Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SQ(1)				 User Commands				 SQ(1)

NAME
       sq-network-dane - Retrieve and publishes	certificates via DANE

SYNOPSIS
       sq network dane search [OPTIONS]	ADDRESS
       sq network dane generate	[OPTIONS]

DESCRIPTION
       Retrieve	and publishes certificates via DANE.

       DNS-Based  Authentication of Named Entities (DANE) is a method for pub-
       lishing and retrieving certificates in DNS as specified in RFC 7929.

SUBCOMMANDS
   sq network dane search
       Retrieve	certificates using DANE.

       By default, any returned	certificates are stored	in the local  certifi-
       cate store.  This can be	overridden by using `--output` option.

       When a certificate is retrieved using DANE, and imported	into the local
       certificate  store, any User IDs	with the email address that was	looked
       up are certificated with	a local	DANE-specific key.   That  proxy  cer-
       tificate	 is in turn certified as a minimally trusted CA	(trust amount:
       1 of 120) by the	local trust root.  How	much  the  DANE	 proxy	CA  is
       trusted	can  be	tuned using `sq	pki link add` or `sq pki link retract`
       in the usual way.

   sq network dane generate
       Generate	DANE records for the given domain and certs.

       The certificates	are minimized, and one record  per  email  address  is
       emitted.	  If  multiple	user  IDs  map	to one email address, then all
       matching	user IDs are included in the emitted certificates.

       By default, OPENPGPKEY resource	records	 are  emitted.	 If  your  DNS
       server  doesn't	understand those, use `--type generic` to emit generic
       records instead.

EXAMPLES
   sq network dane search
       Retrieve	Alice's	certificate over DANE.

	      sq network dane search alice@example.org

       Retrieve	updates	for all	known certificates over	DANE.

	      sq network dane search --all

   sq network dane generate
       Generate	DANE records from juliet.pgp for example.org.

	      sq network dane generate --domain=example.org \
		     --cert-file=juliet.pgp

       Generate	DANE records for all certs with	an authenticated  user	ID  in
       example.org.

	      sq network dane generate --domain=example.org --all

SEE ALSO
       sq(1),		  sq-network(1),	    sq-network-dane-search(1),
       sq-network-dane-generate(1).

       For the full documentation see <https://book.sequoia-pgp.org/>.

VERSION
       1.3.1

Sequoia	PGP			     1.3.1				 SQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-network-dane&sektion=1&manpath=FreeBSD+Ports+15.0.quarterly>

home | help