IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Rename `--userid-or-add`, `--email-or-add`, and `--name-or-add`
respectively to `--add-userid`, `--add-email`, and `--add-name`.
- These names more closely match their new semantics: they don't
first try and match a self-signed user ID, but just use a user ID
consisting of the argument's value.
- `sq sign --signature-file` now takes a value specifying where the
signature should be written to. It conflicts with `--output`.
This aligns `sq sign` with `sq verify`.
- Fixes#444.
- Invoking it now requires the `--experimental` flag. This is a
template that we may use to introduce features into sq with a bit
of a chance to stabilize it over time.
- Fixes#455.
- When generating keys, either `--own-key` or `--shared-key` has to
be given. The former marks the key's user IDs as authenticated
and makes it a trusted introducer. The latter marks the key's
user IDs as authenticated, and marks the key as a group key.
- Fixes#452.
- Rename `--add-userid` to `--userid-or-add`, `--add-email` to
`--email-or-add`, and `--add-name` to `--name-or-add`. The new
names better reflect the semantics: we first try to select a user
ID based on the designator, and then fall back to adding it as it.
- Commands like `sq pki vouch certify` allow designating a user ID
by email address. Currently, if multiple self-signed user IDs
include the specified email address, all are used. Change the
semantics of `--email` and --add-email` to only match
unambiguously.
- Fixes#309.
- `sq pki link add`, `sq pki link authorize`, `sq pki vouch
certify`, and `sq pki vouch authorize` have a `--add-userid` flag.
- Replace the `--add-userid` flag with an `--add-userid` argument,
and an `--add-email` argument.
- This change means that a flag does not change how an argument is
interpreted. It also makes it more explicit whether a user ID
should be added, because `--userid` and `--email` could be given
multiple times.
- See #309 and #318.
- The flag `sq sign --detached` is now called `sq sign
--signature-file`.
- The flag `sq sign --clearsign` is now called `sq sign
--cleartext`.
- Both `sq sign` and `sq verify` now require an explicit mode,
one of `--signature-file`, `--message`, or `--cleartext`.
- Fixes#430.
- Signature verification output is confusing. The main problem is
the terminology. It talks about "good signatures", "good
checksums", and "bad checksums," but it is unclear what good or
bad means, and what a checksum is. Instead, talk about
"authenticated signatures," "unauthenticated signatures," and
completely drop the term "checksum" and just say that the
certificate for the alleged signer is missing.
- Fixes#4.
- `sq pki certify` uses a positional argument to specify the
certificate to certify. Change it to be a named argument, either
`--cert`, or `--cert-file`.
- See #318.
- Although Sequoia is able to use user ID-less certificates, they
don't have good support in the ecosystem, and are probably not
what most users want.
- Consequently, don't make user ID-less certificates the default.
Instead, require users to opt in by passing the `--no-userids` flag
to `sq key generate`.
- Fixes#223.
- Support using keys managed by `sequoia-keystore`.
- When decrypting a message, have `sq` automatically ask the
key store to decrypt the PKESKs.
- Extend `sq sign` and `sq encrypt` with the `--signer-key`
parameter to use a key managed by the keystore.
- Add two top-level options: `--no-key-store`, which disables the
use of the key store, and `--key-store`, which uses an alternate
key store instance.
- Add `sq key list` to list keys on the key store.
- This is the less useful and more dangerous variant of sq keyring
merge. The former does not merge two copies of the same
certificate into one, and is likely not what the user wants or
expects, and the resulting keyring is more likely to cause
problems when consumed by implementations.
- Further, we have to explain the difference between join and merge,
hurting ergonomics.
- Once, sq keyring join had the advantage of not buffering
certificates, but we now do that in order to produce the right
labels, so even that advantage was gone.
- Remove it. Developers who want to produce keyrings with multiple
copies of the same cert for testing purposes can do so with sq
packet join.
- Adapt the subplot tests. Notably, as sq keyring merge does not
preserve the order of certs as encountered in the inputs (should
it?), but orders them by fingerprint, the order in the output is
not predictable. To work around, just test listing one key.
- While sq packet isn't quite the right home for these commands,
they shouldn't be featured so prominently and clutter the
top-level subcommand hierarchy.
- See also #169.
- Currently, sequoia-openpgp miscomputes notarization
signatures (see
https://gitlab.com/sequoia-pgp/sequoia/-/issues/1041) and fixing
that has proven to be difficult. Disable this functionality until
we sorted out the underlying implementation.
Instead of using a non-uniform `--export` for `sq key generate` to
indicate the file path to output to, rely on the generic `--output`,
provided by `sq_cli::types::FileOrStdout`.
- Change the behavior of the `sq certify`, `sq key generate` and `sq
link add` subcommands to rely on a single `--expiry` input argument
(same as `sq key subkey generate`), which replaces `--expires` and
`--expires-in`. This allows to directly parse a specific ISO 8601
timestamp, a custom duration or `"never"` and create a verified data
type that can be used further.
- Use `Expiry::as_duration()` in `sq certify` and `sq key`
subcommands to calculate the validity (duration until expiration) of
certifications and keys.
- Add the constants `KEY_VALIDITY_IN_YEARS` and
`THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS` to `sq_cli` to allow
centralized modifications of the default validity duration of keys and
certifications (in years).
- Add the constants `KEY_VALIDITY_DURATION` and
`THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION` to provide
the default `Duration` for keys/subkeys and third party
certifications (based on `KEY_VALIDITY_IN_YEARS` and
`THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS`).