Maintaining a key

It's possible to change certain settings of already created key material, such as updating the expiration time or adding a User ID. Others like for example the cipher suite are set once and can't be updated later.

Adding a User ID

If you want to add a User ID like an additional name and/or another email address to a certificate, sq key userid add is the subcommand to use:

$ sq key userid add --cert $FINGERPRINT --email alice@work.example.com --name alice_at_work

Note that if you accidentally specified and published a wrong User ID and want to remove it, you have to revoke the certificate. There is no other way to get rid of it, as stripping a User ID only works on locally stored certificates, not on certificates on keyservers.

Change expiration date

To change the expiration time, you can use the sq key expire subcommand:

$ sq key expire 2y --cert $FINGERPRINT

Note: This command does not change the associated subkeys.

If you instead or additionally want to change the expiration of a subkey, choose the sq key subkey expire subcommand as follows. Note that --key requires the fingerprint of the subkey you want to change and --cert the fingerprint of your primary certificate.

$ sq key subkey expire never --key $SUBKEY_FINGERPRINT --cert $FINGERPRINT