logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

sq cert lint - Check certificates for issues

Contents

Description

       Check certificates for issues.

       `sq cert lint` checks the supplied certificates for the following SHA-1-related issues:

         - Whether a certificate revocation uses SHA-1.

         - Whether the current self signature for a non-revoked User ID uses SHA-1.

         - Whether the current subkey binding signature for a non-revoked, live subkey uses SHA-1.

         - Whether a primary key binding signature ("backsig") for a non-revoked, live subkey uses SHA-1.

       Diagnostics are printed to stderr.  At the end, some statistics are shown.  This is useful when examining
       a  keyring.   If  `--fix`  is specified and at least one issue could be fixed, the fixed certificates are
       printed to stdout.

       This tool does not currently support smart cards.  But, if only the subkeys are on  a  smart  card,  this
       tool  may  still  be able to partially repair the certificate.  In particular, it will be able to fix any
       issues with User ID self signatures and subkey binding signatures for encryption-capable subkeys, but  it
       will not be able to generate new primary key binding signatures for any signing-capable subkeys.

Examples

        Gather statistics on the certificates in a keyring.

              sq cert lint --cert-file certs.pgp

       Fix a key with known problems.

              sq key export --cert EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
                     | sq cert lint --fix --cert-file=- \
                     | sq cert import

Name

       sq cert lint - Check certificates for issues

Options

Subcommandoptions--cert=FINGERPRINT|KEYID
              Use certificates with the specified fingerprint or key ID

       --cert-domain=DOMAIN
              Use certificates where a user ID includes an email address for the specified domain

       --cert-email=EMAIL
              Use certificates where a user ID includes the specified email address

       --cert-file=PATH
              Read certificates from PATH

       --cert-grep=PATTERN
              Use certificates with a user ID that matches the pattern, case insensitively

       --cert-userid=USERID
              Use certificates with the specified user ID

       --fix  Attempts to fix certificates, when possible

       --output=FILE
              Write to the specified FILE

              If  not  specified,  and the certificate was read from the certificate store, imports the modified
              certificate into the cert store.  If not specified, and the certificate  was  read  from  a  file,
              writes the modified certificate to stdout.

   Globaloptions
       See sq(1) for a description of the global options.

See Also

sq(1), sq-cert(1).

       For the full documentation see <https://book.sequoia-pgp.org>.

Synopsis

sqcertlint [OPTIONS]

Version

       1.2.0 (sequoia-openpgp 1.22.0)

Sequoia PGP                                           1.2.0                                                SQ(1)

See Also

Man Pages
cert Man Pages
Man Pages
proxy Man Pages
Headphones Icomoon
Headphones Icomoon SVG Icons
Certificate
Certificate PNG Icons
User
User PNG Icons
Filing
Filing PNG Icons
Cheatsheets
Stylelint - CSS Linter & Formatter Cheatsheets
Man Pages
clFlush Man Pages
Man Pages
GnuPG::SubKey Man Pages
← View User commands Category← Back to Security and encryption🙏  Credits & Acknowledgments