Maintaining a key

It's possible to change certain settings of existing key material, such as updating the expiration time or adding a User ID. Other settings, for example, the cipher suite, can't be updated later.

Adding a User ID

If you want to add a User ID, such as an additional name or another email address, to a certificate, sq key userid add is the subcommand to use:

$ sq key userid add --cert $FINGERPRINT --email alice@work.example.com --name alice_at_work

If you accidentally added and published an incorrect User ID and want to remove it, you have to revoke the certificate. There is no other way to get rid of it, as stripping a User ID only works on locally stored certificates, not on certificates on keyservers.

Change expiration date

To change the expiration time, use the sq key expire subcommand:

$ sq key expire --expiration 2y --cert $FINGERPRINT

This command does not change the associated subkeys.

To amend the expiration of a subkey, choose the sq key subkey expire subcommand. Note that --key requires the fingerprint of the subkey you want to change and --cert the fingerprint of your primary certificate.

$ sq key subkey expire --expiration never --key $SUBKEY_FINGERPRINT --cert $FINGERPRINT