sq-network-dane-generate - Man Page
Generate DANE records for the given domain and certs
Synopsis
sq network dane generate [Options]
Description
Generate DANE records for the given domain and certs.
The certificates are minimized, and one record per email address is emitted. If multiple user IDs map to one email address, then all matching user IDs are included in the emitted certificates.
By default, OPENPGPKEY resource records are emitted. If your DNS server doesn't understand those, use `--type generic` to emit generic records instead.
Options
Subcommand options
- --all
Use all authenticated certificates with a user ID in the given domain
Use all certificates that have a user ID matching the domain given to the `--domain` parameter that can be fully authenticated.
- --cert=FINGERPRINT|KEYID
Use certificates with the specified fingerprint or key ID
- --domain=FQDN
Generate DANE records for this domain name
- --email=EMAIL
Use certificates where a user ID includes the specified email address
- --file=PATH
Read certificates from PATH
- --size-limit=BYTES
Try to shrink the certificates to this size
[default: 12288]
- --ttl=DURATION
Set the TTL (maximum cache duration) of the resource records
[default: 10800]
- --type=TYPE
Change the emitted resource record type
[default: openpgp]
[possible values: openpgp, generic]
- --userid=USERID
Use certificates with the specified user ID
Global options
See sq(1) for a description of the global options.
Examples
Generate DANE records from juliet.pgp for example.org.
sq network dane generate --domain=example.org \
--file=juliet.pgpGenerate DANE records for all certs with an authenticated user ID in example.org.
sq network dane generate --domain=example.org --all
See Also
sq(1), sq-network(1), sq-network-dane(1).
For the full documentation see <https://book.sequoia-pgp.org>.
Version
0.39.0 (sequoia-openpgp 1.21.2)