1427 Commits

Author SHA1 Message Date
Justus Winter
f8e32f2f16
Update itertools. 2023-11-29 13:33:27 +01:00
Justus Winter
537433d790
Update openssl to 0.10.60.
- Fixes https://rustsec.org/advisories/RUSTSEC-2023-0072
2023-11-29 11:57:11 +01:00
Justus Winter
cc1225f841
Require that only one keyserver send operation succeeds.
- Add a switch, --require-all, that checks that all send operations
    succeed, and returns an error otherwise.
2023-11-28 19:22:48 +01:00
Justus Winter
5127f1abb7
Improve formatting of the import output. 2023-11-28 17:44:07 +01:00
Justus Winter
424646e0f8
Make provenance information less overwhelming.
- See #156.
2023-11-28 17:26:30 +01:00
Justus Winter
e0e8b8f32c
Compute best-effort primary user ids, escape them when displaying.
- They may contain special characters and trick the user.  The
    current way to detect dodgy characters and escape them may not be
    the best, but it is better than the status quo, and we now encode
    intent.
2023-11-28 17:25:21 +01:00
Justus Winter
041574d320
Merge certs before importing them. 2023-11-28 12:52:50 +01:00
Justus Winter
712add9679
Align the keyserver options between sq lookup and sq keyserver. 2023-11-28 12:44:43 +01:00
Justus Winter
67b65ba55a
Use four keyservers by default.
- By using more than one keyserver, we increase the chance of
    successfully finding certificates and updates.  Further, multipath
    discovery increases robustness in the face of an attacker or
    censor.

  - We use keys.openpgp.org, the Proton key server, the Mailvelope
    keyserver, and the Ubuntu keyserver.
2023-11-28 12:38:01 +01:00
Justus Winter
e89a0b6c36
Implement sq lookup.
- Fixes #63.
2023-11-28 09:48:52 +01:00
Justus Winter
376438330e
Share the bulk of the network client code across protocols. 2023-11-28 09:48:52 +01:00
Justus Winter
6f9269b9c0
When emitting keyrings, merge the certs first.
- Now that we query multiple keyservers, or query for multiple certs
    in the network routines, we very well get the same cert twice.
    Merge them if we emit a keyring.
2023-11-28 09:08:47 +01:00
Justus Winter
d4632beb77
Refactor network client code so that it can be shared. 2023-11-28 09:08:46 +01:00
Justus Winter
975ce49581
Use the multi-threaded tokio runtime for network lookups. 2023-11-27 17:48:12 +01:00
Justus Winter
fb31dd6225
Proton has two API endpoints, unify them.
- I was assured privately that they should always return the same
    information, but unfortunately there is no public documentation
    about the Proton key server.  In any case, they are controlled by
    the same entity, thus should be considered the same for our
    purposes.
2023-11-27 17:43:48 +01:00
Justus Winter
f3757c004e
Revert argument long form.
- Renaming the struct field also changed the long form option, undo
    this by explicitly specifying it.

  - Fixes 337589fe9ee56d43bf67941cfe59243f48745646.
2023-11-27 16:35:10 +01:00
Justus Winter
68353596cf
Fix the time in the example.
- Fixes 16fd67a10c9d4ea5350fa4173e7603cf6e27a7a3.
2023-11-27 14:41:53 +01:00
Justus Winter
23d6621e37
Implement autocrypt import.
- Fixes #138.
2023-11-27 13:34:01 +01:00
Justus Winter
187b10e321
Make import and certification functions public. 2023-11-27 13:33:24 +01:00
Justus Winter
337589fe9e
Support querying multiple keyservers simultaneously.
- By default we only query keys.openpgp.org, but multiple servers
    can be specified now.

  - Fixes #64.
2023-11-27 12:02:19 +01:00
Justus Winter
c6152c4846
Allow multiple, simultaneous DANE queries in one invocation.
- Fixes #141.
2023-11-24 17:40:26 +01:00
Justus Winter
ddbe7a2681
Allow multiple, simultaneous WKD queries in one invocation.
- See #141.
2023-11-24 17:40:26 +01:00
Justus Winter
a6f36bc7b5
Allow multiple, simultaneous keyserver queries in one invocation.
- See #141.
2023-11-24 17:40:26 +01:00
Justus Winter
4b9c0d57e8
Generate DANE OPENPGPKEY records.
- Fixes #152.
2023-11-24 17:40:26 +01:00
Justus Winter
adc2ed4773
Port to sequoia-net 0.28.0. 2023-11-24 17:40:26 +01:00
Justus Winter
62dbde6b03
Silence compiler warning.
- This import is not necessary if the dot-writer feature is enabled,
    but necessary if it is not.
2023-11-24 17:40:26 +01:00
Justus Winter
041a41c01c
Port to sequoia-openpgp 1.17. 2023-11-24 17:40:26 +01:00
Justus Winter
de42ad66c9
ci: Use Debian Trixie, Rust 1.67. 2023-11-24 17:40:26 +01:00
Justus Winter
1837674639
Fix typos. 2023-11-24 17:17:18 +01:00
Neal H. Walfield
dcea72208a
Fix license
- On October 18, 2021, Sequoia PGP's license was changed from the
    GPL to the LGPL.  Unfortunately, we forgot to update sq's license.

  - See 884639bf1b

  - Change Sequoia's license from GPL 2.0 or later to LGPL 2.0 or
    later as unanimously decided on October 18, 2021 by:

      - Christof Wahl <cw@pep.security> (pEp security CEO)
      - Heiko Schaefer <heiko.schaefer@posteo.de> (pEp Foundation
        employee, Sequoia developer)
      - Justus Winter <justus@sequoia-pgp.org> (pEp Foundation
        employee, Sequoia Founder)
      - Neal H. Walfield <neal@pep.foundation> (pEp Foundation
        employee, Sequoia Founder)
      - Patrick Meier <pm@pep.security> (pEp security Chief Product
        and Service Officer)
      - Rudolf Bohli <rb@pep.security> (pEp security Chairman of the
        Board)
      - Volker Birk <vb@pep.security> (pEp security Founder, pEp
        Foundation Council)
2023-11-24 16:37:14 +01:00
Justus Winter
7de29e7351
Make the dot-writer dependency optional.
- The dot-writer crate is unmaintained, and prevents upgrading sq in
    Fedora.  As a short-term workaround, we make this dependency
    optional so that it can be easily patched out by packagers.  The
    same has been done for the sq-wot tool.

    - https://gitlab.com/sequoia-pgp/sequoia-wot/-/issues/51
    - https://gitlab.com/sequoia-pgp/sequoia-wot/-/issues/47

  - If the situation improves, either because the crate is maintained
    again, or we port to a different crate, we can easily undo this
    change.

  - Also, remove all the examples that use the dot output format.  Not
    only is it awkward to make these examples optional, the existing
    examples are also very repetetive, as they duplicate an existing
    example, and only change the output format.

  - Fixes #146.
2023-11-24 15:29:05 +01:00
Justus Winter
c5f01fbf65
Simplify expressions. 2023-11-24 15:29:05 +01:00
Justus Winter
239002b06e
Fix error message.
- Fixes #150.
2023-11-24 15:29:05 +01:00
Justus Winter
993a719a74
Disable notarizing of messages.
- Currently, sequoia-openpgp miscomputes notarization
    signatures (see
    https://gitlab.com/sequoia-pgp/sequoia/-/issues/1041) and fixing
    that has proven to be difficult.  Disable this functionality until
    we sorted out the underlying implementation.
2023-11-24 15:29:05 +01:00
Justus Winter
0499e25675
Disable padding support.
- Our method of padding messages is not universally supported by
    consuming implementations:

      https://tests.sequoia-pgp.org/#Packet_excess_consumption

  - Disable it for now.  Once we support generating v6 OpenPGP
    messages, we can enable it again with the new padding packet.
2023-11-24 12:31:20 +01:00
Neal H. Walfield
3983d42953
Remove inaccurate comment 2023-11-22 14:21:45 +01:00
Neal H. Walfield
227750dd0d
Use PathBuf instead of String for arguments taking a path
- `sq verify --detached <SIG>` and `sq wkd generate <WEB-ROOT>` take
    paths, but the argument type is a String. We should use a PathBuf
    instead, as paths, unlike strings, do not have to be valid UTF-8
    strings.

  - Fixes #154.

  - See #13.
2023-11-22 14:20:19 +01:00
Neal H. Walfield
dccae02148
Change sq packet split's prefix argument from a String to a PathBuf
- `sq packet split`'s `--prefix` argument is used to build a
    filename.  Make it a `PathBuf` instead of a `String`.

  - See #13.
2023-11-22 13:53:00 +01:00
Neal H. Walfield
f9362886f4
Use cli::Time instead of a String argument
- Have clap do the conversion from a string to `cli::Time` for the
    `--time` argument to `sq`.

  - Implement `cli::Time::now` to return the current time, and
    `cli::Time::openpgp` to convert the time to a time that is
    representable as an OpenPGP timestamp, if possible.

  - See #13.
2023-11-22 13:52:59 +01:00
Neal H. Walfield
f13b7d1320
Change Time to wrap an OpenPGP timestamp.
- `cli::types::Time` wraps a `chrono::DateTime`, which has more
    resolution, and a larger range than an OpenPGP timestamp.

  - Change it to hold an `openpgp::types::Timestamp` instead.

  - This will catch out of range errors at parsing time rather than
    time of use, and prevents us forgetting to do the conversion.

  - Fixes #153.
2023-11-22 13:52:59 +01:00
Neal H. Walfield
186de775ae
Improve help text
- Improve the description of the types accepted by `sq certify`'s
    `--certificate` argument.
2023-11-22 13:52:58 +01:00
Neal H. Walfield
c554202a84
Have clap convert strings to KeyHandles
- Instead of doing the conversion from a string to a `KeyHandle`,
    have clap do it.

  - Fixes #98.

  - See #13.
2023-11-22 13:52:52 +01:00
Justus Winter
65050be557
Appease cargo deny.
- Update ahash and deunicode.
2023-11-22 11:26:44 +01:00
Justus Winter
55eca2c87e
Use sequoia-policy-config to configure the StandardPolicy.
- This allows users to tweak the StandardPolicy used by Sequoia to
    evaluate cryptographic artifacts.  For example, on Fedora it will
    adhere to the system-wide cryptographic policy for Sequoia.

  - Fixes #128.
2023-11-20 18:31:11 +01:00
Justus Winter
e9aa4a624e
Fix typo. 2023-11-15 17:11:51 +01:00
Neal H. Walfield
2e04ac39a3
Rename foo/mod.rs to foo.rs.
- A module `foo` used to have to be called `foo/mod.rs` if `foo` had
    submodules.

  - Since Rust 2018, it is possible to have `foo.rs` and the
    submodules under `foo`.

  - Using `foo.rs` is nicer than `foo/mod.rs` in many editors.  Rename
    modules called `mod.rs`.

  - Note: we can't rename `src/cli/mod.rs` as it is `include!`ed from
    `build.rs`, and then it doesn't find the submodules.
2023-10-23 16:05:58 +02:00
Neal H. Walfield
0a09fa6d75
Move sq_cli to cli
- Rename the `sq_cli` module to `cli`.
2023-10-23 16:05:51 +02:00
David Runge
9088265d7a
Use error message, when password for encrypted material is incorrect
Adapt `get_keys()` to return a more specific error, if the password for
a given encrypted key material is not correct.
Adapt the subkey and userid subcommands to return the error from
`get_keys()` instead of providing a less descriptive one themselves.

Fixes https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/139

Signed-off-by: David Runge <dave@sleepmap.de>
2023-10-23 11:49:46 +02:00
David Runge
0e0df4168a
Allow adding metadata when encrypting files.
- Add the optional `--set-metadata-filename` option for `sq encrypt`,
  which when provided, adds the filename of the file as metadata to the
  literal data packet.
- Add the optional `--set-metadata-time` option for `sq encrypt`,
  which when provided, adds a time as metadata to the literal
  data packet.
  The value can either be provided as ISO 8601 formatted string or by
  using one of the keywords ("none", "filecreation", "filemodification",
  or "packetcreation").

Fixes https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/135

Signed-off-by: David Runge <dave@sleepmap.de>
2023-10-23 11:39:19 +02:00
David Runge
4411f9d806
Add Display impl for Time
Add a `Display` `impl` for `Time`, so that format strings directly make
use of the `Display` `impl` of the underlying `DateTime`.

Signed-off-by: David Runge <dave@sleepmap.de>
2023-10-23 11:38:15 +02:00