY
- --signatures=N
- Set the threshold of valid signatures to N
- The message will only be considered verified if this threshold is reached. [default: 1 if at least one signer cert file is given, 0 otherwise]
- --signer=FINGERPRINT|KEYID
- Require a signature from a certificate with the specified fingerprint or key ID
- --signer-domain=DOMAIN
- Require a signature from a certificate where a user ID includes an email address for the specified domain
- --signer-email=EMAIL
- Require a signature from a certificate where a user ID includes the specified email address
- --signer-file=PATH
- Require a signature from a certificate read from PATH
- --signer-userid=USERID
- Require a signature from a certificate with the specified user ID
-
FILE - Read from FILE or stdin if FILE is '-'
- [default: -]
Global options
See sq(1) for a description of the global options.
EXAMPLES
Decrypt a file using a secret key
sq decrypt --recipient-file juliet-secret.pgp ciphertext.pgp
Decrypt a file verifying signatures
sq decrypt --recipient-file juliet-secret.pgp --signer-file \
romeo.pgp ciphertext.pgp
decrypt a file using the key store
sq decrypt ciphertext.pgp
SEE ALSO
For the full documentation see https://book.sequoia-pgp.org.
VERSION
1.1.0 (sequoia-openpgp 1.22.0)
| 1.1.0 | Sequoia PGP |