Import and export of certificates
Certificates can be disseminated in many possible ways: as download from a website, as an attachment to an email and so on. In these cases you end up with a certificate contained in a file. To use that, you have to import it into the certificate store by:
$ sq cert import $FILE
This will try to import the certificate inside $FILE. If $FILE is skipped, sq cert import expects the certificate via STDIN:
$ cat $FILE | sq cert import
Importing certificates from a file has no influence on any implied authenticity. It's included into the certificate store as such. Use sq pki link add to attest authenticity.
Certificates can be exported from the cert store via
$ sq cert export $QUERY
with $QUERY consisting of:
--cert $FPR- a certificate designated by its fingerprint--cert-email $EMAIL- all certificates containing a user id matching$EMAIL--cert-userid $USERID- all certificates containing a user id$USERID--cert-domain $DOMAIN- all certificates containing a user id with an email address from domain$DOAMIN--cert-grep $PATTERN- all certificates containing a user id matching$PATTERN
These queries can be combined, sq cert export will then export any valid certificate matching any of these queries. Invalid certificates are for instance certificates using outdated hash functions in signatures, those are excluded. You can work around this restriction by passing --policy-as-of using a date which predates the deprecation date of said function.
$ sq cert export --cert-email alice@example.com
$ sq cert export --cert EE99C48D11A4BE940569C4B3919EA6F609043A04 --cert-domain example.com
The result of the query is printed to STDOUT.
A special query is --all: This exports all certificates, even the invalid ones.
sq cert export will not export non-exportable signatures including components bound by these signatures. Passing --local will include these components - this feature is meant for backups or if you want to synchronize between different devices or locations (like a USB stick).
$ sq cert export --local --all