Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SQ(1)				 User Commands				 SQ(1)

NAME
       sq pki path - Verify the	specified path

SYNOPSIS
       sq pki path [OPTIONS] FINGERPRINT|KEYID USERID

DESCRIPTION
       Verify the specified path.

       A  path	is a sequence of certificates starting at the root, and	a User
       ID.  This function checks that each path	segment	has a valid certifica-
       tion, which also	satisfies any constraints (trust amount, trust	depth,
       regular expressions).

       If a valid path is not found, then this subcommand also lints the path.
       In  particular, it report if any	certifications are insufficient, e.g.,
       not enough trust	depth, or invalid, e.g., because they use  SHA-1,  but
       the use of SHA-1	has been disabled.

OPTIONS
   Subcommand options
       -a, --amount=AMOUNT
	      The required amount of trust.

	      120 indicates full authentication; values	less than 120 indicate
	      partial	authentication.	   When	 `--certification-network`  is
	      passed, this defaults to 1200, i.e., `sq pki` tries to  find  10
	      paths.

       --certification-network
	      Treats the network as a certification network.

	      Normally,	`sq pki` treats	the Web	of Trust network as an authen-
	      tication network where a certification only means	that the bind-
	      ing  is  correct,	 not  that  the	 target	should be treated as a
	      trusted introducer.  In a	certification network, the targets  of
	      certifications  are treated as trusted introducers with infinite
	      depth, and any regular expressions are ignored. Note: The	 trust
	      amount  remains  unchanged.   This  is  how  most	 so-called PGP
	      path-finding algorithms work.

       --gossip
	      Treats all certificates as unreliable trust roots.

	      This option is useful for	figuring out what others think about a
	      certificate (i.e., gossip	or hearsay).   In  other  words,  this
	      finds arbitrary paths to a particular certificate.

	      Gossip  is useful	in helping to identify alternative ways	to au-
	      thenticate a certificate.	 For instance, imagine Ed wants	to au-
	      thenticate Laura's certificate, but asking her directly  is  in-
	      convenient.   Ed discovers that Micah has	certified Laura's cer-
	      tificate,	but Ed hasn't yet authenticated	 Micah's  certificate.
	      If  Ed  is willing to rely on Micah as a trusted introducer, and
	      authenticating Micah's certificate is easier than	authenticating
	      Laura's certificate, then	Ed has learned about an	easier way  to
	      authenticate Laura's certificate.

	FINGERPRINT|KEYID USERID
	      A	path consists of one or	more certificates (designated by their
	      fingerprint  or  Key ID) and ending in the User ID that is being
	      authenticated

   Global options
       See sq(1) for a description of the global options.

EXAMPLES
       Verify that Alice ceritified a particular User ID  for  Bob's  certifi-
       cate.

	      sq pki path EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
		     511257EBBF077B7AEDAE5D093F68CB84CE537C9A \
		     "Bob <bob@example.org>"

SEE ALSO
       sq(1), sq-pki(1).

       For the full documentation see <https://book.sequoia-pgp.org>.

VERSION
       0.36.0 (sequoia-openpgp 1.20.0)

Sequoia	PGP			    0.36.0				 SQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-pki-path&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help