IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Unlike other commands, `sq cert export`'s `--cert` argument only
matches on the certificate's key handle (i.e., the primary key's
key handle). It also has a `--key` argument to match on the
primary key's key handle or a subkey's key handle, which are
the semantics of the `--cert` argument for other commands.
- Change the semantics of `--cert` to that of `--key`, i.e., change
`--cert` to also match on subkey key handles. Remove the `--key`
argument since it is now redundant.
- We want the examples to be relevant and to the point, and reflect
the work flows that we want our users to have. Notably, we want
them to have their secret key material in the key store, not
laying around on their file system.
- --binary is a modifier for --output. If we don't output anything,
the modifier doesn't make sense, and should raise an error.
- Unfortunately, many places where we have an output parameter are
quite complex. For example, the absence of an output parameter
means don't output anything when we got a cert from the cert
store, and means output to stdout when we got the cert from a
file.
- This change covers the trivial cases.
- When encrypting a message with a password, don't terminate the
program if user doesn't provide a password. Instead, show an
error, and prompt the user for a password again.
- `Sq::decrypt_key`, `Sq::get_signer`, `Sq::get_keys`,
`Sq::get_primary_keys`, `Sq::get_primary_key`,
`Sq::get_signing_keys`, `Sq::get_signing_key`,
`Sq::get_certification_keys`, and `Sq::get_certification_key`
return a signer or decryptor, as well as the password used to
unlock the key, if any. No callers actually use the password, and
the returned password is not reliable, because the key may be
managed by the secret key server, and already be unlocked, or the
key may be unlocked externally, and the password is not available.
- Simply the functions and don't return the password.
- When adding a new subkey, we implicitly reuse the password that
was used to unlock the primary key.
- These semantics are confusing. If the key is managed by the
secret key store, we may not have to prompt the user for the
password, because the key is already unlocked, or because the key
is protected by an external password. In these cases, since we
don't actually unlock the primary key, the new subkey won't be
password protected even though the primary key is!
- Be more predictable, and don't automatically reuse what we think is
the primary key's password.
- `sq key export` can either export all keys associated with a
certificate or individual keys.
- Split the subkey-related functionality out of `sq key export` and
into the new subcommand `sq key subkey export`
- Fixes#294.
- The dot output does not fit into the output framework: it can only
describe graphs, and most of what sq emits are not graphs. Once
sq gains machine-readable output, the current functionality can be
implemented by emitting the graph data as machine-readable data,
then transforming it into dot.
- Fixes#290.
- Fixes#137.
- During development, we added short options, even for arguments
that may not be used often, or those we don't want people to use
often. Remove them now, and judiciously add them before releasing
1.0 for the most important options.
- See #303. Fixes#302.
- A user ID is an OpenPGP concept. Most people think in terms of
names and email addresses.
- Add and promote --name and --email arguments for sq key userid
add.
- Fixes#291.
- A user ID is an OpenPGP concept. Most people think in terms of
names and email addresses.
- Add and promote --name and --email arguments for sq key generate.
- See #291.
- Previously, if a cert was discovered, that in the subsequent
iteration was not found again, this was considered an error, even
though the whole operation should be considered a success because
a cert was indeed found.
- Notably, if a cert was fetched over http which could not otherwise
be found in the local cert store, key server, via WKD or DANE,
an error was returned and the cert was not imported.
- Fix this by considering the operation successful if we found at
least one cert.
- Fixes#300.