IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Previously `sq pki certify` could create certifications, and mark
a certificate as a trusted introducer (when the user set `--depth`
to be greater than zero). Anecdotal evidence indicates that
combining these two actions in a single command is confusing.
- Split the latter functionality off, and put it in a new subcommand,
`sq pki authorize`.
- See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
- `sq pki certify` uses a positional argument to specify the
certificate to certify. Change it to be a named argument, either
`--cert`, or `--cert-file`.
- See #318.
- `sq pki certify` uses a positional argument to specify the user
ID to certify. Change it to be a named argument, either
`--userid`, or `--email`.
- This changes the meaning of `--email` from a flag that changes how
`--userid` interprets its argument, to an argument.
- This also allows multiple user IDs to be specified at once.
- See #318.
- Rename `sq network fetch` to `sq network search` to emphasize that
this is key discovery, and may return related or even wrong results.
Likewise for the key server, WKD, and DANE methods.
- See #296.
- By splitting `--handle` into `--cert` and `--key`, where the
former only matches on primary keys, and the latter matches on
both primary keys and subkeys.
- Fixes#287.
- It was possible to use `--allow-not-alive-certifier` and
`--allow-revoked-certifier` to force `sq pki certify` to use
expired and revoked certificates.
- Consistent with the principle that `sq` should support a lot, but
not everything, remove them.
- Fixes#365.
- When adopting a bare key, the creation time is the Unix epoch.
If the user doesn't manually override this using
`--creation-time`, use the current time (while respecting
`--time`).
- Add `--can-sign`, `--cannot-sign`, `--can-authenticate`,
`--cannot-authenticate`, `--can-encrypt`, `--cannot-encrypt` to `sq
key adopt`, which modify the key flags of the adopted key.
- Change `sq key adopt` to not require the key that is being adopted
to have a binding signature.
- This allows adopting "bare keys," i.e., a certificate consisting
of just a primary key. Bare keys are useful when working with raw
keys, e.g., keys generated on an OpenPGP card, a TPM device, etc.
To add them to a certificate, they just need to be wrapped in a
minimal amount of OpenPGP framing; no signatures are required.
- Fixes#25.
- Unlike other commands, `sq cert export`'s `--cert` argument only
matches on the certificate's key handle (i.e., the primary key's
key handle). It also has a `--key` argument to match on the
primary key's key handle or a subkey's key handle, which are
the semantics of the `--cert` argument for other commands.
- Change the semantics of `--cert` to that of `--key`, i.e., change
`--cert` to also match on subkey key handles. Remove the `--key`
argument since it is now redundant.
- `sq key export` can either export all keys associated with a
certificate or individual keys.
- Split the subkey-related functionality out of `sq key export` and
into the new subcommand `sq key subkey export`
- Fixes#294.
- The dot output does not fit into the output framework: it can only
describe graphs, and most of what sq emits are not graphs. Once
sq gains machine-readable output, the current functionality can be
implemented by emitting the graph data as machine-readable data,
then transforming it into dot.
- Fixes#290.
- Fixes#137.
- Add a new subcommand, `sq key subkey password`, which changes the
password protecting the secret key material of a primary key or a
subkey.
- Fixes#106.
- `sq key password`, and `sq sign --symmetric` have local arguments
to seed the password cache.
- Many commands could benefit from similar functionality.
- Add a new top-level argument, `--password-file`, to seed the
password cache.
- Rename the `--expiry` argument to `--expiration`, and adjust the
name of the corresponding fields, and data structures.
- Expiration and expiry have about the same meaning. According to
my research, "expiration" is used in American English whereas
both are used in British English.
- This change aligns the usage with RFC 4880's terminology, which
uses the word "expiration" many times, but never uses "expiry".
- In `sq key attest-certifications`, don't make `--all` the
default, but require the user to specify it explicitly.
- This makes it easier to introduce more fine-grained selectors in
the future.
- See #262.
- Change `sq pki certify`'s certifier parameter from a `PathBuf` to
a `FileOrStdin` so that it interprets `-` as meaning it should
read the certificate from stdin.