slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change --cert to only look up by primary key fingerprint.

Browse Source 
- See #207.
This commit is contained in:
Justus Winter 2024-10-22 11:50:49 +02:00
parent 964b5d18ef
commit 8c47caaee9
No known key found for this signature in database
GPG Key ID: 686F55B4AB2B3386
4 changed files with 8 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -109,6 +109,7 @@
- `sq autocrypt import` has been merged into `sq cert import`.
- `sq autocrypt decode` and `sq autocrypt encode-sender` are
removed without substitute.
- `--cert` now only looks up by primary key fingerprint.
* Changes in 0.38.0
** Notable changes

7
src/sq.rs
View File

@ -1673,11 +1673,6 @@ impl<'store: 'rstore, 'rstore> Sq<'store, 'rstore> {
/// Resolve cert designators to certificates.
///
/// When matching on a subkey via `--cert`, the subkey must be
/// bound to the certificate, but a back signature is not
/// required. If a subkey is bound to multiple certificates, all
/// of the certificates are returned.
///
/// When matching on a user ID, a certificate is only returned if
/// the matching user ID can be authenticated at the specified
/// amount (`trust_amount`). Note: when `trust_amount` is 0,
@ -1828,7 +1823,7 @@ impl<'store: 'rstore, 'rstore> Sq<'store, 'rstore> {
CertDesignator::Cert(kh) => {
t!("Looking up certificate by handle {}", kh);
match cert_store()?.lookup_by_cert_or_subkey(kh) {
match cert_store()?.lookup_by_cert(kh) {
Ok(matches) => {
// If the designator doesn't match
// anything, we can sometimes provide a

15
tests/integration/sq_cert_export.rs
View File

@ -137,17 +137,8 @@ fn sq_cert_export() -> Result<()>
let cert = data.cert.as_ref().unwrap();
// Export them by the cert's fingerprint and keyid.
for ka in cert.keys() {
for kh in [ KeyHandle::from(ka.fingerprint()),
KeyHandle::from(ka.keyid()) ]
{
call(&["--cert", &kh.to_string()], true, &[data]);
}
}
// Export them by fingerprint and keyid.
for kh in cert.keys().map(|ka| KeyHandle::from(ka.fingerprint()))
.chain(cert.keys().map(|ka| KeyHandle::from(ka.keyid())))
for kh in [KeyHandle::from(cert.fingerprint()),
KeyHandle::from(cert.keyid())]
{
call(&["--cert", &kh.to_string()], true, &[data]);
}
@ -210,8 +201,6 @@ fn sq_cert_export() -> Result<()>
// Match a cert in many ways. It should only be exported
// once.
call(&["--cert", &carol.cert().fingerprint().to_string(),
"--cert",
&carol.cert().keys().nth(1).unwrap().fingerprint().to_string(),
"--userid", carol.userids[0],
"--email", "carol@sub.example.org",
"--domain", "other.org"

12
tests/integration/sq_encrypt.rs
View File

@ -138,8 +138,8 @@ fn sq_encrypt_using_cert_store() -> Result<()>
// Try to encrypt a message. This should fail, because we
// haven't imported the key.
for kh in cert.keys().map(|ka| KeyHandle::from(ka.fingerprint()))
.chain(cert.keys().map(|ka| KeyHandle::from(ka.keyid())))
for kh in [KeyHandle::from(cert.fingerprint()),
KeyHandle::from(cert.keyid())]
{
assert!(
sq.encrypt_maybe(&["--for", &kh.to_string()], b"")
@ -153,8 +153,8 @@ fn sq_encrypt_using_cert_store() -> Result<()>
// Now we should be able to encrypt a message to it, and
// decrypt it.
for kh in cert.keys().map(|ka| KeyHandle::from(ka.fingerprint()))
.chain(cert.keys().map(|ka| KeyHandle::from(ka.keyid())))
for kh in [KeyHandle::from(cert.fingerprint()),
KeyHandle::from(cert.keyid())]
{
let ciphertext = sq.encrypt(
&["--for", &kh.to_string()], MESSAGE);
@ -525,10 +525,6 @@ fn sq_encrypt_cert_designators() -> Result<()>
(&[-1, 0, 2][..], (&alice_enc, Some(&alice_fpr), None, None)),
(&[-1, 2], (&bob_enc, Some(&bob_fpr), None, None)),
(&[-1, 0, 1, 4], (&mallory_enc, Some(&mallory_fpr), None, None)),
// Subkey fingerprint.
(&[-2, 1, 2], (&alice_enc, Some(&alice_enc), None, None)),
(&[-2, 0], (&bob_enc, Some(&bob_enc), None, None)),
(&[-2, 1, 2, 3], (&mallory_enc, Some(&mallory_enc), None, None)),
// User ID.
(&[-3, 0, 3], (&alice_enc, None, Some(&alice_userid[..]), None)),
(&[-3, 2, 3], (&bob_enc, None, Some(&bob_userid1[..]), None)),