Commit Graph

1037 Commits

Author SHA1 Message Date
Justus Winter
83f81b5765
Add test for sq key userid strip. 2024-08-15 13:02:37 +02:00
Justus Winter
93d108738a
Port sq key userid strip examples to the example framework. 2024-08-15 10:30:37 +02:00
Justus Winter
0c9f1d8d4f
Move the sq key userid CLI definitions to its own module. 2024-08-15 10:20:24 +02:00
Neal H. Walfield
fc7aac2726
Improve the new password prompt.
- Add text to the new password prompt indicating that using a
    password is optional.
2024-08-14 18:21:25 +02:00
Neal H. Walfield
cd8283d851
Prompt for a password by default.
- Change `sq key generate` and `sq key subkey add` to prompt for a
    password by default.

  - Fixes #226.
2024-08-14 18:19:14 +02:00
Neal H. Walfield
ba844c8c25
When returning a signer or decryptor don't return the password.
- `Sq::decrypt_key`, `Sq::get_signer`, `Sq::get_keys`,
    `Sq::get_primary_keys`, `Sq::get_primary_key`,
    `Sq::get_signing_keys`, `Sq::get_signing_key`,
    `Sq::get_certification_keys`, and `Sq::get_certification_key`
    return a signer or decryptor, as well as the password used to
    unlock the key, if any.  No callers actually use the password, and
    the returned password is not reliable, because the key may be
    managed by the secret key server, and already be unlocked, or the
    key may be unlocked externally, and the password is not available.

  - Simply the functions and don't return the password.
2024-08-14 17:09:09 +02:00
Neal H. Walfield
1b5c643fac
Don't implicitly reuse the primary key's password.
- When adding a new subkey, we implicitly reuse the password that
    was used to unlock the primary key.

  - These semantics are confusing.  If the key is managed by the
    secret key store, we may not have to prompt the user for the
    password, because the key is already unlocked, or because the key
    is protected by an external password.  In these cases, since we
    don't actually unlock the primary key, the new subkey won't be
    password protected even though the primary key is!

  - Be more predictable, and don't automatically reuse what we think is
    the primary key's password.
2024-08-14 16:36:40 +02:00
Neal H. Walfield
93344e71a6
New subcommand sq key subkey export.
- `sq key export` can either export all keys associated with a
    certificate or individual keys.

  - Split the subkey-related functionality out of `sq key export` and
    into the new subcommand `sq key subkey export`

  - Fixes #294.
2024-08-14 15:21:30 +02:00
Neal H. Walfield
b395ca0cae
Improve subcommand's documentation. 2024-08-14 15:18:37 +02:00
Justus Winter
20eb29930f
Remove the dot output.
- The dot output does not fit into the output framework: it can only
    describe graphs, and most of what sq emits are not graphs.  Once
    sq gains machine-readable output, the current functionality can be
    implemented by emitting the graph data as machine-readable data,
    then transforming it into dot.

  - Fixes #290.

  - Fixes #137.
2024-08-14 14:29:04 +02:00
Justus Winter
b2d7f48230
Add missing NEWS items. 2024-08-14 14:29:04 +02:00
Justus Winter
e3f9463a43
man: Fix iterating over table we modify. 2024-08-14 14:29:04 +02:00
Neal H. Walfield
916c110626
Port sq key import / export test to the common test framework.
- Port the `sq key import` / `sq key export` test to the common
    test framework.
2024-08-14 13:58:15 +02:00
Neal H. Walfield
8849a8c627
Always summarize sq's result when running it from the test suite.
- When running `sq`, summarize the result even if we don't
    explicitly expect it to succeed or fail.
2024-08-14 13:57:52 +02:00
Justus Winter
f7ce1fa2a1
Remove all short options (except for -v).
- During development, we added short options, even for arguments
    that may not be used often, or those we don't want people to use
    often.  Remove them now, and judiciously add them before releasing
    1.0 for the most important options.

  - See #303.  Fixes #302.
2024-08-14 11:55:06 +02:00
Justus Winter
75e8339bbe
Implement sq key userid add --name and --email.
- A user ID is an OpenPGP concept.  Most people think in terms of
    names and email addresses.

  - Add and promote --name and --email arguments for sq key userid
    add.

  - Fixes #291.
2024-08-14 11:22:07 +02:00
Justus Winter
099de6d868
Implement sq key generate --name and --email.
- A user ID is an OpenPGP concept.  Most people think in terms of
    names and email addresses.

  - Add and promote --name and --email arguments for sq key generate.

  - See #291.
2024-08-14 11:18:50 +02:00
Justus Winter
658596b0ac
Port test to the common test framework. 2024-08-14 11:18:50 +02:00
Justus Winter
15a53f750c
Fix comment. 2024-08-14 08:47:30 +02:00
Justus Winter
e354edc3ce
Fix iterative sq network fetch.
- Previously, if a cert was discovered, that in the subsequent
    iteration was not found again, this was considered an error, even
    though the whole operation should be considered a success because
    a cert was indeed found.

  - Notably, if a cert was fetched over http which could not otherwise
    be found in the local cert store, key server, via WKD or DANE,
    an error was returned and the cert was not imported.

  - Fix this by considering the operation successful if we found at
    least one cert.

  - Fixes #300.
2024-08-13 17:58:25 +02:00
Justus Winter
764e1ca6d9
Account for the http request in the progress bar. 2024-08-13 17:58:01 +02:00
Justus Winter
64da372561
Use the hint framework. 2024-08-13 15:41:38 +02:00
Justus Winter
2ac745aee3
Implement sq network keyserver publish --cert <HANDLE>.
- Adapt hints accordingly.  Fixes #298.
2024-08-13 15:29:26 +02:00
Neal H. Walfield
38221a3d7d
tests: Dry out the test framework.
- Replace uses of `sq_key_generate` with `Sq::key_generate`, and
    remove `sq_key_generate`.
2024-08-13 10:08:04 +02:00
Neal H. Walfield
a92ab98f4f
New subcommand sq key subkey password.
- Add a new subcommand, `sq key subkey password`, which changes the
    password protecting the secret key material of a primary key or a
    subkey.

  - Fixes #106.
2024-08-13 10:08:04 +02:00
Neal H. Walfield
e35b87ec5b
Refactor key::password.
- Refactor `common:🔑:password` to use the common key lookup
    functionality in `common::get_keys`.
2024-08-13 10:08:04 +02:00
Neal H. Walfield
2dbfd64772
Split the key lookup functionality out of key::delete.
- Move the key lookup functionality in `common:🔑:delete` into a
    convenience function in `common::get_keys`.
2024-08-13 10:08:04 +02:00
Justus Winter
5b033c55b9
Update openssl to address RUSTSEC-2024-0357.
- See https://rustsec.org/advisories/RUSTSEC-2024-0357
2024-08-12 16:23:23 +02:00
Justus Winter
49b7f25cc4
Rename key attest-certifications to key approvals update.
- Fixes #295.
2024-08-12 16:21:00 +02:00
Neal H. Walfield
1f0a500fe8
Refactor the sq key password test.
- Add `Sq::key_password` and `Sq::sign` based on the code in the
    `sq key password` test.

  - Implement the `sq key password` test in terms of those functions.
2024-07-18 23:14:08 +02:00
Neal H. Walfield
3de408df3f
Don't include a message when calling password::prompt_to_unlock.
- `password::prompt_to_unlock` takes a description of the item to
    unlock, not a full password prompt.

  - Fix the prompts.
2024-07-18 23:14:08 +02:00
Neal H. Walfield
79443e5e1a
Improve password prompt's grammar.
- Have the caller include `the`, if required.
2024-07-18 23:14:07 +02:00
Neal H. Walfield
87cf671eb2
Don't panic if a key doesn't contain secret key material, skip it.
- If a key specified using `--recipient-file` does not contain
    secret key material, don't panic, just skip it.

  - It is perfectly reasonable for only a subset of keys in a
    TSK to contain secret key material.
2024-07-18 23:14:07 +02:00
Neal H. Walfield
4d8a870779
Refactor the decryption code to use Sq::decrypt_key.
- Refactor `Helper::decrypt` to use `Sq::decrypt_key`.
2024-07-18 23:14:07 +02:00
Neal H. Walfield
0f675553e7
Extend Sq::decrypt_key to optionally prompt for a password.
- Extend `Sq::decrypt_key` to take an additional argument,
    `may_prompt`, which causes `Sq::decrypt_key` to fail rather than
    prompt the user for a password.
2024-07-18 23:14:06 +02:00
Neal H. Walfield
3553dd8b60
Merge Sq::get_signer's key decryption into Sq::decrypt_key.
- Merge `Sq::get_signer`'s key decryption functionality into
    `Sq::decrypt_key`, and use that function instead.
2024-07-18 23:14:06 +02:00
Neal H. Walfield
5a17258373
Move decrypt_key to Sq.
- Move the `decrypt_key` function in `common:🔑:password` to `sq`
    and make it a method on `Sq`.
2024-07-18 23:14:06 +02:00
Neal H. Walfield
f058505215
Upgrade bytes.
- `bytes` 1.6.0 was yanked.  Upgrade to 1.6.1.
2024-07-18 23:14:05 +02:00
Neal H. Walfield
b8591c480f
Fix the autocrypt test's time.
- When running the autocrypt test, don't use the current time, but
    set it to a fixed time.  This prevents failures due to an expired
    certificate.
2024-07-18 23:14:05 +02:00
Justus Winter
9c4fa52391
Make the domain parameter a required long argument.
- Having multiple positional arguments makes it hard to remember the
    order.  Just make the domain a long argument.

  - Further, format the examples nicer by preventing line breaks
    between argument name and value.
2024-07-11 15:46:23 +02:00
Justus Winter
ba5257b312
Fix breaking lines in examples. 2024-07-11 15:42:02 +02:00
Justus Winter
272bda3703
Cleanup recursive copying.
- Replace dircpy with the more mature and more widely used fs_extra.
2024-07-11 15:26:27 +02:00
Justus Winter
f3f013fc9d
Remove sq network wkd url and direct-url.
- These leak implementation details and support the idea that WKD is
    just a http request to some URL, which is not true, and will be
    less true in the future.  I don't think this is an interface that
    we can support going forward.
2024-07-11 14:52:35 +02:00
Justus Winter
55f6fa894b
Remove sq network wkd generate as publish does the same. 2024-07-11 14:52:35 +02:00
Justus Winter
87806baf6a
Implement sq network wkd publish. 2024-07-11 14:52:35 +02:00
Justus Winter
caf71d3b1e
Reorder network subcommands so that fetch comes first. 2024-07-11 12:36:47 +02:00
Neal H. Walfield
7102828196
Move the password changing business logic to the common module.
- Move the password changing business logic from
    `commands:🔑:password` to `common:🔑:password`.
2024-07-05 14:01:08 +02:00
Neal H. Walfield
e276be8cad
Reorganize modules under common.
- Move `common::expire` to `common:🔑:expire`, and
    `common::delete` to `common:🔑:delete`.
2024-07-05 10:29:39 +02:00
Neal H. Walfield
3aee2c89d4
ci: Use new docker registry on jampot. 2024-07-05 10:11:56 +02:00
Neal H. Walfield
9b991045ca
New subcommand sq key subkey delete to delete secret key material. 2024-07-05 09:50:37 +02:00