NAME

       sq pki identify - Identify a certificate

SYNOPSIS

       sq pki identify [OPTIONS] FINGERPRINT|KEYID

DESCRIPTION

       Identify a certificate.

       Identify a certificate by finding authenticated bindings (User ID and certificate pairs).

       If   a  binding  could  be  authenticated  to  the  specified  level  (by  default:  fully
       authenticated, i.e., a trust amount of 120), then the exit status  is  0.   Otherwise  the
       exit status is 1.

       If  a binding could be partially authenticated (i.e., its trust amount is greater than 0),
       then the binding is displayed, even if the trust is below the specified threshold.

OPTIONS

   Subcommand options
       -a, --amount=AMOUNT
              The required amount of trust.

              120  indicates  full  authentication;  values  less  than  120   indicate   partial
              authentication.   When  `--certification-network` is passed, this defaults to 1200,
              i.e., `sq pki` tries to find 10 paths.

       --certification-network
              Treats the network as a certification network.

              Normally, `sq pki` treats the Web of Trust network  as  an  authentication  network
              where  a  certification only means that the binding is correct, not that the target
              should be treated as a trusted introducer.  In a certification network, the targets
              of  certifications  are treated as trusted introducers with infinite depth, and any
              regular expressions are ignored. Note: The trust amount remains unchanged.  This is
              how most so-called PGP path-finding algorithms work.

       --gossip
              Treats all certificates as unreliable trust roots.

              This option is useful for figuring out what others think about a certificate (i.e.,
              gossip or hearsay).  In other words, this finds arbitrary  paths  to  a  particular
              certificate.

              Gossip  is  useful  in  helping  to  identify  alternative  ways  to authenticate a
              certificate.  For instance, imagine Ed wants to authenticate  Laura's  certificate,
              but  asking  her  directly  is inconvenient.  Ed discovers that Micah has certified
              Laura's certificate, but Ed hasn't yet authenticated Micah's certificate.  If Ed is
              willing  to  rely  on  Micah  as  a  trusted introducer, and authenticating Micah's
              certificate is easier than authenticating Laura's certificate, then Ed has  learned
              about an easier way to authenticate Laura's certificate.

        FINGERPRINT|KEYID
              The fingerprint or Key ID of the certificate to authenticate

   Global options
       See sq(1) for a description of the global options.

EXAMPLES

       Identify the user IDs that can be authenticated for the certificate.

              sq pki identify EB28F26E2739A4870ECC47726F0073F60FD0CBF0

       List all user IDs that have that have been certified by anyone.

              sq pki identify --gossip \
                     511257EBBF077B7AEDAE5D093F68CB84CE537C9A

SEE ALSO

       sq(1), sq-pki(1).

       For the full documentation see <https://book.sequoia-pgp.org>.

VERSION

       0.34.0 (sequoia-openpgp 1.19.0)