SQ(1) User Commands SQ(1)

sq wkd generate - Generates a Web Key Directory for the given domain and keys.

sq [GLOBAL OPTIONS] wkd generate [OPTIONS] WEB-ROOT FQDN CERT-RING

Generates a Web Key Directory for the given domain and keys.

If the WKD exists, the new keys will be inserted and it is updated and existing ones will be updated.

A WKD is per domain, and can be queried using the advanced or the direct method. The advanced method uses a URL with a subdomain 'openpgpkey'. As per the specification, the advanced method is to be preferred. The direct method may only be used if the subdomain doesn't exist. The advanced method allows web key directories for several domains on one web server.

The contents of the generated WKD must be copied to a web server so that they are accessible under https://openpgpkey.example.com/.well-known/openpgp/... for the advanced version, and https://example.com/.well-known/openpgp/... for the direct version. sq does not copy files to the web server.

Specifies the location of the certificate store
Overwrites existing files
Specifies the location of a keyring to use
Adds NOTATION to the list of known notations
Disables the use of a certificate store
Produces output in FORMAT, if possible
Produces output variant VERSION.
Specifies the location of a pEp certificate store
Sets the reference time as ISO 8601 formatted timestamp
Considers the specified certificate to be a trust root

Uses the direct method [default: advanced method]
Skips certificates that do not have User IDs for given domain.

Generate a WKD in /tmp/wkdroot from certs.pgp for example.com.

sq wkd generate /tmp/wkdroot example.com certs.ppg

sq(1).

For the full documentation see https://docs.sequoia-pgp.org/sq/.

0.31.0 (sequoia-openpgp 1.16.0, using Nettle 3.9 (Cv448: true))

0.31.0 Sequoia-PGP