Commit Graph

1407 Commits

Author SHA1 Message Date
Justus Winter
68bf9e91f2
Repeat prompt for passwords when generating artifacts.
- The function common::password::prompt_for_password is intended for
    creating artifacts.  For example, if a new key or subkey is
    generated, or a message should be encrypted using a password.  The
    cost of mistyping is high, so we prompt twice.

  - If the user mistypes, repeating the process allows for graceful
    recovery, which seems to be in the best interest of the user.

  - Make the function repeated the prompts if the user mistypes.
    Rename it to better indicate intent.  Adjust documentation.

  - Fixes #145.
2023-12-15 17:35:25 +01:00
Justus Winter
1346e3013c
Simplify password prompting.
- Use a common prompt text for the repeat, and make the suffix
    implicit.
2023-12-15 17:35:25 +01:00
Justus Winter
5b5f528368
Use crate humantime to format durations. 2023-12-15 13:14:37 +01:00
Justus Winter
4f2a22b604
Improve sq lookup's help output. 2023-12-14 15:32:45 +01:00
Jan Christian Grünhage
e483e5fbd4
Allow passing old and new passwords using files 2023-12-14 10:21:30 +01:00
Jan Christian Grünhage
c317b2bade
refactor: use Password type consistently 2023-12-14 10:21:25 +01:00
Justus Winter
dc24306af1
Emit partial TPKs as revocation certificates.
- When emitting revocation certificates, emit the revocation
    signature with enough context so that it is a well-formed TPK,
    i.e. include the primary key, the component to be revoked (if
    revoking a user ID or subkey), and the revocation signature.

  - Having a partial TPK instead of a bare revocation makes handling
    it much easier, as it can be stored and transported like any
    cert.  It also gives the recipient of the certificate more
    context, and simplifies merging it into a database of certs.

  - Previously, there was a bug in sq where we would emit secret key
    material when emitting revocation certificates.  The reason for
    that was that the certificate was first converted to a packet
    stream, and then each packet serialized.  In contrast, if a
    Cert is serialized, no secrets are emitted unless the
    programmer opts in.  In a way, this is the more comprehensive fix
    for the problem, as it leverages sequoia-openpgp's mechanisms to
    protect secret key material.

  - See #160.
2023-12-11 15:48:06 +01:00
Justus Winter
56dba759fd
Scan emitted data for inadvertent leaks of secret key material.
- In debug builds, scan all emitted data for secret key material,
    and panic if we find something.  Manually goodlist all the places
    where we expect to emit secret key material.
2023-12-11 15:40:31 +01:00
Justus Winter
8e1ae6e0a3
Use public accessors. 2023-12-11 15:40:31 +01:00
Justus Winter
8216857de2
Strip secret key material from emitted revocation certificates.
- When doing a userid, subkey, or third-party certificate
    revocation, with the cert given to --certificate-file containing
    secret key material, we previously emitted a revocation
    certificate containing secret key material.

  - This patch changes that in a straight-forward way that is easy to
    backport to prior versions.  A more comprehensive fix will follow.

  - Fixes #160.
2023-12-11 15:40:31 +01:00
Justus Winter
4ed3d371e5
Replace once_cell with types from the standard library. 2023-12-06 17:42:48 +01:00
Justus Winter
3a885d8dbf
Remove outdated comments. 2023-12-06 17:37:09 +01:00
Justus Winter
1bad4fff20
Port to sequoia-cert-store 0.4.0. 2023-12-06 17:27:20 +01:00
Justus Winter
f6b936d889
Fix warning. 2023-11-30 14:42:12 +01:00
Justus Winter
b8f9670497
Improve pluralization: make it convenient and prevent word-wrapping. 2023-11-30 14:42:11 +01:00
Justus Winter
e028f90fdb
Improve network lookup UX; return an error if no cert was found.
- If the default set of keyservers is used, do not emit error
    messages unless --verbose is given or the search returned no cert
    at all.

  - If no cert was located, signal an error.

  - See #156.
2023-11-30 11:10:19 +01:00
Justus Winter
101309c88a
Improve the interactive-use test with the new IsTerminal. 2023-11-30 10:22:15 +01:00
Justus Winter
4d40c983a5
Fix unstable cli warning.
- The heuristic got broken because newer versions of
    terminal_size::terminal_size consider the PTY, not
    necessarily stdout.

  - Fixes ab8df96e5b.
2023-11-29 17:54:40 +01:00
Justus Winter
64d9012a5d
Replace custom reimplementation of std::sync::Once. 2023-11-29 17:38:12 +01:00
Justus Winter
5244b8d49a
Add --verbose. 2023-11-29 17:15:28 +01:00
Justus Winter
decbc5143a
Special-case the read-only Proton keyserver when sending. 2023-11-29 17:11:41 +01:00
Justus Winter
8d00aff2a2
Make sq keyserver get --server ... work.
- Mark sq keyserver --server argument as global so that it can be
    used in all keyserver subcommands.
2023-11-29 16:50:11 +01:00
Justus Winter
2ab3bd5efd
Word-wrap lines in human-readable messages.
- Replace every eprintln by wprintln, which prints to stderr as
    well, but word-wraps the messages.
2023-11-29 16:41:40 +01:00
Justus Winter
0400ae88eb
Rework signature status formatting. 2023-11-29 16:13:23 +01:00
Justus Winter
50c5c1ac86
Bump all dependencies. 2023-11-29 14:06:20 +01:00
Justus Winter
14b1a69eb4
Update subplot. 2023-11-29 14:06:20 +01:00
Justus Winter
ab8df96e5b
Update terminal_size. 2023-11-29 14:06:20 +01:00
Justus Winter
a19f4ecd25
Update predicates. 2023-11-29 14:06:20 +01:00
Justus Winter
f4f5f20e6e
Avoid deprecated function. 2023-11-29 14:06:20 +01:00
Justus Winter
544075bd86
Set our MSRV to 1.70. 2023-11-29 14:06:20 +01:00
Justus Winter
f8e32f2f16
Update itertools. 2023-11-29 13:33:27 +01:00
Justus Winter
537433d790
Update openssl to 0.10.60.
- Fixes https://rustsec.org/advisories/RUSTSEC-2023-0072
2023-11-29 11:57:11 +01:00
Justus Winter
cc1225f841
Require that only one keyserver send operation succeeds.
- Add a switch, --require-all, that checks that all send operations
    succeed, and returns an error otherwise.
2023-11-28 19:22:48 +01:00
Justus Winter
5127f1abb7
Improve formatting of the import output. 2023-11-28 17:44:07 +01:00
Justus Winter
424646e0f8
Make provenance information less overwhelming.
- See #156.
2023-11-28 17:26:30 +01:00
Justus Winter
e0e8b8f32c
Compute best-effort primary user ids, escape them when displaying.
- They may contain special characters and trick the user.  The
    current way to detect dodgy characters and escape them may not be
    the best, but it is better than the status quo, and we now encode
    intent.
2023-11-28 17:25:21 +01:00
Justus Winter
041574d320
Merge certs before importing them. 2023-11-28 12:52:50 +01:00
Justus Winter
712add9679
Align the keyserver options between sq lookup and sq keyserver. 2023-11-28 12:44:43 +01:00
Justus Winter
67b65ba55a
Use four keyservers by default.
- By using more than one keyserver, we increase the chance of
    successfully finding certificates and updates.  Further, multipath
    discovery increases robustness in the face of an attacker or
    censor.

  - We use keys.openpgp.org, the Proton key server, the Mailvelope
    keyserver, and the Ubuntu keyserver.
2023-11-28 12:38:01 +01:00
Justus Winter
e89a0b6c36
Implement sq lookup.
- Fixes #63.
2023-11-28 09:48:52 +01:00
Justus Winter
376438330e
Share the bulk of the network client code across protocols. 2023-11-28 09:48:52 +01:00
Justus Winter
6f9269b9c0
When emitting keyrings, merge the certs first.
- Now that we query multiple keyservers, or query for multiple certs
    in the network routines, we very well get the same cert twice.
    Merge them if we emit a keyring.
2023-11-28 09:08:47 +01:00
Justus Winter
d4632beb77
Refactor network client code so that it can be shared. 2023-11-28 09:08:46 +01:00
Justus Winter
975ce49581
Use the multi-threaded tokio runtime for network lookups. 2023-11-27 17:48:12 +01:00
Justus Winter
fb31dd6225
Proton has two API endpoints, unify them.
- I was assured privately that they should always return the same
    information, but unfortunately there is no public documentation
    about the Proton key server.  In any case, they are controlled by
    the same entity, thus should be considered the same for our
    purposes.
2023-11-27 17:43:48 +01:00
Justus Winter
f3757c004e
Revert argument long form.
- Renaming the struct field also changed the long form option, undo
    this by explicitly specifying it.

  - Fixes 337589fe9e.
2023-11-27 16:35:10 +01:00
Justus Winter
68353596cf
Fix the time in the example.
- Fixes 16fd67a10c.
2023-11-27 14:41:53 +01:00
Justus Winter
23d6621e37
Implement autocrypt import.
- Fixes #138.
2023-11-27 13:34:01 +01:00
Justus Winter
187b10e321
Make import and certification functions public. 2023-11-27 13:33:24 +01:00
Justus Winter
337589fe9e
Support querying multiple keyservers simultaneously.
- By default we only query keys.openpgp.org, but multiple servers
    can be specified now.

  - Fixes #64.
2023-11-27 12:02:19 +01:00