Commit Graph

137 Commits

Author SHA1 Message Date
Justus Winter
78d8538707
Add sq sign --mode to create binary or text signatures.
- Fixes #390.
2024-11-13 14:08:57 +01:00
Neal H. Walfield
9eb0f0754e
Change --add-userid from a flag to two arguments.
- `sq pki link add`, `sq pki link authorize`, `sq pki vouch
    certify`, and `sq pki vouch authorize` have a `--add-userid` flag.

  - Replace the `--add-userid` flag with an `--add-userid` argument,
    and an `--add-email` argument.

  - This change means that a flag does not change how an argument is
    interpreted.  It also makes it more explicit whether a user ID
    should be added, because `--userid` and `--email` could be given
    multiple times.

  - See #309 and #318.
2024-11-13 13:51:35 +01:00
Justus Winter
14f4c8fd3a
Replace --no-cert-store and --no-key-store.
- Replace the flag `sq --no-cert-store` with `sq
     --cert-store=none`.

   - Replace the flag `sq --no-key-store` with `sq --key-store=none`.

   - Similarly, `sq --home=none` disables all state, unless explicitly
     re-enabled using `--cert-store` or `--key-store`.

   - Fixes #427.
2024-11-13 12:34:53 +01:00
Justus Winter
ee737472da
Require explicit mode, and align sq sign and sq verify.
- The flag `sq sign --detached` is now called `sq sign
     --signature-file`.

   - The flag `sq sign --clearsign` is now called `sq sign
     --cleartext`.

   - Both `sq sign` and `sq verify` now require an explicit mode,
     one of `--signature-file`, `--message`, or `--cleartext`.

   - Fixes #430.
2024-11-13 11:18:25 +01:00
Neal H. Walfield
70e65c5fcd
Add a DWIM search parameter to sq key list.
- Add a DWIM search parameter to `sq key list`.  If the pattern
    appears to be a fingerprint or key ID, treat it as if it were passed
    to `--cert` and match on the certificate's fingerprint.  Otherwise,
    treat it as if it were passed via `--grep`, and match on user IDs.

  - This aligns `sq key list` with `sq cert list`.

  - See #293.
2024-11-12 10:12:34 +01:00
Justus Winter
0b562c476e
Remove sq cert lint --list-keys.
- Fixes #316.
2024-11-11 18:30:03 +01:00
Justus Winter
16941dea66
Use only designated signers to verify signatures.
- Previously, the signers cert designators added to the set of certs
    in the store, and marked them as trusted.

  - Change this so that only the designated certs are used to verify
    the signatures, and they are marked as trusted.  This allows
    useful semantics like requiring a signature from a set of
    explicitly provided signers.

  - If no signers are designated, the cert store is consulted.

  - Fixes #248.
2024-11-11 18:27:25 +01:00
Neal H. Walfield
390b318b4e
Disable the help subcommand everywhere except at the top-level.
- We want a top-level `help` subcommand, but we don't want
    subcommand groups (like `sq pki`) to have a `help` subcommand.
    Users get used to being able to use `help` instead of `--help`,
    and then are confused when `sq pki authenticate help` (i.e., using
    the `help` subcommand on an action) doesn't work.

  - Fixes #418.
2024-11-10 16:49:37 +01:00
Neal H. Walfield
7ecc843dee
Add new command sq download.
- Add a new command, `sq download`, which downloads a file and a
    signature file, and then authenticates the file.

  - Fixes #84.
2024-11-09 13:28:17 +01:00
Neal H. Walfield
ee1c6f3fcf
Add new argument, --cli-version, to require a CLI version.
- Add a new argument, `--cli-version`, which the user can use to
    request a particular semver-compatible version of the CLI.

  - This enables breaking changes to the CLI, and enables `sq` to
    support multiple CLI versions.

  - Fixes #75.
2024-11-08 11:42:18 +01:00
Neal H. Walfield
f139b50f24
Change sq key subkey export to require the certificate to export.
- `sq key subkey export` currently takes a list of keys to export.
    This is ambiguous if a key is associated with multiple certificates.

  - Add a new required parameter, `--cert`, which specifies what
    certificate to export.  The specified keys must be attached to that
    certificate under the NULL policy.

  - This change means that `sq key subkey export` can only export a
    single certificate at a time.

  - As the implementations of `sq key export` and `sq key subkey
    export` have diverged, don't try to consolidate them any more.

  - Fixes #386.
2024-11-06 16:08:02 +01:00
Jens Reimann
4f73627020
Add a global option, --policy-as-of, to select a crypto policy.
- When working with older messages, it may be necessary to use a
    different cryptographic policy.  Add an option, `--policy-as-of`, to
    select the cryptographic policy that was in effect at the specified
    time.

  - Fixes #123.

Co-authored-by: Neal H. Walfield <neal@sequoia-pgp.org>
2024-10-31 15:08:55 +01:00
Neal H. Walfield
0889d18da7
If decryption fails, delete the output file.
- Change `sq decrypt` to delete the output file if decryption fails.

  - Fixes #59.
2024-10-31 12:34:09 +01:00
Neal H. Walfield
e4c40da649
If signature verification fails, delete the output file.
- Change `sq verify` to delete the output file if it can't
    authenticate the signature.

  - See #59.
2024-10-31 12:30:28 +01:00
Neal H. Walfield
cedd9687d1
Add support for merging bare revocation certificates.
- Extend `sq toolbox keyring merge` to merge bare revocation
    certificates.

  - Fixes #50.
2024-10-31 10:01:45 +01:00
Neal H. Walfield
aac7b719d4
Fix various typo in the NEWS file. 2024-10-30 16:34:02 +01:00
Neal H. Walfield
11140ae5c1
Add support for importing bare revocation certificates.
- Extend `sq cert import` to import bare revocation certificates.

  - See #50.
2024-10-30 15:36:12 +01:00
Neal H. Walfield
89cb9d6743
Make sq key userid revoke's positional arguments named arguments.
- `sq key userid revoke`'s reason and message arguments are
    positional arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:57:43 +01:00
Neal H. Walfield
ef785cbd12
Make sq key subkey revoke's positional arguments named arguments.
- `sq key subkey revoke`'s reason and message arguments are
    positional arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:51:49 +01:00
Neal H. Walfield
b25bbee713
Make sq key revoke's positional arguments named arguments.
- `sq key revoke`'s reason and message arguments are positional
    arguments.  Change them to be named arguments.

  - See #318.
2024-10-29 10:48:51 +01:00
Neal H. Walfield
8fc655d5ad
Make sq key expire's expiration argument a named argument.
- `sq key expire`'s expiration argument is a positional argument.
    Change it to a named argument.

  - See #318.
2024-10-29 08:57:47 +01:00
Neal H. Walfield
b0a414a9c3
Make sq key subkey expire's expiration argument a named argument.
- `sq key subkey expire`'s expiration argument is a positional
    argument.  Change it to a named argument.

  - See #318.
2024-10-28 18:58:07 +01:00
Neal H. Walfield
4d178c8768
Remove sq pki path's --gossip argument.
- Remove `sq pki path`'s `--gossip` argument, which doesn't actually
    do anything.
2024-10-26 09:15:01 +02:00
Justus Winter
b7f3c1198c
Remove the pEp store integration.
- Fixes #310.
2024-10-24 15:17:33 +02:00
Justus Winter
f3555c5a14
Use cert designators for sq key approvals update.
- See #207.
2024-10-24 14:41:21 +02:00
Justus Winter
a30799e093
Use cert designators for sq key subkey bind.
- See #207.
2024-10-24 14:41:21 +02:00
Justus Winter
33053757dc
Use cert designators for sq key subkey revoke.
- See #207.
2024-10-24 14:41:21 +02:00
Justus Winter
cb1bb1f944
Use cert designators for sq key subkey expire.
- See #207.
2024-10-24 14:40:39 +02:00
Justus Winter
7a0a844512
Use cert designators for sq key subkey password.
- See #207.
2024-10-24 14:40:27 +02:00
Justus Winter
625f1e8a17
Use cert designators for sq key subkey delete.
- See #207.
2024-10-24 14:40:27 +02:00
Justus Winter
74e7f4dd33
Use cert designators for sq key subkey add.
- See #207.
2024-10-23 18:04:13 +02:00
Justus Winter
77d9edf039
Use cert designators for sq key userid revoke.
- See #207.
2024-10-23 17:53:32 +02:00
Justus Winter
31ca4e2943
Use cert designators for sq key userid add.
- See #207.
2024-10-23 17:47:12 +02:00
Justus Winter
37e2b65c6f
Use cert designators for sq key revoke.
- See #207.
2024-10-23 17:02:42 +02:00
Justus Winter
5c392b7d0a
Use cert designators for sq key expire.
- See #207.
2024-10-23 16:15:24 +02:00
Justus Winter
eb784ff84c
Use cert designators for sq key password.
- See #207.
2024-10-23 16:08:42 +02:00
Justus Winter
e15852d2f7
Use cert designators for sq cert lint.
- See #207.
2024-10-23 15:28:26 +02:00
Justus Winter
fd8466564c
Make sq key delete --file require --output.
- Previously, the certificate was imported.
2024-10-22 18:13:31 +02:00
Justus Winter
14cef16528
Use cert designators for sq key delete.
- See #207.
2024-10-22 18:12:48 +02:00
Justus Winter
8c47caaee9
Change --cert to only look up by primary key fingerprint.
- See #207.
2024-10-22 15:45:59 +02:00
Justus Winter
af7b7e3dc9
Merge sq autocrypt import into sq cert import, remove others.
- Merge `sq autocrypt import` has been merged into `sq cert import`.

  - Remove `sq autocrypt decode` and `sq autocrypt encode-sender`
    without substitute.

  - Fixes #187.
2024-10-21 16:56:55 +02:00
Justus Winter
bcb5c39aca
Remove the DWIM interface from sq cert export.
- The cert designator framework is expressive enough.  Just be
    explicit.
2024-10-21 12:39:57 +02:00
Justus Winter
1d1a41ac3d
Only export certificates with authenticated bindings.
- When exporting certificates selected by user IDs (i.e. --email,
    --userid, --domain, or --grep), authenticate the bindings and
    export only those certificates that can be authenticated.

  - Fixes #182.
2024-10-21 11:37:10 +02:00
Justus Winter
eb1545591c
Split sq network wkd publish --rsync into two to avoid ambiguity.
- The argument `sq network wkd --rsync` which previously had an
    optional value argument has been split into two arguments, a
    boolean `--rsync` to enable the use of rsync, and `--rsync-path`,
    which implies `--rsync`, to specify a path to the local rsync
    executable.

  - Fixes #370.
2024-10-18 17:02:02 +02:00
Justus Winter
d07e387eab
Rename sq verify --signer-cert to --signer.
- Fixes #372.
2024-10-18 16:32:11 +02:00
Justus Winter
2a40afef11
Add --all flag to sq network wkd publish and dane generate.
- Fixes #273.
2024-10-18 16:01:51 +02:00
Neal H. Walfield
f934cd2e31
Move sq pki list to sq cert list.
- Move the command `sq pki list` to `sq cert list`.

  - See #358.
2024-10-18 12:17:50 +02:00
Neal H. Walfield
9d2d34b990
Move sq pki {certify,authorize} under sq pki vouch.
- Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`.

  - This mirrors `sq pki link`.
2024-10-18 08:49:07 +02:00
Neal H. Walfield
609c5aab16
Split authorization functionality out of sq pki link add.
- Split authorization functionality out of `sq pki link add` into a
    new command, `sq pki link authorize`.

  - Align `sq pki link authorize`'s arguments with `sq pki authorize`
    arguments.
2024-10-17 16:42:35 +02:00
Neal H. Walfield
7dee04b9b3
Align sq pki link add's user ID specification with sq pki certify.
- Align how user IDs are specified using `sq pki link add` with `sq
    pki certify`.  Specifically, add a `--add-userid` argument and
    remove the `--petname` argument.
2024-10-15 17:32:29 +02:00