Commit Graph

1427 Commits

Author SHA1 Message Date
Neal H. Walfield
aa469739d1
Show more information about certificates in sq cert list.
- Extend `sq cert list`'s human readable output to show if a
    certificate is not valid under the current policy, or is revoked.

  - Fixes #409
2024-11-07 10:48:58 +01:00
Neal H. Walfield
2ae1885971
Finish renaming attestation to approval.
- See 49b7f25cc4.

  - Fixes #417.
2024-11-07 08:41:44 +01:00
Neal H. Walfield
cf09d2f7a2
Make sq key expire's expiration argument required.
- `sq key expire`'s expiration argument was accidentally made
    optional in 4aeee1c266.  Fix it.

  - Fixes #420.
2024-11-06 16:13:23 +01:00
Neal H. Walfield
ff3fff850c
Use key designators for sq key subkey revoke.
- Port `sq key subkey revoke` to the key designator framework.

  - Extend the key designator framework to support only addressing
    subkeys.
2024-11-06 16:12:05 +01:00
Neal H. Walfield
f817cb4a4a
Fix documentation.
- `sq key subkey revoke` can only revoke subkeys; it can't revoke
    primary keys.
2024-11-06 16:10:44 +01:00
Neal H. Walfield
4d5b807f61
Use key designators for sq key subkey {delete,password}.
- Port `sq key subkey delete` and `sq key subkey password` to the
    key designator framework.
2024-11-06 16:08:33 +01:00
Neal H. Walfield
f139b50f24
Change sq key subkey export to require the certificate to export.
- `sq key subkey export` currently takes a list of keys to export.
    This is ambiguous if a key is associated with multiple certificates.

  - Add a new required parameter, `--cert`, which specifies what
    certificate to export.  The specified keys must be attached to that
    certificate under the NULL policy.

  - This change means that `sq key subkey export` can only export a
    single certificate at a time.

  - As the implementations of `sq key export` and `sq key subkey
    export` have diverged, don't try to consolidate them any more.

  - Fixes #386.
2024-11-06 16:08:02 +01:00
Neal H. Walfield
b5b27aa366
Move the bind module.
- The bind module is used by `sq key subkey bind`.  Move it under
    `commands:🔑:subkey`.
2024-11-06 16:07:09 +01:00
Neal H. Walfield
d21d38e6b4
Move the sq key subkey revoke implementation to its own module. 2024-11-06 16:06:12 +01:00
Neal H. Walfield
87cadfe889
Move the sq key subkey expire implementation to its own module. 2024-11-06 16:03:55 +01:00
Neal H. Walfield
4cfea470b8
Move the sq key subkey password implementation to its own module. 2024-11-06 16:03:00 +01:00
Neal H. Walfield
70f7a6f402
Move the sq key subkey delete implementation to its own module. 2024-11-06 16:02:01 +01:00
Neal H. Walfield
c665065821
Move the sq key subkey export implementation to its own module. 2024-11-06 16:00:27 +01:00
Neal H. Walfield
3824be8bbf
Move the sq key subkey add implementation to its own module. 2024-11-06 15:59:29 +01:00
Neal H. Walfield
cbe7eb1402
Move cli parser for sq key subkey bind to its own module. 2024-11-06 15:58:29 +01:00
Neal H. Walfield
909016e3ae
Move cli parser for sq key subkey revoke to its own module. 2024-11-06 15:57:32 +01:00
Neal H. Walfield
0dce5d9693
Move cli parser for sq key subkey expire to its own module. 2024-11-06 15:56:13 +01:00
Neal H. Walfield
ea6db79f7b
Move cli parser for sq key subkey password to its own module. 2024-11-06 15:55:17 +01:00
Neal H. Walfield
215051da86
Move cli parser for sq key subkey delete to its own module. 2024-11-06 15:53:59 +01:00
Neal H. Walfield
79defd3fdf
Move cli parser for sq key subkey export to its own module. 2024-11-06 15:52:18 +01:00
Neal H. Walfield
0dffab8d50
Move cli parser for sq key subkey add to its own module. 2024-11-06 15:51:08 +01:00
Neal H. Walfield
26c14e1a54
Add a new key designator type.
- Add a new designator type, `KeyDesignator`, which is like
    `CertDesignator` and `UserIDDesignator`, but resolves to keys.

  - Move the resolution machinery from the expiry functionality to
    `Sq::resolve_keys`.

  - Switch `sq key subkey expire` to use it.
2024-11-06 15:51:06 +01:00
Neal H. Walfield
ab26585972
Use more qualified names to reduce ambiguity.
- Don't import `ArgumentPrefix`, etc. from the `cert_designator`
    module, import the module and call it
    `cert_designator::ArgumentPrefix`.

  - This will reduce ambiguity when using other designator types.
2024-11-06 15:49:17 +01:00
Neal H. Walfield
26c70cad32
Don't extend the expiration of invalid components.
- If a component is not valid according to the policy, don't extend
    the expiration time.  Suggest using `sq cert lint`, and then error
    out.

  - Fixes #363.
2024-11-04 11:26:02 +01:00
Neal H. Walfield
ed7b1ef806
Change sq key subkey bind to use the expriation type.
- `sq key subkey bind` still instantiated its own expiration
    parameter.  Change it to use `ExpirationArg` instead.
2024-11-03 09:23:41 +01:00
Neal H. Walfield
70e4935e8d
Extend Time to support relative timestamps.
- Move the duration parsing code from `Expiration` to `Time`, which
    `Expiration` already uses for absolute timestamps.

  - Support negative durations, and to be more precise rename the
    `Duration` variant to `Offset`.

  - Fixes #268.
2024-11-03 09:09:21 +01:00
Neal H. Walfield
7154aa1eaf
Move the Time type to its own module. 2024-11-02 10:50:05 +01:00
Neal H. Walfield
27c52d609f
Make it clearer that we don't support ISO 8601 durations.
- ISO 8601 durations are ambiguous, and complicated.

  - Clarify that we don't support them.

  - Fixes #119.
2024-10-31 15:22:37 +01:00
Neal H. Walfield
4aeee1c266
Dry out sq key expire's expiration argument.
- Change `sq key expire`'s CLI definition to use the `ExpirationArg`
    type to reduce repetition.

  - See also 67b022f9fa.
2024-10-31 15:22:20 +01:00
Jens Reimann
4f73627020
Add a global option, --policy-as-of, to select a crypto policy.
- When working with older messages, it may be necessary to use a
    different cryptographic policy.  Add an option, `--policy-as-of`, to
    select the cryptographic policy that was in effect at the specified
    time.

  - Fixes #123.

Co-authored-by: Neal H. Walfield <neal@sequoia-pgp.org>
2024-10-31 15:08:55 +01:00
Neal H. Walfield
0889d18da7
If decryption fails, delete the output file.
- Change `sq decrypt` to delete the output file if decryption fails.

  - Fixes #59.
2024-10-31 12:34:09 +01:00
Neal H. Walfield
fae8f689a2
tests: Generalize Sq::encrypt and Sq::decrypt to work with files.
- `Sq::encrypt` and `Sq::decrypt` only work with in-memory buffers.

  - Introduce `FileOrBytes`, which represents a path or bytes.  Change
    `Sq::encrypt` and `Sq::decrypt` to use them, and thus support
    messages stored in files in addition to inline messages.
2024-10-31 12:30:30 +01:00
Neal H. Walfield
e4c40da649
If signature verification fails, delete the output file.
- Change `sq verify` to delete the output file if it can't
    authenticate the signature.

  - See #59.
2024-10-31 12:30:28 +01:00
Neal H. Walfield
cedd9687d1
Add support for merging bare revocation certificates.
- Extend `sq toolbox keyring merge` to merge bare revocation
    certificates.

  - Fixes #50.
2024-10-31 10:01:45 +01:00
Neal H. Walfield
1376c8b4ee
Dry out the keyring merge function. 2024-10-31 10:01:45 +01:00
Neal H. Walfield
1c96be5f62
Release 0.39.0. 2024-10-30 17:02:34 +01:00
Neal H. Walfield
0bb0960757
Loosen reqwest dependency.
- Allow using newer versions of reqwest.  Don't actually use them,
    as other dependencies still require the older version.
2024-10-30 16:59:30 +01:00
Neal H. Walfield
e724dad138
Loosen subplot dependency.
- Allow using newer versions of subplot (but don't actually use them
    as they have a higher MSRV).
2024-10-30 16:53:57 +01:00
Neal H. Walfield
fa5750cb49
Upgrade terminal_size. 2024-10-30 16:43:48 +01:00
Neal H. Walfield
93549fd108
Upgrade sequoia-policy-config. 2024-10-30 16:36:53 +01:00
Neal H. Walfield
5ee0ff8d01
Update Cargo.lock. 2024-10-30 16:34:21 +01:00
Neal H. Walfield
aac7b719d4
Fix various typo in the NEWS file. 2024-10-30 16:34:02 +01:00
Neal H. Walfield
11140ae5c1
Add support for importing bare revocation certificates.
- Extend `sq cert import` to import bare revocation certificates.

  - See #50.
2024-10-30 15:36:12 +01:00
Neal H. Walfield
973b249f88
Rework signature verification output.
- Signature verification output is confusing.  The main problem is
    the terminology.  It talks about "good signatures", "good
    checksums", and "bad checksums," but it is unclear what good or
    bad means, and what a checksum is.  Instead, talk about
    "authenticated signatures," "unauthenticated signatures," and
    completely drop the term "checksum" and just say that the
    certificate for the alleged signer is missing.

  - Fixes #4.
2024-10-30 14:17:09 +01:00
Neal H. Walfield
daebb8f0c5
Don't let bad signatures override good signatures.
- When checking if a message can be verified, only check if there
    are enough good signatures; ignore any bad signatures.
2024-10-30 11:21:18 +01:00
Neal H. Walfield
5e5bb21ee4
When reading from stdin, emit a warning if we don't get any input.
- When reading from `stdin`, emit a warning to `stderr` if we don't
    get any input for a few seconds.

  - Fixes #406.
2024-10-29 17:47:21 +01:00
Neal H. Walfield
9e161814ba
Improve sq encrypt's examples to better reflect best practices.
- Show how to encrypt to a certificate using a fingerprint.

  - Don't show how to encrypt to a certificate stored in a file.
2024-10-29 15:16:15 +01:00
Neal H. Walfield
4b4276c75d
Improve the error message shown when sq encrypt gets no recipients.
- If the user does not pass any recipients, or passwords to `sq
    encrypt`, a simple, custom error message is shown instead of the
    one generated by clap's error message machinery.

  - Add `--with-password` and `--with-password-file` to the cert
    designator framework, and switch `sq encrypt` to select them.

  - Fixes #405.
2024-10-29 15:05:34 +01:00
Neal H. Walfield
89cb9d6743
Make sq key userid revoke's positional arguments named arguments.
- `sq key userid revoke`'s reason and message arguments are
    positional arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:57:43 +01:00
Neal H. Walfield
ef785cbd12
Make sq key subkey revoke's positional arguments named arguments.
- `sq key subkey revoke`'s reason and message arguments are
    positional arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:51:49 +01:00