sq-key-approvals - Man Page

Manages certification approvals

Synopsis

sq key approvals list [OPTIONS]  
sq key approvals update [OPTIONS]  

Description

Manages certification approvals.

Key holders may approve of third-party certifications associated with their certificate.  This subcommand manages the approvals.

To prevent certificate flooding attacks, modern key servers prevent uncontrolled distribution of third-party certifications on certificates.  To allow the key holder to control what information is distributed with their certificate, these key servers only distribute third-party certifications that the key holder has explicitly approved.

Subcommands

sq key approvals list

Lists third-party certifications and their approval status.

To prevent certificate flooding attacks, modern key servers prevent uncontrolled distribution of third-party certifications on certificates.  To allow the key holder to control what information is distributed with their certificate, these key servers only distribute third-party certifications that the key holder has explicitly approved.

sq key approvals update

Approves of third-party certifications allowing for their distribution.

To prevent certificate flooding attacks, modern key servers prevent uncontrolled distribution of third-party certifications on certificates.  To allow the key holder to control what information is distributed with their certificate, these key servers only distribute third-party certifications that the key holder has explicitly approved.

By default, all user IDs are considered, but if at least one `--name`, `--email`, or `--userid` argument is given, only the matching user IDs are considered.

After the approvals have been changed, the certificate has to be distributed, e.g. by uploading it to a key server.

Examples

sq key approvals list

Lists the approved certifications on all the user IDs.

    sq key approvals list \
    --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0

Lists the unapproved certifications on all the user IDs.

    sq key approvals list --pending \
    --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0

Lists all unapproved certifications on a given user ID.

    sq key approvals list --pending --email=alice@example.org \
    --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0

sq key approvals update

Approve of all of the certifications on all of Alice's user IDs.

    sq key approvals update --add-all \
    --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0

Approve of all of the certifications on all of Alice's user IDs made by Bob, discarding all prior approvals first.

    sq key approvals update --remove-all \
    --add-by=511257EBBF077B7AEDAE5D093F68CB84CE537C9A \

--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0

Approve of all of the certifications on a specific user ID by certifiers that can be authenticated, discarding all prior approvals first.

    sq key approvals update --remove-all --add-authenticated \
    --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \

"--userid=Alice <alice@example.org>"

Remove the approval of Bob's certification on all of Alice's user IDs.

    sq key approvals update \
    --remove-by=511257EBBF077B7AEDAE5D093F68CB84CE537C9A \

--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0

See Also

sq(1), sq-key(1), sq-key-approvals-list(1), sq-key-approvals-update(1).

For the full documentation see <https://book.sequoia-pgp.org>.

Version

0.39.0 (sequoia-openpgp 1.21.2)

Referenced By

sq-key(1), sq-key-approvals-list(1), sq-key-approvals-update(1).

0.39.0 Sequoia PGP