IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- `sq pki link add` has a positional argument for specifying a user
ID directly or by email address. Remove it in favor of the named
arguments, `--userid` and `--email`.
- See #318.
- `sq pki certify` and `sq pki authorize` are for creating
third-party certifications.
- Error out if the certifier is the same as the certificate being
certified.
- Previously `sq pki certify` could create certifications, and mark
a certificate as a trusted introducer (when the user set `--depth`
to be greater than zero). Anecdotal evidence indicates that
combining these two actions in a single command is confusing.
- Split the latter functionality off, and put it in a new subcommand,
`sq pki authorize`.
- See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
- `sq pki certify` uses a positional argument to specify the
certificate to certify. Change it to be a named argument, either
`--cert`, or `--cert-file`.
- See #318.
- `sq pki certify` uses a positional argument to specify the user
ID to certify. Change it to be a named argument, either
`--userid`, or `--email`.
- This changes the meaning of `--email` from a flag that changes how
`--userid` interprets its argument, to an argument.
- This also allows multiple user IDs to be specified at once.
- See #318.
- Pull similar functionality out of the implementation of `sq pki
certify`, `sq pki link add`, and `sq pki link retract`, and put it
in a new module, `common::pki::certify`.
- This slightly changes the human readable output.
- By splitting `--handle` into `--cert` and `--key`, where the
former only matches on primary keys, and the latter matches on
both primary keys and subkeys.
- Fixes#287.
- It was possible to use `--allow-not-alive-certifier` and
`--allow-revoked-certifier` to force `sq pki certify` to use
expired and revoked certificates.
- Consistent with the principle that `sq` should support a lot, but
not everything, remove them.
- Fixes#365.
- When setting a certificate's expiration time, we update each user
ID's self signature. If a user ID is revoked, creating a new self
signature will "unrevoke it."
- Skip user IDs that are revoked.
- When setting a certificate's expiration time, we update the
direct key signature, and each user ID's self signature. This
fails if a user ID doesn't have a valid self signature.
- User IDs, however, don't need to be self signed! For instance, a
user ID may only have a third-party certification.
- Relax `sq key expire` to only add a self signature for a user ID,
if the user ID already has a self signature.
- Never call `exit`. If there is an error, propagate the error to
the caller. This ensures that any clean up handlers (like
flushing state to disk) are run.
- When adopting a bare key, the creation time is the Unix epoch.
If the user doesn't manually override this using
`--creation-time`, use the current time (while respecting
`--time`).
- Change `sq key adopt` to not require the key that is being adopted
to have a binding signature.
- This allows adopting "bare keys," i.e., a certificate consisting
of just a primary key. Bare keys are useful when working with raw
keys, e.g., keys generated on an OpenPGP card, a TPM device, etc.
To add them to a certificate, they just need to be wrapped in a
minimal amount of OpenPGP framing; no signatures are required.
- Fixes#25.
- When designating a certificate multiple times, the certificate
should only be used once. Assert that this is the case in the `sq
encrypt` tests by checking that the PKESKs are not redundant.
- Note: this was fixed by 437ae24.
- A `sq cert export` test vector specified `--email
carol@example.org`, which doesn't match any certificates. The error
was hidden, because we were not strict about ensuring that all
certificate designators actually match at least one certificate.
- Fix the test vector.
- Add a test for `sq encrypt` that checks that the different ways of
designating a certificate work including making sure that only
authenticated names can be used to designate a certificate.
- Add `Sq::preserve` to prevent the files created by an `Sq`
instance from being deleted when the `Sq` instance is dropped.
- Preserving the state makes it easier to debug a test that is
failing.
