Provided by: sq_0.37.0-1_amd64 bug

NAME
       sq pki path - Verify the specified path


SYNOPSIS
       sq pki path [OPTIONS] FINGERPRINT|KEYID USERID


DESCRIPTION
       Verify the specified path.

       A path is a sequence of certificates starting at the root, and a User ID.  This function checks that each
       path  segment has a valid certification, which also satisfies any constraints (trust amount, trust depth,
       regular expressions).

       If a valid path is not found, then this subcommand also lints the path.  In particular, it report if  any
       certifications  are insufficient, e.g., not enough trust depth, or invalid, e.g., because they use SHA-1,
       but the use of SHA-1 has been disabled.


OPTIONS
   Subcommand options
       -a, --amount=AMOUNT
              The required amount of trust.

              120 indicates full authentication; values less than 120  indicate  partial  authentication.   When
              `--certification-network` is passed, this defaults to 1200, i.e., `sq pki` tries to find 10 paths.

       --certification-network
              Treats the network as a certification network.

              Normally,  `sq  pki`  treats  the  Web  of  Trust  network  as  an  authentication network where a
              certification only means that the binding is correct, not that the target should be treated  as  a
              trusted  introducer.   In  a  certification  network, the targets of certifications are treated as
              trusted introducers with infinite depth, and any regular expressions are ignored. Note: The  trust
              amount remains unchanged.  This is how most so-called PGP path-finding algorithms work.

       --gossip
              Treats all certificates as unreliable trust roots.

              This  option  is  useful  for  figuring out what others think about a certificate (i.e., gossip or
              hearsay).  In other words, this finds arbitrary paths to a particular certificate.

              Gossip is useful in helping to identify alternative  ways  to  authenticate  a  certificate.   For
              instance,  imagine  Ed  wants  to  authenticate  Laura's  certificate,  but asking her directly is
              inconvenient.  Ed discovers that Micah has  certified  Laura's  certificate,  but  Ed  hasn't  yet
              authenticated Micah's certificate.  If Ed is willing to rely on Micah as a trusted introducer, and
              authenticating  Micah's certificate is easier than authenticating Laura's certificate, then Ed has
              learned about an easier way to authenticate Laura's certificate.

        FINGERPRINT|KEYID USERID
              A path consists of one or more certificates (designated by their fingerprint or Key ID) and ending
              in the User ID that is being authenticated

   Global options
       See sq(1) for a description of the global options.


EXAMPLES
       Verify that Alice ceritified a particular User ID for Bob's certificate.

              sq pki path EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
                     511257EBBF077B7AEDAE5D093F68CB84CE537C9A \
                     "Bob <bob@example.org>"


SEE ALSO
       sq(1), sq-pki(1).

       For the full documentation see <https://book.sequoia-pgp.org>.


VERSION
       0.34.0 (sequoia-openpgp 1.19.0)

Sequoia PGP                                          0.34.0                                                SQ(1)