sq-pki-link-retract - Man Page
Retract links
Synopsis
sq pki link retract [Options]
Description
Retract links.
This command retracts links that were previously created using `sq pki link add` or `sq pki link authorize`. See that subcommand's documentation for more details. Note: this is called `retract` and not `remove`, because the certifications are not removed. Instead a new certification is added, which says that the binding has not been authenticated.
`sq pki link retract` respects the reference time set by the top-level `--time` argument. This causes a link to be retracted as of a particular time instead of the current time.
Options
Subcommand options
- --all
Use all self-signed user IDs
- --cert=FINGERPRINT|KEYID
Use certificates with the specified fingerprint or key ID
- --cert-special=SPECIAL
Use certificates identified by the special name
[possible values: public-directories, keys.openpgp.org, keys.mailvelope.com, proton.me, wkd, dane, autocrypt, web]
- --email=EMAIL
Use a user ID with the specified email address
The user ID consists of just the email address. The email address does not have to appear in a self-signed user ID.
- --recreate
Recreate signature even if the parameters did not change
If the link parameters did not change, and thus creating a signature should not be necessary, we omit the operation. This flag can be given to force the signature to be re-created anyway.
- --signature-notation NAME VALUE
Add a notation to the signature
A user-defined notation's name must be of the form `name@a.domain.you.control.org`. If the notation's name starts with a `!`, then the notation is marked as being critical. If a consumer of a signature doesn't understand a critical notation, then it will ignore the signature. The notation is marked as being human readable.
- --userid=USERID
Use the specified user ID
The specified user ID does not need to be self signed.
Because using a user ID that is not self-signed is often a mistake, you need to use this option to explicitly opt in.
- --userid-by-email=EMAIL
Use the self-signed user ID with the specified email address
Global options
See sq(1) for a description of the global options.
Examples
Link the certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 with the email address alice@example.org.
sq pki link add \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \--add-email=alice@example.org
Retract the acceptance of certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 and the email address alice@example.org.
sq pki link retract \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \--email=alice@example.org
Retract the acceptance of certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 and any associated user IDs. This effectively invalidates all links.
sq pki link retract \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 --allSee Also
sq(1), sq-pki(1), sq-pki-link(1).
For the full documentation see <https://book.sequoia-pgp.org>.
Version
1.0.0 (sequoia-openpgp 1.22.0)