2023-03-14 19:09:03 +03:00
-*- org -*-
#+TITLE: sequoia-sq NEWS – history of user-visible changes
#+STARTUP: content hidestars
2023-06-17 17:19:16 +03:00
* Changes in 0.31.0
* New functionality
- `sq key subkey add` allows to create and add a new subkey to an
existing certificate.
- The functionality of `sq-keyring-linter` is now available as
`sq keyring lint`.
- The new subcommands `sq key revoke`, `sq key subkey revoke` and
`sq key userid revoke`, allow writing to a file using the
`--output` option.
* Notable changes
- The `--keyring` option is now global and can be specified anywhere
when calling `sq`.
* Deprecated functionality
- The `--expires` and `--expires-in` options used in various
subcommands are deprecated in favor of the unifying `--expiry`.
- `sq key generate --export FILE` is deprecated in favor of the more
generic `sq key generate --output FILE`.
- The `sq revoke certificate` command has been renamed to `sq key
revoke`.
- The `sq revoke subkey` command has been renamed to `sq key subkey
revoke`.
- The `sq revoke userid` command has been renamed to `sq key userid
revoke`.
2023-05-19 17:18:34 +03:00
* Changes in 0.30.1
* Notable changes
- The `crypto-botan` feature now selects Botan's v3 interface. Use
the new `crypto-botan2` feature to continue using Botan's v2
interface.
2023-05-19 17:20:30 +03:00
* Notable fixes
- Several parser bugs were fixed in sequoia-openpgp 1.16.0 and
buffered-reader 1.2.0. These are all low-severity as Rust
correctly detects the out of bounds access and panics. Update
Cargo.lock to make sure we use these versions.
2023-05-08 13:39:04 +03:00
* Changes in 0.30
* New functionality
- `sq key adopt` now honors `--time`.
- Add `sq key adopt --expire` to allow setting an adopted key's
expiration time.
- Add support for using pEp's certificate store. A pEp certificate
store can be used by specifying `sq --pep-cert-store PATH` or
setting the environment variable `PEP_CERT_STORE`.
2023-03-14 19:09:03 +03:00
* Changes in 0.29
** New functionality
- `sq` now supports and implicitly uses a certificate store. By
default, `sq` uses the standard OpenPGP certificate directory.
This is located at `$HOME/.local/share/pgp.cert.d` on XDG
compliant systems.
- `sq --no-cert-store`: A new switch to disable the use of the
certificate store.
- `sq --cert-store`: A new option to use an alternate certificate
store. Currently, only OpenPGP certificate directories are
supported.
- `sq import`: A new command to import certificates into the
certificate store.
- `sq export`: A new command to export certificates from the
certificate store.
- `sq encrypt --recipient-cert`: A new option to specify a
recipient's certificate by fingerprint or key ID, which is then
looked up in the certificate store.
- `sq verify --signer-cert`: A new option to specify a signer's
certificate by fingerprint or key ID, which is then looked up in
the certificate store.
- `sq verify` now also implicitly looks for missing certificates in
the certificate store. But, unless they are explicitly named
using `--signer-cert`, they are not considered authenticated and
the verification will always fail.
- `sq certify`: If the certificate to certify is a fingerprint or
Key ID, then the corresponding certificate is looked up in the
certificate store.
2023-03-25 12:25:32 +03:00
- Add a global option, `--time`, to set the reference time. This
option replaces the various subcommand's `--time` argument as
well as `sq key generate` and `sq key userid add`'s
`--creation-time` arguments.
2023-03-18 23:03:16 +03:00
- Add top-level option, `--trust-root`, to allow the user to
specify trust roots.
- Extend `sq encrypt` to allow addressing recipients by User ID
(`--recipient-userid`) or email address (`--recipient-email`).
Only User IDs that can be fully authenticated are considered.
2023-03-21 22:14:10 +03:00
- Extend `sq verify` to verify certificates looked up from the
certificate store using the web of trust. If the signature
includes a Signer's User ID packet, and the binding can be fully
authenticated, consider the signature to be authenticated. If
there is no Signer's User ID packet, consider the signature to be
authenticated if any binding can fully be authenticated.
2023-03-22 13:11:34 +03:00
- Add `sq link add`, which uses the local trust root to
certify the specified bindings.
- Add `sq link retract`, which retracts certifications made by the
local trust root on the specified bindings.
2023-03-30 14:50:38 +03:00
- Add `sq link list`, which lists the links.
2023-03-27 17:23:29 +03:00
- Add a top-level option, `--keyring`, to allow the user to specify
additional keyrings to search for certificates.
2023-03-27 23:54:23 +03:00
- Import web of trust subcommands from sq-wot. Specifically, add:
- `sq wot authenticate` to authenticate a binding.
- `sq wot lookup` to find a certificate with a particular User ID.
- `sq wot identify` to list authenticated bindings for a
certificate.
- `sq wot list` to list authenticated bindings.
- `sq wot path` to authenticate and lint a path in a web of trust.
2023-03-28 00:32:38 +03:00
- `sq keyserver get`, `sq wkd get`, and `sq dane get` now import any
certificates into the certificate store by default instead of
exporting them on stdout. It is still possible to export them
using the `--output` option.
2023-03-29 13:50:01 +03:00
- When `sq keyserver get` (for verifying key servers), `sq wkd get`,
or `sq dane get` saves a certificate to the local certificate
store, `sq` certifies the validated User IDs (all returned User
IDs in the case of verifying key servers; User IDs that contain
the looked up email address in the case of WKD and DANE) using a
local service-specific proxy CA. If the proxy key doesn't exist,
it is created, and certified as a minimally trusted CA (trust
amount 1 of 120) by the local trust root. The proxy certificates
can be managed in the usual way using `sq link add` and `sq link
retract`.
2023-03-30 23:50:52 +03:00
- Extend `sq inspect` to inspect certificates from the certificate
store using the `--cert` option.
2023-03-25 12:25:32 +03:00
* Deprecated functionality
- `sq key generate --creation-time TIME` is deprecated in favor of
`sq key generate --time TIME`.
- `sq key user id --creation-time TIME` is deprecated in favor of
`sq user id --time TIME`.
2023-03-14 19:09:03 +03:00
* Started the NEWS file.