1257 Commits

Author SHA1 Message Date
Neal H. Walfield
0dffab8d50
Move cli parser for sq key subkey add to its own module. 2024-11-06 15:51:08 +01:00
Neal H. Walfield
26c14e1a54
Add a new key designator type.
- Add a new designator type, `KeyDesignator`, which is like
    `CertDesignator` and `UserIDDesignator`, but resolves to keys.

  - Move the resolution machinery from the expiry functionality to
    `Sq::resolve_keys`.

  - Switch `sq key subkey expire` to use it.
2024-11-06 15:51:06 +01:00
Neal H. Walfield
ab26585972
Use more qualified names to reduce ambiguity.
- Don't import `ArgumentPrefix`, etc. from the `cert_designator`
    module, import the module and call it
    `cert_designator::ArgumentPrefix`.

  - This will reduce ambiguity when using other designator types.
2024-11-06 15:49:17 +01:00
Neal H. Walfield
26c70cad32
Don't extend the expiration of invalid components.
- If a component is not valid according to the policy, don't extend
    the expiration time.  Suggest using `sq cert lint`, and then error
    out.

  - Fixes #363.
2024-11-04 11:26:02 +01:00
Neal H. Walfield
ed7b1ef806
Change sq key subkey bind to use the expriation type.
- `sq key subkey bind` still instantiated its own expiration
    parameter.  Change it to use `ExpirationArg` instead.
2024-11-03 09:23:41 +01:00
Neal H. Walfield
70e4935e8d
Extend Time to support relative timestamps.
- Move the duration parsing code from `Expiration` to `Time`, which
    `Expiration` already uses for absolute timestamps.

  - Support negative durations, and to be more precise rename the
    `Duration` variant to `Offset`.

  - Fixes #268.
2024-11-03 09:09:21 +01:00
Neal H. Walfield
7154aa1eaf
Move the Time type to its own module. 2024-11-02 10:50:05 +01:00
Neal H. Walfield
27c52d609f
Make it clearer that we don't support ISO 8601 durations.
- ISO 8601 durations are ambiguous, and complicated.

  - Clarify that we don't support them.

  - Fixes #119.
2024-10-31 15:22:37 +01:00
Neal H. Walfield
4aeee1c266
Dry out sq key expire's expiration argument.
- Change `sq key expire`'s CLI definition to use the `ExpirationArg`
    type to reduce repetition.

  - See also 67b022f9faac9a0a971a4d0a9cc5e09a0abb0db8.
2024-10-31 15:22:20 +01:00
Jens Reimann
4f73627020
Add a global option, --policy-as-of, to select a crypto policy.
- When working with older messages, it may be necessary to use a
    different cryptographic policy.  Add an option, `--policy-as-of`, to
    select the cryptographic policy that was in effect at the specified
    time.

  - Fixes #123.

Co-authored-by: Neal H. Walfield <neal@sequoia-pgp.org>
2024-10-31 15:08:55 +01:00
Neal H. Walfield
0889d18da7
If decryption fails, delete the output file.
- Change `sq decrypt` to delete the output file if decryption fails.

  - Fixes #59.
2024-10-31 12:34:09 +01:00
Neal H. Walfield
fae8f689a2
tests: Generalize Sq::encrypt and Sq::decrypt to work with files.
- `Sq::encrypt` and `Sq::decrypt` only work with in-memory buffers.

  - Introduce `FileOrBytes`, which represents a path or bytes.  Change
    `Sq::encrypt` and `Sq::decrypt` to use them, and thus support
    messages stored in files in addition to inline messages.
2024-10-31 12:30:30 +01:00
Neal H. Walfield
e4c40da649
If signature verification fails, delete the output file.
- Change `sq verify` to delete the output file if it can't
    authenticate the signature.

  - See #59.
2024-10-31 12:30:28 +01:00
Neal H. Walfield
cedd9687d1
Add support for merging bare revocation certificates.
- Extend `sq toolbox keyring merge` to merge bare revocation
    certificates.

  - Fixes #50.
2024-10-31 10:01:45 +01:00
Neal H. Walfield
1376c8b4ee
Dry out the keyring merge function. 2024-10-31 10:01:45 +01:00
Neal H. Walfield
1c96be5f62
Release 0.39.0. 2024-10-30 17:02:34 +01:00
Neal H. Walfield
0bb0960757
Loosen reqwest dependency.
- Allow using newer versions of reqwest.  Don't actually use them,
    as other dependencies still require the older version.
2024-10-30 16:59:30 +01:00
Neal H. Walfield
e724dad138
Loosen subplot dependency.
- Allow using newer versions of subplot (but don't actually use them
    as they have a higher MSRV).
2024-10-30 16:53:57 +01:00
Neal H. Walfield
fa5750cb49
Upgrade terminal_size. 2024-10-30 16:43:48 +01:00
Neal H. Walfield
93549fd108
Upgrade sequoia-policy-config. 2024-10-30 16:36:53 +01:00
Neal H. Walfield
5ee0ff8d01
Update Cargo.lock. 2024-10-30 16:34:21 +01:00
Neal H. Walfield
aac7b719d4
Fix various typo in the NEWS file. 2024-10-30 16:34:02 +01:00
Neal H. Walfield
11140ae5c1
Add support for importing bare revocation certificates.
- Extend `sq cert import` to import bare revocation certificates.

  - See #50.
2024-10-30 15:36:12 +01:00
Neal H. Walfield
973b249f88
Rework signature verification output.
- Signature verification output is confusing.  The main problem is
    the terminology.  It talks about "good signatures", "good
    checksums", and "bad checksums," but it is unclear what good or
    bad means, and what a checksum is.  Instead, talk about
    "authenticated signatures," "unauthenticated signatures," and
    completely drop the term "checksum" and just say that the
    certificate for the alleged signer is missing.

  - Fixes #4.
2024-10-30 14:17:09 +01:00
Neal H. Walfield
daebb8f0c5
Don't let bad signatures override good signatures.
- When checking if a message can be verified, only check if there
    are enough good signatures; ignore any bad signatures.
2024-10-30 11:21:18 +01:00
Neal H. Walfield
5e5bb21ee4
When reading from stdin, emit a warning if we don't get any input.
- When reading from `stdin`, emit a warning to `stderr` if we don't
    get any input for a few seconds.

  - Fixes #406.
2024-10-29 17:47:21 +01:00
Neal H. Walfield
9e161814ba
Improve sq encrypt's examples to better reflect best practices.
- Show how to encrypt to a certificate using a fingerprint.

  - Don't show how to encrypt to a certificate stored in a file.
2024-10-29 15:16:15 +01:00
Neal H. Walfield
4b4276c75d
Improve the error message shown when sq encrypt gets no recipients.
- If the user does not pass any recipients, or passwords to `sq
    encrypt`, a simple, custom error message is shown instead of the
    one generated by clap's error message machinery.

  - Add `--with-password` and `--with-password-file` to the cert
    designator framework, and switch `sq encrypt` to select them.

  - Fixes #405.
2024-10-29 15:05:34 +01:00
Neal H. Walfield
89cb9d6743
Make sq key userid revoke's positional arguments named arguments.
- `sq key userid revoke`'s reason and message arguments are
    positional arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:57:43 +01:00
Neal H. Walfield
ef785cbd12
Make sq key subkey revoke's positional arguments named arguments.
- `sq key subkey revoke`'s reason and message arguments are
    positional arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:51:49 +01:00
Neal H. Walfield
b25bbee713
Make sq key revoke's positional arguments named arguments.
- `sq key revoke`'s reason and message arguments are positional
    arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:48:51 +01:00
Neal H. Walfield
67b022f9fa
Dry out --expiration.
- Use clap's flatten functionality to dry out the `--expiration`
    argument.
2024-10-29 09:47:09 +01:00
Neal H. Walfield
b208a8826e
Move the Expiration type to its own module. 2024-10-29 08:57:49 +01:00
Neal H. Walfield
8fc655d5ad
Make sq key expire's expiration argument a named argument.
- `sq key expire`'s expiration argument is a positional argument.
    Change it to a named argument.

  - See #318.
2024-10-29 08:57:47 +01:00
Neal H. Walfield
b0a414a9c3
Make sq key subkey expire's expiration argument a named argument.
- `sq key subkey expire`'s expiration argument is a positional
    argument.  Change it to a named argument.

  - See #318.
2024-10-28 18:58:07 +01:00
Neal H. Walfield
8c3717cddd
Improve error messages. 2024-10-28 11:47:42 +01:00
Neal H. Walfield
4ffea5a850
Improve message. 2024-10-28 11:41:30 +01:00
Neal H. Walfield
1308334de6
Fix how user IDs are displayed. 2024-10-28 11:41:03 +01:00
Neal H. Walfield
e8622a0bdd
When displaying a gossip path, show the path's trust amount.
- As of `sequoia-wot` 0.13.0, gossip paths are authenticated.

  - Show a path's authentication amount when displaying gossip paths.
2024-10-26 12:52:28 +02:00
Neal H. Walfield
20809a2d0e
Fix self signature check.
- Self signatures have a path length of one, not two.

  - But, don't filter them out otherwise the user has no idea whether
    the user ID is self signed or not.
2024-10-26 11:52:04 +02:00
Neal H. Walfield
c32be31f7e
Fix how paths for self signatures are displayed.
- When showing a path for a self signature, the path is dangling,
    consider:

    ```
    $ sq cert list E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07  --gossip --show-paths
     - E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07
       - created 2024-05-21 20:49:20 UTC
       - will expire on 2027-05-22 14:15:41 UTC

       - [   0/120 ] alice

         ◯─┬ E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07
         │ └ "alice"
    ```

  - Instead, clearly indicate that the path is a self signature, like
    so:

    ```
    $ sq cert list E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07  --gossip --show-paths
    - E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07
      - created 2024-05-21 20:49:20 UTC
      - will expire on 2027-05-22 14:15:41 UTC

      - [   0/120 ] alice

        ◯─┬ E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07
        │ └ "alice"
        │
        └── Self-signed user ID.
    ```
2024-10-26 10:44:13 +02:00
Neal H. Walfield
7401c26ff5
Rework gossip.
- Currently, when the user requests gossip, we show all the found
    paths as being untrusted, even though some can be authenticated.
    This is confusing.

  - When getting gossip paths, specify the trust roots.  As of
    `sequoia-wot` 0.13.0, this will also authenticate any returned
    paths.

  - Fixes #338.
2024-10-26 09:30:07 +02:00
Neal H. Walfield
5e5be69dab
Upgrade sequoia-wot. 2024-10-26 09:15:02 +02:00
Neal H. Walfield
4d178c8768
Remove sq pki path's --gossip argument.
- Remove `sq pki path`'s `--gossip` argument, which doesn't actually
    do anything.
2024-10-26 09:15:01 +02:00
Neal H. Walfield
c9bdd6e002
tests: Dry out certificate handling.
- Many commands output a certificate.  Add a helper function to
    parse the output (wherever it may be).
2024-10-25 16:37:25 +02:00
Justus Winter
89763a09ee
Use cert designators for the certifier in sq pki vouch authorize.
- Fixes #207.
2024-10-24 15:49:16 +02:00
Justus Winter
ca24cbfc7e
Use cert designators for the certifier in sq pki vouch certify.
- See #207.
2024-10-24 15:45:52 +02:00
Justus Winter
b7f3c1198c
Remove the pEp store integration.
- Fixes #310.
2024-10-24 15:17:33 +02:00
Justus Winter
9ec524c977
Add --output and --binary arguments to sq key subkey export.
- Fixes #387.
2024-10-24 15:04:44 +02:00
Justus Winter
9617b788ae
Add --output and --binary arguments to sq key export.
- See #387.
2024-10-24 15:04:12 +02:00