IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Add a new designator type, `KeyDesignator`, which is like
`CertDesignator` and `UserIDDesignator`, but resolves to keys.
- Move the resolution machinery from the expiry functionality to
`Sq::resolve_keys`.
- Switch `sq key subkey expire` to use it.
- Don't import `ArgumentPrefix`, etc. from the `cert_designator`
module, import the module and call it
`cert_designator::ArgumentPrefix`.
- This will reduce ambiguity when using other designator types.
- If a component is not valid according to the policy, don't extend
the expiration time. Suggest using `sq cert lint`, and then error
out.
- Fixes#363.
- Move the duration parsing code from `Expiration` to `Time`, which
`Expiration` already uses for absolute timestamps.
- Support negative durations, and to be more precise rename the
`Duration` variant to `Offset`.
- Fixes#268.
- When working with older messages, it may be necessary to use a
different cryptographic policy. Add an option, `--policy-as-of`, to
select the cryptographic policy that was in effect at the specified
time.
- Fixes#123.
Co-authored-by: Neal H. Walfield <neal@sequoia-pgp.org>
- `Sq::encrypt` and `Sq::decrypt` only work with in-memory buffers.
- Introduce `FileOrBytes`, which represents a path or bytes. Change
`Sq::encrypt` and `Sq::decrypt` to use them, and thus support
messages stored in files in addition to inline messages.
- Signature verification output is confusing. The main problem is
the terminology. It talks about "good signatures", "good
checksums", and "bad checksums," but it is unclear what good or
bad means, and what a checksum is. Instead, talk about
"authenticated signatures," "unauthenticated signatures," and
completely drop the term "checksum" and just say that the
certificate for the alleged signer is missing.
- Fixes#4.
- If the user does not pass any recipients, or passwords to `sq
encrypt`, a simple, custom error message is shown instead of the
one generated by clap's error message machinery.
- Add `--with-password` and `--with-password-file` to the cert
designator framework, and switch `sq encrypt` to select them.
- Fixes#405.
- Self signatures have a path length of one, not two.
- But, don't filter them out otherwise the user has no idea whether
the user ID is self signed or not.
- When showing a path for a self signature, the path is dangling,
consider:
```
$ sq cert list E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07 --gossip --show-paths
- E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07
- created 2024-05-21 20:49:20 UTC
- will expire on 2027-05-22 14:15:41 UTC
- [ 0/120 ] alice
◯─┬ E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07
│ └ "alice"
```
- Instead, clearly indicate that the path is a self signature, like
so:
```
$ sq cert list E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07 --gossip --show-paths
- E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07
- created 2024-05-21 20:49:20 UTC
- will expire on 2027-05-22 14:15:41 UTC
- [ 0/120 ] alice
◯─┬ E8F7E841DC8F412AFA1218BD36D48A1A12B8FC07
│ └ "alice"
│
└── Self-signed user ID.
```
- Currently, when the user requests gossip, we show all the found
paths as being untrusted, even though some can be authenticated.
This is confusing.
- When getting gossip paths, specify the trust roots. As of
`sequoia-wot` 0.13.0, this will also authenticate any returned
paths.
- Fixes#338.