sq-wot-authenticate - Man Page

Authenticate a binding


authenticate [--email] [-h|--help] <FINGERPRINT|KEYID> <USERID>


Authenticate a binding.

Authenticate a binding (a certificate and User ID) by looking for a path from the trust roots to the specified binding in the web of trust.  Because certifications may express uncertainty (i.e., certifications may be marked as conveying only partial or marginal trust), multiple paths may be needed.

If a binding could be authenticated to the specified level (by default: fully authenticated, i.e., a trust amount of 120), then the exit status is 0.  Otherwise the exit status is 1.

If any valid paths to the binding are found, they are printed on stdout whether they are sufficient to authenticate the binding or not.



Changes the USERID parameter to match User IDs with the specified email address.

Interprets the USERID parameter as an email address, which is then used to select User IDs with that email address.

Unlike when comparing User IDs, email addresses are first normalized by the domain to ASCII using IDNA2008 Punycode conversion, and then converting the resulting email address to lowercase using the empty locale.

If multiple User IDs match, they are each considered in turn, and this function returns success if at least one of those User IDs can be authenticated.  Note: The paths to the different User IDs are not combined.

-h,  --help

Print help (see a summary with '-h')


The fingerprint or Key ID of the certificate to authenticate


The User ID to authenticate.

This is case sensitive, and must be the whole User ID, not just a substring or an email address.



 # Authenticate a binding.
 $ sq --keyring keyring.pgp \
     --partial \
     --trust-root 8F17777118A33DDA9BA48E62AACB3243630052D9 \
   authenticate \
     C7966E3E7CE67DBBECE5FC154E2AD944CFC78C86 \
     'Alice <alice@example.org>'

 # Try and authenticate each binding where the User ID has the
 # specified email address.
 $ sq --keyring keyring.pgp \
     --trust-root 8F17777118A33DDA9BA48E62AACB3243630052D9 \
   authenticate \
     C7966E3E7CE67DBBECE5FC154E2AD944CFC78C86 \
     --email 'alice@example.org'