sq-decrypt - Man Page

Decrypt a message

Synopsis

sq decrypt [Options] FILE

Description

Decrypt a message.

Decrypt a message using either supplied keys, or by prompting for a password.  If message tampering is detected, an error is returned. See below for details.

If certificates are supplied using the `--signer-file` option, any signatures that are found are checked using these certificates. Verification is only successful if there is no bad signature, and the number of successfully verified signatures reaches the threshold configured with the `--signatures` parameter.

If the signature verification fails, or if message tampering is detected, the program terminates with an exit status indicating failure.  In addition to that, the last 25 MiB of the message are withheld, i.e. if the message is smaller than 25 MiB, no output is produced, and if it is larger, then the output will be truncated.

The converse operation is `sq encrypt`.

Options

Subcommand options

--dump-session-key

Print the session key to stderr

--output=FILE

Write to FILE or stdout if omitted

[default: -]

--recipient-file=KEY_FILE

Decrypt the message using the key in KEY_FILE

--session-key=SESSION-KEY

Decrypt an encrypted message using SESSION-KEY

--signatures=N

Set the threshold of valid signatures to N. The message will only be considered verified if this threshold is reached. [default: 1 if at least one signer cert file is given, 0 otherwise]

--signer=FINGERPRINT|KEYID

Use certificates with the specified fingerprint or key ID to verify the signatures with.  Note: signatures verified with a certificate given here are considered authenticated.  When this option is not provided, the certificate is still read from the certificate store, if it exists, but it is not implicitly considered authenticated.

--signer-file=PATH

Read certificates from PATH to verify the signatures with.  Note: signatures verified with a certificate given here are considered authenticated.

FILE

Read from FILE or stdin if FILE is '-'

[default: -]

Global options

See sq(1) for a description of the global options.

Examples

Decrypt a file using a secret key

    sq decrypt --recipient-file juliet-secret.pgp ciphertext.pgp

Decrypt a file verifying signatures

    sq decrypt --recipient-file juliet-secret.pgp --signer-file \
    romeo.pgp ciphertext.pgp

Decrypt a file using the key store

    sq decrypt ciphertext.pgp

See Also

sq(1).

For the full documentation see <https://book.sequoia-pgp.org>.

Version

0.39.0 (sequoia-openpgp 1.21.2)

Referenced By

sq(1).

0.39.0 Sequoia PGP