sq-key-subkey-revoke - Man Page

--cert=FINGERPRINT|KEYID

Revoke the specified subkeys on the key with the specified fingerprint or key ID

--cert-email=EMAIL

Revoke the specified subkeys on the key where a user ID includes the specified email address

--cert-file=PATH

Revoke the specified subkeys on the key read from PATH

--cert-userid=USERID

Revoke the specified subkeys on the key with the specified user ID

--key=FINGERPRINT|KEYID

Revoke the specified subkey

--message=MESSAGE

A short, explanatory text

The text is shown to a viewer of the revocation certificate, and explains why the subkey has been revoked.  For instance, if Alice has created a new key, she would generate a `superseded` revocation certificate for her old key, and might include the message "I've created a new subkey, please refresh the certificate."

--output=FILE

Write to the specified FILE

If not specified, and the certificate was read from the certificate store, imports the modified certificate into the cert store.  If not specified, and the certificate was read from a file, writes the modified certificate to stdout.

--reason=REASON

The reason for the revocation

If the reason happened in the past, you should specify that using the `--time` argument.  This allows OpenPGP implementations to more accurately reason about artifacts whose validity depends on the validity of the user ID.

[possible values: compromised, superseded, retired, unspecified]

--revoker=FINGERPRINT|KEYID

Use key with the specified fingerprint or key ID to create the revocation certificate

Sign the revocation certificate using the specified key.  By default, the certificate being revoked is used.  Using this option, it is possible to create a third-party revocation.

--revoker-email=EMAIL

Use key where a user ID includes the specified email address to create the revocation certificate

Sign the revocation certificate using the specified key.  By default, the certificate being revoked is used.  Using this option, it is possible to create a third-party revocation.

--revoker-file=PATH

Read key from PATH to create the revocation certificate

Sign the revocation certificate using the specified key.  By default, the certificate being revoked is used.  Using this option, it is possible to create a third-party revocation.

--revoker-userid=USERID

Use key with the specified user ID to create the revocation certificate

Sign the revocation certificate using the specified key.  By default, the certificate being revoked is used.  Using this option, it is possible to create a third-party revocation.

--signature-notation NAME VALUE

Add a notation to the signature

A user-defined notation's name must be of the form `name@a.domain.you.control.org`. If the notation's name starts with a `!`, then the notation is marked as being critical.  If a consumer of a signature doesn't understand a critical notation, then it will ignore the signature.  The notation is marked as being human readable.

See sq(1) for a description of the global options.