1295 Commits

Author SHA1 Message Date
Neal H. Walfield
4ae448cef8
Add an option to sq link add to temporarily accept a binding
- Add an option to `sq link add`, `--temporary`, to temporarily
    accept a binding.

  - This creates a fully trusted certification that expires after a
    week, and a second certification that is one second older, which
    doesn't expire, but is only partially trusted (trust amount = 40)
    so that the user remembers this decision.
2023-04-05 17:35:41 +02:00
Neal H. Walfield
96a65b4b97
Fix signature comparison
- When checking whether two signatures are the same, we forgot to
    mark the signatures as being different when the expiration times
    are different.  Do it.
2023-04-05 17:34:58 +02:00
Neal H. Walfield
825c0aab52
Fix computation of a SignatureBuilder's expiration time
- Unfortunately, `SignatureBuilder::signature_expiration_time` is
    broken.

    See https://gitlab.com/sequoia-pgp/sequoia/-/issues/998

  - Workaround this issue by computing the expiration time manually.
2023-04-05 17:34:53 +02:00
Neal H. Walfield
78972b3ae1
Add --all option to sq link add.
- If the user doesn't specify any User IDs, don't link all
    self-signed User IDs.  Print out the self-signed User IDs and prompt
    the user to specify `--all` or just the ones they want to link.
2023-04-05 11:11:26 +02:00
Neal H. Walfield
a8dd7061e6
Don't set any trust roots if --gossip is specified
- When the `--gossip` option is passed to `sq wot`, don't set any
    trust roots.
2023-04-03 14:15:35 +02:00
Neal H. Walfield
cbcaa73e09
Add crypto-botan feature 2023-03-31 09:17:37 +02:00
Neal H. Walfield
893e4cd2e3
Update project metadata
- `repository` still pointed to the old repository.
2023-03-31 09:17:37 +02:00
Neal H. Walfield
0dc63db72d
Update Cargo.lock 2023-03-31 09:17:36 +02:00
Neal H. Walfield
580c977ef7
Fix formatting 2023-03-31 09:17:36 +02:00
Neal H. Walfield
2359acb230
When iterating over all certificates, prefetch the data
- Have `sq list` prefetch the data, when the search is
    unconstrained.
2023-03-31 09:17:15 +02:00
Neal H. Walfield
4efea87492
Add sq inspect --cert KEYHANDLE
- Extend `sq inspect` to read from the certificate store.
2023-03-31 09:17:09 +02:00
Neal H. Walfield
cd1a26de1c
Change sq import to print what is imported
- Change `sq import` to print what is imported.
2023-03-30 22:52:29 +02:00
Neal H. Walfield
2ffa96dbca
Add sq link list.
- Add the subcommand `sq link list` to list active and retracted
   links.
2023-03-30 16:08:14 +02:00
Neal H. Walfield
0665df5cf4
Don't create a link when it already exists
- When adding a link, check if the active link has the same
    parameters, if so don't update the link.  If the parameters
    changed, show a diff.
2023-03-30 16:08:14 +02:00
Neal H. Walfield
ee96205df9
Don't create a provenence record when it already exists
- When importing a certificate downloaded from a known verifying
    keyserver, a WKD or DANE, we certify the User IDs that the server
    (probably) authenticated.

  - If we download the certificate again from the same source, don't
    create another certification.  That's just redundant.
2023-03-30 16:08:14 +02:00
Neal H. Walfield
427487b76c
Certify fetched certificates from verifying keyservers, etc.
- When importing a certificate into the certificate store from a
    verifying keyserver (via `sq keyserver get`), WKD (via `sq wkd
    get`), or DANE (via `sq dane get`), certify the User IDs that the
    service checks (for verifying keyservers: all; for WKD and DANE:
    the User IDs with the email that was looked up).

  - Have a per-service key to do the certifications (one for
    keys.openpgp.org, one for keys.mailvelope.com, one for WKD, etc).

  - Make the per-service certificates minimally trusted (trust amount:
    1 of 120) CAs by certifying them with the local trust root.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
eb09c5d4e3
When importing keyserver, etc. results, show what is imported
- When importing results from a keyserver, a WKD, or a DANE lookup,
    show the user what is imported.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
ba35945574
Change network getters to update the certificate store by default
- Change the network getters, `sq keyserver get`, `sq wkd get`, and
    `sq dane get` to update the certificate store by default.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
62493558c5
Change 'sq wkd generate' to respect --time
- Change `sq wkd generate` to respect `--time` when checking
    certificate validity.
2023-03-30 16:08:09 +02:00
Neal H. Walfield
47447cd7d0
Add sq wot
- Add the `sq wot` subcommand, to expose web of trust functionality.

  - This is just an import of the `sq-wot` CLI as `sq wot`.  The
    support for using the `gpg` keyring and gpg's ownertrust, however,
    is removed.
2023-03-30 16:03:48 +02:00
Neal H. Walfield
8cf08e2470
Add --keyring to specify additional keyrings to search
- Add a new top-level option, `--keyring`, which allows users to
    specify additional keyrings to search.

  - When a lookup is performed, all keyrings are searched in addition
    to any certificate store, and the results are merged.

  - Keyrings are read only.
2023-03-30 16:03:40 +02:00
Neal H. Walfield
0e59f2f560
Add sq link
- Add new commands `sq link add` and `sq link retract` to certify
    bindings using the cert-d's trust root, if any.
2023-03-30 16:03:37 +02:00
Neal H. Walfield
ae057eba88
Support authenticating signatures using the web of trust
- When verifying a signature using `sq verify`, and a signer is not
    specified using `--signer-cert`, try and authenticate them using the
    web of trust using the configured certificate store.

  - If we can fully authenticate a signer, consider the signature to
    have been authenticated by that signer.
2023-03-28 14:51:18 +02:00
Neal H. Walfield
6c7b0de5c0
Support addressing recipients by email address and User ID
- Extend `sq encrypt` with the `--recipient-email` and
    `--recipient-userid` arguments to allow the caller to designate a
    certificate by email address or User ID, respectively.  An email
    address or User ID is considered to designate a certificate, if
    the binding between the email address or User ID and the
    certificate can be authenticated using the web of trust.

  - Add support for the web of trust using the `sequoia-wot` crate.

  - Add a top-level option, `--trust-root`, to allow the user to
    specify trust roots.
2023-03-28 14:50:24 +02:00
Neal H. Walfield
62e6b4cb8b
Change sq verify to respect the reference time.
- Change `sq verify` to respect the user-supplied reference time.
2023-03-28 12:26:15 +02:00
Neal H. Walfield
92f49b3ac1
Make sq encrypt better respect the reference time
- Change `sq encrypt` to select recipients that are valid at the
  reference time rather than the current time.
2023-03-28 12:12:12 +02:00
Neal H. Walfield
7b4ed970af
Set the policy's reference time to the configured reference time
- If the user specifies `--time`, then use it, not the current time,
    as the reference time for the policy object.
2023-03-28 12:12:12 +02:00
Neal H. Walfield
16fd67a10c
Add a top-level, global option --time to set the reference time
- Add a top-level, global option `--time` to set the reference time.

  - Remove subcommand's `--time` argument and use this instead.
    Remove `sq key generate`'s `--creation-time` argument `sq key user
    id`'s `--creation-time` argument and use this argument instead.
2023-03-28 12:12:11 +02:00
Neal H. Walfield
5daff2f939
Support setting --cert-store via an environment variable
- Set `--cert-store` using the environment variable `SQ_CERT_STORE`.
2023-03-28 12:12:11 +02:00
Neal H. Walfield
81dd7e0e00
Update to the latest version of subplot 2023-03-17 10:07:17 +01:00
Neal H. Walfield
1f2f28a809
Enable debug symbols for release builds 2023-03-17 09:55:29 +01:00
Neal H. Walfield
df5ae7e18c
Update to clap 4
- Enable the `env` feature for the clap build dependency, not just
    the normal dependency.

  - Disable more rustdoc lints.

  - Explicitly convert a `StyledStr` to a `String`.

  - `ArgEnum` and `arg_enum` are now called `ValueEnum` and
    `value_enum`, respectively.

  - Clap 4 is stricter about how arguments are designated: in argument
    groups and conflicts, they have to be designated using the field
    name, not the long option name.

  - `clap::AppSettings::DeriveDisplayOrder` has been removed and is
    now the default.

  - `parse(from_occurrences)` is deprecated in favor of `action =
    Count`, which takes a `u8`, not a `usize`.

  - `Command` no longer takes a lifetime.
2023-03-17 09:55:19 +01:00
Neal H. Walfield
0742ef8647
Correctly specify the option's name
- When specifying a log-option's name, don't include a leading
    `--`.
2023-03-17 09:22:47 +01:00
Neal H. Walfield
b9c53e19a5
Don't specify multiple_occurences, it's redundant
- Setting `multiple_occurences` for an argument whose type is
    `Vec<_>` is redundant; clap infers it from the type.
2023-03-17 09:10:02 +01:00
Neal H. Walfield
f91c21da12
Simplify the types used for the CLI arguments
- An `Option<Vec<_>>` is redundant, and slightly more complex to
    handle, than just using a `Vec<_>` and checking if it is empty.
2023-03-17 08:58:33 +01:00
Neal H. Walfield
9eb1e0fa7d
Implement Clone for Time
- Clap 4 wants to clone values.
2023-03-16 15:46:32 +01:00
Neal H. Walfield
936ae250e1
Add support for a persistant certificate store
- Add support for a persistant certificate store using
    `sequoia-cert-store`.

  - Add `sq --no-cert-store` to disable the use of the certificate
    store.  Add `sq --cert-store PATH` to use an alternate certificate
    store.

  - Add `sq import` to import a certificate into the certificate
    store.  Add `sq export` to export certificates.

  - Modify `sq certify`, `sq encrypt`, and `sq verify` to lookup
    certificates in the certificate store, if it is configured.
2023-03-16 13:46:50 +01:00
Neal H. Walfield
b354a0afce
Bump MSRV to 1.63
- sequoia-cert-store, a future dependency, requires version 1.63 of
    rustc.

  - Debian testing has version 1.63 of rustc.
2023-03-14 19:22:48 +01:00
Justus Winter
47e6dc920e
ci: Fix all-commits job. 2023-03-13 15:49:57 +01:00
Justus Winter
810f7cde64
Build and push Docker image to Gitlab's registry. 2023-03-13 12:54:00 +01:00
Justus Winter
c1c1198897
Improve generated documentation. 2023-03-06 18:05:21 +01:00
Justus Winter
de868c20bc
ci: Add test jobs. 2023-02-23 12:38:21 +01:00
Justus Winter
2c8ae1ef1b
Add git configuration. 2023-02-23 11:22:01 +01:00
Justus Winter
2ef356aa1c
Make it build as a standalone crate.
- Also remove the Makefile.  Having a Makefile raised wrong
    expectations.
2023-02-23 11:22:01 +01:00
Justus Winter
b89c172c1d
Reincarnation commit.
- This implementation has been moved from the Sequoia repository to
    its own repository.  To inspect the history, either look at the
    Sequoia repository, or graft it onto this repository like this:

      $ git remote add sequoia https://gitlab.com/sequoia-pgp/sequoia
      $ git fetch sequoia 82eb0d7b240d137141fc0aaaa3dff1685bb11864
      $ git replace --graft <THIS-COMMIT> 82eb0d7b240d137141fc0aaaa3dff1685bb11864
2023-02-21 12:43:43 +01:00