sq-network-wkd-publish - Man Page

Publish certificates in a Web Key Directory

Synopsis

sq network wkd publish [Options] DEST

Description

Publish certificates in a Web Key Directory.

Publishes certificates or certificate updates in a Web Key Directory (WKD).  You can create or update a WKD hierarchy on the local system by specifying a path as destination.

Typically, a WKD is stored on a web server.  If `--rsync` is given, this command manages remote WKD directory hierarchies by using rsync(1).

To insert a new certificate into the WKD, use `--cert`.

Any updates for certificates already existing in the WKD are automatically published.

Note: To update a WKD hierarchy, it is first copied to a temporary location on the local machine, new certificates or certificate updates are inserted into the local copy, and the hierarchy is copied back to its original location.  As this is not an atomic operation, care must be taken to avoid concurrent updates.

Options

Subcommand options

--all

Publish authenticated certs with a user ID matching domain

Use all certificates that have a user ID matching the domain given to the `--domain` parameter that can be fully authenticated.

--cert=FINGERPRINT|KEYID

Use certificates with the specified fingerprint or key ID

--cert-email=EMAIL

Use certificates where a user ID includes the specified email address

--cert-file=PATH

Read certificates from PATH

--cert-userid=USERID

Use certificates with the specified user ID

--create

Create the WKD hierarchy if it does not exist yet

--domain=FQDN

Generate a WKD for a fully qualified domain name for email

--method=METHOD

Select kind of WKD hierarchy to be created

The advanced method, which is the default and should be preferred, is hosted on a separate domain (e.g. openpgpkey.example.org).

The direct method is hosted on the same domain (e.g. example.org).

[possible values: advanced, direct]

--rsync

Use rsync(1) to access DEST

--rsync-path=RSYNC

Path to the local rsync command to use, implies --rsync

DEST

Location of the WKD on the local or remote machine

If --rsync is given, this is passed as-is to rsync(1).

Global options

See sq(1) for a description of the global options.

Examples

Create a new WKD hierarchy in the local directory `public_html`, and insert Alice's cert.

    sq network wkd publish --create \
    --cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \

--domain=example.org public_html

Add Bob's cert to the existing WKD hierarchy in the local directory `public_html`.

    sq network wkd publish \
    --cert=511257EBBF077B7AEDAE5D093F68CB84CE537C9A \

--domain=example.org public_html

Add all certs with an authenticated user ID in example.org to the existing WKD hierarchy.

    sq network wkd publish --domain=example.org --all public_html

Refresh all certs in the existing WKD hierarchy in the local directory `public_html` from the cert store.

    sq network wkd publish --domain=example.org public_html

See Also

sq(1), sq-network(1), sq-network-wkd(1).

For the full documentation see <https://book.sequoia-pgp.org>.

Version

1.0.0 (sequoia-openpgp 1.22.0)

Referenced By

sq-network-wkd(1).

1.0.0 Sequoia PGP