Provided by: sq_0.40.0-1_amd64 
NAME
sq keyring filter - Join keys into a keyring applying a filter
SYNOPSIS
sq keyring filter [OPTIONS] FILE
DESCRIPTION
Join keys into a keyring applying a filter.
This can be used to filter keys based on given predicates, e.g. whether they have a user
id containing an email address with a certain domain. Additionally, the keys can be
pruned to only include components matching the predicates.
If no filters are supplied, everything matches.
If multiple predicates are given, they are or'ed, i.e., a key matches if any of the
predicates match. To require all predicates to match, chain multiple invocations of this
command. See EXAMPLES for inspiration.
Note: this command is considered experimental and may change in future releases. To
acknowledge this, you must give the `--experimental` flag when invoking this command.
OPTIONS
Subcommand options
--cert=FINGERPRINT|KEYID
Match on primary keys, including those certificates that match the given
fingerprint or key ID.
--domain=FQDN
Parse user ids into name and email address and case-sensitively matches on the
domain of the email address, requiring an exact match.
--email=ADDRESS
Parse user ids into name and email address and case-sensitively matches on the
email address, requiring an exact match.
--experimental
Opt-in to using an experimental feature
This command is considered experimental and may change in future releases. To
acknowledge this, you must give the `--experimental` flag when invoking this
command.
In the future, we may stabilize this command. When that happens, `--experimental`
will no longer be required, but will be ignored silently.
--key=FINGERPRINT|KEYID
Match on both primary keys and subkeys, including those certificates that match the
given fingerprint or key ID.
--name=NAME
Parse user ids into name and email and case-sensitively matches on the name,
requiring an exact match.
--output=FILE
Write to FILE or stdout if omitted
[default: -]
--prune-certs
Remove certificate components not matching the filter
--to-cert
Convert any keys in the input to certificates. Converting a key to a certificate
removes secret key material from the key thereby turning it into a certificate.
--userid=USERID
Case-sensitively matches on the user id, requiring an exact match.
FILE Read from FILE or stdin if omitted
Global options
See sq(1) for a description of the global options.
EXAMPLES
Convert all keys to certificates (i.e. remove any secret key material).
sq keyring filter --experimental --to-cert certs.pgp
Get all certificates with a user ID on example.org.
sq keyring filter --experimental --domain=example.org \
certs.pgp
Get all certificates with a user ID on example.org or example.net.
sq keyring filter --experimental --domain=example.org \
--domain=example.net certs.pgp
Get all certificates with a name user ID matching Romeo.
sq keyring filter --experimental --name=Romeo certs.pgp
Get all certificates with a name user ID matching Romeo on example.org.
sq keyring filter --experimental --domain=example.org \
certs.pgp \
| sq keyring filter --experimental --name=Romeo
Get all certificates with a user ID on example.org, pruning other user IDs.
sq keyring filter --experimental --domain=example.org \
--prune-certs certs.pgp
SEE ALSO
sq(1), sq-keyring(1).
For the full documentation see <https://book.sequoia-pgp.org>.
VERSION
0.40.0 (sequoia-openpgp 1.21.2)