Provided by: sq_0.37.0-1_amd64 bug

NAME
       sq network fetch - Retrieve certificates using all supported network services


SYNOPSIS
       sq network fetch [OPTIONS] QUERY


DESCRIPTION
       Retrieve certificates using all supported network services.

       This  command  will  try to locate relevant certificates given a query, which may be a fingerprint, a key
       ID, an email address, or a https URL.  It may also discover and import certificate  related  to  the  one
       queried, such as alternative certs, expired certs, or revoked certs.

       Discovering  related  certs  is  useful:  alternative  certs  support  key rotations, expired certs allow
       verification of signatures made in the past, and discovering  revoked  certs  is  important  to  get  the
       revocation information.  The PKI mechanism will help to select the correct cert, see `sq pki`.

       By  default, any returned certificates are stored in the local certificate store.  This can be overridden
       by using `--output` option.

       When a certificate is retrieved from a verifying key server (currently, this is  limited  to  a  list  of
       known servers: `hkps://keys.openpgp.org`, `hkps://keys.mailvelope.com`, and `hkps://mail-api.proton.me`),
       WKD, DANE, or via https,  and  imported  into  the  local  certificate  store,  the  User  IDs  are  also
       certificated  with  a  local  server-specific  key.   That  proxy  certificate  is in turn certified as a
       minimally trusted CA (trust amount: 1 of 120) by the local trust root.  How much a proxy key server CA is
       trusted can be tuned using `sq pki link add` or `sq pki link retract` in the usual way.


OPTIONS
   Subcommand options
       -B, --binary
              Emit binary data

       --all  Fetch updates for all known certificates

       -o, --output=FILE
              Write to FILE (or stdout when omitted) instead of importing into the certificate store

       -s, --server=URI
              Set the key server to use.  Can be given multiple times.

        QUERY Retrieve  certificate(s)  using  QUERY. This may be a fingerprint, a KeyID, an email address, or a
              https URL.

   Global options
       See sq(1) for a description of the global options.


SEE ALSO
       sq(1), sq-network(1).

       For the full documentation see <https://book.sequoia-pgp.org>.


VERSION
       0.34.0 (sequoia-openpgp 1.19.0)