SQ(1) User Commands SQ(1) NAME sq keyring filter - Join keys into a keyring applying a filter SYNOPSIS sq keyring filter [OPTIONS] FILE DESCRIPTION Join keys into a keyring applying a filter. This can be used to filter keys based on given predicates, e.g. whether they have a user id containing an email address with a certain domain. Additionally, the keys can be pruned to only include components matching the predicates. If no filters are supplied, everything matches. If multiple predicates are given, they are or'ed, i.e., a key matches if any of the predicates match. To require all predicates to match, chain multiple invocations of this command. See EXAMPLES for inspiration. Note: this command is considered experimental and may change in future releases. To acknowledge this, you must give the `--experimental` flag when invoking this command. OPTIONS Subcommand options --cert=FINGERPRINT|KEYID Match on certificate fingerprints and key IDs Match on primary keys, including those certificates that match the given fingerprint or key ID. --domain=FQDN Match on email domain FQDN Parse user IDs into name and email address and case-sensitively matches on the domain of the email address, requiring an exact match. --email=ADDRESS Match on email ADDRESS Parse user IDs into name and email address and case-sensitively matches on the email address, requiring an exact match. --experimental Opt-in to using an experimental feature This command is considered experimental and may change in future releases. To acknowledge this, you must give the `--experimental` flag when invoking this command. In the future, we may stabilize this command. When that happens, `--experimental` will no longer be required, but will be ignored silently. --key=FINGERPRINT|KEYID Match on (sub)key fingerprints and key IDs Match on both primary keys and subkeys, including those certificates that match the given fingerprint or key ID. --name=NAME Match on NAME Parse user IDs into name and email and case-sensitively matches on the name, requiring an exact match. --output=FILE Write to FILE or stdout if omitted [default: -] --prune-certs Remove certificate components not matching the filter --to-cert Convert any keys in the input to certificates Converting a key to a certificate removes secret key material from the key thereby turning it into a certificate. --userid=USERID Match on USERID Case-sensitively matches on the user ID, requiring an exact match. FILE Read from FILE or stdin if omitted Global options See sq(1) for a description of the global options. EXAMPLES Convert all keys to certificates (i.e. remove any secret key material). sq keyring filter --experimental --to-cert certs.pgp Get all certificates with a user ID on example.org. sq keyring filter --experimental --domain=example.org \ certs.pgp Get all certificates with a user ID on example.org or example.net. sq keyring filter --experimental --domain=example.org \ --domain=example.net certs.pgp Get all certificates with a name user ID matching Romeo. sq keyring filter --experimental --name=Romeo certs.pgp Get all certificates with a name user ID matching Romeo on example.org. sq keyring filter --experimental --domain=example.org \ certs.pgp \ | sq keyring filter --experimental --name=Romeo Get all certificates with a user ID on example.org, pruning other user IDs. sq keyring filter --experimental --domain=example.org \ --prune-certs certs.pgp SEE ALSO sq(1), sq-keyring(1). For the full documentation see . VERSION 1.2.0 (sequoia-openpgp 1.22.0) Sequoia PGP 1.2.0 SQ(1)