Provided by: sq-wot_0.12.0-4_amd64 bug

NAME

       sequoia-wot - An implementation of OpenPGP's web of trust.

SYNOPSIS

       sequoia-wot    [--gpg]    [-k|--keyring]    [--gpg-keyring]    [--network]   [--keyserver]
       [-r|--trust-root] [-f|--format]  [--gpg-ownertrust]  [--gossip]  [--certification-network]
       [-a|--trust-amount]    [--partial]   [--full]   [--double]   [--time]   [--known-notation]
       [-h|--help] [-V|--version] <subcommands>

DESCRIPTION

       An implementation of OpenPGP's web of trust.

OPTIONS

       --gpg  Uses gpg's keyring and gpg's trust roots.

              When this option is set, `sq-wot` reads gpg's keyring and gpg's  ownertrust.   This
              is equivalent to passing `--gpg-keyring` and `--gpg-ownertrust`.

       -k, --keyring=FILE
              Adds KEYRING to the list of keyrings

              The  keyrings are read at start up and used to build a web of trust network.  Note:
              if a certificate occurs multiple times, the first version is taken;  they  are  not
              currently merged.

       --gpg-keyring
              Adds GnuPG's keyring to the list of keyrings.

              This  option  causes  `sq-wot` to read gpg's keyring, by parsing the output of `gpg
              --export --export-options export-local-sigs`.

       --network
              Looks up missing certificates over the network.

              This causes `sq-wot` to look up missing certificates on a key server.  The  default
              key server can be overridden using the `--keyserver` option.

              Certificates  fetched  from  a key server are cached locally in the default cert-d.
              The default cert-d is also checked prior to fetching a  certificate  from  the  key
              server.

       --keyserver=KEYSERVER [default: hkps://keyserver.ubuntu.com]
              Sets the keyserver to use to KEYSERVER.

              This  option only makes sense when used in conjunction with the `--network` option.
              Currently, it is only possible to set a single keyserver.

       -r, --trust-root=FINGERPRINT|KEYID
              Treats the specified certificate as a trust root.

              It is possible  to  have  multiple  trust  roots.   All  trust  roots  are  treated
              equivalently.  This can be combined with `--gpg-ownertrust`.

       -f, --format=FORMAT [default: human-readable]
              Render the output in a specific format

              Choosing  a  different output format allows for further post processing of the data
              using external tools.

              Possible values:

                     • dot: output in graphviz's DOT format

                     • human-readable: output in human readable format

       --gpg-ownertrust
              Causes `sq-wot` to use gpg's trust roots as the trust roots.

              `sq-wot` reads the output of `gpg --export-ownertrust`.  It treats gpg's ultimately
              trusted  certificates  as  fully  trust  roots.   Similar  to  gpg,  it also treats
              certificates marked as fully and marginally trusted as fully and marginally trusted
              roots, if a self-signed User ID can be authenticated by an ultimately trusted root.

              It is possible to set additional trust roots using the `--trust-root` option.

       --gossip
              Treats all certificates as unreliable trust roots.

              This option is useful for figuring out what others think about a certificate (i.e.,
              gossip or hearsay).  In other words, this finds arbitrary  paths  to  a  particular
              certificate.

              Gossip  is  useful  in  helping  to  identify  alternative  ways  to authenticate a
              certificate.  For instance, imagine Ed wants to authenticate  Laura's  certificate,
              but  asking  her  directly  is inconvenient.  Ed discovers that Micah has certified
              Laura's certificate, but Ed hasn't yet authenticated Micah's certificate.  If Ed is
              willing  to  rely  on  Micah  as  a  trusted introducer, and authenticating Micah's
              certificate is easier than authenticating Laura's certificate, then Ed has  learned
              about an easier way to authenticate Laura's certificate.

              EXAMPLES:

              #  Get gossip about a certificate.{n} $ sq-wot --keyring keyring.pgp \\{n} --gossip
              identify 3217C509292FC67076ECD75C7614269BDDF73B36

       --certification-network
              Treats the network as a certification network.

              Normally, `sq-wot` treats the web-of-trust network  as  an  authentication  network
              where  a  certification only means that the binding is correct, not that the target
              should be treated as a trusted introducer.  In a certification network, the targets
              of  certifications  are treated as trusted introducers with infinite depth, and any
              regular expressions are ignored. Note: The trust amount remains unchanged.  This is
              how most so-called pgp path-finding algorithms work.

       -a, --trust-amount=TRUST_AMOUNT
              The required amount of trust.

              120   indicates   full  authentication;  values  less  than  120  indicate  partial
              authentication.  When `--certification-network` is passed, this defaults  to  1200,
              i.e., sq-wot tries to find 10 paths.

       --partial
              Require partial authentication.

              This is the same as passing `--trust-amount 40`.

       --full Require full authentication.

              This is the same as passing `--trust-amount 120`.

       --double
              Require double authentication.

              This is the same as passing `--trust-amount 240`.

       --time=TIME
              Sets the reference time to TIME.

              TIME  is  interpreted  as an ISO 8601 timestamp.  To set the reference time to July
              21, 2013 at midnight UTC, you can do:

              $ sq-wot --time 20130721 CMD ...

              To include a time, add a T, the time  and  optionally  the  timezone  (the  default
              timezone is UTC):

              $ sq-wot --time 20130721T0550+0200 CMD ...

       --known-notation=KNOWN_NOTATION
              Adds NOTATION to the list of known notations

              This  is  used  when validating signatures.  Signatures that have unknown notations
              with the critical bit set are considered invalid.

       -h, --help
              Print help (see a summary with '-h')

       -V, --version
              Print version

SUBCOMMANDS

       sequoia-wot-authenticate(1)
              Authenticate a binding

       sequoia-wot-lookup(1)
              Lookup the certificates associated with a User ID

       sequoia-wot-identify(1)
              Identify a certificate

       sequoia-wot-list(1)
              List all authenticated bindings (User ID and certificate pairs)

       sequoia-wot-path(1)
              Verify the specified path

       sequoia-wot-help(1)
              Print this message or the help of the given subcommand(s)

VERSION

       v0.12.0

AUTHORS

       Neal H. Walfield <neal@sequoia-pgp.org>

                                        sequoia-wot 0.12.0                         sequoia-wot(1)