| SQ(1) | User Commands | SQ(1) |
NAME¶
sq keyring filter - Join keys into a keyring applying a filter
SYNOPSIS¶
sq keyring filter [OPTIONS] FILE
DESCRIPTION¶
Join keys into a keyring applying a filter.
This can be used to filter keys based on given predicates, e.g. whether they have a user id containing an email address with a certain domain. Additionally, the keys can be pruned to only include components matching the predicates.
If no filters are supplied, everything matches.
If multiple predicates are given, they are or'ed, i.e., a key matches if any of the predicates match. To require all predicates to match, chain multiple invocations of this command. See EXAMPLES for inspiration.
Note: this command is considered experimental and may change in future releases. To acknowledge this, you must give the `--experimental` flag when invoking this command.
OPTIONS¶
Subcommand options¶
- --cert=FINGERPRINT|KEYID
- Match on certificate fingerprints and key IDs
- Match on primary keys, including those certificates that match the given fingerprint or key ID.
- --domain=FQDN
- Match on email domain FQDN
- Parse user IDs into name and email address and case-sensitively matches on the domain of the email address, requiring an exact match.
- --email=ADDRESS
- Match on email ADDRESS
- Parse user IDs into name and email address and case-sensitively matches on the email address, requiring an exact match.
- --experimental
- Opt-in to using an experimental feature
- This command is considered experimental and may change in future releases. To acknowledge this, you must give the `--experimental` flag when invoking this command.
- In the future, we may stabilize this command. When that happens, `--experimental` will no longer be required, but will be ignored silently.
- --key=FINGERPRINT|KEYID
- Match on (sub)key fingerprints and key IDs
- Match on both primary keys and subkeys, including those certificates that match the given fingerprint or key ID.
- --name=NAME
- Match on NAME
- Parse user IDs into name and email and case-sensitively matches on the name, requiring an exact match.
- --output=FILE
- Write to FILE or stdout if omitted
- [default: -]
- --prune-certs
- Remove certificate components not matching the filter
- --to-cert
- Convert any keys in the input to certificates
- Converting a key to a certificate removes secret key material from the key thereby turning it into a certificate.
- --userid=USERID
- Match on USERID
- Case-sensitively matches on the user ID, requiring an exact match.
-
FILE - Read from FILE or stdin if omitted
Global options¶
See sq(1) for a description of the global options.
EXAMPLES¶
Convert all keys to certificates (i.e. remove any secret key material).
sq keyring filter --experimental --to-cert certs.pgp
Get all certificates with a user ID on example.org.
sq keyring filter --experimental --domain=example.org \
certs.pgp
Get all certificates with a user ID on example.org or example.net.
sq keyring filter --experimental --domain=example.org \
--domain=example.net certs.pgp
Get all certificates with a name user ID matching Romeo.
sq keyring filter --experimental --name=Romeo certs.pgp
Get all certificates with a name user ID matching Romeo on example.org.
sq keyring filter --experimental --domain=example.org \
certs.pgp \
| sq keyring filter --experimental --name=Romeo
Get all certificates with a user ID on example.org, pruning other user IDs.
sq keyring filter --experimental --domain=example.org \
--prune-certs certs.pgp
SEE ALSO¶
For the full documentation see <https://book.sequoia-pgp.org>.
VERSION¶
1.1.0 (sequoia-openpgp 1.22.0)
| 1.1.0 | Sequoia PGP |