Commit Graph

274 Commits

Author SHA1 Message Date
Neal H. Walfield
f139b50f24
Change sq key subkey export to require the certificate to export.
- `sq key subkey export` currently takes a list of keys to export.
    This is ambiguous if a key is associated with multiple certificates.

  - Add a new required parameter, `--cert`, which specifies what
    certificate to export.  The specified keys must be attached to that
    certificate under the NULL policy.

  - This change means that `sq key subkey export` can only export a
    single certificate at a time.

  - As the implementations of `sq key export` and `sq key subkey
    export` have diverged, don't try to consolidate them any more.

  - Fixes #386.
2024-11-06 16:08:02 +01:00
Neal H. Walfield
26c70cad32
Don't extend the expiration of invalid components.
- If a component is not valid according to the policy, don't extend
    the expiration time.  Suggest using `sq cert lint`, and then error
    out.

  - Fixes #363.
2024-11-04 11:26:02 +01:00
Neal H. Walfield
70e4935e8d
Extend Time to support relative timestamps.
- Move the duration parsing code from `Expiration` to `Time`, which
    `Expiration` already uses for absolute timestamps.

  - Support negative durations, and to be more precise rename the
    `Duration` variant to `Offset`.

  - Fixes #268.
2024-11-03 09:09:21 +01:00
Jens Reimann
4f73627020
Add a global option, --policy-as-of, to select a crypto policy.
- When working with older messages, it may be necessary to use a
    different cryptographic policy.  Add an option, `--policy-as-of`, to
    select the cryptographic policy that was in effect at the specified
    time.

  - Fixes #123.

Co-authored-by: Neal H. Walfield <neal@sequoia-pgp.org>
2024-10-31 15:08:55 +01:00
Neal H. Walfield
0889d18da7
If decryption fails, delete the output file.
- Change `sq decrypt` to delete the output file if decryption fails.

  - Fixes #59.
2024-10-31 12:34:09 +01:00
Neal H. Walfield
fae8f689a2
tests: Generalize Sq::encrypt and Sq::decrypt to work with files.
- `Sq::encrypt` and `Sq::decrypt` only work with in-memory buffers.

  - Introduce `FileOrBytes`, which represents a path or bytes.  Change
    `Sq::encrypt` and `Sq::decrypt` to use them, and thus support
    messages stored in files in addition to inline messages.
2024-10-31 12:30:30 +01:00
Neal H. Walfield
e4c40da649
If signature verification fails, delete the output file.
- Change `sq verify` to delete the output file if it can't
    authenticate the signature.

  - See #59.
2024-10-31 12:30:28 +01:00
Neal H. Walfield
cedd9687d1
Add support for merging bare revocation certificates.
- Extend `sq toolbox keyring merge` to merge bare revocation
    certificates.

  - Fixes #50.
2024-10-31 10:01:45 +01:00
Neal H. Walfield
11140ae5c1
Add support for importing bare revocation certificates.
- Extend `sq cert import` to import bare revocation certificates.

  - See #50.
2024-10-30 15:36:12 +01:00
Neal H. Walfield
973b249f88
Rework signature verification output.
- Signature verification output is confusing.  The main problem is
    the terminology.  It talks about "good signatures", "good
    checksums", and "bad checksums," but it is unclear what good or
    bad means, and what a checksum is.  Instead, talk about
    "authenticated signatures," "unauthenticated signatures," and
    completely drop the term "checksum" and just say that the
    certificate for the alleged signer is missing.

  - Fixes #4.
2024-10-30 14:17:09 +01:00
Neal H. Walfield
89cb9d6743
Make sq key userid revoke's positional arguments named arguments.
- `sq key userid revoke`'s reason and message arguments are
    positional arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:57:43 +01:00
Neal H. Walfield
ef785cbd12
Make sq key subkey revoke's positional arguments named arguments.
- `sq key subkey revoke`'s reason and message arguments are
    positional arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:51:49 +01:00
Neal H. Walfield
b25bbee713
Make sq key revoke's positional arguments named arguments.
- `sq key revoke`'s reason and message arguments are positional
    arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:48:51 +01:00
Neal H. Walfield
8fc655d5ad
Make sq key expire's expiration argument a named argument.
- `sq key expire`'s expiration argument is a positional argument.
    Change it to a named argument.

  - See #318.
2024-10-29 08:57:47 +01:00
Neal H. Walfield
b0a414a9c3
Make sq key subkey expire's expiration argument a named argument.
- `sq key subkey expire`'s expiration argument is a positional
    argument.  Change it to a named argument.

  - See #318.
2024-10-28 18:58:07 +01:00
Neal H. Walfield
7401c26ff5
Rework gossip.
- Currently, when the user requests gossip, we show all the found
    paths as being untrusted, even though some can be authenticated.
    This is confusing.

  - When getting gossip paths, specify the trust roots.  As of
    `sequoia-wot` 0.13.0, this will also authenticate any returned
    paths.

  - Fixes #338.
2024-10-26 09:30:07 +02:00
Neal H. Walfield
c9bdd6e002
tests: Dry out certificate handling.
- Many commands output a certificate.  Add a helper function to
    parse the output (wherever it may be).
2024-10-25 16:37:25 +02:00
Justus Winter
f3555c5a14
Use cert designators for sq key approvals update.
- See #207.
2024-10-24 14:41:21 +02:00
Justus Winter
a30799e093
Use cert designators for sq key subkey bind.
- See #207.
2024-10-24 14:41:21 +02:00
Justus Winter
33053757dc
Use cert designators for sq key subkey revoke.
- See #207.
2024-10-24 14:41:21 +02:00
Justus Winter
cb1bb1f944
Use cert designators for sq key subkey expire.
- See #207.
2024-10-24 14:40:39 +02:00
Justus Winter
7a0a844512
Use cert designators for sq key subkey password.
- See #207.
2024-10-24 14:40:27 +02:00
Justus Winter
625f1e8a17
Use cert designators for sq key subkey delete.
- See #207.
2024-10-24 14:40:27 +02:00
Justus Winter
74e7f4dd33
Use cert designators for sq key subkey add.
- See #207.
2024-10-23 18:04:13 +02:00
Justus Winter
37e2b65c6f
Use cert designators for sq key revoke.
- See #207.
2024-10-23 17:02:42 +02:00
Justus Winter
5c392b7d0a
Use cert designators for sq key expire.
- See #207.
2024-10-23 16:15:24 +02:00
Justus Winter
eb784ff84c
Use cert designators for sq key password.
- See #207.
2024-10-23 16:08:42 +02:00
Justus Winter
e15852d2f7
Use cert designators for sq cert lint.
- See #207.
2024-10-23 15:28:26 +02:00
Justus Winter
fd8466564c
Make sq key delete --file require --output.
- Previously, the certificate was imported.
2024-10-22 18:13:31 +02:00
Justus Winter
14cef16528
Use cert designators for sq key delete.
- See #207.
2024-10-22 18:12:48 +02:00
Justus Winter
8c47caaee9
Change --cert to only look up by primary key fingerprint.
- See #207.
2024-10-22 15:45:59 +02:00
Justus Winter
964b5d18ef
Raise limit of stdout and stderr shown in tests. 2024-10-22 11:50:30 +02:00
Justus Winter
ffe0b7df25
Rework how fingerprint, user ID pairs are displayed.
- Displaying them on one line is infeasible: first, v6 fingerprints
    will be 64 hex digits long, filling a typical line almost by
    itself.  Second, many of the composite user IDs in use today are
    quite long by itself, and wrapping user IDs is not nice.

  - Instead, display them in two lines, with line art emphasizing the
    fact that they are a tuple.
2024-10-22 11:27:04 +02:00
Justus Winter
af7b7e3dc9
Merge sq autocrypt import into sq cert import, remove others.
- Merge `sq autocrypt import` has been merged into `sq cert import`.

  - Remove `sq autocrypt decode` and `sq autocrypt encode-sender`
    without substitute.

  - Fixes #187.
2024-10-21 16:56:55 +02:00
Justus Winter
54c70fb597
Remove the Autocrypt gossip CA framework.
- Fixes #350.
2024-10-21 14:44:43 +02:00
Justus Winter
1d1a41ac3d
Only export certificates with authenticated bindings.
- When exporting certificates selected by user IDs (i.e. --email,
    --userid, --domain, or --grep), authenticate the bindings and
    export only those certificates that can be authenticated.

  - Fixes #182.
2024-10-21 11:37:10 +02:00
Justus Winter
b98ffa6514
Remove obsolete todos. 2024-10-19 00:29:19 +02:00
Justus Winter
cef1b792dd
Merge the path printing into the concise human readable output.
- Having a single output makes it easier to keep the output
    consistent.
2024-10-19 00:27:48 +02:00
Justus Winter
d07e387eab
Rename sq verify --signer-cert to --signer.
- Fixes #372.
2024-10-18 16:32:11 +02:00
Neal H. Walfield
f934cd2e31
Move sq pki list to sq cert list.
- Move the command `sq pki list` to `sq cert list`.

  - See #358.
2024-10-18 12:17:50 +02:00
Neal H. Walfield
1f50f6fd79
Rename test files.
- Rename test files to reflect the commands they are testing.
2024-10-18 09:47:39 +02:00
Neal H. Walfield
a779fbb277
Add a test.
- `sq pki link authorize` certifies all self-signed user IDs when
    no user IDs are provided.  Add a test that checks that it silently
    ignores invalid self-signed user IDs (e.g., revoked user IDs) in
    this case.
2024-10-18 09:45:08 +02:00
Neal H. Walfield
9ad9355ed4
Don't try to certify invalid user IDs.
- `sq pki vouch authorize` certifies all self-signed user IDs when
    no user IDs are provided.  Change it to silently ignore invalid
    self-signed user IDs (e.g., revoked user IDs) in this case.
2024-10-18 09:41:07 +02:00
Neal H. Walfield
9d2d34b990
Move sq pki {certify,authorize} under sq pki vouch.
- Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`.

  - This mirrors `sq pki link`.
2024-10-18 08:49:07 +02:00
Neal H. Walfield
609c5aab16
Split authorization functionality out of sq pki link add.
- Split authorization functionality out of `sq pki link add` into a
    new command, `sq pki link authorize`.

  - Align `sq pki link authorize`'s arguments with `sq pki authorize`
    arguments.
2024-10-17 16:42:35 +02:00
Neal H. Walfield
cd7b79dbae
Generalize helper function.
- Generalize `Sq::pki_link_add` and `Sq::pki_link_add_maybe` to take
    zero or more user IDs.
2024-10-17 16:41:57 +02:00
Neal H. Walfield
386992f14f
Fix sq pki link retract when retracting all certifications.
- When retracting all certifications, don't just retract
    certifications on the self-signed user IDs, retract them on all
    user IDs.
2024-10-16 12:38:22 +02:00
Neal H. Walfield
43db8fa44c
Check all user IDs, not just self-signed user IDs.
- When checking if a user ID was already signed, don't just check
    valid self-signed user IDs.
2024-10-16 12:36:45 +02:00
Neal H. Walfield
f0bfdfd1cd
Remove sq pki link retract's positional argument for specifying a user ID.
- `sq pki link retract` has a positional argument for specifying a user
    ID directly or by email address.  Remove it in favor of the named
    arguments, `--userid` and `--email`.

  - See #318.
2024-10-15 17:32:25 +02:00
Neal H. Walfield
dd75de8178
Remove sq pki link add's positional argument for specifying a user ID.
- `sq pki link add` has a positional argument for specifying a user
    ID directly or by email address.  Remove it in favor of the named
    arguments, `--userid` and `--email`.

  - See #318.
2024-10-15 17:31:49 +02:00
Neal H. Walfield
34df026d87
Change sq pki link retract to use a named argument for the certificate.
- `sq pki link retract` uses a positional argument to specify the
    certificate to retract.  Change it to be a named argument, `--cert`.

  - See #318.
2024-10-15 17:30:57 +02:00
Neal H. Walfield
bc075f9328
Change sq pki link add to use a named argument for the certificate.
- `sq pki link add` uses a positional argument to specify the
    certificate to link.  Change it to be a named argument, `--cert`.

  - See #318.
2024-10-15 17:30:22 +02:00
Neal H. Walfield
a9d419973c
Check that we don't certify our own certificate.
- `sq pki certify` and `sq pki authorize` are for creating
    third-party certifications.

  - Error out if the certifier is the same as the certificate being
    certified.
2024-10-15 12:55:56 +02:00
Neal H. Walfield
f11b3f6b59
Extend sq pki authorize to constrain by domain.
- Constraining an introducer by regex is error prone.  Add an option
    to `sq pki authorize` to constrain an introducer by domain name.
2024-10-14 17:46:18 +02:00
Neal H. Walfield
22284ed9b1
Add new subcommand sq pki authorize.
- Previously `sq pki certify` could create certifications, and mark
    a certificate as a trusted introducer (when the user set `--depth`
    to be greater than zero).  Anecdotal evidence indicates that
    combining these two actions in a single command is confusing.

  - Split the latter functionality off, and put it in a new subcommand,
    `sq pki authorize`.

  - See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
2024-10-14 17:46:18 +02:00
Neal H. Walfield
bea0a5b732
Generalize Sq::pki_certify to certify multiple user IDs at once.
- Generalize `Sq::pki_certify` to certify multiple user IDs at once.
2024-10-14 17:46:18 +02:00
Neal H. Walfield
3d63b8de96
Change sq pki certify to use a named argument for the certificate.
- `sq pki certify` uses a positional argument to specify the
    certificate to certify.  Change it to be a named argument, either
    `--cert`, or `--cert-file`.

  - See #318.
2024-10-14 17:46:12 +02:00
Neal H. Walfield
b40f545a24
Change sq pki certify to use a named argument for the user ID.
- `sq pki certify` uses a positional argument to specify the user
    ID to certify.  Change it to be a named argument, either
    `--userid`, or `--email`.

  - This changes the meaning of `--email` from a flag that changes how
    `--userid` interprets its argument, to an argument.

  - This also allows multiple user IDs to be specified at once.

  - See #318.
2024-10-14 17:13:08 +02:00
Neal H. Walfield
4a3c360f41
Refactor sq pki certify, sq pki link add and sq pki link retract.
- Pull similar functionality out of the implementation of `sq pki
    certify`, `sq pki link add`, and `sq pki link retract`, and put it
    in a new module, `common::pki::certify`.

  - This slightly changes the human readable output.
2024-10-14 17:13:08 +02:00
Justus Winter
aaae90ce6e
Improve some integration tests to use more of the test framework. 2024-10-11 16:53:54 +02:00
Justus Winter
b885328662
Make sq toolbox keyring filter --handle robust.
- By splitting `--handle` into `--cert` and `--key`, where the
    former only matches on primary keys, and the latter matches on
    both primary keys and subkeys.

  - Fixes #287.
2024-10-09 16:58:04 +02:00
Justus Winter
d4ce7ac095
Add tests for sq toolbox keyring filter. 2024-10-09 16:57:48 +02:00
Justus Winter
fcfbfb73b6
Run tests in a separate working directory.
- This way they can create artifacts in their working directory.
2024-10-09 16:57:48 +02:00
Justus Winter
0e5b1c0611
Deduplicate function to locate test artifacts. 2024-10-09 16:57:48 +02:00
Neal H. Walfield
62d7813900
Change sq pki certify to reject expired and revoked certs.
- It was possible to use `--allow-not-alive-certifier` and
    `--allow-revoked-certifier` to force `sq pki certify` to use
    expired and revoked certificates.

  - Consistent with the principle that `sq` should support a lot, but
    not everything, remove them.

  - Fixes #365.
2024-10-09 14:57:02 +02:00
Neal H. Walfield
5e80d02b5e
Don't extend the expiration of subkeys that are hard revoke.
- If a subkey is hard revoked, refuse to extend the expiration.
2024-10-08 11:46:07 +02:00
Neal H. Walfield
7862c1609f
Add a unit test for sq key subkey expire for soft revocations.
- Check that `sq key subkey expire` extends the expiration of a
    subkey that is soft revoked.
2024-10-08 11:42:33 +02:00
Neal H. Walfield
b266d9dea1
Add a unit test for sq key subkey expire for unbound subkeys.
- Check that `sq key subkey expire` won't extend the expiration of a
    subkey that isn't bound.

  - Improve the error message when this happens.
2024-10-08 11:42:27 +02:00
Neal H. Walfield
7292c6c347
Fix setting a certificate's expiration time.
- When setting a certificate's expiration time, we update each user
    ID's self signature.  If a user ID is revoked, creating a new self
    signature will "unrevoke it."

  - Skip user IDs that are revoked.
2024-10-08 10:52:33 +02:00
Neal H. Walfield
9a2f2bc72b
Fix setting a certificate's expiration time.
- When setting a certificate's expiration time, we update the
    direct key signature, and each user ID's self signature.  This
    fails if a user ID doesn't have a valid self signature.

  - User IDs, however, don't need to be self signed!  For instance, a
    user ID may only have a third-party certification.

  - Relax `sq key expire` to only add a self signature for a user ID,
    if the user ID already has a self signature.
2024-10-08 09:30:51 +02:00
Justus Winter
43edb2c190
Add missing example data file bob.pgp.
- The README mentions it, but it is missing.
2024-10-07 15:27:28 +02:00
Neal H. Walfield
fd35509784
Don't call exit, just return an error.
- Never call `exit`.  If there is an error, propagate the error to
    the caller.  This ensures that any clean up handlers (like
    flushing state to disk) are run.
2024-10-07 13:28:24 +02:00
Justus Winter
20df76538e
Rename sq encrypt --recipient to sq encrypt --for`.
- Fixes #356.
2024-10-04 11:54:53 +02:00
Justus Winter
ba121b2339
Rename --recipient-cert to --recipient.
- Fixes #355.
2024-10-04 11:16:33 +02:00
Justus Winter
20fb370de7
Rename --signer-key to --signer.
- See #355.
2024-10-04 11:16:24 +02:00
Justus Winter
dff6664f47
Rename the global --force flag to --overwrite.
- This flag now only controls whether existing files are
    overwritten.

  - Fixes #31.
2024-10-02 18:42:31 +02:00
Justus Winter
63ae7dbb8c
Rename sq verify --detached to sq verify --signature-file.
- Fixes #255.
2024-10-02 17:37:35 +02:00
Justus Winter
535164b7af
Fix changing the expiration time on keys without direct key sig.
- Fixes #230.
2024-10-02 17:10:43 +02:00
Justus Winter
fe2a003c7d
Rename sq key subkey adopt to bind, improve documentation.
- This is to emphasize that the key is copied, not moved.

  - Fixes #332.
2024-10-02 15:51:07 +02:00
Justus Winter
cb664239bc
Move sq key adopt to sq key subkey adopt.
- Fixes #301.
2024-10-02 15:14:31 +02:00
Neal H. Walfield
99689fd405
When adopting a key, if the creation time is unset, set it.
- When adopting a bare key, the creation time is the Unix epoch.
    If the user doesn't manually override this using
    `--creation-time`, use the current time (while respecting
    `--time`).
2024-09-26 13:07:28 +02:00
Neal H. Walfield
6451e0416f
Add the --creation-time argument to sq key adopt.
- Add an argument to `sq key adopt`, `--creation_time`, to allow the
    user to override the key's creation time.
2024-09-26 13:06:34 +02:00
Neal H. Walfield
33dc4a1b41
When adopting a key, error out if the key's key flags is empty.
- When adopting a key using `sq key adopt`, error out if the key's
    key flags are empty.
2024-09-26 13:05:36 +02:00
Neal H. Walfield
331da9d600
Don't require a key being adopted to have a binding signature.
- Change `sq key adopt` to not require the key that is being adopted
    to have a binding signature.

  - This allows adopting "bare keys," i.e., a certificate consisting
    of just a primary key.  Bare keys are useful when working with raw
    keys, e.g., keys generated on an OpenPGP card, a TPM device, etc.
    To add them to a certificate, they just need to be wrapped in a
    minimal amount of OpenPGP framing; no signatures are required.

  - Fixes #25.
2024-09-26 13:05:36 +02:00
Neal H. Walfield
726dedc553
Make the test helper function Sq::key_adopt more consistent.
- Make `Sq::key_adopt` more consistent with other functions by
    providing an `Sq::key_adopt_maybe` version, which panics on failure.
2024-09-26 09:43:44 +02:00
Neal H. Walfield
ce59c45165
Simplify how tests call sq key adopt.
- Remove rarely used arguments from `Sq::key_adopt`.  They can be
    provided via the `extra_args` argument when needed.
2024-09-26 09:34:35 +02:00
Neal H. Walfield
c610ba19fa
Allow tests to pass addition arguments to sq key adopt.
- Add an argument to `Sq::key_adopt`, `extra_args`, to allow tests
    to pass additional, arbitrary arguments to `sq key adopt`.
2024-09-26 09:20:50 +02:00
Neal H. Walfield
048be9c08c
Tighten the sq encrypt tests.
- When designating a certificate multiple times, the certificate
    should only be used once.  Assert that this is the case in the `sq
    encrypt` tests by checking that the PKESKs are not redundant.

  - Note: this was fixed by 437ae24.
2024-09-25 13:16:27 +02:00
Neal H. Walfield
9a46a12a79
Fix sq cert export test vector.
- A `sq cert export` test vector specified `--email
    carol@example.org`, which doesn't match any certificates.  The error
    was hidden, because we were not strict about ensuring that all
    certificate designators actually match at least one certificate.

  - Fix the test vector.
2024-09-25 13:15:57 +02:00
Neal H. Walfield
0592a4041b
Add a test for sq encrypt for revoked subkeys.
- Add a test for `sq encrypt` that checks that an attempt to use
    a revoked subkey results in an error.
2024-09-25 13:15:57 +02:00
Neal H. Walfield
b8d02f2216
Add a test for sq encrypt for expired subkeys.
- Add a test for `sq encrypt` that checks that an attempt to use
    an expired subkeys results in an error unless
    `--use-expired-subkey` is provided.
2024-09-25 13:15:46 +02:00
Neal H. Walfield
5bc7a81045
Add a test for sq encrypt for non-encryption-capable certifications.
- Add a test for `sq encrypt` that checks that an attempt to use
    a certificate that is not encryption-capable results in an error.
2024-09-25 13:15:32 +02:00
Neal H. Walfield
3965167ac0
Add a test for sq encrypt's certificate designators.
- Add a test for `sq encrypt` that checks that the different ways of
    designating a certificate work including making sure that only
    authenticated names can be used to designate a certificate.
2024-09-25 13:09:58 +02:00
Neal H. Walfield
42f43f656e
Port sq_encrypt.rs to the common test framework. 2024-09-25 12:18:44 +02:00
Justus Winter
e2d5bc1de4
Move sq key userid strip to sq toolbox strip-userid.
- Fixes #306.
2024-09-16 16:16:32 +02:00
Neal H. Walfield
292b32fc65
Improve debugging output. 2024-09-16 15:35:54 +02:00
Neal H. Walfield
910edc96f6
Add a convenience function to preserve a test's state.
- Add `Sq::preserve` to prevent the files created by an `Sq`
    instance from being deleted when the `Sq` instance is dropped.

  - Preserving the state makes it easier to debug a test that is
    failing.
2024-09-16 15:35:47 +02:00
Justus Winter
2c4ecbb41e
Align sq key subkey expire and sq key subkey revoke.
- Make the latter take a named --key argument that can be given
    multiple times.

  - Fixes #329.
2024-09-16 15:01:24 +02:00
Justus Winter
6034e03893
Avoid using the system-wide crypto policy in tests.
- Fixes #177.
2024-09-16 12:53:33 +02:00
Justus Winter
cc707466d3
Remove output format and version command line options.
- See #310.

  - Fixes #289.
2024-09-02 14:47:42 +02:00