Change sq verify to respect the reference time.

- Change `sq verify` to respect the user-supplied reference time.
This commit is contained in:
Neal H. Walfield 2023-03-25 10:34:55 +01:00
parent 92f49b3ac1
commit 62e6b4cb8b
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
3 changed files with 10 additions and 3 deletions

View File

@ -642,12 +642,12 @@ pub fn verify(config: Config,
let helper = VHelper::new(&config, signatures, certs);
let helper = if let Some(dsig) = detached {
let mut v = DetachedVerifierBuilder::from_reader(dsig)?
.with_policy(&config.policy, None, helper)?;
.with_policy(&config.policy, Some(config.time), helper)?;
v.verify_reader(input)?;
v.into_helper()
} else {
let mut v = VerifierBuilder::from_reader(input)?
.with_policy(&config.policy, None, helper)?;
.with_policy(&config.policy, Some(config.time), helper)?;
io::copy(&mut v, output)?;
v.into_helper()
};

View File

@ -133,7 +133,7 @@ Sets the reference time as an ISO 8601 formatted timestamp. Normally, \
commands use the current time as the reference time. This argument allows \
the user to use a difference reference time. For instance, when creating a \
key using \"sq key generate\", the creation time is normally set to the \
current time, but can be overriden using this option. Similarly, when \
current time, but can be overridden using this option. Similarly, when \
verifying a message, the message is verified with respect to the current \
time. This option allows the user to use a different time.

View File

@ -29,6 +29,10 @@ The converse operation is \"sq sign\".
If you are looking for a standalone program to verify detached
signatures, consider using sequoia-sqv.
\"sq verify\" respects the reference time set by the top-level
\"--time\" argument. When set, it verifies the message as of the
reference time instead of the current time.
",
after_help =
"EXAMPLES:
@ -38,6 +42,9 @@ $ sq verify --signer-file juliet.pgp signed-message.pgp
# Verify a detached message
$ sq verify --signer-file juliet.pgp --detached message.sig message.txt
# Verify a message as of June 9, 2011 at midnight UTC:
$ sq verify --time 20130721 msg.pgp
",
)]
pub struct Command {