sq-network-dane-generate - Generate DANE records for the given domain and certs
NAME SYNOPSIS DESCRIPTION OPTIONS Subcommand options Global options EXAMPLES SEE ALSO VERSIONNAME
sq−network−dane−generate − Generate DANE records for the given domain and certs
SYNOPSIS
sq network dane generate [OPTIONS]
DESCRIPTION
Generate DANE records for the given domain and certs.
The certificates are minimized, and one record per email address is emitted. If multiple user IDs map to one email address, then all matching user IDs are included in the emitted certificates.
By default, OPENPGPKEY resource records are emitted. If your DNS server doesn’t understand those, use ‘−−type generic‘ to emit generic records instead.
OPTIONS
Subcommand options
|
−−all |
Publish authenticated certs with a user ID matching domain |
Use all certificates that have a user ID matching the domain given to the ‘−−domain‘ parameter that can be fully authenticated.
−−cert=FINGERPRINT|KEYID
Use certificates with the specified fingerprint or key ID
−−cert−email=EMAIL
Use certificates where a user ID includes the specified email address
−−cert−file=PATH
Read certificates from PATH
−−cert−userid=USERID
Use certificates with the specified user ID
−−domain=FQDN
Generate DANE records for this domain name
−−size−limit=BYTES
Try to shrink the certificates to this size
[default: 12288]
−−ttl=DURATION
Set the TTL (maximum cache duration) of the resource records
[default: 10800]
−−type=TYPE
Change the emitted resource record type
[default: openpgp]
[possible values: openpgp, generic]
Global options
See sq(1) for a description of the global options.
EXAMPLES
Generate DANE records from juliet.pgp for example.org.
sq network dane generate −−domain=example.org \
−−cert−file=juliet.pgp
Generate DANE records for all certs with an authenticated user ID in example.org.
sq network dane generate −−domain=example.org −−all
SEE ALSO
sq(1), sq−network(1), sq−network−dane(1).
For the full documentation see <https://book.sequoia−pgp.org/>.
VERSION
1.3.1