Commit Graph

14 Commits

Author SHA1 Message Date
Neal H. Walfield
3433e6e806
Release 0.30.1.
* Changes in 0.30.1
 * Notable changes
   - The `crypto-botan` feature now selects Botan's v3 interface.  Use
     the new `crypto-botan2` feature to continue using Botan's v2
     interface.
 * Notable fixes
   - Several parser bugs were fixed in sequoia-openpgp 1.16.0 and
     buffered-reader 1.2.0.  These are all low-severity as Rust
     correctly detects the out of bounds access and panics.  Update
     Cargo.lock to make sure we use these versions.
2023-05-31 10:33:31 +02:00
Neal H. Walfield
60ba1d11cc
Add a feature to build sq using Botan's version 2 interface.
- sequoia-openpgp 1.16 changed `sequoia-openpgp/crypto-botan` to
    build against Botan's v3 interface, and exposed
    `sequoia-openpgp/crypto-botan2` to build against the v2 interface.

  - Do the same.  Add a `crypto-botan2` feature to allow the user to
    build against Botan's v2 interface.
2023-05-31 09:36:15 +02:00
Neal H. Walfield
a99c5acdd3
Update NEWS file
- Add missing news entries for 0.30.0.
2023-05-08 12:39:04 +02:00
Neal H. Walfield
4efea87492
Add sq inspect --cert KEYHANDLE
- Extend `sq inspect` to read from the certificate store.
2023-03-31 09:17:09 +02:00
Neal H. Walfield
2ffa96dbca
Add sq link list.
- Add the subcommand `sq link list` to list active and retracted
   links.
2023-03-30 16:08:14 +02:00
Neal H. Walfield
427487b76c
Certify fetched certificates from verifying keyservers, etc.
- When importing a certificate into the certificate store from a
    verifying keyserver (via `sq keyserver get`), WKD (via `sq wkd
    get`), or DANE (via `sq dane get`), certify the User IDs that the
    service checks (for verifying keyservers: all; for WKD and DANE:
    the User IDs with the email that was looked up).

  - Have a per-service key to do the certifications (one for
    keys.openpgp.org, one for keys.mailvelope.com, one for WKD, etc).

  - Make the per-service certificates minimally trusted (trust amount:
    1 of 120) CAs by certifying them with the local trust root.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
ba35945574
Change network getters to update the certificate store by default
- Change the network getters, `sq keyserver get`, `sq wkd get`, and
    `sq dane get` to update the certificate store by default.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
47447cd7d0
Add sq wot
- Add the `sq wot` subcommand, to expose web of trust functionality.

  - This is just an import of the `sq-wot` CLI as `sq wot`.  The
    support for using the `gpg` keyring and gpg's ownertrust, however,
    is removed.
2023-03-30 16:03:48 +02:00
Neal H. Walfield
8cf08e2470
Add --keyring to specify additional keyrings to search
- Add a new top-level option, `--keyring`, which allows users to
    specify additional keyrings to search.

  - When a lookup is performed, all keyrings are searched in addition
    to any certificate store, and the results are merged.

  - Keyrings are read only.
2023-03-30 16:03:40 +02:00
Neal H. Walfield
0e59f2f560
Add sq link
- Add new commands `sq link add` and `sq link retract` to certify
    bindings using the cert-d's trust root, if any.
2023-03-30 16:03:37 +02:00
Neal H. Walfield
ae057eba88
Support authenticating signatures using the web of trust
- When verifying a signature using `sq verify`, and a signer is not
    specified using `--signer-cert`, try and authenticate them using the
    web of trust using the configured certificate store.

  - If we can fully authenticate a signer, consider the signature to
    have been authenticated by that signer.
2023-03-28 14:51:18 +02:00
Neal H. Walfield
6c7b0de5c0
Support addressing recipients by email address and User ID
- Extend `sq encrypt` with the `--recipient-email` and
    `--recipient-userid` arguments to allow the caller to designate a
    certificate by email address or User ID, respectively.  An email
    address or User ID is considered to designate a certificate, if
    the binding between the email address or User ID and the
    certificate can be authenticated using the web of trust.

  - Add support for the web of trust using the `sequoia-wot` crate.

  - Add a top-level option, `--trust-root`, to allow the user to
    specify trust roots.
2023-03-28 14:50:24 +02:00
Neal H. Walfield
16fd67a10c
Add a top-level, global option --time to set the reference time
- Add a top-level, global option `--time` to set the reference time.

  - Remove subcommand's `--time` argument and use this instead.
    Remove `sq key generate`'s `--creation-time` argument `sq key user
    id`'s `--creation-time` argument and use this argument instead.
2023-03-28 12:12:11 +02:00
Neal H. Walfield
936ae250e1
Add support for a persistant certificate store
- Add support for a persistant certificate store using
    `sequoia-cert-store`.

  - Add `sq --no-cert-store` to disable the use of the certificate
    store.  Add `sq --cert-store PATH` to use an alternate certificate
    store.

  - Add `sq import` to import a certificate into the certificate
    store.  Add `sq export` to export certificates.

  - Modify `sq certify`, `sq encrypt`, and `sq verify` to lookup
    certificates in the certificate store, if it is configured.
2023-03-16 13:46:50 +01:00