Man page - sq-pki-vouch-add(1)

Packages contains this manual

Package:  sq
apt-get install sq

Manuals in package:
• sq-network-keyserver(1)
• sq-key-expire(1)
• sq-pki-link(1)
• sq-pki-link-authorize(1)
• sq-network-dane-generate(1)
• sq-config-inspect-network(1)
• sq-network-dane-search(1)
• sq-pki-vouch-list(1)
• sq-keyring-list(1)
• sq-pki-vouch(1)
• sq-packet-join(1)
• sq-key-subkey-bind(1)
• sq-key-userid-revoke(1)
• sq-packet-split(1)
• sq-config-inspect(1)
• sq-network-search(1)
• sq-pki-path(1)
• sq-keyring-split(1)
• sq-key-subkey-export(1)
• sq-sign(1)
• sq-network-wkd-publish(1)
• sq-key-delete(1)
• sq-packet-decrypt(1)
• sq-key-subkey-password(1)
• sq-cert-list(1)
• sq-key-userid(1)
• sq-network-wkd-search(1)
• sq-pki-link-retract(1)
• sq-keyring-merge(1)
• sq-key-subkey(1)
• sq-pki(1)
• sq-cert(1)
• sq-key-list(1)
• sq-pki-vouch-replay(1)
• sq-pki-authenticate(1)
• sq-pki-link-add(1)
• sq-key-password(1)
• sq-network-keyserver-publish(1)
• sq-config-get(1)
• sq-key-subkey-delete(1)
• sq-config-inspect-paths(1)
• sq-packet-dump(1)
• sq-key-rotate(1)
• sq-key-approvals-list(1)
• sq-download(1)
• sq-key-export(1)
• sq-keyring(1)
• sq-version(1)
• sq-key-userid-add(1)
• sq-pki-vouch-add(1)
• sq-packet-dearmor(1)
• sq-packet(1)
• sq-cert-import(1)
• sq-key-subkey-revoke(1)
• sq-key-approvals-update(1)
• sq-network-keyserver-search(1)
• sq-inspect(1)
• sq-pki-identify(1)
• sq-keyring-filter(1)
• sq-network(1)
• sq-pki-lookup(1)
• sq-pki-link-list(1)
• sq-cert-lint(1)
• sq-key-approvals(1)
• sq-cert-export(1)
• sq-network-wkd(1)
• sq-verify(1)
• sq-key-revoke(1)
• sq-config-inspect-policy(1)
• sq-decrypt(1)
• sq-network-dane(1)
• sq-key-generate(1)
• sq-key-import(1)
• sq(1)
• sq-config(1)
• sq-config-template(1)
• sq-pki-vouch-authorize(1)
• sq-key(1)
• sq-encrypt(1)
• sq-key-subkey-expire(1)
• sq-key-subkey-add(1)
• sq-packet-armor(1)
Documentations in package:
• sq

Manual

SQ

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
Subcommand options
Global options
EXAMPLES
SEE ALSO
VERSION

---

NAME

sq-pki-vouch-add - Certify a User ID for a Certificate

SYNOPSIS

sq pki vouch add [ OPTIONS ]

DESCRIPTION

Certify a User ID for a Certificate.

Using a certification a keyholder may vouch for the fact that another certificate legitimately belongs to a user id. In the context of emails this means that the same entity controls the key and the email address. These kind of certifications form the basis for the Web of Trust.

This command emits the certificate with the new certification. The updated certificate has to be distributed, preferably by sending it to the certificate holder for approval. See also ‘sq key approvals‘.

By default a certification expires after 10 years. Using the ‘--expiration‘ argument specific validity periods may be defined. It allows for providing a point in time for validity to end or a validity duration.

‘sq pki vouch add‘ respects the reference time set by the top-level ‘--time‘ argument. It sets the certification’s creation time to the reference time.

OPTIONS

Subcommand options

--add-email = EMAIL

Use a user ID with the specified email address

The user ID consists of just the email address. The email address does not have to appear in a self-signed user ID.

--add-userid = USERID

Use the specified user ID

The specified user ID does not need to be self signed.

Because using a user ID that is not self-signed is often a mistake, you need to use this option to explicitly opt in.

--all

Use all self-signed user IDs

--allow-non-canonical-userids

Don’t reject new user IDs that are not in canonical form

Canonical user IDs are of the form ‘Name (Comment) <localpart@example.org>‘.

--amount = AMOUNT

Set the amount of trust

Values between 1 and 120 are meaningful. 120 means fully trusted. Values less than 120 indicate the degree of trust. 60 is usually used for partially trusted.

[default: full ]

--cert = FINGERPRINT|KEYID

Use certificates with the specified fingerprint or key ID

--cert-file = PATH

Read certificates from PATH

--certifier = FINGERPRINT|KEYID

Create the certification using the key with the specified fingerprint or key ID

--certifier-email = EMAIL

Create the certification using the key where a user ID includes the specified email address

--certifier-file = PATH

Create the certification using the key read from PATH

--certifier-self

Create the certification using your default certification key

This uses the certificates set in the configuration file under ‘pki.vouch.certifier-self‘ as certification key.

Currently, there is no default certification key.

--certifier-userid = USERID

Create the certification using the key with the specified user ID

--email = EMAIL

Use a user ID consisting of just the email address, if the email address occurs in a self-signed user ID

--expiration = EXPIRATION

Sets the expiration time

EXPIRATION is either an ISO 8601 formatted date with an optional time or a custom duration. A duration takes the form ‘N[ymwds]‘, where the letters stand for years, months, weeks, days, and seconds, respectively. Alternatively, the keyword ‘never‘ does not set an expiration time.

The default can be changed in the configuration file using the setting ‘pki.vouch.expiration‘.

[default: 10y ]

--local

Make the certification a local certification

Normally, local certifications are not exported.

--non-revocable

Mark the certification as being non-revocable

That is, you cannot later revoke this certification. This should normally only be used with an expiration.

--output = FILE

Write to FILE or stdout if omitted

--signature-notation NAME VALUE

Add a notation to the signature

A user-defined notation’s name must be of the form ‘name@a.domain.you.control.org‘. If the notation’s name starts with a ‘!‘, then the notation is marked as being critical. If a consumer of a signature doesn’t understand a critical notation, then it will ignore the signature. The notation is marked as being human readable.

--userid = USERID

Use the specified self-signed user ID

The specified user ID must be self signed.

--userid-by-email = EMAIL

Use the self-signed user ID with the specified email address

Global options

See sq (1) for a description of the global options.

EXAMPLES

Alice certifies that Bob controls 3F68CB84CE537C9A and bob@example.org.

sq pki vouch add \

--certifier=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
--cert=511257EBBF077B7AEDAE5D093F68CB84CE537C9A \
--email=bob@example.org

Alice certifies that Bob controls 3F68CB84CE537C9A and bob@bobs.lair.net, which is not a self-signed user ID.

sq pki vouch add \

--certifier=EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
--cert=511257EBBF077B7AEDAE5D093F68CB84CE537C9A \
--add-email=bob@bobs.lair.net

SEE ALSO

sq (1), sq-pki (1), sq-pki-vouch (1).

For the full documentation see <https://book.sequoia-pgp.org/>.

VERSION

1.3.1

---