Commit Graph

10 Commits

Author SHA1 Message Date
Neal H. Walfield
bc5c0cf9f1
Rename the --expiry argument to --expiration.
- Rename the `--expiry` argument to `--expiration`, and adjust the
    name of the corresponding fields, and data structures.

  - Expiration and expiry have about the same meaning.  According to
    my research, "expiration" is used in American English whereas
    both are used in British English.

  - This change aligns the usage with RFC 4880's terminology, which
    uses the word "expiration" many times, but never uses "expiry".
2024-06-11 22:51:40 +02:00
Neal H. Walfield
b55d1f3239
Make sq pki certify's positional parameter a named parameter.
- In `sq pki certify`, change the certifier file parameter from a
     positional parameter to a named parameter, `--certifier-file`.
2024-06-05 12:33:07 +02:00
Neal H. Walfield
27093c1709
Add support for using a key store.
- Support using keys managed by `sequoia-keystore`.

  - When decrypting a message, have `sq` automatically ask the
    key store to decrypt the PKESKs.

  - Extend `sq sign` and `sq encrypt` with the `--signer-key`
    parameter to use a key managed by the keystore.

  - Add two top-level options: `--no-key-store`, which disables the
    use of the key store, and `--key-store`, which uses an alternate
    key store instance.

  - Add `sq key list` to list keys on the key store.
2024-02-18 15:24:02 +01:00
Justus Winter
b7ef68ca35
Move sq import and export to sq cert. 2024-01-19 11:24:21 +01:00
Justus Winter
46af430766
Move sq certify to sq pki. 2024-01-17 14:40:55 +01:00
David Runge
3c90428112
Rename --export option of sq key generate to the generic --output
Instead of using a non-uniform `--export` for `sq key generate` to
indicate the file path to output to, rely on the generic `--output`,
provided by `sq_cli::types::FileOrStdout`.
2023-06-17 15:51:25 +02:00
David Runge
778741b2f8
Simplify use of validity in certify, key and link subcommands
- Change the behavior of the `sq certify`, `sq key generate` and `sq
  link add` subcommands to rely on a single `--expiry` input argument
  (same as `sq key subkey generate`), which replaces `--expires` and
  `--expires-in`. This allows to directly parse a specific ISO 8601
  timestamp, a custom duration or `"never"` and create a verified data
  type that can be used further.
- Use `Expiry::as_duration()` in `sq certify` and `sq key`
  subcommands to calculate the validity (duration until expiration) of
  certifications and keys.
- Add the constants `KEY_VALIDITY_IN_YEARS` and
  `THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS` to `sq_cli` to allow
  centralized modifications of the default validity duration of keys and
  certifications (in years).
- Add the constants `KEY_VALIDITY_DURATION` and
  `THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION` to provide
  the default `Duration` for keys/subkeys and third party
  certifications (based on `KEY_VALIDITY_IN_YEARS` and
  `THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS`).
2023-06-05 15:57:38 +02:00
Neal H. Walfield
8cf08e2470
Add --keyring to specify additional keyrings to search
- Add a new top-level option, `--keyring`, which allows users to
    specify additional keyrings to search.

  - When a lookup is performed, all keyrings are searched in addition
    to any certificate store, and the results are merged.

  - Keyrings are read only.
2023-03-30 16:03:40 +02:00
Neal H. Walfield
6c7b0de5c0
Support addressing recipients by email address and User ID
- Extend `sq encrypt` with the `--recipient-email` and
    `--recipient-userid` arguments to allow the caller to designate a
    certificate by email address or User ID, respectively.  An email
    address or User ID is considered to designate a certificate, if
    the binding between the email address or User ID and the
    certificate can be authenticated using the web of trust.

  - Add support for the web of trust using the `sequoia-wot` crate.

  - Add a top-level option, `--trust-root`, to allow the user to
    specify trust roots.
2023-03-28 14:50:24 +02:00
Neal H. Walfield
936ae250e1
Add support for a persistant certificate store
- Add support for a persistant certificate store using
    `sequoia-cert-store`.

  - Add `sq --no-cert-store` to disable the use of the certificate
    store.  Add `sq --cert-store PATH` to use an alternate certificate
    store.

  - Add `sq import` to import a certificate into the certificate
    store.  Add `sq export` to export certificates.

  - Modify `sq certify`, `sq encrypt`, and `sq verify` to lookup
    certificates in the certificate store, if it is configured.
2023-03-16 13:46:50 +01:00