Commit Graph

174 Commits

Author SHA1 Message Date
Justus Winter
830c49def0
Require explicit opt-out for encrypting without signing.
- Fixes #459.
2024-12-11 17:29:36 +01:00
Justus Winter
ebef0cf9ee
Use cert designators for sq cert list.
- This aligns it with `sq key list` and `sq pki link list`.

  - Fixes #446.
2024-12-11 16:24:43 +01:00
Justus Winter
660d1eb39d
Align sq sign --detached-file with sq verify --detached-file.
- `sq sign --signature-file` now takes a value specifying where the
    signature should be written to.  It conflicts with `--output`.
    This aligns `sq sign` with `sq verify`.

  - Fixes #444.
2024-12-04 12:22:47 +01:00
Justus Winter
b88367ce36
Implement sq encrypt --for-self.
- This adds a mechanism to add a list of certificates presumably
    owned by the user to the recipients using the `--for-self` flag.
    This makes sure the encrypted message can be decrypted again.

  - Fixes #461.
2024-11-29 19:03:09 +01:00
Neal H. Walfield
c9bde7fe47
Add support for addressing shadow CAs by symbolic names.
- Add a new paramter to `sq pki link add`, `sq pki link authorize`,
    and `sq pki link retract`, `--cert-special`, which allows addressing
    shadow CAs by symbolic names.

  - If the shadow CA doesn't exist yet, we create it.

  - This means `sq pki link authorize --cert-special keys.openpgp.org
    --all --unconstrained` can be used to fully trust the
    `keys.openpgp.org` key server, for instance.  This is more
    convenient, and especially useful for documentation.

  - Fixes #337.
2024-11-28 15:38:34 +01:00
Justus Winter
9f5c5ce930
Mark sq keyring filter experimental.
- Invoking it now requires the `--experimental` flag.  This is a
    template that we may use to introduce features into sq with a bit
    of a chance to stabilize it over time.

  - Fixes #455.
2024-11-27 17:27:04 +01:00
Justus Winter
4b3f2c97ad
Add a configuration file and associated management commands.
- Add a configuration file for sq, and sq config get to
    programmatically query configuration values, and sq config template
    to create a template as a starting point for a custom configuration
    file.

  - As a first step, the following things have been made configurable:

    - The cipher suite for key generation.
    - The set of keyservers.
    - The cryptographic policy, which can be sourced from an external
      file as well as modified inline.

  - If there is no configuration file, sq config template can be used to
    create a template for the user to modify.

  - If a default has been overridden using the configuration file,
    sq's --help output is augmented with the configured value.
2024-11-27 15:26:36 +01:00
Justus Winter
f55015ab77
Remove argument sq key subkey export --cert-file.
- This doesn't work, and it is of questionable use.  Also, `sq key
    export` doesn't have `--cert-file` either.

  - Fixes #464.
2024-11-26 19:49:16 +01:00
Justus Winter
a47da3ac33
Remove argument sq cert lint --export-secret-keys.
- If a secret key is provided as file input, it will be emitted.
    This makes it consistent with what other commands do.

  - Fixes #448.
2024-11-25 15:30:58 +01:00
Justus Winter
fea18da98d
New mandatory switches sq key generate <--own-key|--shared-key>.
- When generating keys, either `--own-key` or `--shared-key` has to
    be given.  The former marks the key's user IDs as authenticated
    and makes it a trusted introducer.  The latter marks the key's
    user IDs as authenticated, and marks the key as a group key.

  - Fixes #452.
2024-11-21 16:36:39 +01:00
Justus Winter
c37bfe5e7b
Rename --notation to --signature-notation.
- This aligns with `sq encrypt --signature-notation` and makes it
    clearer that notations are being put on signatures.

  - Fixes #454.
2024-11-21 11:38:59 +01:00
Justus Winter
7753d92f13
Add sq encrypt --signature-notation.
- This adds any relevant flags to `sq encrypt` that are present in
    `sq sign`.

  - Fixes #450.
2024-11-20 17:47:18 +01:00
Justus Winter
797ab7a003
Certify newly created keys with a per-host shadow CA.
- This tracks the origin, like we do when we download certificates
    over the network.

  - This also has the benefit that newly created keys also show up in
    the cert listing.

  - Fixes #377.
2024-11-20 14:13:52 +01:00
Justus Winter
6688e0a6d7
Rename sq pki vouch certify to sq pki vouch add.
- This makes it consistent with `sq pki link add` and all the other
    commands that add components to certs.

  - Fixes #433.
2024-11-20 12:00:23 +01:00
Neal H. Walfield
f9ea97c1dd
Rename sq packet split --prefix to --output-prefix.
- To make it easier to recognize that `--prefix` is a variant of
    `--output`, rename it to `--output-prefix`.
2024-11-19 15:18:38 +01:00
Neal H. Walfield
2ba6037362
Change sq packet split to write to stdout by default.
- Change `sq packet split` to not require `output` or `prefix`, but
    to write to `stdout` by default.

  - This is closer to the behavior of other commands.
2024-11-19 15:18:11 +01:00
Justus Winter
19401ef551
Remove sq toolbox extract-cert.
- Fixes #389.
2024-11-19 13:39:46 +01:00
Justus Winter
382c587fa9
Remove the --binary flag from all commands emitting certs or keys.
- Fixes #384.
2024-11-18 16:19:54 +01:00
Justus Winter
91f4400c26
Use --cert- prefix for all cert designators.
- Resolves a conflict with the user ID designators, and makes the
    interface more consistent.

  - Fixes #385.
2024-11-18 14:57:09 +01:00
Justus Winter
e61a03f863
Remove sq toolbox strip-userid.
- Fixes #439.
2024-11-18 14:15:37 +01:00
Justus Winter
db5a2bbe3b
Turn sq key approvals --add-authenticated into a flag.
- And require full authentication of peers.

  - Fixes #440.
2024-11-18 13:56:35 +01:00
Neal H. Walfield
cef1542ee4
Rename --add-userid to --userid-or-add, etc.
- Rename `--add-userid` to `--userid-or-add`, `--add-email` to
    `--email-or-add`, and `--add-name` to `--name-or-add`.  The new
    names better reflect the semantics: we first try to select a user
    ID based on the designator, and then fall back to adding it as it.
2024-11-18 10:40:18 +01:00
Neal H. Walfield
d54334b97b
Make sq key approvals update require an action.
- `sq key approvals update` doesn't require an action, but it
    should.  Make it so.

  - See #436.
2024-11-16 18:22:05 +01:00
Neal H. Walfield
f95db6fc9e
Lint user IDs that would be added and are not self signed.
- When a user ID designator designates a user ID that is not
    self-signed, and the command would add it to the certificate, check
    that it is in canonical form.

  - The relevant commands are: `sq key userid revoke`, `sq pki link
    add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki
    vouch authorize`

  - Allow the user to disable the check with a new flag,
    `--allow-non-canonical-userids`.

  - Fixes #437.
2024-11-16 17:31:33 +01:00
Neal H. Walfield
f176fe9a4c
Rename sq toolbox dearmor to sq packet dearmor.
- See #326.
2024-11-16 10:12:36 +01:00
Neal H. Walfield
5a500f8fee
Rename sq toolbox armor to sq packet armor.
- See #326.
2024-11-16 10:09:56 +01:00
Neal H. Walfield
d46844ca35
Move sq toolbox packet to sq packet.
- Make `sq packet` a top-level subcommand.

  - See #326.
2024-11-16 10:07:07 +01:00
Neal H. Walfield
e1a4fa656c
Move sq toolbox keyring to sq keyring.
- Make `sq keyring` a top-level subcommand.

  - See #326.
2024-11-16 10:06:59 +01:00
Neal H. Walfield
4dbeebc045
Port sq cert list and two more to the user ID designator framework.
- Port `sq cert list`, `sq pki authenticate` and `sq pki lookup` to
    the user ID designator framework.  See #434.

  - This changes the user ID parameter from a positional parameter
    to a named parameter, and drops the `--email` flag.  See #318.
2024-11-15 17:47:05 +01:00
Neal H. Walfield
2e17dec9ad
Port sq pki {authenticate,identify} to the cert designator framework.
- Port `sq pki authenticate` and `sq pki identify` to the cert
    designator framework.  See #207.

  - This changes the certificate parameter from a positional parameter
    to a named parameter.  See #318.
2024-11-15 11:04:38 +01:00
Justus Winter
0a8ba2b3f7
Make sq encrypt --set-metadata-filename take a simple string.
- Previously, the file name was constructed from the path of the
    input file, using some transformations that may be considered
    surprising (notably, the file name of unspecified encoding was
    transformed into UTF-8 using a lossy mechanism).

  - Avoid this opaque transformation by taking an explicit string
    argument.

  - Fixes #351.
2024-11-14 16:55:42 +01:00
Justus Winter
b916a13426
Remove sq encrypt --set-metadata-time.
- The literal data packet's time field is problematic for a variety
    of reasons.  The previous timestamp interface allows a number of
    time sources (ctime, mtime, message time (that is way better
    encoded in the signature creation time), explicit timestamp), but
    the information about what kind of timestamp this should be is
    lost when the time is encoded, without warning.

  - Remove it.

  - See #351.
2024-11-14 16:55:41 +01:00
Neal H. Walfield
f16ef5d878
Port sq pki path to the user ID designator framework.
- Port `sq pki path` to the user ID designator framework.
    See #434.

  - This change adds two new additional arguments, `--email` and
    `--name`.
2024-11-14 16:48:49 +01:00
Neal H. Walfield
0e36a20d97
Make sq pki path's user ID argument a named argument.
- See #318.
2024-11-14 16:48:49 +01:00
Neal H. Walfield
435b127e5f
Port sq key userid revoke to the user ID designator framework.
- Port `sq key userid revoke` to the user ID designator framework.
    See #434.

  - This replaces the `--add-userid` flag with the `--add-userid`,
    `--add-email` and `--add-name` arguments.  See #318.

  - This change also makes a user ID mandatory, which fixes #428.
2024-11-14 11:30:29 +01:00
Justus Winter
4d5e481b08
Split the argument sq network wkd publish --create into two.
- This avoids an ambiguity when parsing the arguments.

  - Fixes #426.
2024-11-13 15:19:46 +01:00
Neal H. Walfield
6645fdee6c
Change --email and --add-email to only match user IDs unambiguously.
- Commands like `sq pki vouch certify` allow designating a user ID
    by email address.  Currently, if multiple self-signed user IDs
    include the specified email address, all are used.  Change the
    semantics of `--email` and --add-email` to only match
    unambiguously.

  - Fixes #309.
2024-11-13 14:29:32 +01:00
Justus Winter
78d8538707
Add sq sign --mode to create binary or text signatures.
- Fixes #390.
2024-11-13 14:08:57 +01:00
Neal H. Walfield
9eb0f0754e
Change --add-userid from a flag to two arguments.
- `sq pki link add`, `sq pki link authorize`, `sq pki vouch
    certify`, and `sq pki vouch authorize` have a `--add-userid` flag.

  - Replace the `--add-userid` flag with an `--add-userid` argument,
    and an `--add-email` argument.

  - This change means that a flag does not change how an argument is
    interpreted.  It also makes it more explicit whether a user ID
    should be added, because `--userid` and `--email` could be given
    multiple times.

  - See #309 and #318.
2024-11-13 13:51:35 +01:00
Justus Winter
14f4c8fd3a
Replace --no-cert-store and --no-key-store.
- Replace the flag `sq --no-cert-store` with `sq
     --cert-store=none`.

   - Replace the flag `sq --no-key-store` with `sq --key-store=none`.

   - Similarly, `sq --home=none` disables all state, unless explicitly
     re-enabled using `--cert-store` or `--key-store`.

   - Fixes #427.
2024-11-13 12:34:53 +01:00
Justus Winter
ee737472da
Require explicit mode, and align sq sign and sq verify.
- The flag `sq sign --detached` is now called `sq sign
     --signature-file`.

   - The flag `sq sign --clearsign` is now called `sq sign
     --cleartext`.

   - Both `sq sign` and `sq verify` now require an explicit mode,
     one of `--signature-file`, `--message`, or `--cleartext`.

   - Fixes #430.
2024-11-13 11:18:25 +01:00
Neal H. Walfield
70e65c5fcd
Add a DWIM search parameter to sq key list.
- Add a DWIM search parameter to `sq key list`.  If the pattern
    appears to be a fingerprint or key ID, treat it as if it were passed
    to `--cert` and match on the certificate's fingerprint.  Otherwise,
    treat it as if it were passed via `--grep`, and match on user IDs.

  - This aligns `sq key list` with `sq cert list`.

  - See #293.
2024-11-12 10:12:34 +01:00
Justus Winter
0b562c476e
Remove sq cert lint --list-keys.
- Fixes #316.
2024-11-11 18:30:03 +01:00
Justus Winter
16941dea66
Use only designated signers to verify signatures.
- Previously, the signers cert designators added to the set of certs
    in the store, and marked them as trusted.

  - Change this so that only the designated certs are used to verify
    the signatures, and they are marked as trusted.  This allows
    useful semantics like requiring a signature from a set of
    explicitly provided signers.

  - If no signers are designated, the cert store is consulted.

  - Fixes #248.
2024-11-11 18:27:25 +01:00
Neal H. Walfield
390b318b4e
Disable the help subcommand everywhere except at the top-level.
- We want a top-level `help` subcommand, but we don't want
    subcommand groups (like `sq pki`) to have a `help` subcommand.
    Users get used to being able to use `help` instead of `--help`,
    and then are confused when `sq pki authenticate help` (i.e., using
    the `help` subcommand on an action) doesn't work.

  - Fixes #418.
2024-11-10 16:49:37 +01:00
Neal H. Walfield
7ecc843dee
Add new command sq download.
- Add a new command, `sq download`, which downloads a file and a
    signature file, and then authenticates the file.

  - Fixes #84.
2024-11-09 13:28:17 +01:00
Neal H. Walfield
ee1c6f3fcf
Add new argument, --cli-version, to require a CLI version.
- Add a new argument, `--cli-version`, which the user can use to
    request a particular semver-compatible version of the CLI.

  - This enables breaking changes to the CLI, and enables `sq` to
    support multiple CLI versions.

  - Fixes #75.
2024-11-08 11:42:18 +01:00
Neal H. Walfield
f139b50f24
Change sq key subkey export to require the certificate to export.
- `sq key subkey export` currently takes a list of keys to export.
    This is ambiguous if a key is associated with multiple certificates.

  - Add a new required parameter, `--cert`, which specifies what
    certificate to export.  The specified keys must be attached to that
    certificate under the NULL policy.

  - This change means that `sq key subkey export` can only export a
    single certificate at a time.

  - As the implementations of `sq key export` and `sq key subkey
    export` have diverged, don't try to consolidate them any more.

  - Fixes #386.
2024-11-06 16:08:02 +01:00
Jens Reimann
4f73627020
Add a global option, --policy-as-of, to select a crypto policy.
- When working with older messages, it may be necessary to use a
    different cryptographic policy.  Add an option, `--policy-as-of`, to
    select the cryptographic policy that was in effect at the specified
    time.

  - Fixes #123.

Co-authored-by: Neal H. Walfield <neal@sequoia-pgp.org>
2024-10-31 15:08:55 +01:00
Neal H. Walfield
0889d18da7
If decryption fails, delete the output file.
- Change `sq decrypt` to delete the output file if decryption fails.

  - Fixes #59.
2024-10-31 12:34:09 +01:00