IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Previously, the signers cert designators added to the set of certs
in the store, and marked them as trusted.
- Change this so that only the designated certs are used to verify
the signatures, and they are marked as trusted. This allows
useful semantics like requiring a signature from a set of
explicitly provided signers.
- If no signers are designated, the cert store is consulted.
- Fixes#248.
- Add a new argument, `--cli-version`, which the user can use to
request a particular semver-compatible version of the CLI.
- This enables breaking changes to the CLI, and enables `sq` to
support multiple CLI versions.
- Fixes#75.
- `sq key subkey export` currently takes a list of keys to export.
This is ambiguous if a key is associated with multiple certificates.
- Add a new required parameter, `--cert`, which specifies what
certificate to export. The specified keys must be attached to that
certificate under the NULL policy.
- This change means that `sq key subkey export` can only export a
single certificate at a time.
- As the implementations of `sq key export` and `sq key subkey
export` have diverged, don't try to consolidate them any more.
- Fixes#386.
- If a component is not valid according to the policy, don't extend
the expiration time. Suggest using `sq cert lint`, and then error
out.
- Fixes#363.
- Move the duration parsing code from `Expiration` to `Time`, which
`Expiration` already uses for absolute timestamps.
- Support negative durations, and to be more precise rename the
`Duration` variant to `Offset`.
- Fixes#268.
- When working with older messages, it may be necessary to use a
different cryptographic policy. Add an option, `--policy-as-of`, to
select the cryptographic policy that was in effect at the specified
time.
- Fixes#123.
Co-authored-by: Neal H. Walfield <neal@sequoia-pgp.org>
- `Sq::encrypt` and `Sq::decrypt` only work with in-memory buffers.
- Introduce `FileOrBytes`, which represents a path or bytes. Change
`Sq::encrypt` and `Sq::decrypt` to use them, and thus support
messages stored in files in addition to inline messages.
- Signature verification output is confusing. The main problem is
the terminology. It talks about "good signatures", "good
checksums", and "bad checksums," but it is unclear what good or
bad means, and what a checksum is. Instead, talk about
"authenticated signatures," "unauthenticated signatures," and
completely drop the term "checksum" and just say that the
certificate for the alleged signer is missing.
- Fixes#4.
- Currently, when the user requests gossip, we show all the found
paths as being untrusted, even though some can be authenticated.
This is confusing.
- When getting gossip paths, specify the trust roots. As of
`sequoia-wot` 0.13.0, this will also authenticate any returned
paths.
- Fixes#338.
- Displaying them on one line is infeasible: first, v6 fingerprints
will be 64 hex digits long, filling a typical line almost by
itself. Second, many of the composite user IDs in use today are
quite long by itself, and wrapping user IDs is not nice.
- Instead, display them in two lines, with line art emphasizing the
fact that they are a tuple.
- Merge `sq autocrypt import` has been merged into `sq cert import`.
- Remove `sq autocrypt decode` and `sq autocrypt encode-sender`
without substitute.
- Fixes#187.
- When exporting certificates selected by user IDs (i.e. --email,
--userid, --domain, or --grep), authenticate the bindings and
export only those certificates that can be authenticated.
- Fixes#182.
- `sq pki link authorize` certifies all self-signed user IDs when
no user IDs are provided. Add a test that checks that it silently
ignores invalid self-signed user IDs (e.g., revoked user IDs) in
this case.
- `sq pki vouch authorize` certifies all self-signed user IDs when
no user IDs are provided. Change it to silently ignore invalid
self-signed user IDs (e.g., revoked user IDs) in this case.
