Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SQ(1)				 User Commands				 SQ(1)

NAME
       sq-cert-lint - Check certificates for issues

SYNOPSIS
       sq cert lint [OPTIONS]

DESCRIPTION
       Check certificates for issues.

       `sq  cert  lint`	 checks	 the  supplied	certificates for the following
       SHA-1-related issues:

	 - Whether a certificate revocation uses SHA-1.

	 - Whether the current self signature for a non-revoked	User  ID  uses
       SHA-1.

	 -  Whether  the  current  subkey binding signature for	a non-revoked,
       live subkey uses	SHA-1.

	 - Whether a primary key binding signature ("backsig") for  a  non-re-
       voked, live subkey uses SHA-1.

       Diagnostics  are	 printed  to  stderr.  At the end, some	statistics are
       shown.  This is useful when examining a keyring.	 If `--fix` is	speci-
       fied  and at least one issue could be fixed, the	fixed certificates are
       printed to stdout.

       This tool does not currently support smart cards.   But,	 if  only  the
       subkeys	are  on	a smart	card, this tool	may still be able to partially
       repair the certificate.	In particular, it will be able to fix any  is-
       sues with User ID self signatures and subkey binding signatures for en-
       cryption-capable	 subkeys, but it will not be able to generate new pri-
       mary key	binding	signatures for any signing-capable subkeys.

OPTIONS
   Subcommand options
       --cert=FINGERPRINT|KEYID
	      Use certificates with the	specified fingerprint or key ID

       --cert-domain=DOMAIN
	      Use certificates where a user ID includes	an email  address  for
	      the specified domain

       --cert-email=EMAIL
	      Use  certificates	 where	a user ID includes the specified email
	      address

       --cert-file=PATH
	      Read certificates	from PATH

       --cert-grep=PATTERN
	      Use certificates with a user ID that matches the	pattern,  case
	      insensitively

       --cert-userid=USERID
	      Use certificates with the	specified user ID

       --fix  Attempts to fix certificates, when possible

       --output=FILE
	      Write to the specified FILE

	      If not specified,	and the	certificate was	read from the certifi-
	      cate  store,  imports  the  modified  certificate	 into the cert
	      store.  If not specified,	and the	certificate was	 read  from  a
	      file, writes the modified	certificate to stdout.

   Global options
       See sq(1) for a description of the global options.

EXAMPLES
	Gather statistics on the certificates in a keyring.

	      sq cert lint --cert-file certs.pgp

       Fix a key with known problems.

	      sq key export --cert EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
		     | sq cert lint --fix --cert-file=-	\
		     | sq cert import

SEE ALSO
       sq(1), sq-cert(1).

       For the full documentation see <https://book.sequoia-pgp.org/>.

VERSION
       1.3.1

Sequoia	PGP			     1.3.1				 SQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-cert-lint&sektion=1&manpath=FreeBSD+Ports+15.0.quarterly>

home | help