sq-pki-vouch-add - Man Page

--add-email=EMAIL

Use a user ID with the specified email address

The user ID consists of just the email address.  The email address does not have to appear in a self-signed user ID.

--add-userid=USERID

Use the specified user ID

The specified user ID does not need to be self signed.

Because using a user ID that is not self-signed is often a mistake, you need to use this option to explicitly opt in.

--all

Use all self-signed user IDs

--allow-non-canonical-userids

Don't reject new user IDs that are not in canonical form

Canonical user IDs are of the form `Name (Comment) <localpart@example.org>`.

--amount=AMOUNT

Set the amount of trust

Values between 1 and 120 are meaningful.  120 means fully trusted.  Values less than 120 indicate the degree of trust.  60 is usually used for partially trusted.

[default: full]

--cert=FINGERPRINT|KEYID

Use certificates with the specified fingerprint or key ID

--cert-file=PATH

Read certificates from PATH

--certifier=FINGERPRINT|KEYID

Create the certification using the key with the specified fingerprint or key ID

--certifier-email=EMAIL

Create the certification using the key where a user ID includes the specified email address

--certifier-file=PATH

Create the certification using the key read from PATH

--certifier-self

Create the certification using your default certification key

This uses the certificates set in the configuration file under `pki.vouch.certifier-self` as certification key.

Currently, there is no default certification key.

--certifier-userid=USERID

Create the certification using the key with the specified user ID

--email=EMAIL

Use a user ID consisting of just the email address, if the email address occurs in a self-signed user ID

--expiration=EXPIRATION

Sets the expiration time

EXPIRATION is either an ISO 8601 formatted date with an optional time or a custom duration.  A duration takes the form `N[ymwds]`, where the letters stand for years, months, weeks, days, and seconds, respectively. Alternatively, the keyword `never` does not set an expiration time.

The default can be changed in the configuration file using the setting `pki.vouch.expiration`.

[default: 10y]

--local

Make the certification a local certification

Normally, local certifications are not exported.

--non-revocable

Mark the certification as being non-revocable

That is, you cannot later revoke this certification.  This should normally only be used with an expiration.

--output=FILE

Write to FILE or stdout if omitted

--signature-notation NAME VALUE

Add a notation to the signature

A user-defined notation's name must be of the form `name@a.domain.you.control.org`. If the notation's name starts with a `!`, then the notation is marked as being critical.  If a consumer of a signature doesn't understand a critical notation, then it will ignore the signature.  The notation is marked as being human readable.

--userid=USERID

Use the specified self-signed user ID

The specified user ID must be self signed.

--userid-by-email=EMAIL

Use the self-signed user ID with the specified email address

See sq(1) for a description of the global options.