Provided by: sq_1.2.0-1_amd64 
NAME
sq network search - Retrieve certificates using all supported network services
SYNOPSIS
sq network search [OPTIONS] QUERY
DESCRIPTION
Retrieve certificates using all supported network services.
This command will try to locate relevant certificates given a query, which may be a fingerprint, a key
ID, an email address, or a https URL. It may also discover and import certificate related to the one
queried, such as alternative certs, expired certs, or revoked certs.
Discovering related certs is useful: alternative certs support key rotations, expired certs allow
verification of signatures made in the past, and discovering revoked certs is important to get the
revocation information. The PKI mechanism will help to select the correct cert, see `sq pki`.
By default, any returned certificates are stored in the local certificate store. This can be overridden
by using `--output` option.
When a certificate is retrieved from a verifying key server (currently, this is limited to a list of
known servers: `hkps://keys.openpgp.org`, `hkps://keys.mailvelope.com`, and `hkps://mail-api.proton.me`),
WKD, DANE, or via https, and imported into the local certificate store, the User IDs are also
certificated with a local server-specific key. That proxy certificate is in turn certified as a
minimally trusted CA (trust amount: 1 of 120) by the local trust root. How much a proxy key server CA is
trusted can be tuned using `sq pki link add` or `sq pki link retract` in the usual way.
OPTIONS
Subcommand options
--all Fetch updates for all known certificates
--iterations=N
Iterate to find related updates and certs
The default can be changed in the configuration file using the setting
`network.search.iterations`.
[default: 3]
--output=FILE
Write to FILE (or stdout when omitted) instead of importing into the certificate store
--server=URI
Set a key server to use (can be given multiple times)
The default can be changed in the configuration file using the setting
`network.keyserver.servers`.
[default: hkps://keys.openpgp.org, hkps://mail-api.proton.me, hkps://keys.mailvelope.com,
hkps://keyserver.ubuntu.com, hkps://sks.pod01.fleetstreetops.com]
--use-dane=ENABLE
Use DANE to search for certs
The default can be changed in the configuration file using the setting `network.search.use-dane`.
[default: true]
[possible values: true, false]
--use-wkd=ENABLE
Use WKD to search for certs
The default can be changed in the configuration file using the setting `network.search.use-wkd`.
[default: true]
[possible values: true, false]
QUERY Retrieve certificate(s) using QUERY
This may be a fingerprint, a KeyID, an email address, or a https URL.
Global options
See sq(1) for a description of the global options.
EXAMPLES
Search for the Qubes master signing certificate.
sq network search 427F11FD0FAA4B080123F01CDDFA1A3E36879494
Search for certificates that have are associated with an email address.
sq network search alice@example.org
SEE ALSO
sq(1), sq-network(1).
For the full documentation see <https://book.sequoia-pgp.org>.
VERSION
1.2.0 (sequoia-openpgp 1.22.0)
Sequoia PGP 1.2.0 SQ(1)