slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use imperative mood to describe commands, subcommands, arguments.

Browse Source
This commit is contained in:
Justus Winter 2024-03-25 13:46:18 +01:00
parent a906a5dc84
commit 345ac4c474
No known key found for this signature in database
GPG Key ID: 686F55B4AB2B3386
25 changed files with 366 additions and 363 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/cli/autocrypt.rs
View File

@ -10,8 +10,8 @@ use super::types::SessionKey;
#[derive(Parser, Debug)]
#[clap(
name = "autocrypt",
about = "Communicates certificates using Autocrypt",
long_about = "Communicates certificates using Autocrypt
about = "Communicate certificates using Autocrypt",
long_about = "Communicate certificates using Autocrypt
Autocrypt is a standard for mail user agents to provide convenient
end-to-end encryption of emails. This subcommand provides a limited
@ -38,8 +38,8 @@ pub enum Subcommands {
#[derive(Debug, Args)]
#[clap(
about = "Imports Autocrypt-encoded certificates",
long_about = "Imports Autocrypt-encoded certificates
about = "Import Autocrypt-encoded certificates",
long_about = "Import Autocrypt-encoded certificates
Given a mail containing autocrypt headers (or an key-gossip headers),
this command extracts and imports the certificates encoded within it.
@ -54,14 +54,14 @@ pub struct ImportCommand {
#[clap(
long = "recipient-file",
value_name = "KEY_FILE",
help = "Decrypts the message using the key in KEY_FILE",
help = "Decrypt the message using the key in KEY_FILE",
)]
pub secret_key_file: Vec<PathBuf>,
#[clap(
long = "session-key",
value_name = "SESSION-KEY",
help = "Decrypts an encrypted message using SESSION-KEY",
help = "Decrypt an encrypted message using SESSION-KEY",
)]
pub session_key: Vec<SessionKey>,
@ -75,8 +75,8 @@ pub struct ImportCommand {
#[derive(Debug, Args)]
#[clap(
about = "Reads Autocrypt-encoded certificates",
long_about = "Reads Autocrypt-encoded certificates
about = "Read Autocrypt-encoded certificates",
long_about = "Read Autocrypt-encoded certificates
Given an autocrypt header (or an key-gossip header), this command
extracts the certificate encoded within it.
@ -104,7 +104,7 @@ pub struct DecodeCommand {
value_name = FileOrStdout::VALUE_NAME,
)]
pub output: FileOrStdout,
#[clap(short = 'B', long, help = "Emits binary data")]
#[clap(short = 'B', long, help = "Emit binary data")]
pub binary: bool,
}
@ -112,8 +112,8 @@ pub struct DecodeCommand {
#[derive(Debug, Args)]
#[clap(
name = "encode-sender",
about = "Encodes a certificate into an Autocrypt header",
long_about = "Encodes a certificate into an Autocrypt header
about = "Encode a certificate into an Autocrypt header",
long_about = "Encode a certificate into an Autocrypt header
A certificate can be encoded and included in a header of an email
message. This command encodes the certificate, adds the senders email
@ -155,14 +155,14 @@ pub struct EncodeSenderCommand {
#[clap(
long = "email",
value_name = "ADDRESS",
help = "Sets the address [default: primary userid]"
help = "Set the address [default: primary userid]"
)]
pub address: Option<String>,
#[clap(
long = "prefer-encrypt",
value_name = "PREFER-ENCRYPT",
default_value_t = PreferEncryptArgs::NoPreference,
help = "Sets the prefer-encrypt attribute",
help = "Set the prefer-encrypt attribute",
value_enum,
)]
pub prefer_encrypt: PreferEncryptArgs,

4
src/cli/cert.rs
View File

@ -9,9 +9,9 @@ pub mod lint;
#[derive(Parser, Debug)]
#[clap(
name = "cert",
about = "Manages certificates",
about = "Manage certificates",
long_about =
"Manages certificates
"Manage certificates
We use the term \"certificate\", or \"cert\" for short, to refer to
OpenPGP keys that do not contain secrets. This subcommand provides

32
src/cli/cert/export.rs
View File

@ -11,14 +11,14 @@ use examples::Example;
const EXAMPLES: Actions = Actions {
actions: &[
Action::Example(Example {
comment: "Exports all certificates.",
comment: "Export all certificates.",
command: &[
"sq", "cert", "export", "--all",
],
}),
Action::Example(Example {
comment: "\
Exports certificates with a matching User ID packet. The binding \
Export certificates with a matching User ID packet. The binding \
signatures are checked, but the User IDs are not authenticated. \
Note: this check is case sensitive.",
command: &[
@ -28,7 +28,7 @@ Note: this check is case sensitive.",
}),
Action::Example(Example {
comment: "\
Exports certificates with a User ID containing the email address. \
Export certificates with a User ID containing the email address. \
The binding signatures are checked, but the User IDs are not \
authenticated. Note: this check is case insensitive.",
command: &[
@ -37,7 +37,7 @@ authenticated. Note: this check is case insensitive.",
}),
Action::Example(Example {
comment: "\
Exports certificates where the certificate (i.e., the primary key) \
Export certificates where the certificate (i.e., the primary key) \
has the specified Key ID.",
command: &[
"sq", "cert", "export", "--cert", "6F0073F60FD0CBF0",
@ -45,7 +45,7 @@ has the specified Key ID.",
}),
Action::Example(Example {
comment: "\
Exports certificates where the primary key or a subkey matches the \
Export certificates where the primary key or a subkey matches the \
specified Key ID.",
command: &[
"sq", "cert", "export", "--key", "24F3955B0B8DECC8",
@ -53,7 +53,7 @@ specified Key ID.",
}),
Action::Example(Example {
comment: "\
Exports certificates that contain a User ID with *either* (not both!) \
Export certificates that contain a User ID with *either* (not both!) \
email address. Note: this check is case insensitive.",
command: &[
"sq", "cert", "export",
@ -70,9 +70,9 @@ test_examples!(sq_cert_export, EXAMPLES);
#[derive(Parser, Debug)]
#[clap(
name = "export",
about = "Exports certificates from the local certificate store",
about = "Export certificates from the local certificate store",
long_about =
"Exports certificates from the local certificate store
"Export certificates from the local certificate store
If multiple predicates are specified a certificate is returned if
at least one of them matches.
@ -95,7 +95,7 @@ pub struct Command {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
@ -111,7 +111,7 @@ pub struct Command {
#[clap(
long = "cert",
value_name = "FINGERPRINT|KEYID",
help = "Returns certificates that \
help = "Return certificates that \
have the specified fingerprint or key ID",
)]
pub cert: Vec<KeyHandle>,
@ -119,7 +119,7 @@ pub struct Command {
#[clap(
long = "key",
value_name = "FINGERPRINT|KEYID",
help = "Returns certificates where the primary key or \
help = "Return certificates where the primary key or \
a subkey has the specified fingerprint or key ID",
)]
pub key: Vec<KeyHandle>,
@ -127,7 +127,7 @@ pub struct Command {
#[clap(
long = "userid",
value_name = "USERID",
help = "Returns certificates that have a User ID that \
help = "Return certificates that have a User ID that \
matches exactly, including case",
)]
pub userid: Vec<String>,
@ -135,7 +135,7 @@ pub struct Command {
#[clap(
long = "grep",
value_name = "PATTERN",
help = "Returns certificates that have a User ID that \
help = "Return certificates that have a User ID that \
contains the string, case insensitively",
)]
pub grep: Vec<String>,
@ -143,7 +143,7 @@ pub struct Command {
#[clap(
long = "email",
value_name = "EMAIL",
help = "Returns certificates that have a User ID with \
help = "Return certificates that have a User ID with \
the specified email address, case insensitively",
)]
pub email: Vec<String>,
@ -151,14 +151,14 @@ pub struct Command {
#[clap(
long = "domain",
value_name = "DOMAIN",
help = "Returns certificates that have a User ID with \
help = "Return certificates that have a User ID with \
an email address from the specified domain",
)]
pub domain: Vec<String>,
#[clap(
value_name = "QUERY",
help = "Returns certificates matching QUERY. \
help = "Return certificates matching QUERY. \
This may be a subkey fingerprint or key ID, \
an email address, or an User ID fragment.",
)]

8
src/cli/cert/import.rs
View File

@ -10,7 +10,7 @@ use examples::Example;
const EXAMPLES: Actions = Actions {
actions: &[
Action::Example(Example {
comment: "Imports a certificate.",
comment: "Import a certificate.",
command: &[
"sq", "cert", "import", "juliet.pgp",
],
@ -23,13 +23,13 @@ test_examples!(sq_cert_import, EXAMPLES);
#[derive(Parser, Debug)]
#[clap(
name = "import",
about = "Imports certificates into the local certificate store",
about = "Import certificates into the local certificate store",
long_about =
"Imports certificates into the local certificate store
"Import certificates into the local certificate store
",
after_help = EXAMPLES,
)]
pub struct Command {
#[clap(value_name = "FILE", help = "Reads from FILE or stdin if omitted")]
#[clap(value_name = "FILE", help = "Read from FILE or stdin if omitted")]
pub input: Vec<PathBuf>,
}

6
src/cli/cert/lint.rs
View File

@ -10,8 +10,8 @@ use crate::cli::types::FileOrStdout;
/// SHA-1.
#[derive(Debug, Args)]
#[clap(
about = "Checks certificates for issues",
long_about = "Checks certificates for issues
about = "Check certificates for issues",
long_about = "Check certificates for issues
`sq cert lint` checks the supplied certificates for the following
SHA-1-related issues:
@ -109,7 +109,7 @@ pub struct Command {
#[clap(
short = 'B',
long = "binary",
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}

20
src/cli/decrypt.rs
View File

@ -12,11 +12,11 @@ use super::types::SessionKey;
#[derive(Parser, Debug)]
#[clap(
name = "decrypt",
about = "Decrypts a message",
about = "Decrypt a message",
long_about =
"Decrypts a message
"Decrypt a message
Decrypts a message using either supplied keys, or by prompting for a
Decrypt a message using either supplied keys, or by prompting for a
password. If message tampering is detected, an error is returned.
See below for details.
@ -68,9 +68,9 @@ pub struct Command {
short = 'n',
long = "signatures",
value_name = "N",
help = "Sets the threshold of valid signatures to N",
help = "Set the threshold of valid signatures to N",
long_help =
"Sets the threshold of valid signatures to N. \
"Set the threshold of valid signatures to N. \
The message will only be considered \
verified if this threshold is reached. \
[default: 1 if at least one signer cert file \
@ -80,30 +80,30 @@ pub struct Command {
#[clap(
long = "signer-file",
value_name = "CERT_FILE",
help = "Verifies signatures using the certificates in CERT_FILE",
help = "Verify signatures using the certificates in CERT_FILE",
)]
pub sender_cert_file: Vec<PathBuf>,
#[clap(
long = "recipient-file",
value_name = "KEY_FILE",
help = "Decrypts the message using the key in KEY_FILE",
help = "Decrypt the message using the key in KEY_FILE",
)]
pub secret_key_file: Vec<PathBuf>,
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
#[clap(
long = "dump-session-key",
help = "Prints the session key to stderr",
help = "Print the session key to stderr",
)]
pub dump_session_key: bool,
#[clap(
long = "session-key",
value_name = "SESSION-KEY",
help = "Decrypts an encrypted message using SESSION-KEY",
help = "Decrypt an encrypted message using SESSION-KEY",
)]
pub session_key: Vec<SessionKey>,
}

46
src/cli/encrypt.rs
View File

@ -17,11 +17,11 @@ use super::types::FileOrStdout;
#[derive(Parser, Debug)]
#[clap(
name = "encrypt",
about = "Encrypts a message",
about = "Encrypt a message",
long_about =
"Encrypts a message
"Encrypt a message
Encrypts a message for any number of recipients and with any number of
Encrypt a message for any number of recipients and with any number of
passwords, optionally signing the message in the process.
The converse operation is `sq decrypt`.
@ -63,42 +63,42 @@ pub struct Command {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
#[clap(
long = "recipient-email",
value_name = "EMAIL",
help = "Encrypts to all certificates that can be authenticated \
help = "Encrypt to all certificates that can be authenticated \
for the specified email address",
)]
pub recipients_email: Vec<String>,
#[clap(
long = "recipient-userid",
value_name = "USERID",
help = "Encrypts to all certificates that can be authenticated \
help = "Encrypt to all certificates that can be authenticated \
for the specified User ID",
)]
pub recipients_userid: Vec<String>,
#[clap(
long = "recipient-cert",
value_name = "FINGERPRINT|KEYID",
help = "Encrypts to the named certificates",
help = "Encrypt to the named certificates",
)]
pub recipients_cert: Vec<KeyHandle>,
#[clap(
long = "recipient-file",
value_name = "CERT_RING_FILE",
help = "Encrypts to all certificates in CERT_RING_FILE",
help = "Encrypt to all certificates in CERT_RING_FILE",
)]
pub recipients_file: Vec<PathBuf>,
#[clap(
help = "Sets the filename of the encrypted file as metadata",
help = "Set the filename of the encrypted file as metadata",
long,
long_help =
"Sets the filename of the encrypted file as metadata. \
"Set the filename of the encrypted file as metadata. \
Do note, that this metadata is not signed and as such relying on \
it - on sender or receiver side - is generally considered \
dangerous.",
@ -106,10 +106,10 @@ pub struct Command {
pub set_metadata_filename: bool,
#[clap(
default_value_t = MetadataTime::default(),
help = "Sets time for encrypted file as metadata",
help = "Set time for encrypted file as metadata",
long,
long_help = format!(
"Sets time for encrypted file as metadata. \
"Set time for encrypted file as metadata. \
Allows setting TIME either as ISO 8601 formatted string or by \
providing custom keywords. \
With `{}`, the metadata is not set. \
@ -134,27 +134,27 @@ pub struct Command {
#[clap(
long = "signer-file",
value_name = "KEY_FILE",
help = "Signs the message using the key in KEY_FILE",
help = "Sign the message using the key in KEY_FILE",
)]
pub signer_key_file: Vec<PathBuf>,
#[clap(
long = "signer-key",
value_name = "KEYID|FINGERPRINT",
help = "Signs the message using the specified key on the key store",
help = "Sign the message using the specified key on the key store",
)]
pub signer_key: Vec<KeyHandle>,
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
#[clap(
short = 's',
long = "symmetric",
help = "Prompts to add a password to encrypt with",
help = "Prompt to add a password to encrypt with",
long_help =
"Prompts to add a password to encrypt with. \
"Prompt to add a password to encrypt with. \
When using this option, the user is asked to provide a password, \
which is used to encrypt the message. \
This option can be provided more than once to provide more than \
@ -168,10 +168,10 @@ pub struct Command {
long = "encrypt-for",
value_name = "PURPOSE",
default_value_t = EncryptPurpose::Universal,
help = "Selects what kind of keys are considered for encryption.",
help = "Select what kind of keys are considered for encryption.",
long_help =
"Selects what kind of keys are considered for \
encryption. 'transport' select subkeys marked \
"Select what kind of keys are considered for \
encryption. 'transport' selects subkeys marked \
as suitable for transport encryption, 'storage' \
selects those for encrypting data at rest, \
and 'universal' selects all encryption-capable \
@ -184,16 +184,16 @@ pub struct Command {
long = "compression",
value_name = "KIND",
default_value_t = CompressionMode::None,
help = "Selects compression scheme to use",
help = "Select compression scheme to use",
value_enum,
)]
pub compression: CompressionMode,
#[clap(
long = "use-expired-subkey",
help = "Falls back to expired encryption subkeys",
help = "Fall back to expired encryption subkeys",
long_help =
"If a certificate has only expired \
encryption-capable subkeys, falls back \
encryption-capable subkeys, fall back \
to using the one that expired last",
)]
pub use_expired_subkey: bool,

16
src/cli/inspect.rs
View File

@ -17,28 +17,28 @@ const INSPECT_EXAMPLES: Actions = Actions {
actions: &[
Action::Example(Example {
comment: "\
Inspects a certificate.",
Inspect a certificate.",
command: &[
"sq", "inspect", "juliet.pgp",
],
}),
Action::Example(Example {
comment: "\
Shows how the certificate looked on July 21, 2013.",
Show how the certificate looked on July 21, 2013.",
command: &[
"sq", "inspect", "--time", "20130721", "juliet.pgp",
],
}),
Action::Example(Example {
comment: "\
Inspects an encrypted message.",
Inspect an encrypted message.",
command: &[
"sq", "inspect", "message.pgp",
],
}),
Action::Example(Example {
comment: "\
Inspects a detachted signature.",
Inspect a detachted signature.",
command: &[
"sq", "inspect", "document.sig",
],
@ -50,9 +50,9 @@ test_examples!(sq_inspect, INSPECT_EXAMPLES);
#[derive(Parser, Debug)]
#[clap(
name = "inspect",
about = "Inspects data, like file(1)",
about = "Inspect data, like file(1)",
long_about =
"Inspects data, like file(1)
"Inspect data, like file(1)
It is often difficult to tell from cursory inspection using cat(1) or
file(1) what kind of OpenPGP one is looking at. This subcommand
@ -76,12 +76,12 @@ pub struct Command {
long = "cert",
value_name = "FINGERPRINT|KEYID",
conflicts_with = "input",
help = "Reads the specified certificate from the certificate store",
help = "Read the specified certificate from the certificate store",
)]
pub cert: Vec<KeyHandle>,
#[clap(
long = "certifications",
help = "Prints third-party certifications",
help = "Print third-party certifications",
)]
pub certifications: bool,
}

174
src/cli/key.rs
View File

@ -63,9 +63,9 @@ impl From<UseridRevocationReason> for OpenPGPRevocationReason {
#[derive(Parser, Debug)]
#[clap(
name = "key",
about = "Manages keys",
about = "Manage keys",
long_about =
"Manages keys
"Manage keys
We use the term \"key\" to refer to OpenPGP keys that do contain
secrets. This subcommand provides primitives to generate and
@ -104,7 +104,7 @@ const LIST_EXAMPLES: Actions = Actions {
actions: &[
Action::Example(Example {
comment: "\
Lists the keys managed by the keystore server.",
List the keys managed by the keystore server.",
command: &[
"sq", "key", "list",
],
@ -115,7 +115,7 @@ test_examples!(sq_key_list, LIST_EXAMPLES);
#[derive(Debug, Args)]
#[clap(
about = "Lists keys managed by the key store",
about = "List keys managed by the key store",
after_help = LIST_EXAMPLES,
)]
pub struct ListCommand {
@ -123,9 +123,9 @@ pub struct ListCommand {
#[derive(Debug, Args)]
#[clap(
about = "Generates a new key",
about = "Generate a new key",
long_about = format!(
"Generates a new key
"Generate a new key
Generating a key is the prerequisite to receiving encrypted messages
and creating signatures. There are a few parameters to this process,
@ -181,7 +181,7 @@ pub struct GenerateCommand {
short = 'u',
long = "userid",
value_name = "EMAIL",
help = "Adds a userid to the key"
help = "Add a userid to the key"
)]
pub userid: Vec<String>,
#[clap(
@ -189,13 +189,13 @@ pub struct GenerateCommand {
long = "cipher-suite",
value_name = "CIPHER-SUITE",
default_value_t = CipherSuite::Cv25519,
help = "Selects the cryptographic algorithms for the key",
help = "Select the cryptographic algorithms for the key",
value_enum,
)]
pub cipher_suite: CipherSuite,
#[clap(
long = "with-password",
help = "Protects the key with a password",
help = "Protect the key with a password",
)]
pub with_password: bool,
#[clap(
@ -203,10 +203,10 @@ pub struct GenerateCommand {
value_name = "EXPIRY",
default_value_t = Expiry::Duration(KEY_VALIDITY_DURATION),
help =
"Defines EXPIRY for the key as ISO 8601 formatted string or \
"Define EXPIRY for the key as ISO 8601 formatted string or \
custom duration.",
long_help =
"Defines EXPIRY for the key as ISO 8601 formatted string or \
"Define EXPIRY for the key as ISO 8601 formatted string or \
custom duration. \
If an ISO 8601 formatted string is provided, the validity period \
reaches from the reference time (may be set using `--time`) to \
@ -218,30 +218,30 @@ pub struct GenerateCommand {
pub expiry: Expiry,
#[clap(
long = "can-sign",
help ="Adds a signing-capable subkey (default)",
help ="Add a signing-capable subkey (default)",
)]
pub can_sign: bool,
#[clap(
long = "cannot-sign",
help = "Adds no signing-capable subkey",
help = "Add no signing-capable subkey",
)]
pub cannot_sign: bool,
#[clap(
long = "can-authenticate",
help = "Adds an authentication-capable subkey (default)",
help = "Add an authentication-capable subkey (default)",
)]
pub can_authenticate: bool,
#[clap(
long = "cannot-authenticate",
help = "Adds no authentication-capable subkey",
help = "Add no authentication-capable subkey",
)]
pub cannot_authenticate: bool,
#[clap(
long = "can-encrypt",
value_name = "PURPOSE",
help = "Adds an encryption-capable subkey [default: universal]",
help = "Add an encryption-capable subkey [default: universal]",
long_help =
"Adds an encryption-capable subkey. \
"Add an encryption-capable subkey. \
Encryption-capable subkeys can be marked as \
suitable for transport encryption, storage \
encryption, or both, i.e., universal. \
@ -251,7 +251,7 @@ pub struct GenerateCommand {
pub can_encrypt: Option<EncryptPurpose>,
#[clap(
long = "cannot-encrypt",
help = "Adds no encryption-capable subkey",
help = "Add no encryption-capable subkey",
)]
pub cannot_encrypt: bool,
#[clap(
@ -266,9 +266,9 @@ pub struct GenerateCommand {
long = "rev-cert",
value_name = "FILE or -",
required_if_eq("output", "-"),
help = "Writes the revocation certificate to FILE",
help = "Write the revocation certificate to FILE",
long_help =
"Writes the revocation certificate to FILE. \
"Write the revocation certificate to FILE. \
mandatory if OUTFILE is `-`. \
[default: <OUTFILE>.rev]",
)]
@ -315,7 +315,7 @@ test_examples!(sq_key_import, IMPORT_EXAMPLES);
pub struct ImportCommand {
#[clap(
value_name = "KEY_FILE",
help = "Imports the keys in KEY_FILE",
help = "Import the keys in KEY_FILE",
)]
pub file: Vec<PathBuf>,
}
@ -323,9 +323,9 @@ pub struct ImportCommand {
#[derive(Debug, Args)]
#[clap(
name = "password",
about = "Changes password protecting secrets",
about = "Change password protecting secrets",
long_about =
"Changes password protecting secrets
"Change password protecting secrets
Secret key material in keys can be protected by a password. This
subcommand changes or clears this encryption password.
@ -383,7 +383,7 @@ pub struct PasswordCommand {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}
@ -392,7 +392,7 @@ pub struct PasswordCommand {
#[clap(
about = "Revoke a certificate",
long_about =
"Revokes a certificate
"Revoke a certificate
Creates a revocation certificate for the certificate.
@ -419,7 +419,7 @@ pub struct RevokeCommand {
alias = "cert-file",
help = "The certificate to revoke",
long_help =
"Reads the certificate to revoke from FILE or stdin, if omitted. It is \
"Read the certificate to revoke from FILE or stdin, if omitted. It is \
an error for the file to contain more than one certificate.",
)]
pub input: Option<PathBuf>,
@ -427,9 +427,9 @@ an error for the file to contain more than one certificate.",
#[clap(
long = "revocation-file",
value_name = "KEY_FILE",
help = "Signs the revocation certificate using the key in KEY_FILE",
help = "Sign the revocation certificate using the key in KEY_FILE",
long_help =
"Signs the revocation certificate using the key in KEY_FILE. If the key is \
"Sign the revocation certificate using the key in KEY_FILE. If the key is \
different from the certificate, this creates a third-party revocation. If \
this option is not provided, and the certificate includes secret key material, \
then that key is used to sign the revocation certificate.",
@ -439,7 +439,7 @@ then that key is used to sign the revocation certificate.",
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
@ -497,8 +497,8 @@ that in the future.`",
long,
value_names = &["NAME", "VALUE"],
number_of_values = 2,
help = "Adds a notation to the certification.",
long_help = "Adds a notation to the certification. \
help = "Add a notation to the certification.",
long_help = "Add a notation to the certification. \
A user-defined notation's name must be of the form \
`name@a.domain.you.control.org`. If the notation's name starts \
with a `!`, then the notation is marked as being critical. If a \
@ -520,7 +520,7 @@ that in the future.`",
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}
@ -528,9 +528,9 @@ that in the future.`",
#[derive(Debug, Args)]
#[clap(
name = "extract-cert",
about = "Converts a key to a cert",
about = "Convert a key to a cert",
long_about =
"Converts a key to a cert
"Convert a key to a cert
After generating a key, use this command to get the certificate
corresponding to the key. The key must be kept secure, while the
@ -565,7 +565,7 @@ pub struct ExtractCertCommand {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}
@ -573,9 +573,9 @@ pub struct ExtractCertCommand {
#[derive(Debug, Subcommand)]
#[clap(
name = "userid",
about = "Manages User IDs",
about = "Manage User IDs",
long_about =
"Manages User IDs
"Manage User IDs
Add User IDs to, or strip User IDs from a key.
",
@ -590,9 +590,9 @@ pub enum UseridCommand {
#[derive(Debug, Args)]
#[clap(
about = "Adds a User ID",
about = "Add a User ID",
long_about =
"Adds a User ID
"Add a User ID
A User ID can contain a name, like `Juliet` or an email address, like
`<juliet@example.org>`. Historically, a name and email address were often
@ -642,13 +642,13 @@ pub struct UseridAddCommand {
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}
@ -657,7 +657,7 @@ pub struct UseridAddCommand {
#[clap(
about = "Revoke a User ID",
long_about =
"Revokes a User ID
"Revoke a User ID
Creates a revocation certificate for a User ID.
@ -683,7 +683,7 @@ pub struct UseridRevokeCommand {
alias = "cert-file",
help = "The certificate containing the User ID to revoke",
long_help =
"Reads the certificate to revoke from CERT_FILE or stdin, \
"Read the certificate to revoke from CERT_FILE or stdin, \
if omitted. It is an error for the file to contain more than one \
certificate."
)]
@ -692,9 +692,9 @@ certificate."
#[clap(
long = "revocation-file",
value_name = "KEY_FILE",
help = "Signs the revocation certificate using the key in KEY_FILE",
help = "Sign the revocation certificate using the key in KEY_FILE",
long_help =
"Signs the revocation certificate using the key in KEY_FILE. If the key is \
"Sign the revocation certificate using the key in KEY_FILE. If the key is \
different from the certificate, this creates a third-party revocation. If \
this option is not provided, and the certificate includes secret key material, \
then that key is used to sign the revocation certificate.",
@ -704,7 +704,7 @@ then that key is used to sign the revocation certificate.",
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
@ -759,8 +759,8 @@ that in the future.`",
long,
value_names = &["NAME", "VALUE"],
number_of_values = 2,
help = "Adds a notation to the certification.",
long_help = "Adds a notation to the certification. \
help = "Add a notation to the certification.",
long_help = "Add a notation to the certification. \
A user-defined notation's name must be of the form \
`name@a.domain.you.control.org`. If the notation's name starts \
with a `!`, then the notation is marked as being critical. If a \
@ -782,16 +782,16 @@ that in the future.`",
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}
#[derive(Debug, Args)]
#[clap(
about = "Strips a User ID",
about = "Strip a User ID",
long_about =
"Strips a User ID
"Strip a User ID
Note that this operation does not reliably remove User IDs from a
certificate that has already been disseminated! (OpenPGP software
@ -852,7 +852,7 @@ User ID."
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}
@ -860,9 +860,9 @@ User ID."
#[derive(Debug, Args)]
#[clap(
name = "adopt",
about = "Binds keys from one certificate to another",
about = "Bind keys from one certificate to another",
long_about =
"Binds keys from one certificate to another
"Bind keys from one certificate to another
This command allows one to transfer primary keys and subkeys into an
existing certificate. Say you want to transition to a new
@ -885,25 +885,25 @@ pub struct AdoptCommand {
long = "key",
value_name = "KEY",
required(true),
help = "Adds the key or subkey KEY to the TARGET-KEY",
help = "Add the key or subkey KEY to the TARGET-KEY",
)]
pub key: Vec<KeyHandle>,
#[clap(
long = "expire",
value_name = "KEY-EXPIRATION-TIME",
help = "Makes adopted subkeys expire at the given time",
help = "Make adopted subkeys expire at the given time",
)]
pub expire: Option<Time>,
#[clap(
long = "allow-broken-crypto",
help = "Allows adopting keys from certificates \
help = "Allow adopting keys from certificates \
using broken cryptography",
)]
pub allow_broken_crypto: bool,
#[clap(
default_value_t = FileOrStdin::default(),
value_name = "TARGET-KEY",
help = "Adds keys to TARGET-KEY or reads keys from stdin if omitted",
help = "Add keys to TARGET-KEY or reads keys from stdin if omitted",
)]
pub certificate: FileOrStdin,
#[clap(
@ -917,7 +917,7 @@ pub struct AdoptCommand {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}
@ -925,9 +925,9 @@ pub struct AdoptCommand {
#[derive(Debug, Args)]
#[clap(
name = "attest-certifications",
about = "Attests to third-party certifications",
about = "Attest to third-party certifications",
long_about =
"Attests to third-party certifications allowing for their distribution
"Attest to third-party certifications allowing for their distribution
To prevent certificate flooding attacks, modern key servers prevent
uncontrolled distribution of third-party certifications on
@ -953,19 +953,19 @@ pub struct AttestCertificationsCommand {
#[clap(
long = "none",
conflicts_with = "all",
help = "Removes all prior attestations",
help = "Remove all prior attestations",
)]
pub none: bool,
#[clap(
long = "all",
conflicts_with = "none",
help = "Attests to all certifications [default]",
help = "Attest to all certifications [default]",
)]
pub all: bool,
#[clap(
default_value_t = FileOrStdin::default(),
value_name = "KEY",
help = "Changes attestations on KEY or reads from stdin if omitted",
help = "Change attestations on KEY or reads from stdin if omitted",
)]
pub key: FileOrStdin,
#[clap(
@ -979,7 +979,7 @@ pub struct AttestCertificationsCommand {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
@ -988,9 +988,9 @@ pub struct AttestCertificationsCommand {
#[derive(Debug, Subcommand)]
#[clap(
name = "subkey",
about = "Manages Subkeys",
about = "Manage Subkeys",
long_about =
"Manages Subkeys
"Manage Subkeys
Add new subkeys to an existing key.
",
@ -1005,9 +1005,9 @@ pub enum SubkeyCommand {
#[derive(Debug, Args)]
#[clap(
about = "Adds a newly generated Subkey",
about = "Add a newly generated Subkey",
long_about =
"Adds a newly generated Subkey
"Add a newly generated Subkey
A subkey has one or more flags. `--can-sign` sets the signing flag,
and means that the key may be used for signing. `--can-authenticate`
@ -1080,13 +1080,13 @@ pub struct SubkeyAddCommand {
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
#[clap(
@ -1094,7 +1094,7 @@ pub struct SubkeyAddCommand {
long = "cipher-suite",
value_name = "CIPHER-SUITE",
default_value_t = CipherSuite::Cv25519,
help = "Selects the cryptographic algorithms for the subkey",
help = "Select the cryptographic algorithms for the subkey",
value_enum,
)]
pub cipher_suite: CipherSuite,
@ -1103,10 +1103,10 @@ pub struct SubkeyAddCommand {
value_name = "EXPIRY",
default_value_t = Expiry::Never,
help =
"Defines EXPIRY for the subkey as ISO 8601 formatted string or \
"Define EXPIRY for the subkey as ISO 8601 formatted string or \
custom duration.",
long_help =
"Defines EXPIRY for the subkey as ISO 8601 formatted string or \
"Define EXPIRY for the subkey as ISO 8601 formatted string or \
custom duration. \
If an ISO 8601 formatted string is provided, the validity period \
reaches from the reference time (may be set using `--time`) to \
@ -1118,20 +1118,20 @@ pub struct SubkeyAddCommand {
pub expiry: Expiry,
#[clap(
long = "can-sign",
help = "Adds signing capability to subkey",
help = "Add signing capability to subkey",
)]
pub can_sign: bool,
#[clap(
long = "can-authenticate",
help = "Adds authentication capability to subkey",
help = "Add authentication capability to subkey",
)]
pub can_authenticate: bool,
#[clap(
long = "can-encrypt",
value_name = "PURPOSE",
help = "Adds an encryption capability to subkey [default: universal]",
help = "Add an encryption capability to subkey [default: universal]",
long_help =
"Adds an encryption capability to subkey. \
"Add an encryption capability to subkey. \
Encryption-capable subkeys can be marked as \
suitable for transport encryption, storage \
encryption, or both, i.e., universal. \
@ -1141,7 +1141,7 @@ pub struct SubkeyAddCommand {
pub can_encrypt: Option<EncryptPurpose>,
#[clap(
long = "with-password",
help = "Protects the subkey with a password",
help = "Protect the subkey with a password",
)]
pub with_password: bool,
}
@ -1150,7 +1150,7 @@ pub struct SubkeyAddCommand {
#[clap(
about = "Revoke a subkey",
long_about =
"Revokes a subkey
"Revoke a subkey
Creates a revocation certificate for a subkey.
@ -1177,7 +1177,7 @@ pub struct SubkeyRevokeCommand {
alias = "cert-file",
help = "The certificate containing the subkey to revoke",
long_help =
"Reads the certificate containing the subkey to revoke from FILE or stdin, \
"Read the certificate containing the subkey to revoke from FILE or stdin, \
if omitted. It is an error for the file to contain more than one \
certificate."
)]
@ -1186,10 +1186,10 @@ certificate."
#[clap(
long = "revocation-file",
value_name = "KEY_FILE",
help = "Signs the revocation certificate using the key in KEY_FILE",
help = "Sign the revocation certificate using the key in KEY_FILE",
long_help =
"Signs the revocation certificate using the key in KEY_FILE. If the key \
"Sign the revocation certificate using the key in KEY_FILE. If the key \
is different from the certificate, this creates a third-party revocation. \
If this option is not provided, and the certificate includes secret key \
material, then that key is used to sign the revocation certificate.",
@ -1199,7 +1199,7 @@ material, then that key is used to sign the revocation certificate.",
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
@ -1265,8 +1265,8 @@ the message `I've created a new subkey, please refresh the certificate.`"
long,
value_names = &["NAME", "VALUE"],
number_of_values = 2,
help = "Adds a notation to the certification.",
long_help = "Adds a notation to the certification. \
help = "Add a notation to the certification.",
long_help = "Add a notation to the certification. \
A user-defined notation's name must be of the form \
`name@a.domain.you.control.org`. If the notation's name starts \
with a `!`, then the notation is marked as being critical. If a \
@ -1288,7 +1288,7 @@ the message `I've created a new subkey, please refresh the certificate.`"
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}

10
src/cli/key/expire.rs
View File

@ -43,9 +43,9 @@ test_examples!(sq_key_expire, EXAMPLES);
#[derive(Debug, Args)]
#[clap(
name = "expire",
about = "Changes expiration times",
about = "Change expiration times",
long_about =
"Changes expiration times
"Change expiration times
Keys and their individual subkeys can expire. This subcommand changes
or clears the expiration times.
@ -68,7 +68,7 @@ pub struct Command {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
@ -81,10 +81,10 @@ pub struct Command {
#[clap(
value_name = "EXPIRY",
help =
"Defines EXPIRY for the key as ISO 8601 formatted string or \
"Define EXPIRY for the key as ISO 8601 formatted string or \
custom duration.",
long_help =
"Defines EXPIRY for the key as ISO 8601 formatted string or \
"Define EXPIRY for the key as ISO 8601 formatted string or \
custom duration. \
If an ISO 8601 formatted string is provided, the validity period \
reaches from the reference time (may be set using `--time`) to \

45
src/cli/mod.rs
View File

@ -32,6 +32,9 @@
/// - Subcommands SHOULD be grouped by topic, and ordered from most
/// often used to least often used.
///
/// - Use the imperative mood in the first sentence documenting
/// commands, subcommands, and arguments.
///
/// ## Terminology
///
/// - "certificate" or "cert" instead of "public key", "key", or
@ -203,16 +206,16 @@ pub struct SqCommand {
long = "force",
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Overwrites existing files",
help = "Overwrite existing files",
)]
pub force: bool,
#[clap(
long,
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Disables the use of the key store.",
help = "Disable the use of the key store.",
long_help = "\
Disables the use of the key store.
Disable the use of the key store.
It is still possible to use functionality that does not require the
key store."
@ -225,7 +228,7 @@ key store."
conflicts_with_all = &[ "no_key_store" ],
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Overrides the key store server and its data",
help = "Override the key store server and its data",
long_help = "\
A key store server manages and protects secret key material. By
default, `sq` connects to the key store server listening on
@ -241,9 +244,9 @@ its data in the specified location."
long,
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Disables the use of a certificate store",
help = "Disable the use of a certificate store",
long_help = "\
Disables the use of a certificate store. Normally sq uses the user's \
Disable the use of a certificate store. Normally sq uses the user's \
standard cert-d, which is located in `$HOME/.local/share/pgp.cert.d`."
)]
pub no_cert_store: bool,
@ -254,9 +257,9 @@ standard cert-d, which is located in `$HOME/.local/share/pgp.cert.d`."
conflicts_with_all = &[ "no_cert_store" ],
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Specifies the location of the certificate store",
help = "Specify the location of the certificate store",
long_help = "\
Specifies the location of the certificate store. By default, sq uses \
Specify the location of the certificate store. By default, sq uses \
the OpenPGP certificate directory at `$HOME/.local/share/pgp.cert.d`, \
and creates it if it does not exist."
)]
@ -267,9 +270,9 @@ and creates it if it does not exist."
env = "PEP_CERT_STORE",
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Specifies the location of a pEp certificate store",
help = "Specify the location of a pEp certificate store",
long_help = "\
Specifies the location of a pEp certificate store. sq does not use a \
Specify the location of a pEp certificate store. sq does not use a \
pEp certificate store by default; it must be explicitly enabled \
using this argument or the corresponding environment variable, \
PEP_CERT_STORE. The pEp Engine's default certificate store is at \
@ -281,9 +284,9 @@ PEP_CERT_STORE. The pEp Engine's default certificate store is at \
value_name = "PATH",
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Specifies the location of a keyring to use",
help = "Specify the location of a keyring to use",
long_help = "\
Specifies the location of a keyring to use. Keyrings are used in \
Specify the location of a keyring to use. Keyrings are used in \
addition to any certificate store. The content of the keyring is \
not imported into the certificate store. When a certificate is \
looked up, it is looked up in all keyrings and any certificate \
@ -297,7 +300,7 @@ store, and the results are merged together."
env = "SQ_OUTPUT_FORMAT",
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Produces output in FORMAT, if possible",
help = "Produce output in FORMAT, if possible",
)]
pub output_format: output::OutputFormat,
#[clap(
@ -306,8 +309,8 @@ store, and the results are merged together."
env = "SQ_OUTPUT_VERSION",
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Produces output variant VERSION.",
long_help = "Produces output variant VERSION, such as 0.0.0. \
help = "Produce output variant VERSION.",
long_help = "Produce output variant VERSION, such as 0.0.0. \
The default is the newest version. The output version \
is separate from the version of the sq program. To see \
the current supported versions, use output-versions \
@ -319,8 +322,8 @@ store, and the results are merged together."
value_name = "NOTATION",
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Adds NOTATION to the list of known notations",
long_help = "Adds NOTATION to the list of known notations. \
help = "Add NOTATION to the list of known notations",
long_help = "Add NOTATION to the list of known notations. \
This is used when validating signatures. \
Signatures that have unknown notations with the \
critical bit set are considered invalid."
@ -330,11 +333,11 @@ store, and the results are merged together."
#[clap(
long = "time",
value_name = "TIME",
help = "Sets the reference time as ISO 8601 formatted timestamp",
help = "Set the reference time as ISO 8601 formatted timestamp",
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
long_help = "\
Sets the reference time as an ISO 8601 formatted timestamp. Normally, \
Set the reference time as an ISO 8601 formatted timestamp. Normally, \
commands use the current time as the reference time. This argument allows \
the user to use a difference reference time. For instance, when creating a \
key using `sq key generate`, the creation time is normally set to the \
@ -359,8 +362,8 @@ $ sq --time 20130721T0550+0200 verify msg.pgp
value_name = "FINGERPRINT|KEYID",
global = true,
help_heading = GLOBAL_OPTIONS_HEADER,
help = "Considers the specified certificate to be a trust root",
long_help = "Considers the specified certificate to be a trust root. \
help = "Consider the specified certificate to be a trust root",
long_help = "Consider the specified certificate to be a trust root. \
Trust roots are used by trust models, e.g., the Web of \
Trust, to authenticate certificates and User IDs."
)]

4
src/cli/network.rs
View File

@ -10,9 +10,9 @@ pub mod wkd;
#[derive(Parser, Debug)]
#[clap(
name = "network",
about = "Retrieves and publishes certificates over the network",
about = "Retrieve and publish certificates over the network",
long_about =
"Retrieves and publishes certificates over the network
"Retrieve and publish certificates over the network
OpenPGP certificates can be discovered and updated from, and published
on services accessible over the network. This is a collection of

24
src/cli/network/dane.rs
View File

@ -10,9 +10,9 @@ use crate::cli::types::FileOrStdout;
#[derive(Parser, Debug)]
#[clap(
name = "dane",
about = "Retrieves and publishes certificates via DANE",
about = "Retrieve and publishes certificates via DANE",
long_about =
"Retrieves and publishes certificates via DANE
"Retrieve and publishes certificates via DANE
DNS-Based Authentication of Named Entities (DANE) is a method for
publishing and retrieving certificates in DNS as specified in RFC
@ -35,9 +35,9 @@ pub enum Subcommands {
#[derive(Debug, Args)]
#[clap(
about = "Generates DANE records for the given domain and certs",
about = "Generate DANE records for the given domain and certs",
long_about =
"Generates DANE records for the given domain and certs
"Generate DANE records for the given domain and certs
The certificates are minimized, and one record per email address is
emitted. If multiple user IDs map to one email address, then all
@ -56,13 +56,13 @@ $ sq dane generate example.com certs.pgp
pub struct GenerateCommand {
#[clap(
value_name = "FQDN",
help = "Generates DANE records for this domain name",
help = "Generate DANE records for this domain name",
)]
pub domain: String,
#[clap(
default_value_t = FileOrStdin::default(),
value_name = "CERT-RING",
help = "Emits records for certificates from CERT-RING \
help = "Emit records for certificates from CERT-RING \
(or stdin if omitted)",
)]
pub input: FileOrStdin,
@ -72,7 +72,7 @@ pub struct GenerateCommand {
value_parser = |arg: &str| -> Result<Duration, std::num::ParseIntError>
{ Ok(Duration::from_secs(arg.parse()?)) },
default_value = "10800",
help = "Sets the TTL (maximum cache duration) of the resource records",
help = "Set the TTL (maximum cache duration) of the resource records",
)]
pub ttl: Duration,
#[clap(
@ -84,13 +84,13 @@ pub struct GenerateCommand {
pub size_limit: usize,
#[clap(
long = "generic",
help = "Emits generic resource records [default: OPENPGPKEY records]",
help = "Emit generic resource records [default: OPENPGPKEY records]",
)]
pub generic: bool,
#[clap(
short = 's',
long = "skip",
help = "Skips expired certificates and those that do not have \
help = "Skip expired certificates and those that do not have \
User IDs for given domain.",
)]
pub skip: bool,
@ -98,9 +98,9 @@ pub struct GenerateCommand {
#[derive(Debug, Args)]
#[clap(
about = "Retrieves certificates using DANE",
about = "Retrieve certificates using DANE",
long_about =
"Retrieves certificates using DANE
"Retrieve certificates using DANE
By default, any returned certificates are stored in the local
certificate store. This can be overridden by using `--output`
@ -132,7 +132,7 @@ pub struct FetchCommand {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
#[clap(

8
src/cli/network/fetch.rs
View File

@ -8,9 +8,9 @@ use super::keyserver::DEFAULT_KEYSERVERS;
#[derive(Parser, Debug)]
#[clap(
name = "fetch",
about = "Retrieves certificates using all supported network services",
about = "Retrieve certificates using all supported network services",
long_about =
"Retrieves certificates using all supported network services
"Retrieve certificates using all supported network services
This command will try to locate relevant certificates given a query,
which may be a fingerprint, a key ID, an email address, or a https
@ -46,7 +46,7 @@ pub struct Command {
long = "server",
default_values_t = DEFAULT_KEYSERVERS.iter().map(ToString::to_string),
value_name = "URI",
help = "Sets the key server to use. Can be given multiple times.",
help = "Set the key server to use. Can be given multiple times.",
)]
pub servers: Vec<String>,
@ -61,7 +61,7 @@ pub struct Command {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,

18
src/cli/network/keyserver.rs
View File

@ -17,9 +17,9 @@ pub const DEFAULT_KEYSERVERS: &[&'static str] = &[
#[derive(Parser, Debug)]
#[clap(
name = "keyserver",
about = "Retrieves and publishes certificates via key servers",
about = "Retrieve and publishes certificates via key servers",
long_about =
"Retrieves and publishes certificates via key servers
"Retrieve and publishes certificates via key servers
The OpenPGP HTTP Keyserver Protocol (HKP) is a method for publishing
and retrieving certificates from key servers.
@ -37,7 +37,7 @@ pub struct Command {
// that they are sorted to the bottom.
display_order = 800,
value_name = "URI",
help = "Sets the key server to use. Can be given multiple times.",
help = "Set the key server to use. Can be given multiple times.",
)]
pub servers: Vec<String>,
#[clap(subcommand)]
@ -52,9 +52,9 @@ pub enum Subcommands {
#[derive(Debug, Args)]
#[clap(
about = "Retrieves certificates from key servers",
about = "Retrieve certificates from key servers",
long_about =
"Retrieves certificates from key servers
"Retrieve certificates from key servers
By default, any returned certificates are stored in the local
certificate store. This can be overridden by using `--output`
@ -82,7 +82,7 @@ pub struct FetchCommand {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
@ -105,9 +105,9 @@ pub struct FetchCommand {
#[derive(Debug, Args)]
#[clap(
about = "Publishes certificates on key servers",
about = "Publish certificates on key servers",
long_about = format!(
"Publishes certificates on key servers
"Publish certificates on key servers
Sends certificates to the configured key servers for publication. By
default, the certificates are sent to {}. This can be tweaked using
@ -117,7 +117,7 @@ default, the certificates are sent to {}. This can be tweaked using
pub struct PublishCommand {
#[clap(
long,
help = "Requires that all publish operations succeed \
help = "Require that all publish operations succeed \
and return an error otherwise. \
By default we only require that one publish \
operation succeeds.",

34
src/cli/network/wkd.rs
View File

@ -10,9 +10,9 @@ use crate::cli::types::FileOrStdout;
#[derive(Parser, Debug)]
#[clap(
name = "wkd",
about = "Retrieves and publishes certificates via Web Key Directories",
about = "Retrieve and publishes certificates via Web Key Directories",
long_about =
"Retrieves and publishes certificates via Web Key Directories
"Retrieve and publishes certificates via Web Key Directories
The Web Key Directory (WKD) is a method for publishing and retrieving
certificates from web servers.
@ -35,33 +35,33 @@ pub enum Subcommands {
#[derive(Debug, Args)]
#[clap(
about = "Prints the advanced Web Key Directory URL of an email address",
about = "Print the advanced Web Key Directory URL of an email address",
)]
pub struct UrlCommand {
#[clap(
value_name = "ADDRESS",
help = "Queries for ADDRESS",
help = "Query for ADDRESS",
)]
pub email_address: String,
}
#[derive(Debug, Args)]
#[clap(
about = "Prints the direct Web Key Directory URL of an email address",
about = "Print the direct Web Key Directory URL of an email address",
)]
pub struct DirectUrlCommand {
#[clap(
value_name = "ADDRESS",
help = "Queries for ADDRESS",
help = "Query for ADDRESS",
)]
pub email_address: String,
}
#[derive(Debug, Args)]
#[clap(
about = "Retrieves certificates from a Web Key Directory",
about = "Retrieve certificates from a Web Key Directory",
long_about =
"Retrieves certificates from a Web Key Directory
"Retrieve certificates from a Web Key Directory
By default, any returned certificates are stored in the local
certificate store. This can be overridden by using `--output`
@ -93,7 +93,7 @@ pub struct FetchCommand {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
#[clap(
@ -107,9 +107,9 @@ pub struct FetchCommand {
#[derive(Debug, Args)]
#[clap(
about = "Generates a Web Key Directory for the given domain and certs",
about = "Generate a Web Key Directory for the given domain and certs",
long_about =
"Generates a Web Key Directory for the given domain and certs
"Generate a Web Key Directory for the given domain and certs
If the WKD exists, the new certificates will be inserted and existing
ones will be updated.
@ -135,32 +135,32 @@ $ sq wkd generate /tmp/wkdroot example.com certs.pgp
pub struct GenerateCommand {
#[clap(
value_name = "WEB-ROOT",
help = "Writes the WKD to WEB-ROOT",
long_help = "Writes the WKD to WEB-ROOT. Transfer this directory to \
help = "Write the WKD to WEB-ROOT",
long_help = "Write the WKD to WEB-ROOT. Transfer this directory to \
the webserver.",
)]
pub base_directory: PathBuf,
#[clap(
value_name = "FQDN",
help = "Generates a WKD for a fully qualified domain name for email",
help = "Generate a WKD for a fully qualified domain name for email",
)]
pub domain: String,
#[clap(
default_value_t = FileOrStdin::default(),
value_name = "CERT-RING",
help = "Adds certificates from CERT-RING (or stdin if omitted) to the WKD",
help = "Add certificates from CERT-RING (or stdin if omitted) to the WKD",
)]
pub input: FileOrStdin,
#[clap(
short = 'd',
long = "direct-method",
help = "Uses the direct method [default: advanced method]",
help = "Use the direct method [default: advanced method]",
)]
pub direct_method: bool,
#[clap(
short = 's',
long = "skip",
help = "Skips certificates that do not have User IDs for given domain.",
help = "Skip certificates that do not have User IDs for given domain.",
)]
pub skip: bool,
}

44
src/cli/pki/certify.rs
View File

@ -15,9 +15,9 @@ use crate::cli::types::TrustAmount;
#[derive(Parser, Debug)]
#[clap(
name = "certify",
about = "Certifies a User ID for a Certificate",
about = "Certify a User ID for a Certificate",
long_about = format!(
"Certifies a User ID for a Certificate
"Certify a User ID for a Certificate
Using a certification a keyholder may vouch for the fact that another
certificate legitimately belongs to a user id. In the context of
@ -64,7 +64,7 @@ pub struct Command {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
#[clap(
@ -72,9 +72,9 @@ pub struct Command {
long = "depth",
value_name = "TRUST_DEPTH",
default_value = "0",
help = "Sets the trust depth",
help = "Set the trust depth",
long_help =
"Sets the trust depth (sometimes referred to as the trust level). \
"Set the trust depth (sometimes referred to as the trust level). \
0 means a normal certification of <CERTIFICATE, USERID>. \
1 means CERTIFICATE is also a trusted introducer, 2 means \
CERTIFICATE is a meta-trusted introducer, etc.",
@ -85,9 +85,9 @@ pub struct Command {
long = "amount",
value_name = "AMOUNT",
default_value = "full",
help = "Sets the amount of trust",
help = "Set the amount of trust",
long_help =
"Sets the amount of trust. Values between 1 and 120 are meaningful. \
"Set the amount of trust. Values between 1 and 120 are meaningful. \
120 means fully trusted. Values less than 120 indicate the degree \
of trust. 60 is usually used for partially trusted.",
)]
@ -97,10 +97,10 @@ pub struct Command {
long = "regex",
value_name = "REGEX",
requires = "depth",
help = "Adds a regular expression to constrain \
help = "Add a regular expression to constrain \
what a trusted introducer can certify",
long_help =
"Adds a regular expression to constrain \
"Add a regular expression to constrain \
what a trusted introducer can certify. \
The regular expression must match \
the certified User ID in all intermediate \
@ -113,18 +113,18 @@ pub struct Command {
#[clap(
short = 'l',
long = "local",
help = "Makes the certification a local certification",
help = "Make the certification a local certification",
long_help =
"Makes the certification a local \
"Make the certification a local \
certification. Normally, local \
certifications are not exported.",
)]
pub local: bool,
#[clap(
long = "non-revocable",
help = "Marks the certification as being non-revocable",
help = "Mark the certification as being non-revocable",
long_help =
"Marks the certification as being non-revocable. \
"Mark the certification as being non-revocable. \
That is, you cannot later revoke this \
certification. This should normally only \
be used with an expiration.",
@ -134,8 +134,8 @@ pub struct Command {
long,
value_names = &["NAME", "VALUE"],
number_of_values = 2,
help = "Adds a notation to the certification.",
long_help = "Adds a notation to the certification. \
help = "Add a notation to the certification.",
long_help = "Add a notation to the certification. \
A user-defined notation's name must be of the form \
`name@a.domain.you.control.org`. If the notation's name starts \
with a !, then the notation is marked as being critical. If a \
@ -150,10 +150,10 @@ pub struct Command {
default_value_t =
Expiry::Duration(THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION),
help =
"Defines EXPIRY for the certification as ISO 8601 formatted string or \
"Define EXPIRY for the certification as ISO 8601 formatted string or \
custom duration.",
long_help =
"Defines EXPIRY for the certification as ISO 8601 formatted string or \
"Define EXPIRY for the certification as ISO 8601 formatted string or \
custom duration. \
If an ISO 8601 formatted string is provided, the validity period \
reaches from the reference time (may be set using `--time`) to \
@ -184,7 +184,7 @@ pub struct Command {
help = "Don't fail if the certificate making the \
certification is not alive.",
long_help =
"Allows the key to make a certification even if \
"Allow the key to make a certification even if \
the current time is prior to its creation time \
or the current time is at or after its expiration \
time.",
@ -199,28 +199,28 @@ pub struct Command {
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
#[clap(
value_name = "CERTIFIER-KEY",
required = true,
index = 1,
help = "Creates the certification using CERTIFIER-KEY.",
help = "Create the certification using CERTIFIER-KEY.",
)]
pub certifier: PathBuf,
#[clap(
value_name = "KEY_ID|FINGERPRINT|FILE",
required = true,
index = 2,
help = "Certifies CERTIFICATE.",
help = "Certify CERTIFICATE.",
)]
pub certificate: String,
#[clap(
value_name = "USERID",
required = true,
index = 3,
help = "Certifies USERID for CERTIFICATE.",
help = "Certify USERID for CERTIFICATE.",
)]
pub userid: String,
}

44
src/cli/pki/link.rs
View File

@ -11,9 +11,9 @@ use crate::cli::types::TrustAmount;
#[derive(Parser, Debug)]
#[clap(
name = "link",
about = "Manages authenticated certificate and User ID links",
about = "Manage authenticated certificate and User ID links",
long_about =
"Manages authenticated certificate and User ID links
"Manage authenticated certificate and User ID links
Link a certificate and User ID is one way of making `sq` consider a
binding to be authentic. Another way is to use `sq pki certify` to
@ -153,9 +153,9 @@ pub struct AddCommand {
short = 'd',
long = "depth",
value_name = "TRUST_DEPTH",
help = "Sets the trust depth",
help = "Set the trust depth",
long_help =
"Sets the trust depth (sometimes referred to as the trust level). \
"Set the trust depth (sometimes referred to as the trust level). \
0 means a normal certification of <CERTIFICATE, USERID>. \
1 means CERTIFICATE is also a trusted introducer, 2 means \
CERTIFICATE is a meta-trusted introducer, etc.",
@ -164,9 +164,9 @@ pub struct AddCommand {
#[clap(
long = "ca",
value_name = "*|DOMAIN",
help = "Marks the certificate as a certification authority for a domain",
help = "Mark the certificate as a certification authority for a domain",
long_help =
"Marks the certificate as a certification authority for a \
"Mark the certificate as a certification authority for a \
domain. Use `*` to make the certificate a certification
authority for any User ID.
@ -181,9 +181,9 @@ pub struct AddCommand {
long = "amount",
value_name = "AMOUNT",
default_value = "full",
help = "Sets the amount of trust",
help = "Set the amount of trust",
long_help =
"Sets the amount of trust. Values between 1 and 120 are meaningful. \
"Set the amount of trust. Values between 1 and 120 are meaningful. \
120 means fully trusted. Values less than 120 indicate the degree \
of trust. 60 is usually used for partially trusted.",
)]
@ -192,10 +192,10 @@ pub struct AddCommand {
short = 'r',
long = "regex",
value_name = "REGEX",
help = "Adds a regular expression to constrain \
help = "Add a regular expression to constrain \
what a trusted introducer can certify",
long_help =
"Adds a regular expression to constrain \
"Add a regular expression to constrain \
what a trusted introducer can certify. \
The regular expression must match \
the certified User ID in all intermediate \
@ -209,8 +209,8 @@ pub struct AddCommand {
long,
value_names = &["NAME", "VALUE"],
number_of_values = 2,
help = "Adds a notation to the certification.",
long_help = "Adds a notation to the certification. \
help = "Add a notation to the certification.",
long_help = "Add a notation to the certification. \
A user-defined notation's name must be of the form \
`name@a.domain.you.control.org`. If the notation's name starts \
with a `!`, then the notation is marked as being critical. If a \
@ -238,10 +238,10 @@ pub struct AddCommand {
default_value_t =
Expiry::Never,
help =
"Defines EXPIRY for the acceptance as ISO 8601 formatted string or \
"Define EXPIRY for the acceptance as ISO 8601 formatted string or \
custom duration.",
long_help =
"Defines EXPIRY for the acceptance as ISO 8601 formatted string or \
"Define EXPIRY for the acceptance as ISO 8601 formatted string or \
custom duration. \
If an ISO 8601 formatted string is provided, the validity period \
reaches from the reference time (may be set using `--time`) to \
@ -262,8 +262,8 @@ pub struct AddCommand {
long = "all",
conflicts_with_all = &[ "userid", "email", "petname", "pattern" ],
required = false,
help = "Links all valid self-signed User ID to the certificate.",
long_help = "Links all valid self-signed User ID to the certificate.",
help = "Link all valid self-signed User ID to the certificate.",
long_help = "Link all valid self-signed User ID to the certificate.",
)]
pub all: bool,
@ -322,9 +322,9 @@ pub struct AddCommand {
#[derive(Parser, Debug)]
#[clap(
name = "retract",
about = "Retracts links",
about = "Retract links",
long_about =
"Retracts links
"Retract links
This command retracts links that were previously created using `sq
pki link add`. See that subcommand's documentation for more details.
@ -342,8 +342,8 @@ pub struct RetractCommand {
long,
value_names = &["NAME", "VALUE"],
number_of_values = 2,
help = "Adds a notation to the certification.",
long_help = "Adds a notation to the certification. \
help = "Add a notation to the certification.",
long_help = "Add a notation to the certification. \
A user-defined notation's name must be of the form \
`name@a.domain.you.control.org`. If the notation's name starts \
with a !, then the notation is marked as being critical. If a \
@ -397,9 +397,9 @@ pub struct RetractCommand {
#[derive(Parser, Debug)]
#[clap(
name = "list",
about = "Lists links",
about = "List links",
long_about =
"Lists links
"List links
This command lists all bindings that are linked or whose link has been
retracted.

26
src/cli/sign.rs
View File

@ -14,9 +14,9 @@ use super::types::FileOrStdout;
#[derive(Parser, Debug)]
#[clap(
name = "sign",
about = "Signs messages or data files",
about = "Sign messages or data files",
long_about =
"Signs messages or data files
"Sign messages or data files
Creates signed messages or detached signatures. Detached signatures
are often used to sign software packages.
@ -62,23 +62,23 @@ pub struct Command {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
#[clap(
long,
help = "Creates a detached signature",
help = "Create a detached signature",
)]
pub detached: bool,
#[clap(
long = "cleartext-signature",
help = "Creates a cleartext signature",
help = "Create a cleartext signature",
conflicts_with_all = &[
"detached",
"append",
@ -91,7 +91,7 @@ pub struct Command {
short,
long,
conflicts_with = "notarize",
help = "Appends a signature to existing signature",
help = "Append a signature to existing signature",
)]
pub append: bool,
#[clap(
@ -99,7 +99,7 @@ pub struct Command {
short,
long,
conflicts_with = "append",
help = "Signs a message and all existing signatures",
help = "Sign a message and all existing signatures",
)]
pub notarize: bool,
#[clap(
@ -112,28 +112,28 @@ pub struct Command {
"notarize",
"secret_key_file",
],
help = "Merges signatures from the input and SIGNED-MESSAGE",
help = "Merge signatures from the input and SIGNED-MESSAGE",
)]
pub merge: Option<PathBuf>,
#[clap(
long = "signer-file",
value_name = "KEY_FILE",
help = "Signs the message using the key in KEY_FILE",
help = "Sign the message using the key in KEY_FILE",
)]
pub secret_key_file: Vec<PathBuf>,
#[clap(
long = "signer-key",
value_name = "KEYID|FINGERPRINT",
help = "Signs the message using the specified key on the key store",
help = "Sign the message using the specified key on the key store",
)]
pub signer_key: Vec<KeyHandle>,
#[clap(
long,
value_names = &["NAME", "VALUE"],
number_of_values = 2,
help = "Adds a notation to the certification.",
help = "Add a notation to the certification.",
conflicts_with = "merge",
long_help = "Adds a notation to the certification. \
long_help = "Add a notation to the certification. \
A user-defined notation's name must be of the form \
`name@a.domain.you.control.org`. If the notation's name starts \
with a `!`, then the notation is marked as being critical. If a \

6
src/cli/toolbox/armor.rs
View File

@ -10,9 +10,9 @@ use crate::cli::types::FileOrStdout;
#[derive(Parser, Debug)]
#[clap(
name = "armor",
about = "Converts binary to ASCII",
about = "Convert binary to ASCII",
long_about =
"Converts binary to ASCII
"Convert binary to ASCII
To make encrypted data easier to handle and transport, OpenPGP data
can be transformed to an ASCII representation called ASCII Armor. sq
@ -49,7 +49,7 @@ pub struct Command {
#[clap(
long = "label",
value_name = "LABEL",
help = "Selects the kind of armor header",
help = "Select the kind of armor header",
default_value_t = ArmorKind::Auto,
value_enum
)]

4
src/cli/toolbox/dearmor.rs
View File

@ -7,9 +7,9 @@ use crate::cli::types::FileOrStdout;
#[derive(Parser, Debug)]
#[clap(
name = "dearmor",
about = "Converts ASCII to binary",
about = "Convert ASCII to binary",
long_about =
"Converts ASCII to binary
"Convert ASCII to binary
To make encrypted data easier to handle and transport, OpenPGP data
can be transformed to an ASCII representation called ASCII Armor. sq

58
src/cli/toolbox/keyring.rs
View File

@ -14,9 +14,9 @@ use crate::cli::types::FileOrStdout;
#[derive(Parser, Debug)]
#[clap(
name = "keyring",
about = "Manages collections of keys or certs",
about = "Manage collections of keys or certs",
long_about =
"Manages collections of keys or certs
"Manage collections of keys or certs
Collections of keys or certificates (also known as \"keyrings\" when
they contain secret key material, and \"certrings\" when they don't) are
@ -44,9 +44,9 @@ pub enum Subcommands {
#[derive(Debug, Args)]
#[clap(
about = "Joins keys into a keyring applying a filter",
about = "Join keys into a keyring applying a filter",
long_about =
"Joins keys into a keyring applying a filter
"Join keys into a keyring applying a filter
This can be used to filter keys based on given predicates,
e.g. whether they have a user id containing an email address with a
@ -87,7 +87,7 @@ $ sq toolbox keyring filter --domain example.org --prune-certs \\
",
)]
pub struct FilterCommand {
#[clap(value_name = "FILE", help = "Reads from FILE or stdin if omitted")]
#[clap(value_name = "FILE", help = "Read from FILE or stdin if omitted")]
pub input: Vec<PathBuf>,
#[clap(
default_value_t = FileOrStdout::default(),
@ -100,7 +100,7 @@ pub struct FilterCommand {
#[clap(
long = "userid",
value_name = "USERID",
help = "Matches on USERID",
help = "Match on USERID",
long_help = "Case-sensitively matches on the \
user id, requiring an exact match.",
)]
@ -108,8 +108,8 @@ pub struct FilterCommand {
#[clap(
long = "name",
value_name = "NAME",
help = "Matches on NAME",
long_help = "Parses user ids into name and email \
help = "Match on NAME",
long_help = "Parse user ids into name and email \
and case-sensitively matches on the \
name, requiring an exact match.",
)]
@ -117,8 +117,8 @@ pub struct FilterCommand {
#[clap(
long = "email",
value_name = "ADDRESS",
help = "Matches on email ADDRESS",
long_help = "Parses user ids into name and email \
help = "Match on email ADDRESS",
long_help = "Parse user ids into name and email \
address and case-sensitively matches \
on the email address, requiring an exact match.",
)]
@ -126,9 +126,9 @@ pub struct FilterCommand {
#[clap(
long = "domain",
value_name = "FQDN",
help = "Matches on email domain FQDN",
help = "Match on email domain FQDN",
long_help =
"Parses user ids into name and email \
"Parse user ids into name and email \
address and case-sensitively matches \
on the domain of the email address, \
requiring an exact match.",
@ -137,9 +137,9 @@ pub struct FilterCommand {
#[clap(
long = "handle",
value_name = "FINGERPRINT|KEYID",
help = "Matches on (sub)key fingerprints and key ids",
help = "Match on (sub)key fingerprints and key ids",
long_help =
"Matches on both primary keys and subkeys, \
"Match on both primary keys and subkeys, \
including those certificates that match the \
given fingerprint or key id.",
)]
@ -147,18 +147,18 @@ pub struct FilterCommand {
#[clap(
short = 'P',
long = "prune-certs",
help = "Removes certificate components not matching the filter",
help = "Remove certificate components not matching the filter",
)]
pub prune_certs: bool,
#[clap(
short = 'B',
long = "binary",
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
#[clap(
long = "to-cert",
help = "Converts any keys in the input to \
help = "Convert any keys in the input to \
certificates. Converting a key to a \
certificate removes secret key material \
from the key thereby turning it into \
@ -169,9 +169,9 @@ pub struct FilterCommand {
#[derive(Debug, Args)]
#[clap(
about = "Merges keys or keyrings into a single keyring",
about = "Merge keys or keyrings into a single keyring",
long_about =
"Merges keys or keyrings into a single keyring
"Merge keys or keyrings into a single keyring
Multiple
versions of the same certificate are merged together. Where data is
@ -186,7 +186,7 @@ $ sq toolbox keyring merge certs.pgp romeo-updates.pgp
",
)]
pub struct MergeCommand {
#[clap(value_name = "FILE", help = "Reads from FILE or stdin if omitted")]
#[clap(value_name = "FILE", help = "Read from FILE or stdin if omitted")]
pub input: Vec<PathBuf>,
#[clap(
default_value_t = FileOrStdout::default(),
@ -199,16 +199,16 @@ pub struct MergeCommand {
#[clap(
short = 'B',
long = "binary",
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}
#[derive(Debug, Args)]
#[clap(
about = "Lists keys in a keyring",
about = "List keys in a keyring",
long_about =
"Lists keys in a keyring
"List keys in a keyring
Prints the fingerprint as well as the primary userid for every
certificate encountered in the keyring.
@ -233,8 +233,8 @@ pub struct ListCommand {
pub input: FileOrStdin,
#[clap(
long = "all-userids",
help = "Lists all user ids",
long_help = "Lists all user ids, even those that are \
help = "List all user ids",
long_help = "List all user ids, even those that are \
expired, revoked, or not valid under the \
standard policy.",
)]
@ -243,9 +243,9 @@ pub struct ListCommand {
#[derive(Debug, Args)]
#[clap(
about = "Splits a keyring into individual keys",
about = "Split a keyring into individual keys",
long_about =
"Splits a keyring into individual keys
"Split a keyring into individual keys
Splitting up a keyring into individual keys helps with curating a
keyring.
@ -273,14 +273,14 @@ pub struct SplitCommand {
short = 'p',
long = "prefix",
value_name = "PREFIX",
help = "Writes to files with PREFIX \
help = "Write to files with PREFIX \
[defaults: `FILE-` if FILE is set, or `output-` if read from stdin]",
)]
pub prefix: Option<String>,
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}

44
src/cli/toolbox/packet.rs
View File

@ -44,9 +44,9 @@ pub enum Subcommands {
#[derive(Debug, Args)]
#[clap(
about = "Lists packets",
about = "List packets",
long_about =
"Lists packets
"List packets
Creates a human-readable description of the packet sequence.
Additionally, it can print cryptographic artifacts, and print the raw
@ -90,34 +90,34 @@ pub struct DumpCommand {
#[clap(
long = "session-key",
value_name = "SESSION-KEY",
help = "Decrypts an encrypted message using SESSION-KEY",
help = "Decrypt an encrypted message using SESSION-KEY",
)]
pub session_key: Vec<SessionKey>,
#[clap(
long = "recipient-file",
value_name = "KEY_FILE",
help = "Decrypts the message using the key in KEY_FILE",
help = "Decrypt the message using the key in KEY_FILE",
)]
pub recipient_file: Vec<PathBuf>,
#[clap(
long = "mpis",
help = "Prints cryptographic artifacts",
help = "Print cryptographic artifacts",
)]
pub mpis: bool,
#[clap(
short = 'x',
long = "hex",
help = "Prints a hexdump",
help = "Print a hexdump",
)]
pub hex: bool,
}
#[derive(Debug, Args)]
#[clap(
about = "Unwraps an encryption container",
long_about = "Unwraps an encryption container
about = "Unwrap an encryption container",
long_about = "Unwrap an encryption container
Decrypts a message, dumping the content of the encryption container
without further processing. The result is a valid OpenPGP message
@ -149,38 +149,38 @@ pub struct DecryptCommand {
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
#[clap(
long = "recipient-file",
value_name = "KEY_FILE",
help = "Decrypts the message using the key in KEY_FILE",
help = "Decrypt the message using the key in KEY_FILE",
)]
pub secret_key_file: Vec<PathBuf>,
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
help = "Provide parameters for private key store",
)]
pub private_key_store: Option<String>,
#[clap(
long = "session-key",
value_name = "SESSION-KEY",
help = "Decrypts an encrypted message using SESSION-KEY",
help = "Decrypt an encrypted message using SESSION-KEY",
)]
pub session_key: Vec<SessionKey>,
#[clap(
long = "dump-session-key",
help = "Prints the session key to stderr",
help = "Print the session key to stderr",
)]
pub dump_session_key: bool,
}
#[derive(Debug, Args)]
#[clap(
about = "Splits a message into packets",
long_about = "Splits a message into packets
about = "Split a message into packets",
long_about = "Split a message into packets
Splitting a packet sequence into individual packets, then recombining
them freely with `sq toolbox packet join` is a great way to experiment with
@ -206,14 +206,14 @@ pub struct SplitCommand {
short = 'B',
long,
requires = "prefix",
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
#[clap(
short = 'p',
long = "prefix",
value_name = "PREFIX",
help = "Writes to files with PREFIX \
help = "Write to files with PREFIX \
[defaults: `FILE-` if FILE is set, or `output-` if read from stdin]",
)]
pub prefix: Option<OsString>,
@ -221,8 +221,8 @@ pub struct SplitCommand {
#[derive(Debug, Args)]
#[clap(
about = "Joins packets split across files",
long_about = "Joins packets split across files
about = "Join packets split across files",
long_about = "Join packets split across files
Splitting a packet sequence into individual packets, then recombining
them freely with `sq toolbox packet join` is a great way to experiment with
@ -241,7 +241,7 @@ $ sq toolbox packet join juliet.pgp-[0-3]*
",
)]
pub struct JoinCommand {
#[clap(value_name = "FILE", help = "Reads from FILE or stdin if omitted")]
#[clap(value_name = "FILE", help = "Read from FILE or stdin if omitted")]
pub input: Vec<PathBuf>,
#[clap(
default_value_t = FileOrStdout::default(),
@ -256,14 +256,14 @@ pub struct JoinCommand {
value_name = "LABEL",
default_value_t = ArmorKind::Auto,
conflicts_with = "binary",
help = "Selects the kind of armor header",
help = "Select the kind of armor header",
value_enum,
)]
pub kind: ArmorKind,
#[clap(
short = 'B',
long,
help = "Emits binary data",
help = "Emit binary data",
)]
pub binary: bool,
}

12
src/cli/types.rs
View File

@ -105,9 +105,9 @@ pub struct FileOrStdin(Option<PathBuf>);
impl ClapData for FileOrStdin {
const VALUE_NAME: &'static str = "FILE";
const HELP_REQUIRED: &'static str =
"Reads from FILE or stdin if FILE is '-'";
"Read from FILE or stdin if FILE is '-'";
const HELP_OPTIONAL: &'static str =
"Reads from FILE or stdin if omitted";
"Read from FILE or stdin if omitted";
}
impl FileOrStdin {
@ -238,10 +238,10 @@ pub struct FileOrCertStore{}
impl ClapData for FileOrCertStore {
const VALUE_NAME: &'static str = "FILE";
const HELP_REQUIRED: &'static str
= "Writes to FILE (or stdout if FILE is '-') instead of \
= "Write to FILE (or stdout if FILE is '-') instead of \
importing into the certificate store";
const HELP_OPTIONAL: &'static str
= "Writes to FILE (or stdout when omitted) instead of \
= "Write to FILE (or stdout when omitted) instead of \
importing into the certificate store";
}
@ -281,9 +281,9 @@ pub struct FileOrStdout {
impl ClapData for FileOrStdout {
const VALUE_NAME: &'static str = "FILE";
const HELP_REQUIRED: &'static str =
"Writes to FILE or stdout if FILE is '-'";
"Write to FILE or stdout if FILE is '-'";
const HELP_OPTIONAL: &'static str =
"Writes to FILE or stdout if omitted";
"Write to FILE or stdout if omitted";
}
impl FileOrStdout {

16
src/cli/verify.rs
View File

@ -14,8 +14,8 @@ use super::types::FileOrStdout;
#[derive(Parser, Debug)]
#[clap(
name = "verify",
about = "Verifies signed messages or detached signatures",
long_about = "Verifies signed messages or detached signatures
about = "Verify signed messages or detached signatures",
long_about = "Verify signed messages or detached signatures
When verifying signed messages, the message is written to stdout or
the file given to `--output`.
@ -80,7 +80,7 @@ pub struct Command {
#[clap(
long = "detached",
value_name = "SIG",
help = "Verifies a detached signature"
help = "Verify a detached signature"
)]
pub detached: Option<PathBuf>,
#[clap(
@ -88,8 +88,8 @@ pub struct Command {
long = "signatures",
value_name = "N",
default_value_t = 1,
help = "Sets the threshold of valid signatures to N",
long_help = "Sets the threshold of valid signatures to N. \
help = "Set the threshold of valid signatures to N",
long_help = "Set the threshold of valid signatures to N. \
If this threshold is not reached, the message \
will not be considered verified."
)]
@ -97,7 +97,7 @@ pub struct Command {
#[clap(
long = "signer-file",
value_name = "CERT_FILE",
help = "Verifies signatures using the certificate in CERT_FILE",
help = "Verify signatures using the certificate in CERT_FILE",
)]
// TODO: Should at least one sender_file be required? Verification does not make sense
// without one, does it?
@ -105,9 +105,9 @@ pub struct Command {
#[clap(
long = "signer-cert",
value_name = "FINGERPRINT|KEYID",
help = "Verifies signatures using the specified certificate",
help = "Verify signatures using the specified certificate",
long_help = "\
Verifies signatures using the specified certificate. This reads the
Verify signatures using the specified certificate. This reads the
certificate from the certificate store, and considers it to be
authenticated. When this option is not provided, the certificate is
still read from the certificate store, if it exists, but it is not