Provided by: sq_0.37.0-1_amd64 bug

NAME
       sq network wkd - Retrieve and publishes certificates via Web Key Directories


SYNOPSIS
       sq network wkd generate [OPTIONS] WEB-ROOT FQDN CERT-RING
       sq network wkd fetch [OPTIONS] ADDRESS
       sq network wkd direct-url [OPTIONS] ADDRESS
       sq network wkd url [OPTIONS] ADDRESS


DESCRIPTION
       Retrieve and publishes certificates via Web Key Directories.

       The Web Key Directory (WKD) is a method for publishing and retrieving certificates from web servers.


SUBCOMMANDS
   sq network wkd generate
       Generate a Web Key Directory for the given domain and certs.

       If the WKD exists, the new certificates will be inserted and existing ones will be updated.

       A WKD is per domain, and can be queried using the advanced or the direct method. The advanced method uses
       a  URL  with  a subdomain 'openpgpkey'. As per the specification, the advanced method is to be preferred.
       The direct method may only be used if the subdomain doesn't exist. The advanced  method  allows  Web  Key
       Directories for several domains on one web server.

       The  contents  of  the  generated  WKD  must  be copied to a web server so that they are accessible under
       https://openpgpkey.example.com/.well-known/openpgp/...     for     the     advanced     version,      and
       https://example.com/.well-known/openpgp/...  for  the  direct  version. sq does not copy files to the web
       server.

   sq network wkd fetch
       Retrieve certificates from a Web Key Directory.

       By default, any returned certificates are stored in the local certificate store.  This can be  overridden
       by using `--output` option.

       When  a  certificate is retrieved from a WKD, and imported into the local certificate store, any User IDs
       with the email address that was looked up are certificated with a local  WKD-specific  key.   That  proxy
       certificate  is  in  turn certified as a minimally trusted CA (trust amount: 1 of 120) by the local trust
       root.  How much the WKD proxy CA is trusted can be tuned using `sq pki link add` or `sq pki link retract`
       in the usual way.

   sq network wkd direct-url
       Print the direct Web Key Directory URL of an email address.

   sq network wkd url
       Print the advanced Web Key Directory URL of an email address.


EXAMPLES
   sq network wkd generate
       Generate a WKD in /tmp/wkdroot from certs.pgp for example.com.

              sq wkd generate /tmp/wkdroot example.com certs.pgp


SEE ALSO
       sq(1), sq-network(1), sq-network-wkd-generate(1), sq-network-wkd-fetch(1),  sq-network-wkd-direct-url(1),
       sq-network-wkd-url(1).

       For the full documentation see <https://book.sequoia-pgp.org>.


VERSION
       0.34.0 (sequoia-openpgp 1.19.0)

Sequoia PGP                                          0.34.0                                                SQ(1)