Provided by: sq-wot_0.11.0-1_amd64 
NAME
sequoia-wot - An implementation of OpenPGP's web of trust.
SYNOPSIS
sequoia-wot [--gpg] [-k|--keyring] [--gpg-keyring] [--network] [--keyserver]
[-r|--trust-root] [-f|--format] [--gpg-ownertrust] [--gossip] [--certification-network]
[-a|--trust-amount] [--partial] [--full] [--double] [--time] [--known-notation]
[-h|--help] [-V|--version] <subcommands>
DESCRIPTION
An implementation of OpenPGP's web of trust.
OPTIONS
--gpg Uses gpg's keyring and gpg's trust roots.
When this option is set, `sq-wot` reads gpg's keyring and gpg's ownertrust. This
is equivalent to passing `--gpg-keyring` and `--gpg-ownertrust`.
-k, --keyring=FILE
Adds KEYRING to the list of keyrings
The keyrings are read at start up and used to build a web of trust network. Note:
if a certificate occurs multiple times, the first version is taken; they are not
currently merged.
--gpg-keyring
Adds GnuPG's keyring to the list of keyrings.
This option causes `sq-wot` to read gpg's keyring, by parsing the output of `gpg
--export --export-options export-local-sigs`.
--network
Looks up missing certificates over the network.
This causes `sq-wot` to look up missing certificates on a key server. The default
key server can be overridden using the `--keyserver` option.
Certificates fetched from a key server are cached locally in the default cert-d.
The default cert-d is also checked prior to fetching a certificate from the key
server.
--keyserver=KEYSERVER [default: hkps://keyserver.ubuntu.com]
Sets the keyserver to use to KEYSERVER.
This option only makes sense when used in conjunction with the `--network` option.
Currently, it is only possible to set a single keyserver.
-r, --trust-root=FINGERPRINT|KEYID
Treats the specified certificate as a trust root.
It is possible to have multiple trust roots. All trust roots are treated
equivalently. This can be combined with `--gpg-ownertrust`.
-f, --format=FORMAT [default: human-readable]
Render the output in a specific format
Choosing a different output format allows for further post processing of the data
using external tools.
Possible values:
• dot: output in graphviz's DOT format
• human-readable: output in human readable format
--gpg-ownertrust
Causes `sq-wot` to use gpg's trust roots as the trust roots.
`sq-wot` reads the output of `gpg --export-ownertrust`. It treats gpg's ultimately
trusted certificates as fully trust roots. Similar to gpg, it also treats
certificates marked as fully and marginally trusted as fully and marginally trusted
roots, if a self-signed User ID can be authenticated by an ultimately trusted root.
It is possible to set additional trust roots using the `--trust-root` option.
--gossip
Treats all certificates as unreliable trust roots.
This option is useful for figuring out what others think about a certificate (i.e.,
gossip or hearsay). In other words, this finds arbitrary paths to a particular
certificate.
Gossip is useful in helping to identify alternative ways to authenticate a
certificate. For instance, imagine Ed wants to authenticate Laura's certificate,
but asking her directly is inconvenient. Ed discovers that Micah has certified
Laura's certificate, but Ed hasn't yet authenticated Micah's certificate. If Ed is
willing to rely on Micah as a trusted introducer, and authenticating Micah's
certificate is easier than authenticating Laura's certificate, then Ed has learned
about an easier way to authenticate Laura's certificate.
EXAMPLES:
# Get gossip about a certificate.{n} $ sq-wot --keyring keyring.pgp \\{n} --gossip
identify 3217C509292FC67076ECD75C7614269BDDF73B36
--certification-network
Treats the network as a certification network.
Normally, `sq-wot` treats the web-of-trust network as an authentication network
where a certification only means that the binding is correct, not that the target
should be treated as a trusted introducer. In a certification network, the targets
of certifications are treated as trusted introducers with infinite depth, and any
regular expressions are ignored. Note: The trust amount remains unchanged. This is
how most so-called pgp path-finding algorithms work.
-a, --trust-amount=TRUST_AMOUNT
The required amount of trust.
120 indicates full authentication; values less than 120 indicate partial
authentication. When `--certification-network` is passed, this defaults to 1200,
i.e., sq-wot tries to find 10 paths.
--partial
Require partial authentication.
This is the same as passing `--trust-amount 40`.
--full Require full authentication.
This is the same as passing `--trust-amount 120`.
--double
Require double authentication.
This is the same as passing `--trust-amount 240`.
--time=TIME
Sets the reference time to TIME.
TIME is interpreted as an ISO 8601 timestamp. To set the reference time to July
21, 2013 at midnight UTC, you can do:
$ sq-wot --time 20130721 CMD ...
To include a time, add a T, the time and optionally the timezone (the default
timezone is UTC):
$ sq-wot --time 20130721T0550+0200 CMD ...
--known-notation=KNOWN_NOTATION
Adds NOTATION to the list of known notations
This is used when validating signatures. Signatures that have unknown notations
with the critical bit set are considered invalid.
-h, --help
Print help (see a summary with '-h')
-V, --version
Print version
SUBCOMMANDS
sequoia-wot-authenticate(1)
Authenticate a binding
sequoia-wot-lookup(1)
Lookup the certificates associated with a User ID
sequoia-wot-identify(1)
Identify a certificate
sequoia-wot-list(1)
List all authenticated bindings (User ID and certificate pairs)
sequoia-wot-path(1)
Verify the specified path
sequoia-wot-help(1)
Print this message or the help of the given subcommand(s)
VERSION
v0.11.0
AUTHORS
Neal H. Walfield <neal@sequoia-pgp.org>
sequoia-wot 0.11.0 sequoia-wot(1)