Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SQ(1)				 User Commands				 SQ(1)

NAME
       sq network wkd -	Retrieve and publishes certificates via	Web Key	Direc-
       tories

SYNOPSIS
       sq network wkd generate [OPTIONS] WEB-ROOT FQDN CERT-RING
       sq network wkd fetch [OPTIONS] ADDRESS
       sq network wkd direct-url [OPTIONS] ADDRESS
       sq network wkd url [OPTIONS] ADDRESS

DESCRIPTION
       Retrieve	and publishes certificates via Web Key Directories.

       The  Web	 Key Directory (WKD) is	a method for publishing	and retrieving
       certificates from web servers.

SUBCOMMANDS
   sq network wkd generate
       Generate	a Web Key Directory for	the given domain and certs.

       If the WKD exists, the new certificates will be inserted	 and  existing
       ones will be updated.

       A  WKD  is per domain, and can be queried using the advanced or the di-
       rect method. The	advanced method	uses a URL with	a subdomain  'openpgp-
       key'. As	per the	specification, the advanced method is to be preferred.
       The  direct method may only be used if the subdomain doesn't exist. The
       advanced	method allows Web Key Directories for several domains  on  one
       web server.

       The  contents  of  the  generated WKD must be copied to a web server so
       that    they    are    accessible    under     https://openpgpkey.exam-
       ple.com/.well-known/openpgp/...	 for   the   advanced	version,   and
       https://example.com/.well-known/openpgp/... for the direct version.  sq
       does not	copy files to the web server.

   sq network wkd fetch
       Retrieve	certificates from a Web	Key Directory.

       By  default, any	returned certificates are stored in the	local certifi-
       cate store.  This can be	overridden by using `--output` option.

       When a certificate is retrieved from a WKD, and imported	into the local
       certificate store, any User IDs with the	email address that was	looked
       up are certificated with	a local	WKD-specific key.  That	proxy certifi-
       cate is in turn certified as a minimally	trusted	CA (trust amount: 1 of
       120) by the local trust root.  How much the WKD proxy CA	is trusted can
       be  tuned using `sq pki link add` or `sq	pki link retract` in the usual
       way.

   sq network wkd direct-url
       Print the direct	Web Key	Directory URL of an email address.

   sq network wkd url
       Print the advanced Web Key Directory URL	of an email address.

EXAMPLES
   sq network wkd generate
       Generate	a WKD in /tmp/wkdroot from certs.pgp for example.com.

	      sq wkd generate /tmp/wkdroot example.com certs.pgp

SEE ALSO
       sq(1),		 sq-network(1),		   sq-network-wkd-generate(1),
       sq-network-wkd-fetch(1),			 sq-network-wkd-direct-url(1),
       sq-network-wkd-url(1).

       For the full documentation see <https://book.sequoia-pgp.org>.

VERSION
       0.36.0 (sequoia-openpgp 1.20.0)

Sequoia	PGP			    0.36.0				 SQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-network-wkd&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help