| SQ(1) | User Commands | SQ(1) |
NAME¶
sq key approvals update - Approves of third-party certifications allowing for their distribution
SYNOPSIS¶
sq key approvals update [OPTIONS]
DESCRIPTION¶
Approves of third-party certifications allowing for their distribution.
To prevent certificate flooding attacks, modern key servers prevent uncontrolled distribution of third-party certifications on certificates. To allow the key holder to control what information is distributed with their certificate, these key servers only distribute third-party certifications that the key holder has explicitly approved.
By default, all user IDs are considered, but if at least one `--name`, `--email`, or `--userid` argument is given, only the matching user IDs are considered.
After the approvals have been changed, the certificate has to be distributed, e.g. by uploading it to a key server.
OPTIONS¶
Subcommand options¶
- --add-all
- Approve of all pending certifications
- --add-authenticated
- Approve of all certifications by authenticated certifiers
- For all pending approvals, try to authenticate any user ID on the certifier, and if any can be authenticated, approve of the certification.
- --add-by=FINGERPRINT|KEYID
- Approve of all certifications by this certifier
- --cert=FINGERPRINT|KEYID
- List the approvals on the certificate with the specified fingerprint or key ID
- --cert-email=EMAIL
- List the approvals on the certificate where a user ID includes the specified email address
- --cert-file=PATH
- List the approvals on the certificate read from PATH
- --cert-userid=USERID
- List the approvals on the certificate with the specified user ID
- --email=EMAIL
- Use the self-signed user ID with the specified email address
- --output=FILE
- Write to the specified FILE
- If not specified, and the certificate was read from the certificate store, imports the modified certificate into the cert store. If not specified, and the certificate was read from a file, writes the modified certificate to stdout.
- --remove-all
- Remove all prior approvals
- By default, this command adds to the set of already approved certifications. If this flag is given, the existing approvals are disregarded, and only the newly selected certifications are approved, if any.
- --remove-by=FINGERPRINT|KEYID
- Remove all prior approvals of certifications by this certifier
- --userid=USERID
- Use the specified self-signed user ID
- The specified user ID must be self signed.
Global options¶
See sq(1) for a description of the global options.
EXAMPLES¶
Approve of all of the certifications on all of Alice's user IDs.
sq key approvals update --add-all \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0
Approve of all of the certifications on all of Alice's user IDs made by Bob, discarding all prior approvals first.
sq key approvals update --remove-all \
--add-by=511257EBBF077B7AEDAE5D093F68CB84CE537C9A \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0
Approve of all of the certifications on a specific user ID by certifiers that can be authenticated, discarding all prior approvals first.
sq key approvals update --remove-all --add-authenticated \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
"--userid=Alice <alice@example.org>"
Remove the approval of Bob's certification on all of Alice's user IDs.
sq key approvals update \
--remove-by=511257EBBF077B7AEDAE5D093F68CB84CE537C9A \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0
SEE ALSO¶
sq(1), sq-key(1), sq-key-approvals(1).
For the full documentation see <https://book.sequoia-pgp.org>.
VERSION¶
1.0.0 (sequoia-openpgp 1.22.0)
| 1.0.0 | Sequoia PGP |