.TH SQ 1 0.35.0 "Sequoia PGP" "User Commands" .SH NAME sq network dane \- Retrieve and publishes certificates via DANE .SH SYNOPSIS .br \fBsq network dane generate\fR [\fIOPTIONS\fR] \fIFQDN\fR \fICERT\-RING\fR .br \fBsq network dane fetch\fR [\fIOPTIONS\fR] \fIADDRESS\fR .SH DESCRIPTION Retrieve and publishes certificates via DANE. .PP DNS\-Based Authentication of Named Entities (DANE) is a method for publishing and retrieving certificates in DNS as specified in RFC 7929. .PP .SH SUBCOMMANDS .SS "sq network dane generate" Generate DANE records for the given domain and certs. .PP The certificates are minimized, and one record per email address is emitted. If multiple user IDs map to one email address, then all matching user IDs are included in the emitted certificates. .PP By default, OPENPGPKEY resource records are emitted. If your DNS server doesn't understand those, use `\-\-generic` to emit generic records instead. .PP .SS "sq network dane fetch" Retrieve certificates using DANE. .PP By default, any returned certificates are stored in the local certificate store. This can be overridden by using `\-\-output` option. .PP When a certificate is retrieved using DANE, and imported into the local certificate store, any User IDs with the email address that was looked up are certificated with a local DANE\-specific key. That proxy certificate is in turn certified as a minimally trusted CA (trust amount: 1 of 120) by the local trust root. How much the DANE proxy CA is trusted can be tuned using `sq pki link add` or `sq pki link retract` in the usual way. .PP .SH EXAMPLES .SS "sq network dane generate" .PP .PP Generate DANE records from certs.pgp for example.com. .PP .nf .RS sq dane generate example.com certs.pgp .RE .fi .PP .SH "SEE ALSO" .nh \fBsq\fR(1), \fBsq\-network\fR(1), \fBsq\-network\-dane\-generate\fR(1), \fBsq\-network\-dane\-fetch\fR(1). .hy .PP For the full documentation see . .SH VERSION 0.35.0 (sequoia\-openpgp 1.20.0)