sq-toolbox-keyring - Man Page

Manage collections of keys or certs

Synopsis

sq toolbox keyring list [OPTIONS] FILE
sq toolbox keyring split [OPTIONS] FILE
sq toolbox keyring merge [OPTIONS] FILE
sq toolbox keyring filter [OPTIONS] FILE

Description

Manage collections of keys or certs.

Collections of keys or certificates (also known as "keyrings" when they contain secret key material, and "certrings" when they don't) are any number of concatenated certificates.  This subcommand provides tools to list, split, merge, and filter keyrings.

Note: In the documentation of this subcommand, we sometimes use the terms keys and certs interchangeably.

Subcommands

sq toolbox keyring list

List keys in a keyring.

Prints the fingerprint as well as the primary userid for every certificate encountered in the keyring.

sq toolbox keyring split

Split a keyring into individual keys.

Splitting up a keyring into individual keys helps with curating a keyring.

The converse operation is `sq toolbox keyring merge`.

sq toolbox keyring merge

Merge keys or keyrings into a single keyring.

Multiple versions of the same certificate are merged together.  Where data is replaced (e.g., secret key material), data from the later certificate is preferred.

sq toolbox keyring filter

Join keys into a keyring applying a filter.

This can be used to filter keys based on given predicates, e.g. whether they have a user id containing an email address with a certain domain.  Additionally, the keys can be pruned to only include components matching the predicates.

If no filters are supplied, everything matches.

If multiple predicates are given, they are or'ed, i.e. a key matches if any of the predicates match.  To require all predicates to match, chain multiple invocations of this command.  See Examples for inspiration.

Examples

sq toolbox keyring list

List all certs

    sq toolbox keyring list certs.pgp

List all certs with a userid on example.org

    sq toolbox keyring filter --domain example.org certs.pgp \
    | sq toolbox keyring list

sq toolbox keyring split

Split all certs

    sq toolbox keyring split certs.pgp

Split all certs, merging them first to avoid duplicates

    sq toolbox keyring merge certs.pgp | sq toolbox keyring split

sq toolbox keyring merge

Merge certificate updates

    sq toolbox keyring merge certs.pgp romeo-updates.pgp

sq toolbox keyring filter

Converts a key to a cert (i.e., remove any secret key material)

    sq toolbox keyring filter --to-cert cat juliet.pgp

Gets the keys with a user id on example.org

    sq toolbox keyring filter --domain example.org keys.pgp

Gets the keys with a user id on example.org or example.net

    sq toolbox keyring filter --domain example.org \
    --domain example.net \

keys.pgp

Gets the keys with a user id with the name Juliet

    sq toolbox keyring filter --name Juliet keys.pgp

Gets the keys with a user id with the name Juliet on example.org

    sq toolbox keyring filter --domain example.org keys.pgp | \
    sq toolbox keyring filter --name Juliet

Gets the keys with a user id on example.org, pruning other userids

    sq toolbox keyring filter --domain example.org --prune-certs \
    certs.pgp

See Also

sq(1), sq-toolbox(1), sq-toolbox-keyring-list(1), sq-toolbox-keyring-split(1), sq-toolbox-keyring-merge(1), sq-toolbox-keyring-filter(1).

For the full documentation see <https://book.sequoia-pgp.org>.

Version

0.38.0 (sequoia-openpgp 1.21.2)

Referenced By

sq-toolbox(1), sq-toolbox-keyring-filter(1), sq-toolbox-keyring-list(1), sq-toolbox-keyring-merge(1), sq-toolbox-keyring-split(1).

0.38.0 Sequoia PGP