Manpage logo

sq-pki-link-retract - Retract links

NAME  SYNOPSIS  DESCRIPTION  OPTIONS  Subcommand options  Global options  EXAMPLES  SEE ALSO  VERSION 

NAME

sq−pki−link−retract − Retract links

SYNOPSIS

sq pki link retract [OPTIONS]

DESCRIPTION

Retract links.

This command retracts links that were previously created using ‘sq pki link add‘ or ‘sq pki link authorize‘. See that subcommand’s documentation for more details. Note: this is called ‘retract‘ and not ‘remove‘, because the certifications are not removed. Instead a new certification is added, which says that the binding has not been authenticated.

‘sq pki link retract‘ respects the reference time set by the top−level ‘−−time‘ argument. This causes a link to be retracted as of a particular time instead of the current time.

OPTIONS

Subcommand options

−−all

Use all self−signed user IDs

−−cert=FINGERPRINT|KEYID

Use certificates with the specified fingerprint or key ID

−−cert−special=SPECIAL

Use certificates identified by the special name

[possible values: public−directories, keys.openpgp.org, keys.mailvelope.com, proton.me, wkd, dane, autocrypt, web]

−−email=EMAIL

Use a user ID with the specified email address

The user ID consists of just the email address. The email address does not have to appear in a self−signed user ID.

−−recreate

Recreate signature even if the parameters did not change

If the link parameters did not change, and thus creating a signature should not be necessary, we omit the operation. This flag can be given to force the signature to be re−created anyway.

−−signature−notation NAME VALUE

Add a notation to the signature

A user−defined notation’s name must be of the form ‘[email protected]‘. If the notation’s name starts with a ‘!‘, then the notation is marked as being critical. If a consumer of a signature doesn’t understand a critical notation, then it will ignore the signature. The notation is marked as being human readable.

−−userid=USERID

Use the specified user ID

The specified user ID does not need to be self signed.

Because using a user ID that is not self−signed is often a mistake, you need to use this option to explicitly opt in.

−−userid−by−email=EMAIL

Use the self−signed user ID with the specified email address

Global options

See sq(1) for a description of the global options.

EXAMPLES

Link the certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 with the email address [email protected].

sq pki link add \

−−cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
−−add−[email protected]

Retract the acceptance of certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 and the email address [email protected].

sq pki link retract \

−−cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
−−[email protected]

Retract the acceptance of certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 and any associated user IDs. This effectively invalidates all links.

sq pki link retract \

−−cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 −−all

SEE ALSO

sq(1), sq−pki(1), sq−pki−link(1).

For the full documentation see <https://book.sequoia−pgp.org/>.

VERSION

1.3.1

Updated 2026-06-01 - jenkler.se | uex.se