2023-02-21 14:43:43 +03:00
[ package ]
name = "sequoia-sq"
description = "Command-line frontends for Sequoia"
Release 0.40.0.
* Changes in 0.40.0
** New functionality
- New subcommand `sq download`, which downloads a file and a
signature file, and then authenticates the file.
** Notable changes
- `sq toolbox keyring merge` now supports merging bare revocation
certificates.
- `sq verify` now deletes the output file on failure.
- `sq decrypt` now deletes the output file on failure.
- Add a global option, `--policy-as-of`, that selects the
cryptographic policy as of the specified time.
- `sq key subkey export` takes an additional argument, `--cert`,
which is required. The specified keys must be attached to that
certificate. This ensures that if a key is attached to multiple
certificates, the correct certificate is exported.
- Add a new argument, `--cli-version`, which requests a particular
semver-compatible version of the CLI. This enables breaking
changes to the CLI in the future.
- The `help` subcommand has been removed everywhere except at the
top-level (`--help` still works).
- If designated signers are specified for `sq verify`, `sq
decrypt`, and `sq download`, they are now the only certificates
that are considered when verifying signatures. If no signers are
specified, the certificate store is consulted.
- The argument `sq cert lint --list-keys` has been removed.
- `sq key list` now has a DWIM search parameter.
- The flag `sq sign --detached` is now called `sq sign
--signature-file`.
- The flag `sq sign --clearsign` is now called `sq sign
--cleartext`.
- Both `sq sign` and `sq verify` now require an explicit mode,
one of `--signature-file`, `--message`, or `--cleartext`.
- The flag `sq --no-cert-store` has been replaced with `sq
--cert-store=none`.
- The flag `sq --no-key-store` has been replaced with `sq
--key-store=none`.
- Similarly, `sq --home=none` disables all state, unless explicitly
re-enabled using `--cert-store` or `--key-store`.
- `sq pki link add`, `sq pki link authorize`, `sq pki vouch
certify`, and `sq pki vouch authorize` have a `--userid-or-add`
flag. Replace it with an `--userid-or-add` argument, and an
`--email-or-add` argument.
- The `--email` and `--email-or-add` arguments to `sq pki link add`,
etc. cannot be used to designate a self-signed user ID, if
multiple self-signed user IDs include the specified email
address. Previously, the arguments would designate all
self-signed user IDs with the specified email address.
- The new argument `sq sign --mode` can be used to create text
signatures in addition to binary signatures.
- The argument `sq network wkd publish --create` has been split
into two arguments, `--create` and `--method`, avoiding an
ambiguity when parsing the arguments.
- `sq key userid revoke` no longer accepts the `--userid-or-add` flag
to indicate that a user ID specified using `--userid`, an email
specified using `--email`, or a name specified using `--name`
should be used even if there is no corresponding self-signed user
ID. This functionality is replaced by the `--userid-or-add`,
`--email-or-add` and `--name-or-add` arguments.
- `sq pki path` previously interpreted the last positional argument
as the user ID to authenticate. Make it a named argument
instead, `--userid`.
- Add `sq pki path --email` and `sq pki path --name` as additional
ways to specify the user ID to authenticate.
- The argument `sq encrypt --set-metadata-time` has been removed.
- The argument `sq encrypt --set-metadata-filename` now takes a
string that specifies the file name to be set.
- `sq pki authenticate`'s positional argument for specifying the
certificate to authenticate must now be specified using a named
argument, `--cert`.
- `sq pki identify`'s positional argument for specifying the
certificate to identify must now be specified using a named
argument, `--cert`.
- Drop `sq cert list --email`'s flag, and replace it with the
`--userid` and `--email` positional arguments, which match on
user IDs.
- Drop `sq pki authenticate --email`'s flag, and replace it with
the `--userid` and `--email` positional arguments, which match on
user IDs.
- Drop `sq pki lookup --email`'s flag, and replace it with the
`--userid` and `--email` positional arguments, which match on
user IDs.
- `sq toolbox keyring` is now just `sq keyring`.
- `sq toolbox packet` is now just `sq packet`.
- `sq toolbox armor` is now `sq packet armor`.
- `sq toolbox dearmor` is now `sq packet dearmor`.
- `sq key userid revoke`, `sq pki link add`, `sq pki link
authorize`, `sq pki vouch certify`, and `sq pki vouch authorize`
now check that user IDs that are not self-signed are in canonical
form. Add a flag, `--allow-non-canonical-userids`, to disable
this check.
- `sq key approvals update` now requires an action, like
`--add-authenticated`.
- `sq key approvals --add-authenticated` is now a simple flag, and
we always require full authentication.
- `sq toolbox strip-userid` has been removed.
- All cert designators now use the `--cert-` prefix, e.g. `sq key
export --email` has been changed to `sq key export --cert-email`
for consistency reasons, and to free `--name`, `--email`, and
`--userid` for user ID designators.
- The `--binary` argument has been removed from all commands but
those that emit signed and or encrypted messages.
- The command `sq toolbox extract-cert` has been removed in favor
of `sq key delete` and `sq key subkey delete`.
- The command `sq packet split` now writes to stdout by default.
- The argument `sq packets split --prefix` is now called
`--output-prefix`.
- `sq pki vouch certify` is now called `sq pki vouch add`.
- We now certify newly generated keys with a per-host shadow CA.
- The argument `sq encrypt --signature-notation` has been added.
- All arguments to add signature notations have been renamed from
`--notation` to `--signature-notation`.
- When generating keys, either `--own-key` or `--shared-key` has to
be given. The former marks the key's user IDs as authenticated
and makes it a trusted introducer. The latter marks the key's
user IDs as authenticated, and marks the key as a group key.
- The argument `sq cert lint --export-secret-keys` has been
removed: if a secret key is provided as file input, it will be
emitted.
- The argument `sq key subkey export --cert-file` has been removed.
- `sq` now reads a configuration file that can be used to tweak a
number of defaults, like the cipher suite to generate new keys,
the set of key servers to query, and the cryptographic policy.
- The command `sq keyring filter` is now considered experimental
and may change in the future. To acknowledge this, it has to be
invoked with the `--experimental` flag.
2024-11-28 08:45:13 +03:00
version = "0.40.0"
2023-02-21 14:43:43 +03:00
authors = [
"Azul <azul@sequoia-pgp.org>" ,
"Heiko Schaefer <heiko@schaefer.name>" ,
"Igor Matuszewski <igor@sequoia-pgp.org>" ,
"Justus Winter <justus@sequoia-pgp.org>" ,
"Kai Michaelis <kai@sequoia-pgp.org>" ,
"Lars Wirzenius <liw@sequoia-pgp.org>" ,
"Neal H. Walfield <neal@sequoia-pgp.org>" ,
"Nora Widdecke <nora@sequoia-pgp.org>" ,
"Wiktor Kwapisiewicz <wiktor@sequoia-pgp.org>" ,
]
build = "build.rs"
documentation = "https://docs.rs/sequoia-sq"
homepage = "https://sequoia-pgp.org/"
2023-03-30 18:37:19 +03:00
repository = "https://gitlab.com/sequoia-pgp/sequoia-sq"
2023-02-21 14:43:43 +03:00
readme = "README.md"
keywords = [ "cryptography" , "openpgp" , "pgp" , "encryption" , "signing" ]
categories = [ "cryptography" , "authentication" , "command-line-utilities" ]
2023-11-24 17:28:49 +03:00
license = "LGPL-2.0-or-later"
2023-02-21 14:43:43 +03:00
edition = "2021"
2024-11-25 17:48:33 +03:00
rust-version = "1.79"
2023-02-21 14:43:43 +03:00
[ badges ]
2023-02-21 14:49:28 +03:00
gitlab = { repository = "sequoia-pgp/sequoia-sq" }
2023-02-21 14:43:43 +03:00
maintenance = { status = "actively-developed" }
[ dependencies ]
2024-11-27 17:26:36 +03:00
aho-corasick = "1"
2024-04-12 12:40:03 +03:00
buffered-reader = { version = "1.3.1" , default-features = false , features = [ "compression" ] }
2023-05-08 11:47:47 +03:00
dirs = "5"
2024-04-15 16:00:51 +03:00
fs_extra = "1"
2024-05-21 17:09:30 +03:00
sequoia-directories = "0.1"
2024-02-07 13:53:34 +03:00
sequoia-openpgp = { version = "1.18" , default-features = false , features = [ "compression" ] }
2024-01-03 19:09:28 +03:00
sequoia-autocrypt = { version = "0.25" , default-features = false }
2023-11-24 18:16:13 +03:00
sequoia-net = { version = "0.28" , default-features = false }
2024-11-27 17:26:36 +03:00
sequoia-policy-config = ">= 0.7, <0.8"
2023-02-21 14:43:43 +03:00
anyhow = "1.0.18"
chrono = "0.4.10"
2023-06-07 14:17:13 +03:00
clap = { version = "4" , features = [ "derive" , "env" , "string" , "wrap_help" ] }
2024-11-09 15:28:17 +03:00
futures-util = "0.3"
2024-11-20 15:51:44 +03:00
gethostname = { version = ">=0.4, <0.6" }
2023-12-15 15:04:43 +03:00
humantime = "2"
2024-02-09 19:53:10 +03:00
indicatif = "0.17"
2024-01-18 20:09:59 +03:00
once_cell = "1.17"
2024-11-09 15:28:17 +03:00
reqwest = { version = ">=0.11.27, <0.13" , features = [ "hickory-dns" , "stream" ] }
2024-06-14 20:35:57 +03:00
sequoia-cert-store = "0.6.0"
2024-09-02 15:33:16 +03:00
sequoia-keystore = { version = ">=0.5, <0.7" }
2024-11-15 19:45:09 +03:00
sequoia-wot = { version = "0.13.2" , default-features = false }
2023-02-21 14:43:43 +03:00
tempfile = "3.1"
2024-11-28 08:37:07 +03:00
thiserror = { version = ">=1, <3" }
2023-02-21 14:43:43 +03:00
tokio = { version = "1.13.1" }
2024-11-27 17:26:36 +03:00
toml_edit = { version = "0.22" , default-features = false , features = [ "display" , "parse" ] }
regex = "1"
2023-07-05 15:04:08 +03:00
rpassword = "7.0"
2023-02-21 14:43:43 +03:00
serde = { version = "1.0.137" , features = [ "derive" ] }
2024-10-30 18:43:48 +03:00
terminal_size = ">=0.2.6, <0.5"
2023-06-02 01:22:52 +03:00
termcolor = "1.2.0"
2024-11-19 15:07:05 +03:00
textwrap = { version = ">=0.15, <0.17" , default-features = false , features = [ "smawk" , "unicode-width" ] }
2024-09-25 13:32:27 +03:00
typenum = "1"
2023-02-21 14:43:43 +03:00
2024-11-20 17:05:26 +03:00
# This is for subplot only. If you don't enable the subplot feature,
# feel free to patch it out.
subplotlib = { version = "0.11" , optional = true }
culpa = { version = "1" , optional = true }
2023-02-21 14:43:43 +03:00
[ build-dependencies ]
anyhow = "1.0.18"
2024-02-07 13:53:34 +03:00
buffered-reader = { version = "1.0.0" , default-features = false , features = [ "compression" ] }
2023-06-07 14:17:13 +03:00
clap = { version = "4" , features = [ "derive" , "env" , "string" , "wrap_help" ] }
2023-03-17 11:30:02 +03:00
clap_complete = "4"
2024-07-04 23:42:19 +03:00
chrono = "0.4.38"
2024-05-21 17:09:30 +03:00
dirs = "5"
2024-01-05 15:37:36 +03:00
roff = "0.2.1"
2024-01-03 16:28:51 +03:00
serde = { version = "1.0.137" , features = [ "derive" ] }
2024-05-21 17:09:30 +03:00
sequoia-directories = "0.1"
2024-07-04 23:02:13 +03:00
sequoia-openpgp = { version = "1.21.1" , default-features = false }
2023-11-24 18:16:13 +03:00
sequoia-net = { version = "0.28" , default-features = false }
2024-02-29 19:20:40 +03:00
textwrap = ">=0.15, <0.17"
2024-09-25 13:32:27 +03:00
typenum = "1"
2023-02-21 14:43:43 +03:00
cfg-if = "1"
2024-10-30 18:43:48 +03:00
terminal_size = ">=0.2.6, <0.5"
2023-02-21 14:43:43 +03:00
2024-11-20 17:05:26 +03:00
# This is for subplot only. If you don't enable the subplot feature,
# feel free to patch it out.
subplot-build = { version = "0.11" , optional = true }
2023-02-21 14:43:43 +03:00
[ dev-dependencies ]
2023-03-30 18:25:29 +03:00
assert_cmd = "2"
2023-11-29 15:43:56 +03:00
predicates = ">=2, <4"
2024-02-08 18:23:01 +03:00
regex = "1"
2024-01-08 16:13:03 +03:00
libc = "0.2"
2023-02-21 14:43:43 +03:00
[ [ bin ] ]
name = "sq"
2024-05-26 10:35:00 +03:00
path = "src/main.rs"
2023-02-21 14:43:43 +03:00
bench = false
2024-08-15 15:12:07 +03:00
[ [ test ] ]
name = "sq-subplot"
path = "tests/sq-subplot.rs"
required-features = [ "subplot" ]
2023-02-21 14:43:43 +03:00
[ features ]
default = [
"crypto-nettle" ,
]
crypto-nettle = [ "sequoia-openpgp/crypto-nettle" ]
crypto-openssl = [ "sequoia-openpgp/crypto-openssl" ]
2023-03-30 18:38:13 +03:00
crypto-botan = [ "sequoia-openpgp/crypto-botan" ]
2023-05-19 17:18:34 +03:00
crypto-botan2 = [ "sequoia-openpgp/crypto-botan2" ]
2023-02-21 14:43:43 +03:00
crypto-cng = [ "sequoia-openpgp/crypto-cng" ]
crypto-rust = [ "sequoia-openpgp/crypto-rust" ]
2024-11-20 17:05:26 +03:00
subplot = [ "culpa" , "subplot-build" , "subplotlib" ]
2023-03-17 11:37:44 +03:00
[ profile . release ]
debug = true
2024-08-15 16:48:32 +03:00
# The Rust Crypto crates are *very* slow when compiled without any
# optimizations. Turn on some optimizations.
[ profile . dev . package . aes ]
opt-level = 2
[ profile . dev . package . aes-gcm ]
opt-level = 2
[ profile . dev . package . block-padding ]
opt-level = 2
[ profile . dev . package . blowfish ]
opt-level = 2
[ profile . dev . package . camellia ]
opt-level = 2
[ profile . dev . package . cast5 ]
opt-level = 2
[ profile . dev . package . cipher ]
opt-level = 2
[ profile . dev . package . cfb-mode ]
opt-level = 2
[ profile . dev . package . des ]
opt-level = 2
[ profile . dev . package . digest ]
opt-level = 2
[ profile . dev . package . dsa ]
opt-level = 2
[ profile . dev . package . eax ]
opt-level = 2
[ profile . dev . package . ecb ]
opt-level = 2
[ profile . dev . package . ecdsa ]
opt-level = 2
[ profile . dev . package . ed25519 ]
opt-level = 2
[ profile . dev . package . ed25519-dalek ]
opt-level = 2
[ profile . dev . package . idea ]
opt-level = 2
[ profile . dev . package . md-5 ]
opt-level = 2
[ profile . dev . package . num-bigint-dig ]
opt-level = 2
[ profile . dev . package . p256 ]
opt-level = 2
[ profile . dev . package . p384 ]
opt-level = 2
[ profile . dev . package . p521 ]
opt-level = 2
[ profile . dev . package . ripemd ]
opt-level = 2
[ profile . dev . package . rsa ]
opt-level = 2
[ profile . dev . package . sha2 ]
opt-level = 2
[ profile . dev . package . twofish ]
opt-level = 2
[ profile . dev . package . x25519-dalek ]
opt-level = 2