1107 Commits

Author SHA1 Message Date
Neal H. Walfield
6645fdee6c
Change --email and --add-email to only match user IDs unambiguously.
- Commands like `sq pki vouch certify` allow designating a user ID
    by email address.  Currently, if multiple self-signed user IDs
    include the specified email address, all are used.  Change the
    semantics of `--email` and --add-email` to only match
    unambiguously.

  - Fixes #309.
2024-11-13 14:29:32 +01:00
Justus Winter
78d8538707
Add sq sign --mode to create binary or text signatures.
- Fixes #390.
2024-11-13 14:08:57 +01:00
Neal H. Walfield
9eb0f0754e
Change --add-userid from a flag to two arguments.
- `sq pki link add`, `sq pki link authorize`, `sq pki vouch
    certify`, and `sq pki vouch authorize` have a `--add-userid` flag.

  - Replace the `--add-userid` flag with an `--add-userid` argument,
    and an `--add-email` argument.

  - This change means that a flag does not change how an argument is
    interpreted.  It also makes it more explicit whether a user ID
    should be added, because `--userid` and `--email` could be given
    multiple times.

  - See #309 and #318.
2024-11-13 13:51:35 +01:00
Neal H. Walfield
eabbd68240
Generalize active_certifications.
- `active_certifications` returns what user IDs match.  Sometimes it
    is useful to preserve additional details.

  - This can be fixed by changing `active_certifications` to take
    something that implements `AsRef<UserID>` instead of taking
    `UserID`s directly.  Unfortunately, we can't use the standard
    `AsRef` trait, because `UserID` doesn't implement `AsRef`, and due
    to the orphan rule, we change implement it ourselves.  As thus,
    introduce a local copy of `AsRef` and use that instead.
2024-11-13 13:19:42 +01:00
Neal H. Walfield
267a3d3481
tests: When calling sq pki authenticate include --show-paths.
- When `sq pki authenticate` fails, it is helpful to see as much
    details as possible.  As such, include `--show-paths` when calling
    `sq pki authenticate`.  `--show-paths` shows more information, but
    doesn't change the command's behavior.
2024-11-13 13:19:41 +01:00
Neal H. Walfield
fbd7f260e7
tests: Abstract user ID argument passing.
- Add a new type, `UserIDArg`, which represents a user ID argument.

  - Change functions that take user IDs like `Sq::key_generate` to use
    it.
2024-11-13 13:19:40 +01:00
Justus Winter
82a5f13a96
Drop debugging remnant. 2024-11-13 12:38:05 +01:00
Justus Winter
14f4c8fd3a
Replace --no-cert-store and --no-key-store.
- Replace the flag `sq --no-cert-store` with `sq
     --cert-store=none`.

   - Replace the flag `sq --no-key-store` with `sq --key-store=none`.

   - Similarly, `sq --home=none` disables all state, unless explicitly
     re-enabled using `--cert-store` or `--key-store`.

   - Fixes #427.
2024-11-13 12:34:53 +01:00
Justus Winter
5414ceec07
Make home directory optional. 2024-11-13 12:04:49 +01:00
Justus Winter
b8dba63d39
Introduce accessors. 2024-11-13 11:52:59 +01:00
Justus Winter
ee737472da
Require explicit mode, and align sq sign and sq verify.
- The flag `sq sign --detached` is now called `sq sign
     --signature-file`.

   - The flag `sq sign --clearsign` is now called `sq sign
     --cleartext`.

   - Both `sq sign` and `sq verify` now require an explicit mode,
     one of `--signature-file`, `--message`, or `--cleartext`.

   - Fixes #430.
2024-11-13 11:18:25 +01:00
Justus Winter
3e3a9e5096
Make tests less expensive.
- Only write out 30 megabytes, not 100.
2024-11-13 11:18:12 +01:00
Neal H. Walfield
34a519f785
Change sq key list to not filter out unauthenticated certificates.
- When `sq key list` is passed a filter, it only shows
    certificates that it can authenticate.  (When it is passed
    nothing, it shows all certificates with secret key material.)

  - Don't require certificates to be authenticated.

  - Fixes #293.
2024-11-12 10:12:36 +01:00
Neal H. Walfield
70e65c5fcd
Add a DWIM search parameter to sq key list.
- Add a DWIM search parameter to `sq key list`.  If the pattern
    appears to be a fingerprint or key ID, treat it as if it were passed
    to `--cert` and match on the certificate's fingerprint.  Otherwise,
    treat it as if it were passed via `--grep`, and match on user IDs.

  - This aligns `sq key list` with `sq cert list`.

  - See #293.
2024-11-12 10:12:34 +01:00
Justus Winter
0b562c476e
Remove sq cert lint --list-keys.
- Fixes #316.
2024-11-11 18:30:03 +01:00
Justus Winter
2700b908ac
Set signature creation times closer to where the builder is created.
- This makes it more obvious that the creation time is set
    appropriately.
2024-11-11 18:27:25 +01:00
Justus Winter
bfdd0a9558
Expand the designated signers to user ID, email, and domain queries.
- This allows one to require a signature from sequoia-pgp.org, for
    example.

  - See #248.
2024-11-11 18:27:25 +01:00
Justus Winter
16941dea66
Use only designated signers to verify signatures.
- Previously, the signers cert designators added to the set of certs
    in the store, and marked them as trusted.

  - Change this so that only the designated certs are used to verify
    the signatures, and they are marked as trusted.  This allows
    useful semantics like requiring a signature from a set of
    explicitly provided signers.

  - If no signers are designated, the cert store is consulted.

  - Fixes #248.
2024-11-11 18:27:25 +01:00
Justus Winter
e7c48b81f9
Make sq pki link add honor sq --time. 2024-11-11 17:24:25 +01:00
Justus Winter
bebb78dca4
Move struct VHelper to commands::verify. 2024-11-11 16:23:29 +01:00
Neal H. Walfield
390b318b4e
Disable the help subcommand everywhere except at the top-level.
- We want a top-level `help` subcommand, but we don't want
    subcommand groups (like `sq pki`) to have a `help` subcommand.
    Users get used to being able to use `help` instead of `--help`,
    and then are confused when `sq pki authenticate help` (i.e., using
    the `help` subcommand on an action) doesn't work.

  - Fixes #418.
2024-11-10 16:49:37 +01:00
Neal H. Walfield
7ecc843dee
Add new command sq download.
- Add a new command, `sq download`, which downloads a file and a
    signature file, and then authenticates the file.

  - Fixes #84.
2024-11-09 13:28:17 +01:00
Neal H. Walfield
6697846b78
Don't move when passing a reference will do.
- `commands::pki::authenticate` takes ownership of `sq`, but it only
     needs a reference.

  - Change it accordingly.
2024-11-09 09:19:33 +01:00
Neal H. Walfield
ee1c6f3fcf
Add new argument, --cli-version, to require a CLI version.
- Add a new argument, `--cli-version`, which the user can use to
    request a particular semver-compatible version of the CLI.

  - This enables breaking changes to the CLI, and enables `sq` to
    support multiple CLI versions.

  - Fixes #75.
2024-11-08 11:42:18 +01:00
Neal H. Walfield
f6a8a4ab2c
Rename OutputVersion to Version and move it to its own module.
- Rename `OutputVersion` to `Version`, and move it from the
    `cli::output` module to `cli::types::version` module.
2024-11-08 09:19:27 +01:00
Neal H. Walfield
2c548dfb74
Fix sq toolbox packet dump's help text.
- `sq toolbox packet dump` decrypts any encrypted containers by
    default.  Adjust the documentation accordingly.

  - Fixes #403.
2024-11-07 18:26:17 +01:00
Neal H. Walfield
f48a8ce033
Don't show the progress bar if --batch is specified.
- The progress bar changes the terminal.

  - If `--batch` is specified, `sq` is probably running from a script,
    and we shouldn't change the terminal.

  - Fixes #395.
2024-11-07 14:10:20 +01:00
Neal H. Walfield
53f28f6008
Print out the certificate that decrypted a message.
- When decrypting a message using `sq decrypt`, `sq` shows what
    symmetric and compression algorithms it used when processing the
    message.

  - Also show what certificate was used to decrypt the session key.

  - Fixes #400.
2024-11-07 13:51:10 +01:00
Neal H. Walfield
afe00251a9
Show more information about certificates in sq key list.
- Extend `sq key list`'s human readable output to show if a
    certificate is not valid under the current policy, is expired, or is
    revoked.

  - Fixes #361
2024-11-07 11:16:01 +01:00
Neal H. Walfield
b4976919c5
Normalize output.
- In `sq cert list`'s output, don't say "expired on," just say
    "expired", which matches other messages, like "created"
2024-11-07 11:11:20 +01:00
Neal H. Walfield
aa469739d1
Show more information about certificates in sq cert list.
- Extend `sq cert list`'s human readable output to show if a
    certificate is not valid under the current policy, or is revoked.

  - Fixes #409
2024-11-07 10:48:58 +01:00
Neal H. Walfield
2ae1885971
Finish renaming attestation to approval.
- See 49b7f25cc4957245bd20d344378e1f506b245c1a.

  - Fixes #417.
2024-11-07 08:41:44 +01:00
Neal H. Walfield
cf09d2f7a2
Make sq key expire's expiration argument required.
- `sq key expire`'s expiration argument was accidentally made
    optional in 4aeee1c2660861b6f9e2b1a7d33638faf406075e.  Fix it.

  - Fixes #420.
2024-11-06 16:13:23 +01:00
Neal H. Walfield
ff3fff850c
Use key designators for sq key subkey revoke.
- Port `sq key subkey revoke` to the key designator framework.

  - Extend the key designator framework to support only addressing
    subkeys.
2024-11-06 16:12:05 +01:00
Neal H. Walfield
f817cb4a4a
Fix documentation.
- `sq key subkey revoke` can only revoke subkeys; it can't revoke
    primary keys.
2024-11-06 16:10:44 +01:00
Neal H. Walfield
4d5b807f61
Use key designators for sq key subkey {delete,password}.
- Port `sq key subkey delete` and `sq key subkey password` to the
    key designator framework.
2024-11-06 16:08:33 +01:00
Neal H. Walfield
f139b50f24
Change sq key subkey export to require the certificate to export.
- `sq key subkey export` currently takes a list of keys to export.
    This is ambiguous if a key is associated with multiple certificates.

  - Add a new required parameter, `--cert`, which specifies what
    certificate to export.  The specified keys must be attached to that
    certificate under the NULL policy.

  - This change means that `sq key subkey export` can only export a
    single certificate at a time.

  - As the implementations of `sq key export` and `sq key subkey
    export` have diverged, don't try to consolidate them any more.

  - Fixes #386.
2024-11-06 16:08:02 +01:00
Neal H. Walfield
b5b27aa366
Move the bind module.
- The bind module is used by `sq key subkey bind`.  Move it under
    `commands:🔑:subkey`.
2024-11-06 16:07:09 +01:00
Neal H. Walfield
d21d38e6b4
Move the sq key subkey revoke implementation to its own module. 2024-11-06 16:06:12 +01:00
Neal H. Walfield
87cadfe889
Move the sq key subkey expire implementation to its own module. 2024-11-06 16:03:55 +01:00
Neal H. Walfield
4cfea470b8
Move the sq key subkey password implementation to its own module. 2024-11-06 16:03:00 +01:00
Neal H. Walfield
70f7a6f402
Move the sq key subkey delete implementation to its own module. 2024-11-06 16:02:01 +01:00
Neal H. Walfield
c665065821
Move the sq key subkey export implementation to its own module. 2024-11-06 16:00:27 +01:00
Neal H. Walfield
3824be8bbf
Move the sq key subkey add implementation to its own module. 2024-11-06 15:59:29 +01:00
Neal H. Walfield
cbe7eb1402
Move cli parser for sq key subkey bind to its own module. 2024-11-06 15:58:29 +01:00
Neal H. Walfield
909016e3ae
Move cli parser for sq key subkey revoke to its own module. 2024-11-06 15:57:32 +01:00
Neal H. Walfield
0dce5d9693
Move cli parser for sq key subkey expire to its own module. 2024-11-06 15:56:13 +01:00
Neal H. Walfield
ea6db79f7b
Move cli parser for sq key subkey password to its own module. 2024-11-06 15:55:17 +01:00
Neal H. Walfield
215051da86
Move cli parser for sq key subkey delete to its own module. 2024-11-06 15:53:59 +01:00
Neal H. Walfield
79defd3fdf
Move cli parser for sq key subkey export to its own module. 2024-11-06 15:52:18 +01:00