sequoia-sq/Cargo.toml

178 lines
5.1 KiB
TOML
Raw Normal View History

[package]
name = "sequoia-sq"
description = "Command-line frontends for Sequoia"
Release 0.40.0. * Changes in 0.40.0 ** New functionality - New subcommand `sq download`, which downloads a file and a signature file, and then authenticates the file. ** Notable changes - `sq toolbox keyring merge` now supports merging bare revocation certificates. - `sq verify` now deletes the output file on failure. - `sq decrypt` now deletes the output file on failure. - Add a global option, `--policy-as-of`, that selects the cryptographic policy as of the specified time. - `sq key subkey export` takes an additional argument, `--cert`, which is required. The specified keys must be attached to that certificate. This ensures that if a key is attached to multiple certificates, the correct certificate is exported. - Add a new argument, `--cli-version`, which requests a particular semver-compatible version of the CLI. This enables breaking changes to the CLI in the future. - The `help` subcommand has been removed everywhere except at the top-level (`--help` still works). - If designated signers are specified for `sq verify`, `sq decrypt`, and `sq download`, they are now the only certificates that are considered when verifying signatures. If no signers are specified, the certificate store is consulted. - The argument `sq cert lint --list-keys` has been removed. - `sq key list` now has a DWIM search parameter. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - The flag `sq --no-cert-store` has been replaced with `sq --cert-store=none`. - The flag `sq --no-key-store` has been replaced with `sq --key-store=none`. - Similarly, `sq --home=none` disables all state, unless explicitly re-enabled using `--cert-store` or `--key-store`. - `sq pki link add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki vouch authorize` have a `--userid-or-add` flag. Replace it with an `--userid-or-add` argument, and an `--email-or-add` argument. - The `--email` and `--email-or-add` arguments to `sq pki link add`, etc. cannot be used to designate a self-signed user ID, if multiple self-signed user IDs include the specified email address. Previously, the arguments would designate all self-signed user IDs with the specified email address. - The new argument `sq sign --mode` can be used to create text signatures in addition to binary signatures. - The argument `sq network wkd publish --create` has been split into two arguments, `--create` and `--method`, avoiding an ambiguity when parsing the arguments. - `sq key userid revoke` no longer accepts the `--userid-or-add` flag to indicate that a user ID specified using `--userid`, an email specified using `--email`, or a name specified using `--name` should be used even if there is no corresponding self-signed user ID. This functionality is replaced by the `--userid-or-add`, `--email-or-add` and `--name-or-add` arguments. - `sq pki path` previously interpreted the last positional argument as the user ID to authenticate. Make it a named argument instead, `--userid`. - Add `sq pki path --email` and `sq pki path --name` as additional ways to specify the user ID to authenticate. - The argument `sq encrypt --set-metadata-time` has been removed. - The argument `sq encrypt --set-metadata-filename` now takes a string that specifies the file name to be set. - `sq pki authenticate`'s positional argument for specifying the certificate to authenticate must now be specified using a named argument, `--cert`. - `sq pki identify`'s positional argument for specifying the certificate to identify must now be specified using a named argument, `--cert`. - Drop `sq cert list --email`'s flag, and replace it with the `--userid` and `--email` positional arguments, which match on user IDs. - Drop `sq pki authenticate --email`'s flag, and replace it with the `--userid` and `--email` positional arguments, which match on user IDs. - Drop `sq pki lookup --email`'s flag, and replace it with the `--userid` and `--email` positional arguments, which match on user IDs. - `sq toolbox keyring` is now just `sq keyring`. - `sq toolbox packet` is now just `sq packet`. - `sq toolbox armor` is now `sq packet armor`. - `sq toolbox dearmor` is now `sq packet dearmor`. - `sq key userid revoke`, `sq pki link add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki vouch authorize` now check that user IDs that are not self-signed are in canonical form. Add a flag, `--allow-non-canonical-userids`, to disable this check. - `sq key approvals update` now requires an action, like `--add-authenticated`. - `sq key approvals --add-authenticated` is now a simple flag, and we always require full authentication. - `sq toolbox strip-userid` has been removed. - All cert designators now use the `--cert-` prefix, e.g. `sq key export --email` has been changed to `sq key export --cert-email` for consistency reasons, and to free `--name`, `--email`, and `--userid` for user ID designators. - The `--binary` argument has been removed from all commands but those that emit signed and or encrypted messages. - The command `sq toolbox extract-cert` has been removed in favor of `sq key delete` and `sq key subkey delete`. - The command `sq packet split` now writes to stdout by default. - The argument `sq packets split --prefix` is now called `--output-prefix`. - `sq pki vouch certify` is now called `sq pki vouch add`. - We now certify newly generated keys with a per-host shadow CA. - The argument `sq encrypt --signature-notation` has been added. - All arguments to add signature notations have been renamed from `--notation` to `--signature-notation`. - When generating keys, either `--own-key` or `--shared-key` has to be given. The former marks the key's user IDs as authenticated and makes it a trusted introducer. The latter marks the key's user IDs as authenticated, and marks the key as a group key. - The argument `sq cert lint --export-secret-keys` has been removed: if a secret key is provided as file input, it will be emitted. - The argument `sq key subkey export --cert-file` has been removed. - `sq` now reads a configuration file that can be used to tweak a number of defaults, like the cipher suite to generate new keys, the set of key servers to query, and the cryptographic policy. - The command `sq keyring filter` is now considered experimental and may change in the future. To acknowledge this, it has to be invoked with the `--experimental` flag.
2024-11-28 08:45:13 +03:00
version = "0.40.0"
authors = [
"Azul <azul@sequoia-pgp.org>",
"Heiko Schaefer <heiko@schaefer.name>",
"Igor Matuszewski <igor@sequoia-pgp.org>",
"Justus Winter <justus@sequoia-pgp.org>",
"Kai Michaelis <kai@sequoia-pgp.org>",
"Lars Wirzenius <liw@sequoia-pgp.org>",
"Neal H. Walfield <neal@sequoia-pgp.org>",
"Nora Widdecke <nora@sequoia-pgp.org>",
"Wiktor Kwapisiewicz <wiktor@sequoia-pgp.org>",
]
build = "build.rs"
documentation = "https://docs.rs/sequoia-sq"
homepage = "https://sequoia-pgp.org/"
repository = "https://gitlab.com/sequoia-pgp/sequoia-sq"
readme = "README.md"
keywords = ["cryptography", "openpgp", "pgp", "encryption", "signing"]
categories = ["cryptography", "authentication", "command-line-utilities"]
license = "LGPL-2.0-or-later"
edition = "2021"
rust-version = "1.79"
[badges]
gitlab = { repository = "sequoia-pgp/sequoia-sq" }
maintenance = { status = "actively-developed" }
[dependencies]
aho-corasick = "1"
buffered-reader = { version = "1.3.1", default-features = false, features = ["compression"] }
2023-05-08 11:47:47 +03:00
dirs = "5"
2024-04-15 16:00:51 +03:00
fs_extra = "1"
sequoia-directories = "0.1"
sequoia-openpgp = { version = "1.18", default-features = false, features = ["compression"] }
sequoia-autocrypt = { version = "0.25", default-features = false }
2023-11-24 18:16:13 +03:00
sequoia-net = { version = "0.28", default-features = false }
sequoia-policy-config = ">= 0.7, <0.8"
anyhow = "1.0.18"
chrono = "0.4.10"
clap = { version = "4", features = ["derive", "env", "string", "wrap_help"] }
futures-util = "0.3"
gethostname = { version = ">=0.4, <0.6" }
humantime = "2"
indicatif = "0.17"
once_cell = "1.17"
reqwest = { version = ">=0.11.27, <0.13", features = ["hickory-dns", "stream"] }
sequoia-cert-store = "0.6.0"
2024-09-02 15:33:16 +03:00
sequoia-keystore = { version = ">=0.5, <0.7" }
sequoia-wot = { version = "0.13.2", default-features = false }
tempfile = "3.1"
thiserror = { version = ">=1, <3" }
tokio = { version = "1.13.1" }
toml_edit = { version = "0.22", default-features = false, features = ["display", "parse"] }
regex = "1"
rpassword = "7.0"
serde = { version = "1.0.137", features = ["derive"] }
2024-10-30 18:43:48 +03:00
terminal_size = ">=0.2.6, <0.5"
termcolor = "1.2.0"
textwrap = { version = ">=0.15, <0.17", default-features = false, features = ["smawk", "unicode-width"] }
typenum = "1"
# This is for subplot only. If you don't enable the subplot feature,
# feel free to patch it out.
subplotlib = { version = "0.11", optional = true }
culpa = { version = "1", optional = true }
[build-dependencies]
anyhow = "1.0.18"
buffered-reader = { version = "1.0.0", default-features = false, features = ["compression"] }
clap = { version = "4", features = ["derive", "env", "string", "wrap_help"] }
clap_complete = "4"
chrono = "0.4.38"
dirs = "5"
roff = "0.2.1"
serde = { version = "1.0.137", features = ["derive"] }
sequoia-directories = "0.1"
sequoia-openpgp = { version = "1.21.1", default-features = false }
2023-11-24 18:16:13 +03:00
sequoia-net = { version = "0.28", default-features = false }
textwrap = ">=0.15, <0.17"
typenum = "1"
cfg-if = "1"
2024-10-30 18:43:48 +03:00
terminal_size = ">=0.2.6, <0.5"
# This is for subplot only. If you don't enable the subplot feature,
# feel free to patch it out.
subplot-build = { version = "0.11", optional = true }
[dev-dependencies]
2023-03-30 18:25:29 +03:00
assert_cmd = "2"
2023-11-29 15:43:56 +03:00
predicates = ">=2, <4"
2024-02-08 18:23:01 +03:00
regex = "1"
libc = "0.2"
[[bin]]
name = "sq"
path = "src/main.rs"
bench = false
[[test]]
name = "sq-subplot"
path = "tests/sq-subplot.rs"
required-features = ["subplot"]
[features]
default = [
"crypto-nettle",
]
crypto-nettle = ["sequoia-openpgp/crypto-nettle"]
crypto-openssl = ["sequoia-openpgp/crypto-openssl"]
2023-03-30 18:38:13 +03:00
crypto-botan = ["sequoia-openpgp/crypto-botan"]
crypto-botan2 = ["sequoia-openpgp/crypto-botan2"]
crypto-cng = ["sequoia-openpgp/crypto-cng"]
crypto-rust = ["sequoia-openpgp/crypto-rust"]
subplot = ["culpa", "subplot-build", "subplotlib"]
[profile.release]
debug = true
# The Rust Crypto crates are *very* slow when compiled without any
# optimizations. Turn on some optimizations.
[profile.dev.package.aes]
opt-level = 2
[profile.dev.package.aes-gcm]
opt-level = 2
[profile.dev.package.block-padding]
opt-level = 2
[profile.dev.package.blowfish]
opt-level = 2
[profile.dev.package.camellia]
opt-level = 2
[profile.dev.package.cast5]
opt-level = 2
[profile.dev.package.cipher]
opt-level = 2
[profile.dev.package.cfb-mode]
opt-level = 2
[profile.dev.package.des]
opt-level = 2
[profile.dev.package.digest]
opt-level = 2
[profile.dev.package.dsa]
opt-level = 2
[profile.dev.package.eax]
opt-level = 2
[profile.dev.package.ecb]
opt-level = 2
[profile.dev.package.ecdsa]
opt-level = 2
[profile.dev.package.ed25519]
opt-level = 2
[profile.dev.package.ed25519-dalek]
opt-level = 2
[profile.dev.package.idea]
opt-level = 2
[profile.dev.package.md-5]
opt-level = 2
[profile.dev.package.num-bigint-dig]
opt-level = 2
[profile.dev.package.p256]
opt-level = 2
[profile.dev.package.p384]
opt-level = 2
[profile.dev.package.p521]
opt-level = 2
[profile.dev.package.ripemd]
opt-level = 2
[profile.dev.package.rsa]
opt-level = 2
[profile.dev.package.sha2]
opt-level = 2
[profile.dev.package.twofish]
opt-level = 2
[profile.dev.package.x25519-dalek]
opt-level = 2