NAME

generate - Generates a Web Key Directory for the given domain and keys.

SYNOPSIS

generate [-d|--direct-method] [-s|--skip] [-h|--help] <WEB-ROOT> <FQDN> [CERT-RING]

DESCRIPTION

Generates a Web Key Directory for the given domain and keys. If the WKD exists, the new keys will be inserted and it is updated and existing ones will be updated.

A WKD is per domain, and can be queried using the advanced or the direct method. The advanced method uses a URL with a subdomain 'openpgpkey'. As per the specification, the advanced method is to be preferred. The direct method may only be used if the subdomain doesn't exist. The advanced method allows web key directories for several domains on one web server.

The contents of the generated WKD must be copied to a web server so that they are accessible under https://openpgpkey.example.com/.well-known/openpgp/... for the advanced version, and https://example.com/.well-known/openpgp/... for the direct version. sq does not copy files to the web server.

OPTIONS

-d, --direct-method

Uses the direct method [default: advanced method]

-s, --skip

Skips certificates that do not have User IDs for given domain.

-h, --help

Print help information

<WEB-ROOT>

Writes the WKD to WEB-ROOT. Transfer this directory to the webserver.

<FQDN>

Generates a WKD for a fully qualified domain name for email

[CERT-RING]

Adds certificates from CERT-RING to the WKD

EXAMPLES

Generate a WKD in /tmp/wkdroot from certs.pgp for example.com.

 sq wkd generate /tmp/wkdroot example.com certs.ppg

SEE ALSO

For the full documentation see https://docs.sequoia-pgp.org/sq/.

sq(1) sq-armor(1) sq-autocrypt(1) sq-certify(1) sq-dearmor(1) sq-decrypt(1) sq-encrypt(1) sq-inspect(1) sq-key(1) sq-keyring(1) sq-keyserver(1) sq-packet(1) sq-revoke(1) sq-sign(1) sq-verify(1) sq-wkd(1) sq-wkd-direct-url(1) sq-wkd-get(1) sq-wkd-url(1)