sq-keyring-filter - Man Page

Join keys into a keyring applying a filter

Synopsis

sq keyring filter [Options] FILE

Description

Join keys into a keyring applying a filter.

This can be used to filter keys based on given predicates, e.g. whether they have a user id containing an email address with a certain domain.  Additionally, the keys can be pruned to only include components matching the predicates.

If no filters are supplied, everything matches.

If multiple predicates are given, they are or'ed, i.e., a key matches if any of the predicates match.  To require all predicates to match, chain multiple invocations of this command.  See Examples for inspiration.

Note: this command is considered experimental and may change in future releases.  To acknowledge this, you must give the `--experimental` flag when invoking this command.

Options

Subcommand options

--cert=FINGERPRINT|KEYID

Match on certificate fingerprints and key IDs

Match on primary keys, including those certificates that match the given fingerprint or key ID.

--domain=FQDN

Match on email domain FQDN

Parse user IDs into name and email address and case-sensitively matches on the domain of the email address, requiring an exact match.

--email=ADDRESS

Match on email ADDRESS

Parse user IDs into name and email address and case-sensitively matches on the email address, requiring an exact match.

--experimental

Opt-in to using an experimental feature

This command is considered experimental and may change in future releases.  To acknowledge this, you must give the `--experimental` flag when invoking this command.

In the future, we may stabilize this command.  When that happens, `--experimental` will no longer be required, but will be ignored silently.

--key=FINGERPRINT|KEYID

Match on (sub)key fingerprints and key IDs

Match on both primary keys and subkeys, including those certificates that match the given fingerprint or key ID.

--name=NAME

Match on NAME

Parse user IDs into name and email and case-sensitively matches on the name, requiring an exact match.

--output=FILE

Write to FILE or stdout if omitted

[default: -]

--prune-certs

Remove certificate components not matching the filter

--to-cert

Convert any keys in the input to certificates

Converting a key to a certificate removes secret key material from the key thereby turning it into a certificate.

--userid=USERID

Match on USERID

Case-sensitively matches on the user ID, requiring an exact match.

FILE

Read from FILE or stdin if omitted

Global options

See sq(1) for a description of the global options.

Examples

Convert all keys to certificates (i.e. remove any secret key material).

    sq keyring filter --experimental --to-cert certs.pgp

Get all certificates with a user ID on example.org.

    sq keyring filter --experimental --domain=example.org \
    certs.pgp

Get all certificates with a user ID on example.org or example.net.

    sq keyring filter --experimental --domain=example.org \
    --domain=example.net certs.pgp

Get all certificates with a name user ID matching Romeo.

    sq keyring filter --experimental --name=Romeo certs.pgp

Get all certificates with a name user ID matching Romeo on example.org.

    sq keyring filter --experimental --domain=example.org \
    certs.pgp \

| sq keyring filter --experimental --name=Romeo

Get all certificates with a user ID on example.org, pruning other user IDs.

    sq keyring filter --experimental --domain=example.org \
    --prune-certs certs.pgp

See Also

sq(1), sq-keyring(1).

For the full documentation see <https://book.sequoia-pgp.org/>.

Version

1.3.1

Referenced By

sq-keyring(1).

1.3.1 Sequoia PGP