.TH SQ 1 0.38.0 "Sequoia PGP" "User Commands" .SH NAME sq network keyserver fetch \- Retrieve certificates from key servers .SH SYNOPSIS .br \fBsq network keyserver fetch\fR [\fIOPTIONS\fR] \fIQUERY\fR .SH DESCRIPTION Retrieve certificates from key servers. .PP By default, any returned certificates are stored in the local certificate store. This can be overridden by using `\-\-output` option. .PP When a certificate is retrieved from a verifying key server (currently, this is limited to a list of known servers: `hkps://keys.openpgp.org`, `hkps://keys.mailvelope.com`, and `hkps://mail\-api.proton.me`), and imported into the local certificate store, the User IDs are also certificated with a local server\-specific key. That proxy certificate is in turn certified as a minimally trusted CA (trust amount: 1 of 120) by the local trust root. How much a proxy key server CA is trusted can be tuned using `sq pki link add` or `sq pki link retract` in the usual way. .PP .SH OPTIONS .SS "Subcommand options" .TP \fB\-\-all\fR Fetch updates for all known certificates .TP \fB\-\-binary\fR Emit binary data .TP \fB\-\-output\fR=\fIFILE\fR Write to FILE (or stdout when omitted) instead of importing into the certificate store .TP \fB\-\-server\fR=\fIURI\fR Set the key server to use. Can be given multiple times. .IP [default: \fBhkps://keys.openpgp.org\fR, \fBhkps://mail\-api.proton.me\fR, \fBhkps://keys.mailvelope.com\fR, \fBhkps://keyserver.ubuntu.com\fR, \fBhkps://sks.pod01.fleetstreetops.com\fR] .TP \fIQUERY\fR Retrieve certificate(s) using QUERY. This may be a fingerprint, a KeyID, or an email address. .SS "Global options" See \fBsq\fR(1) for a description of the global options. .SH "SEE ALSO" .nh \fBsq\fR(1), \fBsq\-network\fR(1), \fBsq\-network\-keyserver\fR(1). .hy .PP For the full documentation see . .SH VERSION 0.38.0 (sequoia\-openpgp 1.21.2)