sq network fetch¶

Retrieves certificates using all supported network services.

By default, any returned certificates are stored in the local certificate store. This can be overridden by using `--output` option.

When a certificate is retrieved from a verifying key server (currently, this is limited to a list of known servers: `hkps://keys.openpgp.org`, `hkps://keys.mailvelope.com`, and `hkps://mail-api.proton.me`), and imported into the local certificate store, the User IDs are also certificated with a local server-specific key. That proxy certificate is in turn certified as a minimally trusted CA (trust amount: 1 of 120) by the local trust root. How much a proxy key server CA is trusted can be tuned using `sq pki link add` or `sq pki link retract` in the usual way.

sq network keyserver¶

Retrieves and publishes certificates via key servers.

The OpenPGP HTTP Keyserver Protocol (HKP) is a method for publishing and retrieving certificates from key servers.

sq network wkd¶

Retrieves and publishes certificates via Web Key Directories.

The Web Key Directory (WKD) is a method for publishing and retrieving certificates from web servers.

sq network dane¶

Retrieves and publishes certificates via DANE.

DNS-Based Authentication of Named Entities (DANE) is a method for publishing and retrieving certificates in DNS as specified in RFC 7929.