sq-pki-link - Man Page

Manage authenticated certificate and User ID links

Synopsis

sq pki link add [OPTIONS] FINGERPRINT|KEYID USERID|EMAIL
sq pki link retract [OPTIONS] FINGERPRINT|KEYID USERID|EMAIL
sq pki link list [OPTIONS]  

Description

Manage authenticated certificate and User ID links.

Link a certificate and User ID is one way of making `sq` consider a binding to be authentic.  Another way is to use `sq pki certify` to certify the binding with an explicitly configured trust root.  The linking functionality is often easier to work with, and the information is private by default.

Authenticated bindings can be used to designate a certificate using a symbolic name.  For instance, using `sq encrypt`'s `--recipient-userid` and `--recipient-email` options, a user can designate a certificate using a User ID or an email address that is authenticated for that certificate.

`sq` also uses authenticated certificates to authenticate other data.  For instance, `sq verify` considers signatures made by an authenticated certificate to be authentic.

Users can create a link using `sq pki link add`.  That link can later be retracted using `sq pki link retract`.  A certificate can also be accepted as a trusted introducer by passing the `--ca` option to `sq pki link add`.

`sq` implements linking using non-exportable certifications, and an implicit trust root.  An OpenPGP certificate directory, the default certificate store used by `sq`, includes a local trust root, which is stored under the `trust-root` special name.  When the user instructs `sq` to accept a binding, `sq` uses the local trust root to create a non-exportable certification, which it stores in the certificate directory.  In this way, operations that use the Web of Trust to authenticate a binding automatically use links.

When a user retracts a link, `sq` creates a new, non-exportable certification with zero trust.  This certification suppresses the previous link.

Subcommands

Examples

See Also

sq(1), sq-pki(1), sq-pki-link-add(1), sq-pki-link-retract(1), sq-pki-link-list(1).

For the full documentation see <https://book.sequoia-pgp.org>.

Version

0.38.0 (sequoia-openpgp 1.21.2)

Referenced By

sq-pki(1), sq-pki-link-add(1), sq-pki-link-list(1), sq-pki-link-retract(1).

0.38.0 Sequoia PGP