IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Move the code for `adopt`, `attest-certifications`, `extract-cert`,
`generate`, `password` and `userid` subcommands to their respective
own modules.
This separates the various features from one another and makes adding
new features less unwieldy.
- Add `deny.toml` for `cargo deny` with advisory error for `RUSTSEC-
2020-0071` disabled as it does not affect chrono (or us for that
matter).
Allow multiple versions as there is not much we can do about those
anyways and it clutters the output immensely.
Add all currently used licenses to allow list.
Deny the use of `ring` as it does not have a responsible disclosure
policy: https://github.com/briansmith/ring#bug-reporting
- Run `cargo deny` as further `test` step in GitLab CI, so that it is
among the last things that may fail in a merge request.
- Add the top-level option `--pep-cert-store` and the environment
variable `PEP_CERT_STORE`, which allow users to use pEp
certificate stores.
- By default, no pEp certificate store is used. Users can however
put `export PEP_CERT_STORE=$HOME/.pEp` in their `.bashrc` file, for
instance, to turn it on.
- When `--time` is not specified, we set `config.time` to
`SystemTime::now()`.
- `SystemTime::now()` has subsecond resolution, and a different
range from OpenPGP timestamps. Lossily round trip it via
`openpgp::types::Timestamp` to adjust the resolution, and to make
sure the current time is valid in an OpenPGP context.
- Add an option to `sq link add`, `--temporary`, to temporarily
accept a binding.
- This creates a fully trusted certification that expires after a
week, and a second certification that is one second older, which
doesn't expire, but is only partially trusted (trust amount = 40)
so that the user remembers this decision.
- When checking whether two signatures are the same, we forgot to
mark the signatures as being different when the expiration times
are different. Do it.
- If the user doesn't specify any User IDs, don't link all
self-signed User IDs. Print out the self-signed User IDs and prompt
the user to specify `--all` or just the ones they want to link.
- When importing a certificate downloaded from a known verifying
keyserver, a WKD or DANE, we certify the User IDs that the server
(probably) authenticated.
- If we download the certificate again from the same source, don't
create another certification. That's just redundant.
- When importing a certificate into the certificate store from a
verifying keyserver (via `sq keyserver get`), WKD (via `sq wkd
get`), or DANE (via `sq dane get`), certify the User IDs that the
service checks (for verifying keyservers: all; for WKD and DANE:
the User IDs with the email that was looked up).
- Have a per-service key to do the certifications (one for
keys.openpgp.org, one for keys.mailvelope.com, one for WKD, etc).
- Make the per-service certificates minimally trusted (trust amount:
1 of 120) CAs by certifying them with the local trust root.
- Add the `sq wot` subcommand, to expose web of trust functionality.
- This is just an import of the `sq-wot` CLI as `sq wot`. The
support for using the `gpg` keyring and gpg's ownertrust, however,
is removed.
- Add a new top-level option, `--keyring`, which allows users to
specify additional keyrings to search.
- When a lookup is performed, all keyrings are searched in addition
to any certificate store, and the results are merged.
- Keyrings are read only.
- When verifying a signature using `sq verify`, and a signer is not
specified using `--signer-cert`, try and authenticate them using the
web of trust using the configured certificate store.
- If we can fully authenticate a signer, consider the signature to
have been authenticated by that signer.
- Extend `sq encrypt` with the `--recipient-email` and
`--recipient-userid` arguments to allow the caller to designate a
certificate by email address or User ID, respectively. An email
address or User ID is considered to designate a certificate, if
the binding between the email address or User ID and the
certificate can be authenticated using the web of trust.
- Add support for the web of trust using the `sequoia-wot` crate.
- Add a top-level option, `--trust-root`, to allow the user to
specify trust roots.
- Add a top-level, global option `--time` to set the reference time.
- Remove subcommand's `--time` argument and use this instead.
Remove `sq key generate`'s `--creation-time` argument `sq key user
id`'s `--creation-time` argument and use this argument instead.
- Enable the `env` feature for the clap build dependency, not just
the normal dependency.
- Disable more rustdoc lints.
- Explicitly convert a `StyledStr` to a `String`.
- `ArgEnum` and `arg_enum` are now called `ValueEnum` and
`value_enum`, respectively.
- Clap 4 is stricter about how arguments are designated: in argument
groups and conflicts, they have to be designated using the field
name, not the long option name.
- `clap::AppSettings::DeriveDisplayOrder` has been removed and is
now the default.
- `parse(from_occurrences)` is deprecated in favor of `action =
Count`, which takes a `u8`, not a `usize`.
- `Command` no longer takes a lifetime.
- Add support for a persistant certificate store using
`sequoia-cert-store`.
- Add `sq --no-cert-store` to disable the use of the certificate
store. Add `sq --cert-store PATH` to use an alternate certificate
store.
- Add `sq import` to import a certificate into the certificate
store. Add `sq export` to export certificates.
- Modify `sq certify`, `sq encrypt`, and `sq verify` to lookup
certificates in the certificate store, if it is configured.
- This implementation has been moved from the Sequoia repository to
its own repository. To inspect the history, either look at the
Sequoia repository, or graft it onto this repository like this:
$ git remote add sequoia https://gitlab.com/sequoia-pgp/sequoia
$ git fetch sequoia 82eb0d7b240d137141fc0aaaa3dff1685bb11864
$ git replace --graft <THIS-COMMIT> 82eb0d7b240d137141fc0aaaa3dff1685bb11864
