sq network keyserver search¶

Retrieve certificates from key servers.

By default, any returned certificates are stored in the local certificate store. This can be overridden by using `--output` option.

When a certificate is retrieved from a verifying key server (currently, this is limited to a list of known servers: `hkps://keys.openpgp.org`, `hkps://keys.mailvelope.com`, and `hkps://mail-api.proton.me`), and imported into the local certificate store, the User IDs are also certificated with a local server-specific key. That proxy certificate is in turn certified as a minimally trusted CA (trust amount: 1 of 120) by the local trust root. How much a proxy key server CA is trusted can be tuned using `sq pki link add` or `sq pki link retract` in the usual way.

sq network keyserver publish¶

Publish certificates on key servers.

Sends certificates to the configured key servers for publication. By default, the certificates are sent to `hkps://keys.openpgp.org`, `hkps://mail-api.proton.me`, `hkps://keys.mailvelope.com`, `hkps://keyserver.ubuntu.com`, and `hkps://sks.pod01.fleetstreetops.com`. This can be tweaked using `--servers`.

sq network keyserver search¶

Retrieve Alice's certificate from the default keyservers.

sq network keyserver search alice@example.org

Retrieve Alice's certificate addressed by fingerprint from the default keyservers.

sq network keyserver search \

EB28F26E2739A4870ECC47726F0073F60FD0CBF0

Retrieve Alice's certificate from a non-default keyserver.

sq network keyserver search --server=hkps://keys.example.org \

alice@example.org

Retrieve updates for all known certificates from the default keyservers.

sq network keyserver search --all

sq network keyserver publish¶

Publish Alice's certificate on the default keyservers.

sq network keyserver publish --cert-email=alice@example.org