Neal H. Walfield
a9b400060d
Port sq key userid add's examples to the example framework.
...
- Port `sq key userid add`'s examples to the example framework and
improve the examples.
- See #196 .
2024-06-13 10:46:59 +02:00
Neal H. Walfield
acc0376b43
Improve sq key userid's --help.
2024-06-13 10:46:58 +02:00
Neal H. Walfield
cfe308a177
Improve sq key revoke's --help.
2024-06-13 10:46:58 +02:00
Neal H. Walfield
18840201ed
Add examples for sq key revoke.
2024-06-13 10:25:15 +02:00
Neal H. Walfield
8948a66df7
Improve sq key password's --help.
2024-06-13 10:25:15 +02:00
Neal H. Walfield
d42da17949
Port sq key password's examples to the example framework.
...
- Port `sq key password`'s examples to the example framework and
improve the examples.
- See #196 .
2024-06-13 10:25:00 +02:00
Neal H. Walfield
e7640521f5
Improve sq key delete's --help.
2024-06-13 09:38:10 +02:00
Neal H. Walfield
5be75a83ff
Add examples for sq key delete.
2024-06-13 09:35:43 +02:00
Neal H. Walfield
8587dd05cd
Improve sq key export's --help.
2024-06-12 18:12:38 +02:00
Neal H. Walfield
c056d41319
Improve sq key import's --help.
2024-06-12 18:12:38 +02:00
Neal H. Walfield
6f8b9074b1
When failing to get a revocation signer, show the actual error.
...
- When we fail to get a signer for `sq key revoke`, `sq key subkey
revoke`, or `sq key userid revoke` we don't print out the actual
error. This can be confusing.
- Print the actual error.
- See #250 .
2024-06-12 18:09:15 +02:00
Neal H. Walfield
0e5c58ef05
Use the null policy when creating revocation certificates.
...
- When creating a revocation certificate using, e.g., `sq key
revoke`, use the null policy.
- Even if a certificate is not valid according to the standard
policy, it can still be useful to revoke it.
- Fixes #250 .
2024-06-12 18:02:22 +02:00
Neal H. Walfield
fa835e234f
Port the sq key revoke tests to the common test framework.
...
- Add `Sq::key_revoke`, and change the `sq key revoke` integration
tests to use it.
2024-06-12 16:50:56 +02:00
Neal H. Walfield
1817c305ae
Make helper function more generic.
...
- Change `compare_notations` from taking a slice containing two
elements to taking a slice taking any number of elements.
2024-06-12 16:49:26 +02:00
Neal H. Walfield
9f09e34e36
Loosen constraints on the key used to issue a revocation.
...
- Before using a key, we check it for validity including whether it
is revoked, and whether it is live.
- Don't enforce these constraints when using a key to issue a
revocation: it may be important to issue a revocation even if the
key is no longer valid.
2024-06-12 16:49:26 +02:00
Neal H. Walfield
7228049640
When an example is too wide, indicate how wide it is.
...
- We check that examples are not too wide. When an example is too
wide, indicate how wide the line is.
2024-06-12 16:49:16 +02:00
Neal H. Walfield
6f452d51c6
Rename UseridRevocationReason to UserIDReasonForRevocation.
...
- Rename `UseridRevocationReason` to `UserIDReasonForRevocation`,
which is more consistent with other identifiers.
2024-06-12 16:47:50 +02:00
Neal H. Walfield
8ae03f1945
Rename RevocationReason to KeyReasonForRevocation.
...
- Rename `RevocationReason` to `KeyReasonForRevocation`.
`RevocationReason` sounds generic, but there is also
`UseridRevocationReason`.
- This name aligns better with the type from `sequoia-openpgp` that
it wraps, `ReasonForRevocation`.
2024-06-12 16:46:55 +02:00
Neal H. Walfield
bc5c0cf9f1
Rename the --expiry argument to --expiration.
...
- Rename the `--expiry` argument to `--expiration`, and adjust the
name of the corresponding fields, and data structures.
- Expiration and expiry have about the same meaning. According to
my research, "expiration" is used in American English whereas
both are used in British English.
- This change aligns the usage with RFC 4880's terminology, which
uses the word "expiration" many times, but never uses "expiry".
2024-06-11 22:51:40 +02:00
Neal H. Walfield
fa773b0e78
Improve Expiry's Debug implementation.
...
- Improve `Expiry`'s Debug implementation: use a bigger unit when
possible.
2024-06-11 12:15:41 +02:00
Neal H. Walfield
8463e8c5e5
Improve sq key generate's --help output.
2024-06-11 12:15:35 +02:00
Neal H. Walfield
c3582bea01
Port sq key generate's examples to the example framework.
...
- Port `sq key generate`'s examples to the example framework, and
improve the examples.
2024-06-11 10:27:47 +02:00
Neal H. Walfield
d76e1ae4db
Change sq key attest-certifications to support the key store and cert store.
...
- Change `sq key attest-certifications` to use the key store and the
cert store.
- See #205 .
2024-06-10 23:24:33 +02:00
Neal H. Walfield
353c21554a
Don't have sq key attest-certifications' --all be the default.
...
- In `sq key attest-certifications`, don't make `--all` the
default, but require the user to specify it explicitly.
- This makes it easier to introduce more fine-grained selectors in
the future.
- See #262 .
2024-06-10 23:24:33 +02:00
Neal H. Walfield
6dcfb270ad
Make sq key attest-certifications' positional parameter a named parameter.
...
- In `sq key attest-certifications`, change the certificate file
parameter from a positional parameter to a named parameter,
`--cert-file`.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
90bad2927a
Add test for sq key attest-certifications.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
f1a99b10d9
Change sq key adopt to support the cert store.
...
- Change `sq key adopt` to use the cert store.
- See #205 .
2024-06-10 23:24:33 +02:00
Neal H. Walfield
a08b536225
Add a convenience function to import a certificate.
...
- Add `Sq::import_cert`, which is a convenience function that
imports a certificate into the cert store.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
f3037392f6
Change sq key adopt to support the key store.
...
- Change `sq key adopt` to use the key store.
- See #205 .
2024-06-10 23:24:32 +02:00
Neal H. Walfield
54ae8eda30
Add functions to lookup a certificate with an alternate policy.
...
- Add `Sq::lookup_with_policy` and `Sq::lookup_one_with_policy` to
lookup a certificate using an alternate policy.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
47e076d890
If secret key material is passed via --keyring, use it.
...
- If the user supplies a keyring using `--keyring`, and it contains
the secret key material that we are looking for, use it.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
cb13f883be
Make sq key adopt's positional parameter a named parameter.
...
- In `sq key adopt`, change the certifier file parameter from a
positional parameter to a named parameter, `--cert-file`.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
d76d0fcd52
Change the sq key adopt's tests to use the common test framework.
2024-06-10 23:24:19 +02:00
Neal H. Walfield
a82d9908f9
Change sq pki certify to support the cert store and key store.
...
- Change `sq pki certify` to support the cert store and key store.
- See #205 .
2024-06-10 23:10:44 +02:00
Neal H. Walfield
028983d40f
Change the sq pki certify tests to use the common test framework.
2024-06-10 23:10:23 +02:00
Neal H. Walfield
c8c7e24fe9
Drop unnecessary requirement on certificates being certified.
...
- The certificate being certified doesn't need to be certification
capable.
- Drop the check.
2024-06-07 18:11:09 +02:00
Neal H. Walfield
b5a680e4f9
Show a lint when secret key material is missing, but required.
...
- Extend `Sq::get_keys` lints to also check if the secret key
material is missing.
2024-06-05 12:40:13 +02:00
Neal H. Walfield
b55d1f3239
Make sq pki certify's positional parameter a named parameter.
...
- In `sq pki certify`, change the certifier file parameter from a
positional parameter to a named parameter, `--certifier-file`.
2024-06-05 12:33:07 +02:00
Neal H. Walfield
bb0aa2f555
Change sq pki certify to use Sq::lookup_one.
...
- Change `sq pki certify` to use `Sq::lookup_one` when looking up
the certifier. This ensures that the certificate is certification
capable.
2024-06-05 10:07:48 +02:00
Neal H. Walfield
4b3e459cea
Change sq pki certify's certifier parameter to understand -.
...
- Change `sq pki certify`'s certifier parameter from a `PathBuf` to
a `FileOrStdin` so that it interprets `-` as meaning it should
read the certificate from stdin.
2024-06-05 09:57:53 +02:00
Neal H. Walfield
a8eb598cd0
Add sq key delete.
...
- Add `sq key delete`, to delete secret key material.
2024-06-05 09:35:13 +02:00
Neal H. Walfield
6eef5e9ffc
Change sq key password to support the cert store and key store.
...
- Change `sq key password` to support the cert store and key store.
- See #205 .
2024-06-05 09:35:11 +02:00
Neal H. Walfield
4a97011452
Add a test for sq key password.
...
- Add a test for `sq key password`.
2024-06-05 09:32:30 +02:00
Neal H. Walfield
721d680627
Make sq key password's positional parameter a named parameter.
...
- In `sq key password`, change the certificate file parameter from a
positional parameter to a named parameter, `--cert-file`.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
178679e838
Add the --password-file
argument to sq sign
.
...
- Add the `--password-file` argument to the `sq sign` command to
allow the user to prefill the password cache with a password from a
file.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
3f86cdbf93
Dry out sq sign.
...
- Dry out `sq sign` by using `Sq::get_signing_keys`.
- This means that `sq sign` also uses the password cache.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
256679bce3
Use the password cache when unlocking keys managed by the key store.
...
- Change `Sq::get_signer` to also consider the password cache when
unlocking a key managed by the key store.
2024-06-05 00:50:27 +02:00
Neal H. Walfield
a2c482e4f3
Add a password cache to Sq.
...
- `sq cert line` manually manages a password cache.
- Move the password cache to `Sq` so the functionality can be used
elsewhere.
2024-06-05 00:16:49 +02:00
Neal H. Walfield
1a33500c26
Change sq key expire etc. to support the cert store and key store.
...
- Change `sq key expire` and `sq key subkey expire` to support the
cert store and key store.
- See #205 .
2024-06-05 00:13:50 +02:00
Neal H. Walfield
8006f7cc2f
Add a new convenience type, FileStdinOrKeyHandle.
...
- Add a new convenience type, `FileStdinOrKeyHandle`, which is
either a path, stdin, or a key handle.
- Extend `sq:lookup` and `sq::lookup_one` to take a
`FileStdinOrKeyHandle` instead of just a `KeyHandle`.
2024-06-05 00:06:26 +02:00