IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Currently, it is not possible to delete secret key material that
is only associated with a certificate that is not valid under the
current policy. The same goes for changing the password protecting
the secret key material.
- Users shouldn't have to first update a key's binding signature to
delete it, or change its password.
- Change `sq key subkey delete` and `sq key subkey password` to use
the null policy. This is not a security concern, because even if
the binding signature is weak, both the certificate and the key
are explicitly named.
- See #375
- This tracks the origin, like we do when we download certificates
over the network.
- This also has the benefit that newly created keys also show up in
the cert listing.
- Fixes#377.
- Some commands only access the cert or key store after they do a
lot of work. If the cert or key store is disabled, this is
annoying.
- Change `sq key generate`, `sq cert import`, `sq network search`,
`sq network keyserver search`, `sq network wkd search`, and `sq
network dane search` to error out early if they will save
something to the key store or the certificate, and it is disabled.
- Fixes#264.
- When there is no certificate or key store, but the command
requires it, return use a `clap::Error` instead of an
`anyhow::Error` so that the error is formatted better.
this simplifies permissions wrangling when bind mounting to host.
rootless podman is a preferred OCI runtime to docker, wherein superuser
within a container is simulated and not a security concern.
- When updating a WKD in `sq network wkd generate`, if a certificate
is not changed, don't insert it.
- If no certificates changed, and none were inserted, then don't
bother copying the WKD back.
- Change `sq network wkd publish` to indicate which certificates are
updated, which ones are unchanged, and which ones are new.
- Note: the messages can be suppressed with `--quiet`.
- When writing to a file or stdout, add a hint at the beginning of
the output that the user can edit the file with an editor, and
then recombine the result using `sq packet join`.
- Change `sq packet split` to not require `output` or `prefix`, but
to write to `stdout` by default.
- This is closer to the behavior of other commands.
- Require the caller to indicate what they are waiting for, and
include that in the warning.
- For instance, `sq decrypt` now says "Waiting for an encrypted
message on stdin..."
- Previously, we limited the width to 100 characters in an effort to
improve readability. Arguably, that is interfering with the
wishes of the users that use wider terminals.
- The alternative is to structure the human-readable output in such
a way that overly long lines do not occur, but when they do occur,
they can be displayed as is.
- See #443.
- `sq key list` prefers to show authenticated, and self-signed user
IDs. If there are none, it says "no user IDs," which is not very
helpful. In this case, prefer self-signed user IDs that are valid
under the NULL policy. Note: these will still show up as
unauthenticated.
- Currently, `sq key list` only displays a single best user ID for
each certificate.
- Instead, display all user IDs that can be authenticated, or are
self-signed. Also indicate the degree to which they can be
authenticated, and whether the user ID has been revoked.
- Fixes#360.