1SQ-CERTIFY(1)                    USER COMMANDS                   SQ-CERTIFY(1)
2
3
4

NAME

6       sq-certify - Certifies a User ID for a Certificate
7
8       Using  a  certification a keyholder may vouch for the fact that another
9       certificate legitimately belongs to a  user  id.   In  the  context  of
10       emails  this  means that the same entity controls the key and the email
11       address.  These kind of certifications form the basis for  the  Web  Of
12       Trust.
13
14       This command emits the certificate with the new certification.  The up‐
15       dated certificate has to be distributed, preferably by  sending  it  to
16       the certificate holder for attestation.  See also "sq key attest-certi‐
17       fication".
18
19

SYNOPSIS

21       sq certify [FLAGS] [OPTIONS] <CERTIFIER-KEY> <CERTIFICATE> <USERID>
22

FLAGS

24       -h, --help
25              Prints help information
26
27
28       -B, --binary
29              Emits binary data
30
31
32       -l, --local
33              Makes the certification a local certification.  Normally,  local
34              certifications are not exported.
35
36
37       --non-revocable
38              Marks  the  certification  as  being non-revocable. That is, you
39              cannot later revoke this certification.   This  should  normally
40              only be used with an expiration.
41

OPTIONS

43       -o, --output FILE
44              Writes to FILE or stdout if omitted
45
46
47       -d, --depth TRUST_DEPTH
48              Sets the trust depth (sometimes referred to as the trust level).
49              0 means a normal  certification  of  <CERTIFICATE,  USERID>.   1
50              means CERTIFICATE is also a trusted introducer, 2 means CERTIFI‐
51              CATE is a meta-trusted introducer, etc.  The default is 0.
52
53
54       -a, --amount TRUST_AMOUNT
55              Sets the amount of trust.  Values between 1 and 120 are meaning‐
56              ful. 120 means fully trusted.  Values less than 120 indicate the
57              degree of trust.  60 is usually used for partially trusted.  The
58              default is 120.
59
60
61       -r, --regex REGEX
62              Adds a regular expression to constrain what a trusted introducer
63              can certify.  The regular expression must  match  the  certified
64              User  ID in all intermediate introducers, and the certified cer‐
65              tificate. Multiple regular expressions  may  be  specified.   In
66              that case, at least one must match.
67
68
69       --notation NAME
70              Adds a notation to the certification.  A user-defined notation's
71              name must be of the form "name@a.domain.you.control.org". If the
72              notation's  name starts with a !, then the notation is marked as
73              being critical.  If a consumer of a signature doesn't understand
74              a critical notation, then it will ignore the signature.  The no‐
75              tation is marked as being human readable.
76
77
78       --expires TIME
79              Makes the certification  expire  at  TIME  (as  ISO  8601).  Use
80              "never" to create certifications that do not expire.
81
82
83       --expires-in DURATION
84              Makes the certification expire after DURATION. Either "N[ymwd]",
85              for N years, months, weeks, or days, or "never".  [default: 5y]
86

ARGS

88       CERTIFIER-KEY
89              Creates the certificate using CERTIFIER-KEY.
90
91
92       CERTIFICATE
93              Certifies CERTIFICATE.
94
95
96       USERID Certifies USERID for CERTIFICATE.
97

EXAMPLES

99       # Juliet certifies that Romeo controls romeo.pgp and romeo@example.org
100              $ sq certify juliet.pgp romeo.pgp "<romeo@example.org>"
101
102

SEE ALSO

104       For the full documentation see <https://docs.sequoia-pgp.org/sq/>.
105
106       sq(1), sq-armor(1), sq-autocrypt(1), sq-certify(1), sq-dearmor(1),
107       sq-decrypt(1), sq-encrypt(1), sq-inspect(1), sq-key(1), sq-keyring(1),
108       sq-keyserver(1), sq-packet(1), sq-sign(1), sq-verify(1), sq-wkd(1)
109
110
111

AUTHORS

113         Azul <azul@sequoia-pgp.org>
114         Igor Matuszewski <igor@sequoia-pgp.org>
115         Justus Winter <justus@sequoia-pgp.org>
116         Kai Michaelis <kai@sequoia-pgp.org>
117         Neal H. Walfield <neal@sequoia-pgp.org>
118         Nora Widdecke <nora@sequoia-pgp.org>
119         Wiktor Kwapisiewicz <wiktor@sequoia-pgp.org>
120
121
122
1230.24.0 (SEQUOIA-OPENPGP 1.0.0)    MARCH 2021                     SQ-CERTIFY(1)
Impressum