sq-key-approvals-update - Man Page
Approves of third-party certifications
Synopsis
sq key approvals update [Options]
Description
Approves of third-party certifications allowing for their distribution.
To prevent certificate flooding attacks, modern key servers prevent uncontrolled distribution of third-party certifications on certificates. To allow the key holder to control what information is distributed with their certificate, these key servers only distribute third-party certifications that the key holder has explicitly approved.
By default, all user IDs are considered, but if at least one `--name`, `--email`, or `--userid` argument is given, only the matching user IDs are considered.
After the approvals have been changed, the certificate has to be distributed, e.g. by uploading it to a key server.
Options
Subcommand options
- --add-all
Approve of all pending certifications
- --add-authenticated[=AMOUNT]
Approve of all certifications by authenticated certifiers.
For all pending approvals, try to authenticate any user ID on the certifier, and if any can be authenticated to at least the given amount, approve of the certification.
- --add-by=FINGERPRINT|KEYID
Approve of all certifications by this certifier
- --binary
Emit binary data
- --cert=FINGERPRINT|KEYID
List the approvals on the certificate with the specified fingerprint or key ID
- --cert-email=EMAIL
List the approvals on the certificate where a user ID includes the specified email address
- --cert-file=PATH
List the approvals on the certificate read from PATH
- --cert-userid=USERID
List the approvals on the certificate with the specified user ID
- --email=EMAILS
Change approvals on this email address user ID
- --name=NAMES
Change approvals on this name user ID
- --output=FILE
Write to the specified FILE.
If not specified, and the certificate was read from the certificate store, imports the modified certificate into the cert store. If not specified, and the certificate was read from a file, writes the modified certificate to stdout.
- --remove-all
Remove all prior approvals.
By default, this command adds to the set of already approved certifications. If this flag is given, the existing approvals are disregarded, and only the newly selected certifications are approved, if any.
- --remove-by=FINGERPRINT|KEYID
Remove all prior approvals of certifications by this certifier
- --userid=USERIDS
Change approvals on this user ID
Global options
See sq(1) for a description of the global options.
Examples
Approve of all of the certifications on all of Alice's user IDs.
sq key approvals update --add-all \ --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0
Approve of all of the certifications on all of Alice's user IDs made by Bob, discarding all prior approvals first.
sq key approvals update --remove-all \ --add-by=511257EBBF077B7AEDAE5D093F68CB84CE537C9A \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0
Approve of all of the certifications on a specific user ID by certifiers that can be authenticated, discarding all prior approvals first.
sq key approvals update --remove-all --add-authenticated \ --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
"--userid=Alice <alice@example.org>"
Remove the approval of Bob's certification on all of Alice's user IDs.
sq key approvals update \ --remove-by=511257EBBF077B7AEDAE5D093F68CB84CE537C9A \
--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0
See Also
sq(1), sq-key(1), sq-key-approvals(1).
For the full documentation see <https://book.sequoia-pgp.org>.
Version
0.39.0 (sequoia-openpgp 1.21.2)