Provided by: sq_0.40.0-1_amd64 bug

NAME
       sq pki path - Verify the specified path


SYNOPSIS
       sq pki path [OPTIONS] FINGERPRINT|KEYID


DESCRIPTION
       Verify the specified path.

       A  path  is a sequence of certificates starting at the root, and a User ID.  This function
       checks that each path  segment  has  a  valid  certification,  which  also  satisfies  any
       constraints (trust amount, trust depth, regular expressions).

       If a valid path is not found, then this subcommand also lints the path.  In particular, it
       report if any certifications are insufficient, e.g., not enough trust depth,  or  invalid,
       e.g., because they use SHA-1, but the use of SHA-1 has been disabled.


OPTIONS
   Subcommand options
       --amount=AMOUNT
              The required amount of trust.

              120   indicates   full  authentication;  values  less  than  120  indicate  partial
              authentication.  When `--certification-network` is passed, this defaults  to  1200,
              i.e., `sq pki` tries to find 10 paths.

       --certification-network
              Treats the network as a certification network.

              Normally,  `sq  pki`  treats  the Web of Trust network as an authentication network
              where a certification only means that the binding is correct, not that  the  target
              should be treated as a trusted introducer.  In a certification network, the targets
              of certifications are treated as trusted introducers with infinite depth,  and  any
              regular expressions are ignored. Note: The trust amount remains unchanged.  This is
              how most so-called PGP path-finding algorithms work.

       --email=EMAIL
              Use a user ID with the specified email address.

              This first searches for a matching self-signed user ID.  If there is no self-signed
              user  ID  with  the specified email, it uses a new user ID with the specified email
              address, and no display name.

       --name=DISPLAY_NAME
              Use a user ID with the specified display name.

              This first searches for a matching self-signed user ID.  If there is no self-signed
              user  ID  with the specified name, it uses a new user ID with the specified display
              name, and no email address.

       --userid=USERID
              Use the specified user ID.

              The specified user ID does not need to be self signed.

        FINGERPRINT|KEYID
              The path to authenticate.

              A path consists of one or more certificates.  The first certificate  is  the  root,
              and the last certificate is the one being authenticated for the specified user ID.

   Global options
       See sq(1) for a description of the global options.


EXAMPLES
       Verify that Alice ceritified a particular User ID for Bob's certificate.

              sq pki path EB28F26E2739A4870ECC47726F0073F60FD0CBF0 \
                     511257EBBF077B7AEDAE5D093F68CB84CE537C9A --userid \
                     "Bob <bob@example.org>"


SEE ALSO
       sq(1), sq-pki(1).

       For the full documentation see <https://book.sequoia-pgp.org>.


VERSION
       0.40.0 (sequoia-openpgp 1.21.2)