23 Commits

Author SHA1 Message Date
Neal H. Walfield
0cd8bae06f
Don't generate user ID-less certificates by default.
- Although Sequoia is able to use user ID-less certificates, they
    don't have good support in the ecosystem, and are probably not
    what most users want.

  - Consequently, don't make user ID-less certificates the default.
    Instead, require users to opt in by passing the `--no-userids` flag
    to `sq key generate`.

  - Fixes #223.
2024-04-05 18:08:45 +02:00
Justus Winter
5b898e3529
Move sq key extract-cert to sq toolbox.
- Fixes #204.
2024-03-25 14:47:28 +01:00
Neal H. Walfield
27093c1709
Add support for using a key store.
- Support using keys managed by `sequoia-keystore`.

  - When decrypting a message, have `sq` automatically ask the
    key store to decrypt the PKESKs.

  - Extend `sq sign` and `sq encrypt` with the `--signer-key`
    parameter to use a key managed by the keystore.

  - Add two top-level options: `--no-key-store`, which disables the
    use of the key store, and `--key-store`, which uses an alternate
    key store instance.

  - Add `sq key list` to list keys on the key store.
2024-02-18 15:24:02 +01:00
Justus Winter
cce9a0dabf
Move sq keyring to sq toolbox keyring.
- Keyring manipulation should not be necessary, but is a good wrench
    to have in ones toolbox.

  - Fixes #195.
2024-02-09 18:53:51 +01:00
Justus Winter
4a236421da
Implement sq version, drop --version, move output-version there. 2024-01-19 12:55:13 +01:00
Justus Winter
5e2c6da79c
Add sq toolbox, move the armor and packet subcommands there. 2024-01-19 11:54:48 +01:00
Justus Winter
46af430766
Move sq certify to sq pki. 2024-01-17 14:40:55 +01:00
Justus Winter
6a4f32e493
Remove sq keyring join.
- This is the less useful and more dangerous variant of sq keyring
    merge.  The former does not merge two copies of the same
    certificate into one, and is likely not what the user wants or
    expects, and the resulting keyring is more likely to cause
    problems when consumed by implementations.

  - Further, we have to explain the difference between join and merge,
    hurting ergonomics.

  - Once, sq keyring join had the advantage of not buffering
    certificates, but we now do that in order to produce the right
    labels, so even that advantage was gone.

  - Remove it.  Developers who want to produce keyrings with multiple
    copies of the same cert for testing purposes can do so with sq
    packet join.

  - Adapt the subplot tests.  Notably, as sq keyring merge does not
    preserve the order of certs as encountered in the inputs (should
    it?), but orders them by fingerprint, the order in the output is
    not predictable.  To work around, just test listing one key.
2024-01-15 19:21:37 +01:00
Justus Winter
9215196dc0
Create a new top-level network, and move relevant subcommands there. 2024-01-12 12:41:47 +01:00
Justus Winter
0e36c0f75a
Certify user IDs matched by email.
- Fixes #66.
2024-01-10 14:20:38 +01:00
Justus Winter
af170f6b45
Implement sq certify --add-userid.
- See #14.
2024-01-10 13:54:35 +01:00
Justus Winter
b25529cda7
Remove unused test inputs. 2024-01-10 13:54:35 +01:00
Justus Winter
6884e41f16
Move the armor and dearmor commands to sq packet.
- While sq packet isn't quite the right home for these commands,
    they shouldn't be featured so prominently and clutter the
    top-level subcommand hierarchy.

  - See also #169.
2024-01-09 17:14:38 +01:00
Justus Winter
befb3e270e
Fix cloning instructions. 2024-01-08 18:12:51 +01:00
Justus Winter
ec933036dd
Buffer certs and use the correct armor label in sq keyring.
- See #14.
2024-01-04 17:16:26 +01:00
Justus Winter
5a809f77d6
Improve ergonomics of sq key userid add.
- Make the input and one user id argument mandatory.

  - Fixes #104.
2024-01-04 16:02:25 +01:00
Justus Winter
b8f9670497
Improve pluralization: make it convenient and prevent word-wrapping. 2023-11-30 14:42:11 +01:00
Justus Winter
993a719a74
Disable notarizing of messages.
- Currently, sequoia-openpgp miscomputes notarization
    signatures (see
    https://gitlab.com/sequoia-pgp/sequoia/-/issues/1041) and fixing
    that has proven to be difficult.  Disable this functionality until
    we sorted out the underlying implementation.
2023-11-24 15:29:05 +01:00
David Runge
3c90428112
Rename --export option of sq key generate to the generic --output
Instead of using a non-uniform `--export` for `sq key generate` to
indicate the file path to output to, rely on the generic `--output`,
provided by `sq_cli::types::FileOrStdout`.
2023-06-17 15:51:25 +02:00
David Runge
778741b2f8
Simplify use of validity in certify, key and link subcommands
- Change the behavior of the `sq certify`, `sq key generate` and `sq
  link add` subcommands to rely on a single `--expiry` input argument
  (same as `sq key subkey generate`), which replaces `--expires` and
  `--expires-in`. This allows to directly parse a specific ISO 8601
  timestamp, a custom duration or `"never"` and create a verified data
  type that can be used further.
- Use `Expiry::as_duration()` in `sq certify` and `sq key`
  subcommands to calculate the validity (duration until expiration) of
  certifications and keys.
- Add the constants `KEY_VALIDITY_IN_YEARS` and
  `THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS` to `sq_cli` to allow
  centralized modifications of the default validity duration of keys and
  certifications (in years).
- Add the constants `KEY_VALIDITY_DURATION` and
  `THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION` to provide
  the default `Duration` for keys/subkeys and third party
  certifications (based on `KEY_VALIDITY_IN_YEARS` and
  `THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS`).
2023-06-05 15:57:38 +02:00
Neal H. Walfield
81dd7e0e00
Update to the latest version of subplot 2023-03-17 10:07:17 +01:00
Neal H. Walfield
936ae250e1
Add support for a persistant certificate store
- Add support for a persistant certificate store using
    `sequoia-cert-store`.

  - Add `sq --no-cert-store` to disable the use of the certificate
    store.  Add `sq --cert-store PATH` to use an alternate certificate
    store.

  - Add `sq import` to import a certificate into the certificate
    store.  Add `sq export` to export certificates.

  - Modify `sq certify`, `sq encrypt`, and `sq verify` to lookup
    certificates in the certificate store, if it is configured.
2023-03-16 13:46:50 +01:00
Justus Winter
b89c172c1d
Reincarnation commit.
- This implementation has been moved from the Sequoia repository to
    its own repository.  To inspect the history, either look at the
    Sequoia repository, or graft it onto this repository like this:

      $ git remote add sequoia https://gitlab.com/sequoia-pgp/sequoia
      $ git fetch sequoia 82eb0d7b240d137141fc0aaaa3dff1685bb11864
      $ git replace --graft <THIS-COMMIT> 82eb0d7b240d137141fc0aaaa3dff1685bb11864
2023-02-21 12:43:43 +01:00