Your company here — click to reach over 10,000 unique daily visitors

sq-network-keyserver-fetch - Man Page

Retrieve certificates from key servers


sq network keyserver fetch [Options] QUERY


Retrieve certificates from key servers.

By default, any returned certificates are stored in the local certificate store.  This can be overridden by using `--output` option.

When a certificate is retrieved from a verifying key server (currently, this is limited to a list of known servers: `hkps://keys.openpgp.org`, `hkps://keys.mailvelope.com`, and `hkps://mail-api.proton.me`), and imported into the local certificate store, the User IDs are also certificated with a local server-specific key.  That proxy certificate is in turn certified as a minimally trusted CA (trust amount: 1 of 120) by the local trust root.  How much a proxy key server CA is trusted can be tuned using `sq pki link add` or `sq pki link retract` in the usual way.


Subcommand options

-B, --binary

Emit binary data


Fetch updates for all known certificates

-o, --output=FILE

Write to FILE (or stdout when omitted) instead of importing into the certificate store

-s, --server=URI

Set the key server to use.  Can be given multiple times.

[default: hkps://keys.openpgp.org, hkps://mail-api.proton.me, hkps://keys.mailvelope.com, hkps://keyserver.ubuntu.com, hkps://sks.pod01.fleetstreetops.com]


Retrieve certificate(s) using QUERY. This may be a fingerprint, a KeyID, or an email address.

Global options

See sq(1) for a description of the global options.

See Also

sq(1), sq-network(1), sq-network-keyserver(1).

For the full documentation see <https://book.sequoia-pgp.org>.


0.37.0 (sequoia-openpgp 1.21.1)

Referenced By


0.37.0 Sequoia PGP