NAME

       sq-pki-link-retract - Retract links

SYNOPSIS

       sq pki link retract [OPTIONS]

DESCRIPTION

       Retract links.

       This  command  retracts  links  that  were  previously  created  using  `sq pki link add` or `sq pki link
       authorize`.  See that subcommand's documentation for more details. Note: this is called `retract` and not
       `remove`, because the certifications are not removed.  Instead a new certification is added,  which  says
       that the binding has not been authenticated.

       `sq  pki link retract` respects the reference time set by the top-level `--time` argument.  This causes a
       link to be retracted as of a particular time instead of the current time.

OPTIONS

   Subcommand options
       --all  Use all self-signed user IDs

       --cert=FINGERPRINT|KEYID
              Use certificates with the specified fingerprint or key ID

       --cert-special=SPECIAL
              Use certificates identified by the special name

              [possible values: public-directories, keys.openpgp.org, keys.mailvelope.com, proton.me, wkd, dane,
              autocrypt, web]

       --email=EMAIL
              Use a user ID with the specified email address

              The user ID consists of just the email address.  The email address does not have to  appear  in  a
              self-signed user ID.

       --recreate
              Recreate signature even if the parameters did not change

              If  the  link parameters did not change, and thus creating a signature should not be necessary, we
              omit the operation.  This flag can be given to force the signature to be re-created anyway.

       --signature-notation NAME VALUE
              Add a notation to the signature

              A user-defined notation's name  must  be  of  the  form  `name@a.domain.you.control.org`.  If  the
              notation's  name  starts with a `!`, then the notation is marked as being critical.  If a consumer
              of a signature doesn't understand a critical notation, then it will  ignore  the  signature.   The
              notation is marked as being human readable.

       --userid=USERID
              Use the specified user ID

              The specified user ID does not need to be self signed.

              Because using a user ID that is not self-signed is often a mistake, you need to use this option to
              explicitly opt in.

       --userid-by-email=EMAIL
              Use the self-signed user ID with the specified email address

   Global options
       See sq(1) for a description of the global options.

EXAMPLES

       Link the certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 with the email address alice@example.org.

              sq pki link add \
                     --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
                     --add-email=alice@example.org

       Retract  the  acceptance  of  certificate  EB28F26E2739A4870ECC47726F0073F60FD0CBF0 and the email address
       alice@example.org.

              sq pki link retract \
                     --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
                     --email=alice@example.org

       Retract the acceptance of certificate EB28F26E2739A4870ECC47726F0073F60FD0CBF0 and  any  associated  user
       IDs.  This effectively invalidates all links.

              sq pki link retract \
                     --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 --all

SEE ALSO

       sq(1), sq-pki(1), sq-pki-link(1).

       For the full documentation see <https://book.sequoia-pgp.org/>.

VERSION

       1.3.1

Sequoia PGP                                           1.3.1                                                SQ(1)