FreeBSD Manual Pages
SQ(1) User Commands SQ(1) NAME sq-pki-identify - Identify a certificate SYNOPSIS sq pki identify [OPTIONS] DESCRIPTION Identify a certificate. Identify a certificate by finding authenticated bindings (User ID and certificate pairs). An error is return if no binding could be authenticated to the speci- fied level (by default: fully authenticated, i.e., a trust amount of 120). If a binding could be partially authenticated (i.e., its trust amount is greater than 0), then the binding is displayed, even if the trust is below the specified threshold. OPTIONS Subcommand options --amount=AMOUNT The required amount of trust 120 indicates full authentication; values less than 120 indicate partial authentication. When `--certification-network` is passed, this defaults to 1200, i.e., this command tries to find 10 paths. --cert=FINGERPRINT|KEYID Use certificates with the specified fingerprint or key ID --certification-network Treats the network as a certification network Normally, the authentication machinery treats the Web of Trust network as an authentication network where a certification only means that the binding is correct, not that the target should be treated as a trusted introducer. In a certification network, the targets of certifications are treated as trusted introducers with infinite depth, and any regular expressions are ignored. Note: The trust amount remains unchanged. This is how most so-called PGP path-finding algorithms work. --gossip Treats all certificates as unreliable trust roots This option is useful for figuring out what others think about a certificate (i.e., gossip or hearsay). In other words, this finds arbitrary paths to a particular certificate. Gossip is useful in helping to identify alternative ways to au- thenticate a certificate. For instance, imagine Ed wants to au- thenticate Laura's certificate, but asking her directly is in- convenient. Ed discovers that Micah has certified Laura's cer- tificate, but Ed hasn't yet authenticated Micah's certificate. If Ed is willing to rely on Micah as a trusted introducer, and authenticating Micah's certificate is easier than authenticating Laura's certificate, then Ed has learned about an easier way to authenticate Laura's certificate. Stable since 1.1.0. --show-paths Show why a binding is authenticated By default, only a user ID and certificate binding's degree of authentication (a value between 0 and 120) is shown. This changes the output to also show how that value was computed by showing the paths from the trust roots to the bindings. --unusable Show bindings that are unusable Normally, unusable certificates and bindings are not shown. This option considers bindings, even if they are not unusable, be- cause they (or the certificates) are not valid according to the policy, are revoked, or are not live. This option only makes sense with `--gossip`, because unusable bindings are still considered unauthenticated. Stable since 1.1.0. Global options See sq(1) for a description of the global options. EXAMPLES Identify the user IDs that can be authenticated for the certificate. sq pki identify --cert \ EB28F26E2739A4870ECC47726F0073F60FD0CBF0 List all user IDs that have that have been certified by anyone. sq pki identify --gossip --cert \ 511257EBBF077B7AEDAE5D093F68CB84CE537C9A SEE ALSO sq(1), sq-pki(1). For the full documentation see <https://book.sequoia-pgp.org/>. VERSION 1.3.1 Sequoia PGP 1.3.1 SQ(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | VERSION
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-pki-identify&sektion=1&manpath=FreeBSD+Ports+15.0.quarterly>