slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,037 Commits 1 Branch 2 Tags 47 MiB
5ee0ff8d01
Commit Graph

1037 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Neal H. Walfield
0e5c58ef05
Use the null policy when creating revocation certificates. 
- When creating a revocation certificate using, e.g., `sq key
    revoke`, use the null policy.

  - Even if a certificate is not valid according to the standard
    policy, it can still be useful to revoke it.

  - Fixes #250.
 2024-06-12 18:02:22 +02:00
Neal H. Walfield
fa835e234f
Port the sq key revoke tests to the common test framework. 
- Add `Sq::key_revoke`, and change the `sq key revoke` integration
    tests to use it.
 2024-06-12 16:50:56 +02:00
Neal H. Walfield
1817c305ae
Make helper function more generic. 
- Change `compare_notations` from taking a slice containing two
    elements to taking a slice taking any number of elements.
 2024-06-12 16:49:26 +02:00
Neal H. Walfield
9f09e34e36
Loosen constraints on the key used to issue a revocation. 
- Before using a key, we check it for validity including whether it
    is revoked, and whether it is live.

  - Don't enforce these constraints when using a key to issue a
    revocation: it may be important to issue a revocation even if the
    key is no longer valid.
 2024-06-12 16:49:26 +02:00
Neal H. Walfield
7228049640
When an example is too wide, indicate how wide it is. 
- We check that examples are not too wide.  When an example is too
    wide, indicate how wide the line is.
 2024-06-12 16:49:16 +02:00
Neal H. Walfield
6f452d51c6
Rename UseridRevocationReason to UserIDReasonForRevocation. 
- Rename `UseridRevocationReason` to `UserIDReasonForRevocation`,
    which is more consistent with other identifiers.
 2024-06-12 16:47:50 +02:00
Neal H. Walfield
8ae03f1945
Rename RevocationReason to KeyReasonForRevocation. 
- Rename `RevocationReason` to `KeyReasonForRevocation`.
    `RevocationReason` sounds generic, but there is also
    `UseridRevocationReason`.

  - This name aligns better with the type from `sequoia-openpgp` that
    it wraps, `ReasonForRevocation`.
 2024-06-12 16:46:55 +02:00
Neal H. Walfield
bc5c0cf9f1
Rename the --expiry argument to --expiration. 
- Rename the `--expiry` argument to `--expiration`, and adjust the
    name of the corresponding fields, and data structures.

  - Expiration and expiry have about the same meaning.  According to
    my research, "expiration" is used in American English whereas
    both are used in British English.

  - This change aligns the usage with RFC 4880's terminology, which
    uses the word "expiration" many times, but never uses "expiry".
 2024-06-11 22:51:40 +02:00
Neal H. Walfield
fa773b0e78
Improve Expiry's Debug implementation. 
- Improve `Expiry`'s Debug implementation: use a bigger unit when
    possible.
 2024-06-11 12:15:41 +02:00
Neal H. Walfield
8463e8c5e5
Improve sq key generate's --help output. 2024-06-11 12:15:35 +02:00
Neal H. Walfield
c3582bea01
Port sq key generate's examples to the example framework. 
- Port `sq key generate`'s examples to the example framework, and
    improve the examples.
 2024-06-11 10:27:47 +02:00
Neal H. Walfield
d76e1ae4db
Change sq key attest-certifications to support the key store and cert store. 
- Change `sq key attest-certifications` to use the key store and the
    cert store.

  - See #205.
 2024-06-10 23:24:33 +02:00
Neal H. Walfield
353c21554a
Don't have sq key attest-certifications' --all be the default. 
- In `sq key attest-certifications`, don't make `--all` the
    default, but require the user to specify it explicitly.

  - This makes it easier to introduce more fine-grained selectors in
    the future.

  - See #262.
 2024-06-10 23:24:33 +02:00
Neal H. Walfield
6dcfb270ad
Make sq key attest-certifications' positional parameter a named parameter. 
- In `sq key attest-certifications`, change the certificate file
     parameter from a positional parameter to a named parameter,
     `--cert-file`.
 2024-06-10 23:24:33 +02:00
Neal H. Walfield
90bad2927a
Add test for sq key attest-certifications. 2024-06-10 23:24:33 +02:00
Neal H. Walfield
f1a99b10d9
Change sq key adopt to support the cert store. 
- Change `sq key adopt` to use the cert store.

  - See #205.
 2024-06-10 23:24:33 +02:00
Neal H. Walfield
a08b536225
Add a convenience function to import a certificate. 
- Add `Sq::import_cert`, which is a convenience function that
    imports a certificate into the cert store.
 2024-06-10 23:24:32 +02:00
Neal H. Walfield
f3037392f6
Change sq key adopt to support the key store. 
- Change `sq key adopt` to use the key store.

  - See #205.
 2024-06-10 23:24:32 +02:00
Neal H. Walfield
54ae8eda30
Add functions to lookup a certificate with an alternate policy. 
- Add `Sq::lookup_with_policy` and `Sq::lookup_one_with_policy` to
    lookup a certificate using an alternate policy.
 2024-06-10 23:24:32 +02:00
Neal H. Walfield
47e076d890
If secret key material is passed via --keyring, use it. 
- If the user supplies a keyring using `--keyring`, and it contains
    the secret key material that we are looking for, use it.
 2024-06-10 23:24:32 +02:00
Neal H. Walfield
cb13f883be
Make sq key adopt's positional parameter a named parameter. 
- In `sq key adopt`, change the certifier file parameter from a
     positional parameter to a named parameter, `--cert-file`.
 2024-06-10 23:24:32 +02:00
Neal H. Walfield
d76d0fcd52
Change the sq key adopt's tests to use the common test framework. 2024-06-10 23:24:19 +02:00
Neal H. Walfield
a82d9908f9
Change sq pki certify to support the cert store and key store. 
- Change `sq pki certify` to support the cert store and key store.

  - See #205.
 2024-06-10 23:10:44 +02:00
Neal H. Walfield
028983d40f
Change the sq pki certify tests to use the common test framework. 2024-06-10 23:10:23 +02:00
Neal H. Walfield
c8c7e24fe9
Drop unnecessary requirement on certificates being certified. 
- The certificate being certified doesn't need to be certification
    capable.

  - Drop the check.
 2024-06-07 18:11:09 +02:00
Neal H. Walfield
b5a680e4f9
Show a lint when secret key material is missing, but required. 
- Extend `Sq::get_keys` lints to also check if the secret key
    material is missing.
 2024-06-05 12:40:13 +02:00
Neal H. Walfield
b55d1f3239
Make sq pki certify's positional parameter a named parameter. 
- In `sq pki certify`, change the certifier file parameter from a
     positional parameter to a named parameter, `--certifier-file`.
 2024-06-05 12:33:07 +02:00
Neal H. Walfield
bb0aa2f555
Change sq pki certify to use Sq::lookup_one. 
- Change `sq pki certify` to use `Sq::lookup_one` when looking up
    the certifier.  This ensures that the certificate is certification
    capable.
 2024-06-05 10:07:48 +02:00
Neal H. Walfield
4b3e459cea
Change sq pki certify's certifier parameter to understand -. 
- Change `sq pki certify`'s certifier parameter from a `PathBuf` to
    a `FileOrStdin` so that it interprets `-` as meaning it should
    read the certificate from stdin.
 2024-06-05 09:57:53 +02:00
Neal H. Walfield
a8eb598cd0
Add sq key delete. 
- Add `sq key delete`, to delete secret key material.
 2024-06-05 09:35:13 +02:00
Neal H. Walfield
6eef5e9ffc
Change sq key password to support the cert store and key store. 
- Change `sq key password` to support the cert store and key store.

  - See #205.
 2024-06-05 09:35:11 +02:00
Neal H. Walfield
4a97011452
Add a test for sq key password. 
- Add a test for `sq key password`.
 2024-06-05 09:32:30 +02:00
Neal H. Walfield
721d680627
Make sq key password's positional parameter a named parameter. 
- In `sq key password`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
 2024-06-05 00:50:36 +02:00
Neal H. Walfield
178679e838
Add the --password-file argument to sq sign. 
- Add the `--password-file` argument to the `sq sign` command to
    allow the user to prefill the password cache with a password from a
    file.
 2024-06-05 00:50:36 +02:00
Neal H. Walfield
3f86cdbf93
Dry out sq sign. 
- Dry out `sq sign` by using `Sq::get_signing_keys`.

  - This means that `sq sign` also uses the password cache.
 2024-06-05 00:50:36 +02:00
Neal H. Walfield
256679bce3
Use the password cache when unlocking keys managed by the key store. 
- Change `Sq::get_signer` to also consider the password cache when
    unlocking a key managed by the key store.
 2024-06-05 00:50:27 +02:00
Neal H. Walfield
a2c482e4f3
Add a password cache to Sq. 
- `sq cert line` manually manages a password cache.

  - Move the password cache to `Sq` so the functionality can be used
    elsewhere.
 2024-06-05 00:16:49 +02:00
Neal H. Walfield
1a33500c26
Change sq key expire etc. to support the cert store and key store. 
- Change `sq key expire` and `sq key subkey expire` to support the
    cert store and key store.

  - See #205.
 2024-06-05 00:13:50 +02:00
Neal H. Walfield
8006f7cc2f
Add a new convenience type, FileStdinOrKeyHandle. 
- Add a new convenience type, `FileStdinOrKeyHandle`, which is
    either a path, stdin, or a key handle.

  - Extend `sq:lookup` and `sq::lookup_one` to take a
    `FileStdinOrKeyHandle` instead of just a `KeyHandle`.
 2024-06-05 00:06:26 +02:00
Neal H. Walfield
bb3215adfe
Move subkey functionality from sq key expire into its own command. 
- Split the subkey functionality out of `sq key expire` into its own
    command, `sq key subkey expire`.
 2024-06-05 00:06:24 +02:00
Neal H. Walfield
52d88e615e
Add a test for sq key expire. 2024-06-05 00:04:31 +02:00
Neal H. Walfield
0b012bfe48
Fix sq key expire to respect the reference time. 
- Fix `sq key expire` to set the new signature's creation time to
    the reference time as set by the `--time` parameter.

  - When getting a valid certificate, use the reference time, not the
    current time.
 2024-06-05 00:04:31 +02:00
Neal H. Walfield
d3d809a6fe
Make sq key expire's positional parameter a named parameter. 
- In `sq key expire`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
 2024-06-05 00:01:38 +02:00
Neal H. Walfield
bd235e7f67
Move the key expiration functionality to common::expire. 
- Move the expiration logic from `commands:🔑:expire` to
    `commands:common::expire`.

  - Change `commands:🔑:expire` to use it.
 2024-06-04 23:24:21 +02:00
Neal H. Walfield
fb5227f8e3
Update NEWS. 2024-05-30 20:26:33 +02:00
Neal H. Walfield
779eaecabd
Fix sq key subkey add to save the new subkey to the key store. 
- When saving the new subkey, `sq key subkey add` accidentally only
    saved the public key.

  - Also save the secret key.
 2024-05-30 20:26:32 +02:00
Neal H. Walfield
7866b2f5bb
Change sq key subkey add to support the cert store and key store. 
- See #205.
 2024-05-29 16:03:06 +02:00
Neal H. Walfield
fb16a29f00
Make sq key subkey add's positional parameter a named parameter. 
- In `sq key subkey add`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
 2024-05-29 14:00:30 +02:00
Neal H. Walfield
42cca6b172
When reading from a file, default to writing to stdout. 
- Change `sq key revoke`, `sq key userid revoke`, and `sq key subkey
    revoke` to default to writing to stdout when reading from a file.
 2024-05-29 09:41:58 +02:00
Neal H. Walfield
3debf8b584
Modify the sq key revoke tests to test the cert store integration. 
- Modify the `sq key revoke` tests to also test the cert store and
    key store integration.

  - Somehow this wasn't added to
    cca564356c.
 2024-05-28 15:04:48 +02:00