Commit Graph

598 Commits

Author SHA1 Message Date
Neal H. Walfield
a9b400060d
Port sq key userid add's examples to the example framework.
- Port `sq key userid add`'s examples to the example framework and
    improve the examples.

  - See #196.
2024-06-13 10:46:59 +02:00
Neal H. Walfield
acc0376b43
Improve sq key userid's --help. 2024-06-13 10:46:58 +02:00
Neal H. Walfield
cfe308a177
Improve sq key revoke's --help. 2024-06-13 10:46:58 +02:00
Neal H. Walfield
18840201ed
Add examples for sq key revoke. 2024-06-13 10:25:15 +02:00
Neal H. Walfield
8948a66df7
Improve sq key password's --help. 2024-06-13 10:25:15 +02:00
Neal H. Walfield
d42da17949
Port sq key password's examples to the example framework.
- Port `sq key password`'s examples to the example framework and
    improve the examples.

  - See #196.
2024-06-13 10:25:00 +02:00
Neal H. Walfield
e7640521f5
Improve sq key delete's --help. 2024-06-13 09:38:10 +02:00
Neal H. Walfield
5be75a83ff
Add examples for sq key delete. 2024-06-13 09:35:43 +02:00
Neal H. Walfield
8587dd05cd
Improve sq key export's --help. 2024-06-12 18:12:38 +02:00
Neal H. Walfield
c056d41319
Improve sq key import's --help. 2024-06-12 18:12:38 +02:00
Neal H. Walfield
6f8b9074b1
When failing to get a revocation signer, show the actual error.
- When we fail to get a signer for `sq key revoke`, `sq key subkey
    revoke`, or `sq key userid revoke` we don't print out the actual
    error.  This can be confusing.

  - Print the actual error.

  - See #250.
2024-06-12 18:09:15 +02:00
Neal H. Walfield
0e5c58ef05
Use the null policy when creating revocation certificates.
- When creating a revocation certificate using, e.g., `sq key
    revoke`, use the null policy.

  - Even if a certificate is not valid according to the standard
    policy, it can still be useful to revoke it.

  - Fixes #250.
2024-06-12 18:02:22 +02:00
Neal H. Walfield
fa835e234f
Port the sq key revoke tests to the common test framework.
- Add `Sq::key_revoke`, and change the `sq key revoke` integration
    tests to use it.
2024-06-12 16:50:56 +02:00
Neal H. Walfield
1817c305ae
Make helper function more generic.
- Change `compare_notations` from taking a slice containing two
    elements to taking a slice taking any number of elements.
2024-06-12 16:49:26 +02:00
Neal H. Walfield
9f09e34e36
Loosen constraints on the key used to issue a revocation.
- Before using a key, we check it for validity including whether it
    is revoked, and whether it is live.

  - Don't enforce these constraints when using a key to issue a
    revocation: it may be important to issue a revocation even if the
    key is no longer valid.
2024-06-12 16:49:26 +02:00
Neal H. Walfield
7228049640
When an example is too wide, indicate how wide it is.
- We check that examples are not too wide.  When an example is too
    wide, indicate how wide the line is.
2024-06-12 16:49:16 +02:00
Neal H. Walfield
6f452d51c6
Rename UseridRevocationReason to UserIDReasonForRevocation.
- Rename `UseridRevocationReason` to `UserIDReasonForRevocation`,
    which is more consistent with other identifiers.
2024-06-12 16:47:50 +02:00
Neal H. Walfield
8ae03f1945
Rename RevocationReason to KeyReasonForRevocation.
- Rename `RevocationReason` to `KeyReasonForRevocation`.
    `RevocationReason` sounds generic, but there is also
    `UseridRevocationReason`.

  - This name aligns better with the type from `sequoia-openpgp` that
    it wraps, `ReasonForRevocation`.
2024-06-12 16:46:55 +02:00
Neal H. Walfield
bc5c0cf9f1
Rename the --expiry argument to --expiration.
- Rename the `--expiry` argument to `--expiration`, and adjust the
    name of the corresponding fields, and data structures.

  - Expiration and expiry have about the same meaning.  According to
    my research, "expiration" is used in American English whereas
    both are used in British English.

  - This change aligns the usage with RFC 4880's terminology, which
    uses the word "expiration" many times, but never uses "expiry".
2024-06-11 22:51:40 +02:00
Neal H. Walfield
fa773b0e78
Improve Expiry's Debug implementation.
- Improve `Expiry`'s Debug implementation: use a bigger unit when
    possible.
2024-06-11 12:15:41 +02:00
Neal H. Walfield
8463e8c5e5
Improve sq key generate's --help output. 2024-06-11 12:15:35 +02:00
Neal H. Walfield
c3582bea01
Port sq key generate's examples to the example framework.
- Port `sq key generate`'s examples to the example framework, and
    improve the examples.
2024-06-11 10:27:47 +02:00
Neal H. Walfield
d76e1ae4db
Change sq key attest-certifications to support the key store and cert store.
- Change `sq key attest-certifications` to use the key store and the
    cert store.

  - See #205.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
353c21554a
Don't have sq key attest-certifications' --all be the default.
- In `sq key attest-certifications`, don't make `--all` the
    default, but require the user to specify it explicitly.

  - This makes it easier to introduce more fine-grained selectors in
    the future.

  - See #262.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
6dcfb270ad
Make sq key attest-certifications' positional parameter a named parameter.
- In `sq key attest-certifications`, change the certificate file
     parameter from a positional parameter to a named parameter,
     `--cert-file`.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
90bad2927a
Add test for sq key attest-certifications. 2024-06-10 23:24:33 +02:00
Neal H. Walfield
f1a99b10d9
Change sq key adopt to support the cert store.
- Change `sq key adopt` to use the cert store.

  - See #205.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
a08b536225
Add a convenience function to import a certificate.
- Add `Sq::import_cert`, which is a convenience function that
    imports a certificate into the cert store.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
f3037392f6
Change sq key adopt to support the key store.
- Change `sq key adopt` to use the key store.

  - See #205.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
54ae8eda30
Add functions to lookup a certificate with an alternate policy.
- Add `Sq::lookup_with_policy` and `Sq::lookup_one_with_policy` to
    lookup a certificate using an alternate policy.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
47e076d890
If secret key material is passed via --keyring, use it.
- If the user supplies a keyring using `--keyring`, and it contains
    the secret key material that we are looking for, use it.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
cb13f883be
Make sq key adopt's positional parameter a named parameter.
- In `sq key adopt`, change the certifier file parameter from a
     positional parameter to a named parameter, `--cert-file`.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
d76d0fcd52
Change the sq key adopt's tests to use the common test framework. 2024-06-10 23:24:19 +02:00
Neal H. Walfield
a82d9908f9
Change sq pki certify to support the cert store and key store.
- Change `sq pki certify` to support the cert store and key store.

  - See #205.
2024-06-10 23:10:44 +02:00
Neal H. Walfield
028983d40f
Change the sq pki certify tests to use the common test framework. 2024-06-10 23:10:23 +02:00
Neal H. Walfield
c8c7e24fe9
Drop unnecessary requirement on certificates being certified.
- The certificate being certified doesn't need to be certification
    capable.

  - Drop the check.
2024-06-07 18:11:09 +02:00
Neal H. Walfield
b5a680e4f9
Show a lint when secret key material is missing, but required.
- Extend `Sq::get_keys` lints to also check if the secret key
    material is missing.
2024-06-05 12:40:13 +02:00
Neal H. Walfield
b55d1f3239
Make sq pki certify's positional parameter a named parameter.
- In `sq pki certify`, change the certifier file parameter from a
     positional parameter to a named parameter, `--certifier-file`.
2024-06-05 12:33:07 +02:00
Neal H. Walfield
bb0aa2f555
Change sq pki certify to use Sq::lookup_one.
- Change `sq pki certify` to use `Sq::lookup_one` when looking up
    the certifier.  This ensures that the certificate is certification
    capable.
2024-06-05 10:07:48 +02:00
Neal H. Walfield
4b3e459cea
Change sq pki certify's certifier parameter to understand -.
- Change `sq pki certify`'s certifier parameter from a `PathBuf` to
    a `FileOrStdin` so that it interprets `-` as meaning it should
    read the certificate from stdin.
2024-06-05 09:57:53 +02:00
Neal H. Walfield
a8eb598cd0
Add sq key delete.
- Add `sq key delete`, to delete secret key material.
2024-06-05 09:35:13 +02:00
Neal H. Walfield
6eef5e9ffc
Change sq key password to support the cert store and key store.
- Change `sq key password` to support the cert store and key store.

  - See #205.
2024-06-05 09:35:11 +02:00
Neal H. Walfield
4a97011452
Add a test for sq key password.
- Add a test for `sq key password`.
2024-06-05 09:32:30 +02:00
Neal H. Walfield
721d680627
Make sq key password's positional parameter a named parameter.
- In `sq key password`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
178679e838
Add the --password-file argument to sq sign.
- Add the `--password-file` argument to the `sq sign` command to
    allow the user to prefill the password cache with a password from a
    file.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
3f86cdbf93
Dry out sq sign.
- Dry out `sq sign` by using `Sq::get_signing_keys`.

  - This means that `sq sign` also uses the password cache.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
256679bce3
Use the password cache when unlocking keys managed by the key store.
- Change `Sq::get_signer` to also consider the password cache when
    unlocking a key managed by the key store.
2024-06-05 00:50:27 +02:00
Neal H. Walfield
a2c482e4f3
Add a password cache to Sq.
- `sq cert line` manually manages a password cache.

  - Move the password cache to `Sq` so the functionality can be used
    elsewhere.
2024-06-05 00:16:49 +02:00
Neal H. Walfield
1a33500c26
Change sq key expire etc. to support the cert store and key store.
- Change `sq key expire` and `sq key subkey expire` to support the
    cert store and key store.

  - See #205.
2024-06-05 00:13:50 +02:00
Neal H. Walfield
8006f7cc2f
Add a new convenience type, FileStdinOrKeyHandle.
- Add a new convenience type, `FileStdinOrKeyHandle`, which is
    either a path, stdin, or a key handle.

  - Extend `sq:lookup` and `sq::lookup_one` to take a
    `FileStdinOrKeyHandle` instead of just a `KeyHandle`.
2024-06-05 00:06:26 +02:00