Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SQ(1)				 User Commands				 SQ(1)

NAME
       sq-network-search  -  Retrieve certificates using all supported network
       services

SYNOPSIS
       sq network search [OPTIONS] QUERY

DESCRIPTION
       Retrieve	certificates using all supported network services.

       This command will try to	locate relevant	certificates  given  a	query,
       which may be a fingerprint, a key ID, an	email address, or a https URL.
       It may also discover and	import certificate related to the one queried,
       such as alternative certs, expired certs, or revoked certs.

       Discovering  related certs is useful: alternative certs support key ro-
       tations,	expired	certs allow verification of  signatures	 made  in  the
       past,  and discovering revoked certs is important to get	the revocation
       information.  The PKI mechanism will help to select the	correct	 cert,
       see `sq pki`.

       By  default, any	returned certificates are stored in the	local certifi-
       cate store.  This can be	overridden by using `--output` option.

       When a certificate is retrieved from a verifying	key server (currently,
       this is limited to a list of known servers:  `hkps://keys.openpgp.org`,
       `hkps://keys.mailvelope.com`,  and  `hkps://mail-api.proton.me`),  WKD,
       DANE, or	via https, and imported	into the local certificate store,  the
       User  IDs are also certificated with a local server-specific key.  That
       proxy certificate is in turn certified as a minimally trusted CA	(trust
       amount: 1 of 120) by the	local trust root.  How much a proxy key	server
       CA is trusted can be tuned using	`sq pki	link add` or `sq pki link  re-
       tract` in the usual way.

OPTIONS
   Subcommand options
       --all  Fetch updates for	all known certificates

       --iterations=N
	      Iterate to find related updates and certs

	      The  default  can	be changed in the configuration	file using the
	      setting `network.search.iterations`.

	      [default:	3]

       --output=FILE
	      Write to FILE (or	stdout when omitted) instead of	importing into
	      the certificate store

       --server=URI
	      Set a key	server to use (can be given multiple times)

	      The default can be changed in the	configuration file  using  the
	      setting `network.keyserver.servers`.

	      [default:	  hkps://keys.openpgp.org,  hkps://mail-api.proton.me,
	      hkps://keys.mailvelope.com,	  hkps://keyserver.ubuntu.com,
	      hkps://sks.pod01.fleetstreetops.com]

       --use-dane=ENABLE
	      Use DANE to search for certs

	      The  default  can	be changed in the configuration	file using the
	      setting `network.search.use-dane`.

	      [default:	true]

	      [possible	values:	true, false]

       --use-wkd=ENABLE
	      Use WKD to search	for certs

	      The default can be changed in the	configuration file  using  the
	      setting `network.search.use-wkd`.

	      [default:	true]

	      [possible	values:	true, false]

	QUERY Retrieve certificate(s) using QUERY

	      This may be a fingerprint, a KeyID, an email address, or a https
	      URL.

   Global options
       See sq(1) for a description of the global options.

EXAMPLES
       Search for the Qubes master signing certificate.

	      sq network search	427F11FD0FAA4B080123F01CDDFA1A3E36879494

       Search for certificates that have are associated	with an	email address.

	      sq network search	alice@example.org

SEE ALSO
       sq(1), sq-network(1).

       For the full documentation see <https://book.sequoia-pgp.org/>.

VERSION
       1.3.1

Sequoia	PGP			     1.3.1				 SQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-network-search&sektion=1&manpath=FreeBSD+Ports+15.0.quarterly>

home | help