1.3.1
sq-network - Retrieve and publish certificates over the network
sq network
search [OPTIONS] QUERY
sq network
keyserver [OPTIONS] SUBCOMMAND
sq network wkd
[OPTIONS] SUBCOMMAND
sq network dane
[OPTIONS] SUBCOMMAND
Retrieve and publish certificates over the network.
OpenPGP certificates can be discovered and updated from, and published on services accessible over the network. This is a collection of commands to interact with these services.
Retrieve certificates using all supported network services.
This command will try to locate relevant certificates given a query, which may be a fingerprint, a key ID, an email address, or a https URL. It may also discover and import certificate related to the one queried, such as alternative certs, expired certs, or revoked certs.
Discovering related certs is useful: alternative certs support key rotations, expired certs allow verification of signatures made in the past, and discovering revoked certs is important to get the revocation information. The PKI mechanism will help to select the correct cert, see sq pki.
By default, any returned certificates are stored in the local
certificate store. This can be overridden by using --output
option.
When a certificate is retrieved from a verifying key server
(currently, this is limited to a list of known servers:
hkps://keys.openpgp.org,
hkps://keys.mailvelope.com, and
hkps://mail-api.proton.me), WKD, DANE, or via https, and
imported into the local certificate store, the User IDs are also
certificated with a local server-specific key. That proxy certificate is
in turn certified as a minimally trusted CA (trust amount: 1 of 120) by
the local trust root. How much a proxy key server CA is trusted can be
tuned using sq pki link add or sq pki link retract in the usual
way.
Retrieve and publishes certificates via key servers.
The OpenPGP HTTP Keyserver Protocol (HKP) is a method for publishing and retrieving certificates from key servers.
Retrieve and publishes certificates via Web Key Directories.
The Web Key Directory (WKD) is a method for publishing and retrieving certificates from web servers.
Retrieve and publishes certificates via DANE.
DNS-Based Authentication of Named Entities (DANE) is a method for publishing and retrieving certificates in DNS as specified in RFC 7929.
Search for the Qubes master signing certificate.
sq network search 427F11FD0FAA4B080123F01CDDFA1A3E36879494
Search for certificates that have are associated with an email address.
sq network search alice@example.orgsq(1), sq-network-search(1), sq-network-keyserver(1), sq-network-wkd(1), sq-network-dane(1).
For the full documentation see <https://book.sequoia-pgp.org/>.
1.3.1