2023-03-14 19:09:03 +03:00
-*- org -*-
#+TITLE: sequoia-sq NEWS – history of user-visible changes
#+STARTUP: content hidestars
* Changes in 0.29
** New functionality
- `sq` now supports and implicitly uses a certificate store. By
default, `sq` uses the standard OpenPGP certificate directory.
This is located at `$HOME/.local/share/pgp.cert.d` on XDG
compliant systems.
- `sq --no-cert-store`: A new switch to disable the use of the
certificate store.
- `sq --cert-store`: A new option to use an alternate certificate
store. Currently, only OpenPGP certificate directories are
supported.
- `sq import`: A new command to import certificates into the
certificate store.
- `sq export`: A new command to export certificates from the
certificate store.
- `sq encrypt --recipient-cert`: A new option to specify a
recipient's certificate by fingerprint or key ID, which is then
looked up in the certificate store.
- `sq verify --signer-cert`: A new option to specify a signer's
certificate by fingerprint or key ID, which is then looked up in
the certificate store.
- `sq verify` now also implicitly looks for missing certificates in
the certificate store. But, unless they are explicitly named
using `--signer-cert`, they are not considered authenticated and
the verification will always fail.
- `sq certify`: If the certificate to certify is a fingerprint or
Key ID, then the corresponding certificate is looked up in the
certificate store.
2023-03-25 12:25:32 +03:00
- Add a global option, `--time`, to set the reference time. This
option replaces the various subcommand's `--time` argument as
well as `sq key generate` and `sq key userid add`'s
`--creation-time` arguments.
2023-03-18 23:03:16 +03:00
- Add top-level option, `--trust-root`, to allow the user to
specify trust roots.
- Extend `sq encrypt` to allow addressing recipients by User ID
(`--recipient-userid`) or email address (`--recipient-email`).
Only User IDs that can be fully authenticated are considered.
2023-03-21 22:14:10 +03:00
- Extend `sq verify` to verify certificates looked up from the
certificate store using the web of trust. If the signature
includes a Signer's User ID packet, and the binding can be fully
authenticated, consider the signature to be authenticated. If
there is no Signer's User ID packet, consider the signature to be
authenticated if any binding can fully be authenticated.
2023-03-25 12:25:32 +03:00
* Deprecated functionality
- `sq key generate --creation-time TIME` is deprecated in favor of
`sq key generate --time TIME`.
- `sq key user id --creation-time TIME` is deprecated in favor of
`sq user id --time TIME`.
2023-03-14 19:09:03 +03:00
* Started the NEWS file.