Commit Graph

274 Commits

Author SHA1 Message Date
Neal H. Walfield
f1a99b10d9
Change sq key adopt to support the cert store.
- Change `sq key adopt` to use the cert store.

  - See #205.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
f3037392f6
Change sq key adopt to support the key store.
- Change `sq key adopt` to use the key store.

  - See #205.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
47e076d890
If secret key material is passed via --keyring, use it.
- If the user supplies a keyring using `--keyring`, and it contains
    the secret key material that we are looking for, use it.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
cb13f883be
Make sq key adopt's positional parameter a named parameter.
- In `sq key adopt`, change the certifier file parameter from a
     positional parameter to a named parameter, `--cert-file`.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
d76d0fcd52
Change the sq key adopt's tests to use the common test framework. 2024-06-10 23:24:19 +02:00
Neal H. Walfield
a82d9908f9
Change sq pki certify to support the cert store and key store.
- Change `sq pki certify` to support the cert store and key store.

  - See #205.
2024-06-10 23:10:44 +02:00
Neal H. Walfield
028983d40f
Change the sq pki certify tests to use the common test framework. 2024-06-10 23:10:23 +02:00
Neal H. Walfield
b55d1f3239
Make sq pki certify's positional parameter a named parameter.
- In `sq pki certify`, change the certifier file parameter from a
     positional parameter to a named parameter, `--certifier-file`.
2024-06-05 12:33:07 +02:00
Neal H. Walfield
6eef5e9ffc
Change sq key password to support the cert store and key store.
- Change `sq key password` to support the cert store and key store.

  - See #205.
2024-06-05 09:35:11 +02:00
Neal H. Walfield
4a97011452
Add a test for sq key password.
- Add a test for `sq key password`.
2024-06-05 09:32:30 +02:00
Neal H. Walfield
1a33500c26
Change sq key expire etc. to support the cert store and key store.
- Change `sq key expire` and `sq key subkey expire` to support the
    cert store and key store.

  - See #205.
2024-06-05 00:13:50 +02:00
Neal H. Walfield
bb3215adfe
Move subkey functionality from sq key expire into its own command.
- Split the subkey functionality out of `sq key expire` into its own
    command, `sq key subkey expire`.
2024-06-05 00:06:24 +02:00
Neal H. Walfield
52d88e615e
Add a test for sq key expire. 2024-06-05 00:04:31 +02:00
Neal H. Walfield
7866b2f5bb
Change sq key subkey add to support the cert store and key store.
- See #205.
2024-05-29 16:03:06 +02:00
Neal H. Walfield
fb16a29f00
Make sq key subkey add's positional parameter a named parameter.
- In `sq key subkey add`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
2024-05-29 14:00:30 +02:00
Neal H. Walfield
3debf8b584
Modify the sq key revoke tests to test the cert store integration.
- Modify the `sq key revoke` tests to also test the cert store and
    key store integration.

  - Somehow this wasn't added to
    cca564356c.
2024-05-28 15:04:48 +02:00
Neal H. Walfield
ab0e2a446c
Change sq cert lint to support the cert store and key store.
- See #205.
2024-05-28 14:33:27 +02:00
Neal H. Walfield
5c1cf92f9b
Make sq cert lint's position parameter a named parameter.
- In `sq cert lint`, change the certificate file parameter from a
    position parameter to a named parameter, `--cert-file`.
2024-05-28 14:24:58 +02:00
Neal H. Walfield
5f8ef02cd4
Require specifying --userid with sq key userid revoke.
- Change the user ID argument from a position argument in `sq key
    userid revoke` to an argument specified with `--userid`.
2024-05-27 19:14:52 +02:00
Neal H. Walfield
cca564356c
Change sq key revoke etc. to support the cert store and key store.
- Change `sq key revoke`, `sq key subkey revoke`, and `sq key userid
    revoke` to support the cert store and key store.

  - Add `--cert` to specify a certificate by key ID or fingerprint.

  - If `--output` is not specified and `--cert` is, import the
    modified certificate into the cert store.  If `--output` is not
    specified and `--cert-file` is, write the modified certificate to
    stdout.
2024-05-27 19:14:47 +02:00
Neal H. Walfield
e24c9ff92e
Rename --certificate-file and --revocation-file.
- `sq key revoked`, `sq key userid revoke`, and `sq key subkey
    revoke` have two arguments for naming a certificate:
    `--certificate-file` and `--cert-file`.  The latter is an alias.
    Drop `--certificate-file` and promote `--cert-file`.  This
    harmonizes these subcommands with other subcommands, which only
    use `--cert-file`.

  - Rename `--revocation-file` to `--revoker-file`, as the file
    contains a "revoker" not a "revocation."
2024-05-27 19:12:46 +02:00
Neal H. Walfield
42126b5534
Convert sq decrypt examples to use the example framework.
- See #196.
2024-05-27 13:36:35 +02:00
Neal H. Walfield
006482b352
Implement sq key export. 2024-05-21 21:22:44 +02:00
Daiki Ueno
9483554e61
Replace "sq link" mentions with "sq pki link"
- While the commit b5a7d15710 moved the
   "sq link" command under "sq pki", there are some left-overs in the
   error messages.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-04-19 17:22:04 +02:00
Neal H. Walfield
a8f01ef1ae
Make the output of sq pki list, etc. more concise by default.
- The output of `sq pki list`, `sq pki authenticate`, `sq pki
    identify` and `sq pki lookup` are overwhelming.

  - Change the output to only show whether a binding can be
    authenticated, not the paths; group the user IDs according
    to the certificate; and, show whether the components are expired
    or revoked.

  - Use the old output format if the user passes `--show-paths`.

  - Fixes #240.
2024-04-12 18:55:34 +02:00
Neal H. Walfield
a549cabf8d
Require canonical user IDs by default.
- Change `sq key generate` and `sq key userid add` to require
    canonical user IDs by default.

  - If a user ID is not in canonical form, explain the problem, and
    suggest a solution, if possible.

  - Allow the user to disable this check by passing the
    `--allow-non-canonical-userids` flag.

  - Fixes #209.
2024-04-09 12:07:42 +02:00
Neal H. Walfield
0cd8bae06f
Don't generate user ID-less certificates by default.
- Although Sequoia is able to use user ID-less certificates, they
    don't have good support in the ecosystem, and are probably not
    what most users want.

  - Consequently, don't make user ID-less certificates the default.
    Instead, require users to opt in by passing the `--no-userids` flag
    to `sq key generate`.

  - Fixes #223.
2024-04-05 18:08:45 +02:00
Neal H. Walfield
24b383275a
Port sq inspect's examples to the example framework.
- #190.
2024-03-13 10:26:32 +01:00
Neal H. Walfield
039aa33153
When using ioctl's, be as general as possible.
- On some platforms, the arguments are u32s on others they are u64s,
    use `into` to cover more situations.

  - Fixes #211.
2024-03-13 09:34:05 +01:00
Neal H. Walfield
27093c1709
Add support for using a key store.
- Support using keys managed by `sequoia-keystore`.

  - When decrypting a message, have `sq` automatically ask the
    key store to decrypt the PKESKs.

  - Extend `sq sign` and `sq encrypt` with the `--signer-key`
    parameter to use a key managed by the keystore.

  - Add two top-level options: `--no-key-store`, which disables the
    use of the key store, and `--key-store`, which uses an alternate
    key store instance.

  - Add `sq key list` to list keys on the key store.
2024-02-18 15:24:02 +01:00
Justus Winter
2e07bbe6d1
Make sq cert export do what I mean.
- Add --all to export all certificates.

  - Add a query argument that can be a subkey fingerprint or key ID,
    an email address, or a user ID fragment.

  - Fixes #181.
2024-02-14 17:12:42 +01:00
Justus Winter
869b7acec8
Move sq keyring lint to sq cert lint.
- It lints certs, so it should go to sq cert.

  - See #192.
2024-02-09 18:52:11 +01:00
Neal H. Walfield
0d1da78356
Add a framework to format and test examples.
- The `--help` output for most subcommands includes one or more
    examples.

  - We should test these, like we test everything else.

  - Add a framework to format, and test the examples.

  - Fixes #190.

  - Also, fix some broken examples.
2024-02-09 18:08:09 +01:00
Justus Winter
825f4463de
Wrap human-readable pki output. 2024-02-08 16:23:19 +01:00
Justus Winter
2c319b6acb
Don't leak passwords into the process table.
- Remove the offending argument.  Without it, the linter will ask
    for passwords on the tty, aligning it with the rest of sq.
    Programmatic input of passwords is an open question, see #140.

  - Fixes #168.
2024-02-08 12:36:04 +01:00
Justus Winter
4916eb589a
Avoid deprecated functionality. 2024-01-29 19:48:51 +01:00
Justus Winter
2bae7c8c30
Turn Autocrypt Gossip into PKI artifacts when importing. 2024-01-29 19:48:51 +01:00
Justus Winter
5e2c6da79c
Add sq toolbox, move the armor and packet subcommands there. 2024-01-19 11:54:48 +01:00
Justus Winter
b7ef68ca35
Move sq import and export to sq cert. 2024-01-19 11:24:21 +01:00
Justus Winter
b5a7d15710
Move sq link to sq pki. 2024-01-17 14:40:55 +01:00
Justus Winter
46af430766
Move sq certify to sq pki. 2024-01-17 14:40:55 +01:00
Justus Winter
b000993817
Move all global PKI options to subcommands where they are needed. 2024-01-17 14:40:55 +01:00
Justus Winter
ed4f1efcb5
Rename sq wot to sq pki. 2024-01-16 16:22:30 +01:00
Justus Winter
49dd753bab
Harmonize specifying the trust amount.
- See #109.
2024-01-12 18:33:56 +01:00
Justus Winter
c4a2c5666f
tests: Detach console for child processes.
- Otherwise, rpassword will ask for passwords and hang the tests.
2024-01-08 14:18:42 +01:00
Justus Winter
70eb478987
Dump certs if we see a bad signature in the sq-certify tests.
- See #9.
2024-01-04 15:01:19 +01:00
Justus Winter
dc24306af1
Emit partial TPKs as revocation certificates.
- When emitting revocation certificates, emit the revocation
    signature with enough context so that it is a well-formed TPK,
    i.e. include the primary key, the component to be revoked (if
    revoking a user ID or subkey), and the revocation signature.

  - Having a partial TPK instead of a bare revocation makes handling
    it much easier, as it can be stored and transported like any
    cert.  It also gives the recipient of the certificate more
    context, and simplifies merging it into a database of certs.

  - Previously, there was a bug in sq where we would emit secret key
    material when emitting revocation certificates.  The reason for
    that was that the certificate was first converted to a packet
    stream, and then each packet serialized.  In contrast, if a
    Cert is serialized, no secrets are emitted unless the
    programmer opts in.  In a way, this is the more comprehensive fix
    for the problem, as it leverages sequoia-openpgp's mechanisms to
    protect secret key material.

  - See #160.
2023-12-11 15:48:06 +01:00
Justus Winter
8216857de2
Strip secret key material from emitted revocation certificates.
- When doing a userid, subkey, or third-party certificate
    revocation, with the cert given to --certificate-file containing
    secret key material, we previously emitted a revocation
    certificate containing secret key material.

  - This patch changes that in a straight-forward way that is easy to
    backport to prior versions.  A more comprehensive fix will follow.

  - Fixes #160.
2023-12-11 15:40:31 +01:00
Justus Winter
4ed3d371e5
Replace once_cell with types from the standard library. 2023-12-06 17:42:48 +01:00
Justus Winter
f6b936d889
Fix warning. 2023-11-30 14:42:12 +01:00
Justus Winter
b8f9670497
Improve pluralization: make it convenient and prevent word-wrapping. 2023-11-30 14:42:11 +01:00
Justus Winter
2ab3bd5efd
Word-wrap lines in human-readable messages.
- Replace every eprintln by wprintln, which prints to stderr as
    well, but word-wraps the messages.
2023-11-29 16:41:40 +01:00
Justus Winter
f4f5f20e6e
Avoid deprecated function. 2023-11-29 14:06:20 +01:00
Justus Winter
7de29e7351
Make the dot-writer dependency optional.
- The dot-writer crate is unmaintained, and prevents upgrading sq in
    Fedora.  As a short-term workaround, we make this dependency
    optional so that it can be easily patched out by packagers.  The
    same has been done for the sq-wot tool.

    - https://gitlab.com/sequoia-pgp/sequoia-wot/-/issues/51
    - https://gitlab.com/sequoia-pgp/sequoia-wot/-/issues/47

  - If the situation improves, either because the crate is maintained
    again, or we port to a different crate, we can easily undo this
    change.

  - Also, remove all the examples that use the dot output format.  Not
    only is it awkward to make these examples optional, the existing
    examples are also very repetetive, as they duplicate an existing
    example, and only change the output format.

  - Fixes #146.
2023-11-24 15:29:05 +01:00
Justus Winter
993a719a74
Disable notarizing of messages.
- Currently, sequoia-openpgp miscomputes notarization
    signatures (see
    https://gitlab.com/sequoia-pgp/sequoia/-/issues/1041) and fixing
    that has proven to be difficult.  Disable this functionality until
    we sorted out the underlying implementation.
2023-11-24 15:29:05 +01:00
Neal H. Walfield
2e04ac39a3
Rename foo/mod.rs to foo.rs.
- A module `foo` used to have to be called `foo/mod.rs` if `foo` had
    submodules.

  - Since Rust 2018, it is possible to have `foo.rs` and the
    submodules under `foo`.

  - Using `foo.rs` is nicer than `foo/mod.rs` in many editors.  Rename
    modules called `mod.rs`.

  - Note: we can't rename `src/cli/mod.rs` as it is `include!`ed from
    `build.rs`, and then it doesn't find the submodules.
2023-10-23 16:05:58 +02:00
David Runge
82a866c18d
Consolidate sq revoke commands as sq key subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
  userid` subcommands below the `sq key` namespace as `sq key revoke`,
  `sq key subkey revoke` and `sq key userid revoke` (respectively). This
  consolidates commands relevant to key management below `sq key`, which
  is in line with already existing subcommands (e.g. `sq key generate`,
  `sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
  `SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
  allow for easier per target (i.e., certificate, subkey or userid)
  command modification.
- Allow specifying an output file using `--output`/ `-o` for all
  revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
  `sq key userid revoke`). If unspecified, output goes to stdout as
  before.
- Add common test facilities to create a default certificate in a
  temporary directory.
- Add common test function to compare a set of notations with those in
  a `Signature`.
- Replace the integration tests which used to test a combined `sq
  revoke` subcommand with integration tests for `sq key subkey revoke`,
  `sq key userid revoke` and `sq key revoke` using direct and third
  party revocation.

Fixes #93
2023-07-03 16:04:51 +02:00
David Runge
3adec8e545
Rename sq keyring linter to sq keyring lint
To match the setup of the other subcommands (which follow a noun [noun]
verb approach), rename `sq keyring linter` to `sq keyring lint`.

Fixes #136
2023-07-03 14:23:17 +02:00
Jan Christian Grünhage
74fd9dd8fe
Move keyring-linter into sq keyring as a subcommand
This commit is mostly a copy over from the keyring-linter repository,
with a few changes included to make it work in the sq codebase. These
changes are:
 - replaced calls to atty with calls to is-terminal. This was done due
   to is-terminal already being in the dependency tree of sq, and atty
   being unmaintained.
 - replace ansi_term with termcolor, because ansi_term is unmaintained
 - removed a few things from the keyring linter, that were also present
   in sq itself, to avoid duplication. This included the reference time
   parameter, key decryption and IO handling
 - added output file and binary parameters to the linter, so that I
   could handle output the same as the other commands do
2023-06-22 11:19:27 +02:00
David Runge
3c90428112
Rename --export option of sq key generate to the generic --output
Instead of using a non-uniform `--export` for `sq key generate` to
indicate the file path to output to, rely on the generic `--output`,
provided by `sq_cli::types::FileOrStdout`.
2023-06-17 15:51:25 +02:00
David Runge
778741b2f8
Simplify use of validity in certify, key and link subcommands
- Change the behavior of the `sq certify`, `sq key generate` and `sq
  link add` subcommands to rely on a single `--expiry` input argument
  (same as `sq key subkey generate`), which replaces `--expires` and
  `--expires-in`. This allows to directly parse a specific ISO 8601
  timestamp, a custom duration or `"never"` and create a verified data
  type that can be used further.
- Use `Expiry::as_duration()` in `sq certify` and `sq key`
  subcommands to calculate the validity (duration until expiration) of
  certifications and keys.
- Add the constants `KEY_VALIDITY_IN_YEARS` and
  `THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS` to `sq_cli` to allow
  centralized modifications of the default validity duration of keys and
  certifications (in years).
- Add the constants `KEY_VALIDITY_DURATION` and
  `THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION` to provide
  the default `Duration` for keys/subkeys and third party
  certifications (based on `KEY_VALIDITY_IN_YEARS` and
  `THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS`).
2023-06-05 15:57:38 +02:00
David Runge
57e4958dfe
Add sq key subkey add command to add newly generated subkeys
- Add `sq key subkey add` to allow to add a newly generated `SubKey` to
  an existing key.
- Add `sq_cli::types::Expiry` to allow providing expiry with a
  single `--expiry` input argument, that covers providing an ISO 8601
  timestamp, a custom duration and "never".
- Add impl block for `sq_cli:🔑:CipherSuite` to allow returning a
  `sequoia_openpgp::cert::CipherSuite`.
2023-06-05 15:56:08 +02:00
Gabriel de Perthuis
2c57cd77d7
Move subplot tests to a feature so subplot doesn't affect most builds
Installing sq from crates.io (cargo install sequoia-sq) was broken by a
semver-compatible change in Tera.  Running cargo test uses the lockfile
and isn't affected.

This has the side benefit of reducing dependency bloat, the baseline
depends on check/build/build --release but in the case of a non-release
build the dependency count goes from 403 to 315.

Fixes #2.

The subplot/tera issue was likely triggered by this change in tera
1.18: <https://github.com/Keats/tera/pull/799>.
2023-04-19 10:54:05 +02:00
Neal H. Walfield
4ae448cef8
Add an option to sq link add to temporarily accept a binding
- Add an option to `sq link add`, `--temporary`, to temporarily
    accept a binding.

  - This creates a fully trusted certification that expires after a
    week, and a second certification that is one second older, which
    doesn't expire, but is only partially trusted (trust amount = 40)
    so that the user remembers this decision.
2023-04-05 17:35:41 +02:00
Neal H. Walfield
78972b3ae1
Add --all option to sq link add.
- If the user doesn't specify any User IDs, don't link all
    self-signed User IDs.  Print out the self-signed User IDs and prompt
    the user to specify `--all` or just the ones they want to link.
2023-04-05 11:11:26 +02:00
Neal H. Walfield
0665df5cf4
Don't create a link when it already exists
- When adding a link, check if the active link has the same
    parameters, if so don't update the link.  If the parameters
    changed, show a diff.
2023-03-30 16:08:14 +02:00
Neal H. Walfield
47447cd7d0
Add sq wot
- Add the `sq wot` subcommand, to expose web of trust functionality.

  - This is just an import of the `sq-wot` CLI as `sq wot`.  The
    support for using the `gpg` keyring and gpg's ownertrust, however,
    is removed.
2023-03-30 16:03:48 +02:00
Neal H. Walfield
8cf08e2470
Add --keyring to specify additional keyrings to search
- Add a new top-level option, `--keyring`, which allows users to
    specify additional keyrings to search.

  - When a lookup is performed, all keyrings are searched in addition
    to any certificate store, and the results are merged.

  - Keyrings are read only.
2023-03-30 16:03:40 +02:00
Neal H. Walfield
0e59f2f560
Add sq link
- Add new commands `sq link add` and `sq link retract` to certify
    bindings using the cert-d's trust root, if any.
2023-03-30 16:03:37 +02:00
Neal H. Walfield
ae057eba88
Support authenticating signatures using the web of trust
- When verifying a signature using `sq verify`, and a signer is not
    specified using `--signer-cert`, try and authenticate them using the
    web of trust using the configured certificate store.

  - If we can fully authenticate a signer, consider the signature to
    have been authenticated by that signer.
2023-03-28 14:51:18 +02:00
Neal H. Walfield
6c7b0de5c0
Support addressing recipients by email address and User ID
- Extend `sq encrypt` with the `--recipient-email` and
    `--recipient-userid` arguments to allow the caller to designate a
    certificate by email address or User ID, respectively.  An email
    address or User ID is considered to designate a certificate, if
    the binding between the email address or User ID and the
    certificate can be authenticated using the web of trust.

  - Add support for the web of trust using the `sequoia-wot` crate.

  - Add a top-level option, `--trust-root`, to allow the user to
    specify trust roots.
2023-03-28 14:50:24 +02:00
Neal H. Walfield
16fd67a10c
Add a top-level, global option --time to set the reference time
- Add a top-level, global option `--time` to set the reference time.

  - Remove subcommand's `--time` argument and use this instead.
    Remove `sq key generate`'s `--creation-time` argument `sq key user
    id`'s `--creation-time` argument and use this argument instead.
2023-03-28 12:12:11 +02:00
Neal H. Walfield
936ae250e1
Add support for a persistant certificate store
- Add support for a persistant certificate store using
    `sequoia-cert-store`.

  - Add `sq --no-cert-store` to disable the use of the certificate
    store.  Add `sq --cert-store PATH` to use an alternate certificate
    store.

  - Add `sq import` to import a certificate into the certificate
    store.  Add `sq export` to export certificates.

  - Modify `sq certify`, `sq encrypt`, and `sq verify` to lookup
    certificates in the certificate store, if it is configured.
2023-03-16 13:46:50 +01:00
Justus Winter
b89c172c1d
Reincarnation commit.
- This implementation has been moved from the Sequoia repository to
    its own repository.  To inspect the history, either look at the
    Sequoia repository, or graft it onto this repository like this:

      $ git remote add sequoia https://gitlab.com/sequoia-pgp/sequoia
      $ git fetch sequoia 82eb0d7b240d137141fc0aaaa3dff1685bb11864
      $ git replace --graft <THIS-COMMIT> 82eb0d7b240d137141fc0aaaa3dff1685bb11864
2023-02-21 12:43:43 +01:00