Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SQ(1)				 User Commands				 SQ(1)

NAME
       sq cert lint - Check certificates for issues

SYNOPSIS
       sq cert lint [OPTIONS] FILE

DESCRIPTION
       Check certificates for issues.

       `sq  cert  lint`	 checks	 the  supplied	certificates for the following
       SHA-1-related issues:

	 - Whether a certificate revocation uses SHA-1.

	 - Whether the current self signature for a non-revoked	User ID	uses
	   SHA-1.

	 - Whether the current subkey binding signature	for a non-revoked,
	   live	subkey uses SHA-1.

	 - Whether a primary key binding signature ("backsig") for a
	   non-revoked,	live subkey uses SHA-1.

       Diagnostics are printed to stderr.  At the  end,	 some  statistics  are
       shown.	This is	useful when examining a	keyring.  If `--fix` is	speci-
       fied and	at least one issue could be fixed, the fixed certificates  are
       printed to stdout.

       This  tool  does	 not  currently	support	smart cards.  But, if only the
       subkeys are on a	smart card, this tool may still	be able	 to  partially
       repair  the certificate.	 In particular,	it will	be able	to fix any is-
       sues with User ID self signatures and subkey binding signatures for en-
       cryption-capable	subkeys, but it	will not be able to generate new  pri-
       mary key	binding	signatures for any signing-capable subkeys.

OPTIONS
   Subcommand options
       -B, --binary
	      Emit binary data

       -F, --fix
	      Attempts to fix certificates, when possible

       -e, --export-secret-keys
	      When  fixing  a  certificate,  the fixed certificate is exported
	      without any secret key material.	Using this switch  causes  any
	      secret key material to also be exported

       -k, --list-keys
	      If  set,	outputs	 a list	of fingerprints, one per line, of cer-
	      tificates	that have issues.  This	output is intended for use  by
	      scripts.

	      This  option implies `--quiet`. If you also specify `--fix`, er-
	      rors will	still be printed to  stderr,  and  fixed  certificates
	      will still be emitted to stdout.

       -o, --output=FILE
	      Write to FILE or stdout if omitted

	      [default:	-]

       -q, --quiet
	      Quiet; does not output any diagnostics

	FILE  Read from	FILE or	stdin if omitted

   Global options
       See sq(1) for a description of the global options.

EXIT STATUS
       If `--fix` is not specified:
	 2  if any issues were found,
	 1  if not issues were found, but there	were errors reading the	input,
	 0  if there were no issues.

       If `--fix` is specified:
	 3  if any issues could	not be fixed,
	 1  if not issues were found, but there	were errors reading the	input,
	 0  if all issues were fixed or	there were no issues.

EXAMPLES
       To gather statistics, simply run:

	      sq cert lint keyring.pgp

       To fix a	key:

	      gpg --export-secret-keys FPR \
		     | sq cert lint --fix -p passw0rd -p password123 \
		     | gpg --import

       To get a	list of	keys with issues:

	      sq cert lint --list-keys keyring.pgp \
		     | while read FPR; do something; done

SEE ALSO
       sq(1), sq-cert(1).

       For the full documentation see <https://book.sequoia-pgp.org>.

VERSION
       0.36.0 (sequoia-openpgp 1.20.0)

Sequoia	PGP			    0.36.0				 SQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-cert-lint&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help