.TH SQ 1 0.35.0 "Sequoia PGP" "User Commands" .SH NAME sq network fetch \- Retrieve certificates using all supported network services .SH SYNOPSIS .br \fBsq network fetch\fR [\fIOPTIONS\fR] \fIQUERY\fR .SH DESCRIPTION Retrieve certificates using all supported network services. .PP This command will try to locate relevant certificates given a query, which may be a fingerprint, a key ID, an email address, or a https URL. It may also discover and import certificate related to the one queried, such as alternative certs, expired certs, or revoked certs. .PP Discovering related certs is useful: alternative certs support key rotations, expired certs allow verification of signatures made in the past, and discovering revoked certs is important to get the revocation information. The PKI mechanism will help to select the correct cert, see `sq pki`. .PP By default, any returned certificates are stored in the local certificate store. This can be overridden by using `\-\-output` option. .PP When a certificate is retrieved from a verifying key server (currently, this is limited to a list of known servers: `hkps://keys.openpgp.org`, `hkps://keys.mailvelope.com`, and `hkps://mail\-api.proton.me`), WKD, DANE, or via https, and imported into the local certificate store, the User IDs are also certificated with a local server\-specific key. That proxy certificate is in turn certified as a minimally trusted CA (trust amount: 1 of 120) by the local trust root. How much a proxy key server CA is trusted can be tuned using `sq pki link add` or `sq pki link retract` in the usual way. .PP .SH OPTIONS .SS "Subcommand options" .TP \fB\-B\fR, \fB\-\-binary\fR Emit binary data .TP \fB\-\-all\fR Fetch updates for all known certificates .TP \fB\-o\fR, \fB\-\-output\fR=\fIFILE\fR Write to FILE (or stdout when omitted) instead of importing into the certificate store .TP \fB\-s\fR, \fB\-\-server\fR=\fIURI\fR Set the key server to use. Can be given multiple times. .IP [default: \fBhkps://keys.openpgp.org\fR, \fBhkps://mail\-api.proton.me\fR, \fBhkps://keys.mailvelope.com\fR, \fBhkps://keyserver.ubuntu.com\fR, \fBhkps://sks.pod01.fleetstreetops.com\fR] .TP \fIQUERY\fR Retrieve certificate(s) using QUERY. This may be a fingerprint, a KeyID, an email address, or a https URL. .SS "Global options" See \fBsq\fR(1) for a description of the global options. .SH "SEE ALSO" .nh \fBsq\fR(1), \fBsq\-network\fR(1). .hy .PP For the full documentation see . .SH VERSION 0.35.0 (sequoia\-openpgp 1.20.0)