NAME

       sq pki lookup - Lookup the certificates associated with a User ID

SYNOPSIS

       sq pki lookup [OPTIONS]

DESCRIPTION

       Lookup the certificates associated with a User ID.

       Identifies  authenticated  bindings  (User  ID  and  certificate  pairs) where the User ID
       matches the specified User ID.

       An error is return if no binding  could  be  authenticated  to  the  specified  level  (by
       default: fully authenticated, i.e., a trust amount of 120).

       If  a binding could be partially authenticated (i.e., its trust amount is greater than 0),
       then the binding is displayed, even if the trust is below the specified threshold.

OPTIONS

   Subcommand options
       --amount=AMOUNT
              The required amount of trust.

              120  indicates  full  authentication;  values  less  than  120   indicate   partial
              authentication.   When  `--certification-network` is passed, this defaults to 1200,
              i.e., `sq pki` tries to find 10 paths.

       --certification-network
              Treats the network as a certification network.

              Normally, `sq pki` treats the Web of Trust network  as  an  authentication  network
              where  a  certification only means that the binding is correct, not that the target
              should be treated as a trusted introducer.  In a certification network, the targets
              of  certifications  are treated as trusted introducers with infinite depth, and any
              regular expressions are ignored. Note: The trust amount remains unchanged.  This is
              how most so-called PGP path-finding algorithms work.

       --email=EMAIL
              Use a user ID with the specified email address.

              This first searches for a matching self-signed user ID.  If there is no self-signed
              user ID with the specified email, it uses a new user ID with  the  specified  email
              address, and no display name.

       --gossip
              Treats all certificates as unreliable trust roots.

              This option is useful for figuring out what others think about a certificate (i.e.,
              gossip or hearsay).  In other words, this finds arbitrary  paths  to  a  particular
              certificate.

              Gossip  is  useful  in  helping  to  identify  alternative  ways  to authenticate a
              certificate.  For instance, imagine Ed wants to authenticate  Laura's  certificate,
              but  asking  her  directly  is inconvenient.  Ed discovers that Micah has certified
              Laura's certificate, but Ed hasn't yet authenticated Micah's certificate.  If Ed is
              willing  to  rely  on  Micah  as  a  trusted introducer, and authenticating Micah's
              certificate is easier than authenticating Laura's certificate, then Ed has  learned
              about an easier way to authenticate Laura's certificate.

       --show-paths
              Show why a binding is authenticated.

              By  default,  only  a user ID and certificate binding's degree of authentication (a
              value between 0 and 120) is shown.  This changes the output to also show  how  that
              value was computed by showing the paths from the trust roots to the bindings.

       --userid=USERID
              Use the specified user ID.

              The specified user ID does not need to be self signed.

   Global options
       See sq(1) for a description of the global options.

EXAMPLES

       Lookup certificates that can be authenticated for the given user ID.

              sq pki lookup --userid "Alice <alice@example.org>"

       Lookup certificates that have a user ID with the specified email address, and that user ID
       can be authenticated.

              sq pki lookup --email alice@example.org

SEE ALSO

       sq(1), sq-pki(1).

       For the full documentation see <https://book.sequoia-pgp.org>.

VERSION

       0.40.0 (sequoia-openpgp 1.21.2)