sq sign - Sign messages or data files
Sign messages or data files.
Creates signed messages or detached signatures. Detached
signatures are often used to sign software packages.
The converse operation is `sq verify`.
`sq sign` respects the reference time set by the top-level
`--time` argument. When set, it uses the specified time instead of the
current time, when determining what keys are valid, and it sets the
signature's creation time to the reference time instead of the current
time.
- --append
- Append a signature to existing signature
- --binary
- Emit binary data
- --cleartext
- Create a cleartext-signed message
- --merge=SIGNED-MESSAGE
- Merge signatures from the input and SIGNED-MESSAGE
- --message
- Create an inline-signed message
- --mode=MODE
- Select the signature mode
- Signatures can be made in binary mode or in text mode. Text mode
normalizes line endings, which makes signatures more robust when a text is
transported over a channel which may change line endings. In doubt, create
binary signatures.
- [default: binary]
- [possible values: binary, text]
- --notarize
- Sign a message and all existing signatures
- --output=FILE
- Write to FILE or stdout if omitted
- [default: -]
- --signature-file
- Create a detached signature file
- --signature-notation
NAME VALUE
- Add a notation to the signature. A user-defined notation's name must be of
the form `name@a.domain.you.control.org`. If the notation's name starts
with a `!`, then the notation is marked as being critical. If a consumer
of a signature doesn't understand a critical notation, then it will ignore
the signature. The notation is marked as being human readable.
- --signer=FINGERPRINT|KEYID
- Create the signature using the key with the specified fingerprint or key
ID
- --signer-email=EMAIL
- Create the signature using the key where a user ID includes the specified
email address
- --signer-file=PATH
- Create the signature using the key read from PATH
- --signer-userid=USERID
- Create the signature using the key with the specified user ID
-
FILE
- Read from FILE or stdin if FILE is '-'
- [default: -]
See sq(1) for a description of the global options.
Create a signed message.
sq sign --signer-file juliet-secret.pgp --message document.txt
Create a detached signature.
sq sign --signer-file juliet-secret.pgp --signature-file \
Create a signature with the specified creation time.
sq sign --signer-file juliet-secret.pgp --time 2024-02-29 \
--signature-file document.txt
sq(1).
For the full documentation see
<https://book.sequoia-pgp.org>.
0.40.0 (sequoia-openpgp 1.21.2)