IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Change `sq pki certify`'s certifier parameter from a `PathBuf` to
a `FileOrStdin` so that it interprets `-` as meaning it should
read the certificate from stdin.
- Change `sq key revoke`, `sq key subkey revoke`, and `sq key userid
revoke` to support the cert store and key store.
- Add `--cert` to specify a certificate by key ID or fingerprint.
- If `--output` is not specified and `--cert` is, import the
modified certificate into the cert store. If `--output` is not
specified and `--cert-file` is, write the modified certificate to
stdout.
- Change the `--cert-file` and `--revoker-file` arguments to `sq key
revoked`, `sq key userid revoke`, and `sq key subkey revoke` to
interpret `-` as meaning reading from stdin.
- `sq key revoked`, `sq key userid revoke`, and `sq key subkey
revoke` have two arguments for naming a certificate:
`--certificate-file` and `--cert-file`. The latter is an alias.
Drop `--certificate-file` and promote `--cert-file`. This
harmonizes these subcommands with other subcommands, which only
use `--cert-file`.
- Rename `--revocation-file` to `--revoker-file`, as the file
contains a "revoker" not a "revocation."
- Change `sq key userid add` to support the cert store and key
store.
- Add `--cert` to specify a certificate by key ID or fingerprint.
- Change the positional file argument to `--cert-file`.
- Change the positional user ID to `--userid`.
- If `--output` is not specified and `--cert` is, import the
modified certificate into the cert store. If `--output` is not
specified and `--cert-file` is, write the modified certificate to
stdout
- Support using keys managed by `sequoia-keystore`.
- When decrypting a message, have `sq` automatically ask the
key store to decrypt the PKESKs.
- Extend `sq sign` and `sq encrypt` with the `--signer-key`
parameter to use a key managed by the keystore.
- Add two top-level options: `--no-key-store`, which disables the
use of the key store, and `--key-store`, which uses an alternate
key store instance.
- Add `sq key list` to list keys on the key store.
* Changes in 0.30.1
* Notable changes
- The `crypto-botan` feature now selects Botan's v3 interface. Use
the new `crypto-botan2` feature to continue using Botan's v2
interface.
* Notable fixes
- Several parser bugs were fixed in sequoia-openpgp 1.16.0 and
buffered-reader 1.2.0. These are all low-severity as Rust
correctly detects the out of bounds access and panics. Update
Cargo.lock to make sure we use these versions.
- sequoia-openpgp 1.16 changed `sequoia-openpgp/crypto-botan` to
build against Botan's v3 interface, and exposed
`sequoia-openpgp/crypto-botan2` to build against the v2 interface.
- Do the same. Add a `crypto-botan2` feature to allow the user to
build against Botan's v2 interface.
- When importing a certificate into the certificate store from a
verifying keyserver (via `sq keyserver get`), WKD (via `sq wkd
get`), or DANE (via `sq dane get`), certify the User IDs that the
service checks (for verifying keyservers: all; for WKD and DANE:
the User IDs with the email that was looked up).
- Have a per-service key to do the certifications (one for
keys.openpgp.org, one for keys.mailvelope.com, one for WKD, etc).
- Make the per-service certificates minimally trusted (trust amount:
1 of 120) CAs by certifying them with the local trust root.
- Add the `sq wot` subcommand, to expose web of trust functionality.
- This is just an import of the `sq-wot` CLI as `sq wot`. The
support for using the `gpg` keyring and gpg's ownertrust, however,
is removed.
- Add a new top-level option, `--keyring`, which allows users to
specify additional keyrings to search.
- When a lookup is performed, all keyrings are searched in addition
to any certificate store, and the results are merged.
- Keyrings are read only.
- When verifying a signature using `sq verify`, and a signer is not
specified using `--signer-cert`, try and authenticate them using the
web of trust using the configured certificate store.
- If we can fully authenticate a signer, consider the signature to
have been authenticated by that signer.
- Extend `sq encrypt` with the `--recipient-email` and
`--recipient-userid` arguments to allow the caller to designate a
certificate by email address or User ID, respectively. An email
address or User ID is considered to designate a certificate, if
the binding between the email address or User ID and the
certificate can be authenticated using the web of trust.
- Add support for the web of trust using the `sequoia-wot` crate.
- Add a top-level option, `--trust-root`, to allow the user to
specify trust roots.
- Add a top-level, global option `--time` to set the reference time.
- Remove subcommand's `--time` argument and use this instead.
Remove `sq key generate`'s `--creation-time` argument `sq key user
id`'s `--creation-time` argument and use this argument instead.
- Add support for a persistant certificate store using
`sequoia-cert-store`.
- Add `sq --no-cert-store` to disable the use of the certificate
store. Add `sq --cert-store PATH` to use an alternate certificate
store.
- Add `sq import` to import a certificate into the certificate
store. Add `sq export` to export certificates.
- Modify `sq certify`, `sq encrypt`, and `sq verify` to lookup
certificates in the certificate store, if it is configured.