Provided by: sq_0.27.0-2_amd64 bug

NAME

       certify - Certifies a User ID for a Certificate

SYNOPSIS

       certify  [-o|--output]  [-B|--binary]  [--time]  [-d|--depth]  [-a|--amount]  [-r|--regex]
       [-l|--local]      [--non-revocable]      [--notation]      [--expires]      [--expires-in]
       [--allow-not-alive-certifier]       [--allow-revoked-certifier]      [--private-key-store]
       [-h|--help] <CERTIFIER-KEY> <CERTIFICATE> <USERID>

DESCRIPTION

       Certifies a User ID for a Certificate

       Using a certification a  keyholder  may  vouch  for  the  fact  that  another  certificate
       legitimately  belongs  to  a  user  id.  In the context of emails this means that the same
       entity controls the key and the email address.  These  kind  of  certifications  form  the
       basis for the Web Of Trust.

       This  command  emits  the certificate with the new certification.  The updated certificate
       has to be distributed, preferably by sending it to the certificate holder for attestation.
       See also "sq key attest-certification".

OPTIONS

       -o, --output=FILE
              Writes to FILE or stdout if omitted

       -B, --binary
              Emits binary data

       --time=TIME
              Sets the certification time to TIME.  TIME is interpreted as an ISO 8601 timestamp.
              To set the certification time to June 9, 2011 at midnight UTC, you can do:

              $ sq certify --time 20130721 neal.pgp ada.pgp ada

              To include a time, add a T, the time  and  optionally  the  timezone  (the  default
              timezone is UTC):

              $ sq certify --time 20130721T0550+0200 neal.pgp ada.pgp ada

       -d, --depth=TRUST_DEPTH [default: 0]
              Sets  the trust depth (sometimes referred to as the trust level).  0 means a normal
              certification of <CERTIFICATE, USERID>.  1 means  CERTIFICATE  is  also  a  trusted
              introducer, 2 means CERTIFICATE is a meta-trusted introducer, etc.

       -a, --amount=TRUST_AMOUNT [default: 120]
              Sets the amount of trust.  Values between 1 and 120 are meaningful. 120 means fully
              trusted.  Values less than 120 indicate the degree of trust.  60  is  usually  used
              for partially trusted.

       -r, --regex=REGEX
              Adds  a regular expression to constrain what a trusted introducer can certify.  The
              regular  expression  must  match  the  certified  User  ID  in   all   intermediate
              introducers,  and  the  certified  certificate. Multiple regular expressions may be
              specified.  In that case, at least one must match.

       -l, --local
              Makes the certification a local certification.  Normally, local certifications  are
              not exported.

       --non-revocable
              Marks  the  certification  as being non-revocable. That is, you cannot later revoke
              this certification.  This should normally only be used with an expiration.

       --notation=NAME VALUE
              Adds a notation to the certification.  A user-defined notation's name  must  be  of
              the  form  "name@a.domain.you.control.org". If the notation's name starts with a !,
              then the notation is marked as being  critical.   If  a  consumer  of  a  signature
              doesn't  understand  a  critical  notation, then it will ignore the signature.  The
              notation is marked as being human readable.

       --expires=TIME
              Makes the certification expire at  TIME  (as  ISO  8601).  Use  "never"  to  create
              certifications that do not expire.

       --expires-in=DURATION
              Makes  the  certification  expire  after  DURATION. Either "N[ymwds]", for N years,
              months, weeks, days, seconds, or "never".  [default: 5y]

       --allow-not-alive-certifier
              Allows the key to make a certification even if the current time  is  prior  to  its
              creation time or the current time is at or after its expiration time.

       --allow-revoked-certifier
              Don't fail if the certificate making the certification is revoked.

       --private-key-store=KEY_STORE
              Provides parameters for private key store

       -h, --help
              Print help information

       <CERTIFIER-KEY>
              Creates the certification using CERTIFIER-KEY.

       <CERTIFICATE>
              Certifies CERTIFICATE.

       <USERID>
              Certifies USERID for CERTIFICATE.

EXAMPLES

        Juliet certifies that Romeo controls romeo.pgp and romeo@example.org

               sq certify juliet.pgp romeo.pgp "<romeo@example.org>"

SEE ALSO

       For the full documentation see <https://docs.sequoia-pgp.org/sq/>.

       sq(1)  sq-armor(1) sq-autocrypt(1) sq-dearmor(1) sq-decrypt(1) sq-encrypt(1) sq-inspect(1)
       sq-key(1) sq-keyring(1) sq-keyserver(1) sq-packet(1) sq-revoke(1) sq-sign(1)  sq-verify(1)
       sq-wkd(1)