IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- On October 18, 2021, Sequoia PGP's license was changed from the
GPL to the LGPL. Unfortunately, we forgot to update sq's license.
- See 884639bf1b
- Change Sequoia's license from GPL 2.0 or later to LGPL 2.0 or
later as unanimously decided on October 18, 2021 by:
- Christof Wahl <cw@pep.security> (pEp security CEO)
- Heiko Schaefer <heiko.schaefer@posteo.de> (pEp Foundation
employee, Sequoia developer)
- Justus Winter <justus@sequoia-pgp.org> (pEp Foundation
employee, Sequoia Founder)
- Neal H. Walfield <neal@pep.foundation> (pEp Foundation
employee, Sequoia Founder)
- Patrick Meier <pm@pep.security> (pEp security Chief Product
and Service Officer)
- Rudolf Bohli <rb@pep.security> (pEp security Chairman of the
Board)
- Volker Birk <vb@pep.security> (pEp security Founder, pEp
Foundation Council)
- The dot-writer crate is unmaintained, and prevents upgrading sq in
Fedora. As a short-term workaround, we make this dependency
optional so that it can be easily patched out by packagers. The
same has been done for the sq-wot tool.
- https://gitlab.com/sequoia-pgp/sequoia-wot/-/issues/51
- https://gitlab.com/sequoia-pgp/sequoia-wot/-/issues/47
- If the situation improves, either because the crate is maintained
again, or we port to a different crate, we can easily undo this
change.
- Also, remove all the examples that use the dot output format. Not
only is it awkward to make these examples optional, the existing
examples are also very repetetive, as they duplicate an existing
example, and only change the output format.
- Fixes#146.
- Currently, sequoia-openpgp miscomputes notarization
signatures (see
https://gitlab.com/sequoia-pgp/sequoia/-/issues/1041) and fixing
that has proven to be difficult. Disable this functionality until
we sorted out the underlying implementation.
- Our method of padding messages is not universally supported by
consuming implementations:
https://tests.sequoia-pgp.org/#Packet_excess_consumption
- Disable it for now. Once we support generating v6 OpenPGP
messages, we can enable it again with the new padding packet.
- `sq verify --detached <SIG>` and `sq wkd generate <WEB-ROOT>` take
paths, but the argument type is a String. We should use a PathBuf
instead, as paths, unlike strings, do not have to be valid UTF-8
strings.
- Fixes#154.
- See #13.
- Have clap do the conversion from a string to `cli::Time` for the
`--time` argument to `sq`.
- Implement `cli::Time::now` to return the current time, and
`cli::Time::openpgp` to convert the time to a time that is
representable as an OpenPGP timestamp, if possible.
- See #13.
- `cli::types::Time` wraps a `chrono::DateTime`, which has more
resolution, and a larger range than an OpenPGP timestamp.
- Change it to hold an `openpgp::types::Timestamp` instead.
- This will catch out of range errors at parsing time rather than
time of use, and prevents us forgetting to do the conversion.
- Fixes#153.
- This allows users to tweak the StandardPolicy used by Sequoia to
evaluate cryptographic artifacts. For example, on Fedora it will
adhere to the system-wide cryptographic policy for Sequoia.
- Fixes#128.
- A module `foo` used to have to be called `foo/mod.rs` if `foo` had
submodules.
- Since Rust 2018, it is possible to have `foo.rs` and the
submodules under `foo`.
- Using `foo.rs` is nicer than `foo/mod.rs` in many editors. Rename
modules called `mod.rs`.
- Note: we can't rename `src/cli/mod.rs` as it is `include!`ed from
`build.rs`, and then it doesn't find the submodules.
Adapt `get_keys()` to return a more specific error, if the password for
a given encrypted key material is not correct.
Adapt the subkey and userid subcommands to return the error from
`get_keys()` instead of providing a less descriptive one themselves.
Fixes https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/139
Signed-off-by: David Runge <dave@sleepmap.de>
- Add the optional `--set-metadata-filename` option for `sq encrypt`,
which when provided, adds the filename of the file as metadata to the
literal data packet.
- Add the optional `--set-metadata-time` option for `sq encrypt`,
which when provided, adds a time as metadata to the literal
data packet.
The value can either be provided as ISO 8601 formatted string or by
using one of the keywords ("none", "filecreation", "filemodification",
or "packetcreation").
Fixes https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/135
Signed-off-by: David Runge <dave@sleepmap.de>
Add a `Display` `impl` for `Time`, so that format strings directly make
use of the `Display` `impl` of the underlying `DateTime`.
Signed-off-by: David Runge <dave@sleepmap.de>
Use the common `prompt_for_password()` function to generically ask for a
new password, when setting a new password for a key.
Signed-off-by: David Runge <dave@sleepmap.de>
Use the common `prompt_for_password()` function to generically ask for a
new password (twice!), using a common facility.
This allows to provide no password, by providing no input twice.
Signed-off-by: David Runge <dave@sleepmap.de>
Previously, the user was only prompted once for a symmetric password,
which is potentially error-prone.
The `encrypt()` function now errors, instead of allowing to provide an
empty password.
Fixes https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/142
Signed-off-by: David Runge <dave@sleepmap.de>
The `prompt_for_password()` function allows to asks for password input
twice and only returns `Some(Password)` if inputs match and are not
empty. If both inputs are empty, returns `None`.
The function takes a prompt string to provide to the user and an
optional prompt string for the repetition prompt.
Signed-off-by: David Runge <dave@sleepmap.de>
Make clear, that the user is asked to provide a password when using this
option and that it can be provided more than once to support more than
one password.
Fixes https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/143
Signed-off-by: David Runge <dave@sleepmap.de>
When providing `--with-password` to `sq key subkey add`, prompt the user
for a password, which will be added to encrypt the new subkey.
If the option is not provided and the key material is encrypted, the
password of the primary key is used.
When decrypting encrypted key material in `get_keys()` first attempt to
use passwords previously provided and only afterwards prompt the user
for a password.
Without providing a password to the `KeyBuilder` and setting a primary
key signer for the `SubKeyBuilder`, it is not possible to add a new
subkey to a certificate with encrypted secret key material.
Adapt the helper function `get_primary_keys()` to return the optional
`Password` as provided by the user input, so that it may be used when
attaching a new subkey.
* New functionality
- `sq key subkey add` allows to create and add a new subkey to an
existing certificate.
- The functionality of `sq-keyring-linter` is now available as
`sq keyring lint`.
- The new subcommands `sq key revoke`, `sq key subkey revoke` and
`sq key userid revoke`, allow writing to a file using the
`--output` option.
* Notable changes
- The `--keyring` option is now global and can be specified anywhere
when calling `sq`.
* Deprecated functionality
- The `--expires` and `--expires-in` options used in various
subcommands are deprecated in favor of the unifying `--expiry`.
- `sq key generate --export FILE` is deprecated in favor of the more
generic `sq key generate --output FILE`.
- The `sq revoke certificate` command has been renamed to `sq key
revoke`.
- The `sq revoke subkey` command has been renamed to `sq key subkey
revoke`.
- The `sq revoke userid` command has been renamed to `sq key userid
revoke`.