IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- `sq pki certify` and `sq pki authorize` are for creating
third-party certifications.
- Error out if the certifier is the same as the certificate being
certified.
- Previously `sq pki certify` could create certifications, and mark
a certificate as a trusted introducer (when the user set `--depth`
to be greater than zero). Anecdotal evidence indicates that
combining these two actions in a single command is confusing.
- Split the latter functionality off, and put it in a new subcommand,
`sq pki authorize`.
- See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
- `sq pki certify` uses a positional argument to specify the
certificate to certify. Change it to be a named argument, either
`--cert`, or `--cert-file`.
- See #318.
- `sq pki certify` uses a positional argument to specify the user
ID to certify. Change it to be a named argument, either
`--userid`, or `--email`.
- This changes the meaning of `--email` from a flag that changes how
`--userid` interprets its argument, to an argument.
- This also allows multiple user IDs to be specified at once.
- See #318.
- Pull similar functionality out of the implementation of `sq pki
certify`, `sq pki link add`, and `sq pki link retract`, and put it
in a new module, `common::pki::certify`.
- This slightly changes the human readable output.
- By splitting `--handle` into `--cert` and `--key`, where the
former only matches on primary keys, and the latter matches on
both primary keys and subkeys.
- Fixes#287.
- It was possible to use `--allow-not-alive-certifier` and
`--allow-revoked-certifier` to force `sq pki certify` to use
expired and revoked certificates.
- Consistent with the principle that `sq` should support a lot, but
not everything, remove them.
- Fixes#365.
- When setting a certificate's expiration time, we update each user
ID's self signature. If a user ID is revoked, creating a new self
signature will "unrevoke it."
- Skip user IDs that are revoked.
- When setting a certificate's expiration time, we update the
direct key signature, and each user ID's self signature. This
fails if a user ID doesn't have a valid self signature.
- User IDs, however, don't need to be self signed! For instance, a
user ID may only have a third-party certification.
- Relax `sq key expire` to only add a self signature for a user ID,
if the user ID already has a self signature.
- Never call `exit`. If there is an error, propagate the error to
the caller. This ensures that any clean up handlers (like
flushing state to disk) are run.
- When adopting a bare key, the creation time is the Unix epoch.
If the user doesn't manually override this using
`--creation-time`, use the current time (while respecting
`--time`).
- Change `sq key adopt` to not require the key that is being adopted
to have a binding signature.
- This allows adopting "bare keys," i.e., a certificate consisting
of just a primary key. Bare keys are useful when working with raw
keys, e.g., keys generated on an OpenPGP card, a TPM device, etc.
To add them to a certificate, they just need to be wrapped in a
minimal amount of OpenPGP framing; no signatures are required.
- Fixes#25.
- When designating a certificate multiple times, the certificate
should only be used once. Assert that this is the case in the `sq
encrypt` tests by checking that the PKESKs are not redundant.
- Note: this was fixed by 437ae24.
- A `sq cert export` test vector specified `--email
carol@example.org`, which doesn't match any certificates. The error
was hidden, because we were not strict about ensuring that all
certificate designators actually match at least one certificate.
- Fix the test vector.
- Add a test for `sq encrypt` that checks that the different ways of
designating a certificate work including making sure that only
authenticated names can be used to designate a certificate.
- Add `Sq::preserve` to prevent the files created by an `Sq`
instance from being deleted when the `Sq` instance is dropped.
- Preserving the state makes it easier to debug a test that is
failing.
- This is an ugly gpgism. All encrypted messages are symmetrically
encrypted. Not all password-encrypted messages encrypt the
session key symmetrically. Use language the user understands.
- Fixes#331.
- Unlike other commands, `sq cert export`'s `--cert` argument only
matches on the certificate's key handle (i.e., the primary key's
key handle). It also has a `--key` argument to match on the
primary key's key handle or a subkey's key handle, which are
the semantics of the `--cert` argument for other commands.
- Change the semantics of `--cert` to that of `--key`, i.e., change
`--cert` to also match on subkey key handles. Remove the `--key`
argument since it is now redundant.
- `sq key export` can either export all keys associated with a
certificate or individual keys.
- Split the subkey-related functionality out of `sq key export` and
into the new subcommand `sq key subkey export`
- Fixes#294.
- The dot output does not fit into the output framework: it can only
describe graphs, and most of what sq emits are not graphs. Once
sq gains machine-readable output, the current functionality can be
implemented by emitting the graph data as machine-readable data,
then transforming it into dot.
- Fixes#290.
- Fixes#137.
- A user ID is an OpenPGP concept. Most people think in terms of
names and email addresses.
- Add and promote --name and --email arguments for sq key userid
add.
- Fixes#291.
- A user ID is an OpenPGP concept. Most people think in terms of
names and email addresses.
- Add and promote --name and --email arguments for sq key generate.
- See #291.
- Add a new subcommand, `sq key subkey password`, which changes the
password protecting the secret key material of a primary key or a
subkey.
- Fixes#106.
- Add `Sq::key_password` and `Sq::sign` based on the code in the
`sq key password` test.
- Implement the `sq key password` test in terms of those functions.
- `sq key password`, and `sq sign --symmetric` have local arguments
to seed the password cache.
- Many commands could benefit from similar functionality.
- Add a new top-level argument, `--password-file`, to seed the
password cache.
- When creating a revocation certificate using, e.g., `sq key
revoke`, use the null policy.
- Even if a certificate is not valid according to the standard
policy, it can still be useful to revoke it.
- Fixes#250.
- Rename the `--expiry` argument to `--expiration`, and adjust the
name of the corresponding fields, and data structures.
- Expiration and expiry have about the same meaning. According to
my research, "expiration" is used in American English whereas
both are used in British English.
- This change aligns the usage with RFC 4880's terminology, which
uses the word "expiration" many times, but never uses "expiry".
- Change `sq key revoke`, `sq key subkey revoke`, and `sq key userid
revoke` to support the cert store and key store.
- Add `--cert` to specify a certificate by key ID or fingerprint.
- If `--output` is not specified and `--cert` is, import the
modified certificate into the cert store. If `--output` is not
specified and `--cert-file` is, write the modified certificate to
stdout.
- `sq key revoked`, `sq key userid revoke`, and `sq key subkey
revoke` have two arguments for naming a certificate:
`--certificate-file` and `--cert-file`. The latter is an alias.
Drop `--certificate-file` and promote `--cert-file`. This
harmonizes these subcommands with other subcommands, which only
use `--cert-file`.
- Rename `--revocation-file` to `--revoker-file`, as the file
contains a "revoker" not a "revocation."
- While the commit b5a7d15710 moved the
"sq link" command under "sq pki", there are some left-overs in the
error messages.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
- The output of `sq pki list`, `sq pki authenticate`, `sq pki
identify` and `sq pki lookup` are overwhelming.
- Change the output to only show whether a binding can be
authenticated, not the paths; group the user IDs according
to the certificate; and, show whether the components are expired
or revoked.
- Use the old output format if the user passes `--show-paths`.
- Fixes#240.
- Change `sq key generate` and `sq key userid add` to require
canonical user IDs by default.
- If a user ID is not in canonical form, explain the problem, and
suggest a solution, if possible.
- Allow the user to disable this check by passing the
`--allow-non-canonical-userids` flag.
- Fixes#209.
- Although Sequoia is able to use user ID-less certificates, they
don't have good support in the ecosystem, and are probably not
what most users want.
- Consequently, don't make user ID-less certificates the default.
Instead, require users to opt in by passing the `--no-userids` flag
to `sq key generate`.
- Fixes#223.
- Support using keys managed by `sequoia-keystore`.
- When decrypting a message, have `sq` automatically ask the
key store to decrypt the PKESKs.
- Extend `sq sign` and `sq encrypt` with the `--signer-key`
parameter to use a key managed by the keystore.
- Add two top-level options: `--no-key-store`, which disables the
use of the key store, and `--key-store`, which uses an alternate
key store instance.
- Add `sq key list` to list keys on the key store.
- Add --all to export all certificates.
- Add a query argument that can be a subkey fingerprint or key ID,
an email address, or a user ID fragment.
- Fixes#181.
- The `--help` output for most subcommands includes one or more
examples.
- We should test these, like we test everything else.
- Add a framework to format, and test the examples.
- Fixes#190.
- Also, fix some broken examples.
- Remove the offending argument. Without it, the linter will ask
for passwords on the tty, aligning it with the rest of sq.
Programmatic input of passwords is an open question, see #140.
- Fixes#168.
- When emitting revocation certificates, emit the revocation
signature with enough context so that it is a well-formed TPK,
i.e. include the primary key, the component to be revoked (if
revoking a user ID or subkey), and the revocation signature.
- Having a partial TPK instead of a bare revocation makes handling
it much easier, as it can be stored and transported like any
cert. It also gives the recipient of the certificate more
context, and simplifies merging it into a database of certs.
- Previously, there was a bug in sq where we would emit secret key
material when emitting revocation certificates. The reason for
that was that the certificate was first converted to a packet
stream, and then each packet serialized. In contrast, if a
Cert is serialized, no secrets are emitted unless the
programmer opts in. In a way, this is the more comprehensive fix
for the problem, as it leverages sequoia-openpgp's mechanisms to
protect secret key material.
- See #160.
- When doing a userid, subkey, or third-party certificate
revocation, with the cert given to --certificate-file containing
secret key material, we previously emitted a revocation
certificate containing secret key material.
- This patch changes that in a straight-forward way that is easy to
backport to prior versions. A more comprehensive fix will follow.
- Fixes#160.
