Commit Graph

30 Commits

Author SHA1 Message Date
Neal H. Walfield
2fb5cc4abf
Don't add approvals for non-exportable certifications or certs.
- Change `sq key approvals list` and `sq key approvals update` to
    ignore certifications that are not exportable, and certificates
    that are not exportable, or are a shadow CA.

  - Fixes #402.
2024-11-18 16:40:48 +01:00
Neal H. Walfield
435b127e5f
Port sq key userid revoke to the user ID designator framework.
- Port `sq key userid revoke` to the user ID designator framework.
    See #434.

  - This replaces the `--add-userid` flag with the `--add-userid`,
    `--add-email` and `--add-name` arguments.  See #318.

  - This change also makes a user ID mandatory, which fixes #428.
2024-11-14 11:30:29 +01:00
Neal H. Walfield
7ecc843dee
Add new command sq download.
- Add a new command, `sq download`, which downloads a file and a
    signature file, and then authenticates the file.

  - Fixes #84.
2024-11-09 13:28:17 +01:00
Neal H. Walfield
26c70cad32
Don't extend the expiration of invalid components.
- If a component is not valid according to the policy, don't extend
    the expiration time.  Suggest using `sq cert lint`, and then error
    out.

  - Fixes #363.
2024-11-04 11:26:02 +01:00
Jens Reimann
4f73627020
Add a global option, --policy-as-of, to select a crypto policy.
- When working with older messages, it may be necessary to use a
    different cryptographic policy.  Add an option, `--policy-as-of`, to
    select the cryptographic policy that was in effect at the specified
    time.

  - Fixes #123.

Co-authored-by: Neal H. Walfield <neal@sequoia-pgp.org>
2024-10-31 15:08:55 +01:00
Justus Winter
af7b7e3dc9
Merge sq autocrypt import into sq cert import, remove others.
- Merge `sq autocrypt import` has been merged into `sq cert import`.

  - Remove `sq autocrypt decode` and `sq autocrypt encode-sender`
    without substitute.

  - Fixes #187.
2024-10-21 16:56:55 +02:00
Neal H. Walfield
f11b3f6b59
Extend sq pki authorize to constrain by domain.
- Constraining an introducer by regex is error prone.  Add an option
    to `sq pki authorize` to constrain an introducer by domain name.
2024-10-14 17:46:18 +02:00
Neal H. Walfield
5e80d02b5e
Don't extend the expiration of subkeys that are hard revoke.
- If a subkey is hard revoked, refuse to extend the expiration.
2024-10-08 11:46:07 +02:00
Neal H. Walfield
7862c1609f
Add a unit test for sq key subkey expire for soft revocations.
- Check that `sq key subkey expire` extends the expiration of a
    subkey that is soft revoked.
2024-10-08 11:42:33 +02:00
Neal H. Walfield
b266d9dea1
Add a unit test for sq key subkey expire for unbound subkeys.
- Check that `sq key subkey expire` won't extend the expiration of a
    subkey that isn't bound.

  - Improve the error message when this happens.
2024-10-08 11:42:27 +02:00
Neal H. Walfield
7292c6c347
Fix setting a certificate's expiration time.
- When setting a certificate's expiration time, we update each user
    ID's self signature.  If a user ID is revoked, creating a new self
    signature will "unrevoke it."

  - Skip user IDs that are revoked.
2024-10-08 10:52:33 +02:00
Neal H. Walfield
9a2f2bc72b
Fix setting a certificate's expiration time.
- When setting a certificate's expiration time, we update the
    direct key signature, and each user ID's self signature.  This
    fails if a user ID doesn't have a valid self signature.

  - User IDs, however, don't need to be self signed!  For instance, a
    user ID may only have a third-party certification.

  - Relax `sq key expire` to only add a self signature for a user ID,
    if the user ID already has a self signature.
2024-10-08 09:30:51 +02:00
Justus Winter
43edb2c190
Add missing example data file bob.pgp.
- The README mentions it, but it is missing.
2024-10-07 15:27:28 +02:00
Justus Winter
20df76538e
Rename sq encrypt --recipient to sq encrypt --for`.
- Fixes #356.
2024-10-04 11:54:53 +02:00
Neal H. Walfield
331da9d600
Don't require a key being adopted to have a binding signature.
- Change `sq key adopt` to not require the key that is being adopted
    to have a binding signature.

  - This allows adopting "bare keys," i.e., a certificate consisting
    of just a primary key.  Bare keys are useful when working with raw
    keys, e.g., keys generated on an OpenPGP card, a TPM device, etc.
    To add them to a certificate, they just need to be wrapped in a
    minimal amount of OpenPGP framing; no signatures are required.

  - Fixes #25.
2024-09-26 13:05:36 +02:00
Justus Winter
05dc2f85c5
Update description of the assets used in the examples. 2024-08-16 17:49:55 +02:00
Justus Winter
846d819368
Port sq verify's examples to the example framework.
- Port `sq verify`'s examples to the example framework and improve
    them.

  - See #196.
2024-06-20 18:00:47 +02:00
Justus Winter
e78bcf248f
Port sq autocrypt's examples to the example framework.
- Port `sq autocrypt`'s examples to the example framework.

  - See #196.
2024-06-20 15:48:43 +02:00
Neal H. Walfield
20d7b8ff68
Add examples for sq key subkey adopt. 2024-06-13 10:47:00 +02:00
Neal H. Walfield
d42da17949
Port sq key password's examples to the example framework.
- Port `sq key password`'s examples to the example framework and
    improve the examples.

  - See #196.
2024-06-13 10:25:00 +02:00
Neal H. Walfield
0e5c58ef05
Use the null policy when creating revocation certificates.
- When creating a revocation certificate using, e.g., `sq key
    revoke`, use the null policy.

  - Even if a certificate is not valid according to the standard
    policy, it can still be useful to revoke it.

  - Fixes #250.
2024-06-12 18:02:22 +02:00
Neal H. Walfield
42126b5534
Convert sq decrypt examples to use the example framework.
- See #196.
2024-05-27 13:36:35 +02:00
Neal H. Walfield
24b383275a
Port sq inspect's examples to the example framework.
- #190.
2024-03-13 10:26:32 +01:00
Justus Winter
869b7acec8
Move sq keyring lint to sq cert lint.
- It lints certs, so it should go to sq cert.

  - See #192.
2024-02-09 18:52:11 +01:00
Neal H. Walfield
0d1da78356
Add a framework to format and test examples.
- The `--help` output for most subcommands includes one or more
    examples.

  - We should test these, like we test everything else.

  - Add a framework to format, and test the examples.

  - Fixes #190.

  - Also, fix some broken examples.
2024-02-09 18:08:09 +01:00
Justus Winter
2bae7c8c30
Turn Autocrypt Gossip into PKI artifacts when importing. 2024-01-29 19:48:51 +01:00
David Runge
3adec8e545
Rename sq keyring linter to sq keyring lint
To match the setup of the other subcommands (which follow a noun [noun]
verb approach), rename `sq keyring linter` to `sq keyring lint`.

Fixes #136
2023-07-03 14:23:17 +02:00
Jan Christian Grünhage
74fd9dd8fe
Move keyring-linter into sq keyring as a subcommand
This commit is mostly a copy over from the keyring-linter repository,
with a few changes included to make it work in the sq codebase. These
changes are:
 - replaced calls to atty with calls to is-terminal. This was done due
   to is-terminal already being in the dependency tree of sq, and atty
   being unmaintained.
 - replace ansi_term with termcolor, because ansi_term is unmaintained
 - removed a few things from the keyring linter, that were also present
   in sq itself, to avoid duplication. This included the reference time
   parameter, key decryption and IO handling
 - added output file and binary parameters to the linter, so that I
   could handle output the same as the other commands do
2023-06-22 11:19:27 +02:00
Neal H. Walfield
47447cd7d0
Add sq wot
- Add the `sq wot` subcommand, to expose web of trust functionality.

  - This is just an import of the `sq-wot` CLI as `sq wot`.  The
    support for using the `gpg` keyring and gpg's ownertrust, however,
    is removed.
2023-03-30 16:03:48 +02:00
Justus Winter
b89c172c1d
Reincarnation commit.
- This implementation has been moved from the Sequoia repository to
    its own repository.  To inspect the history, either look at the
    Sequoia repository, or graft it onto this repository like this:

      $ git remote add sequoia https://gitlab.com/sequoia-pgp/sequoia
      $ git fetch sequoia 82eb0d7b240d137141fc0aaaa3dff1685bb11864
      $ git replace --graft <THIS-COMMIT> 82eb0d7b240d137141fc0aaaa3dff1685bb11864
2023-02-21 12:43:43 +01:00