IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- When setting a certificate's expiration time, we update each user
ID's self signature. If a user ID is revoked, creating a new self
signature will "unrevoke it."
- Skip user IDs that are revoked.
- When setting a certificate's expiration time, we update the
direct key signature, and each user ID's self signature. This
fails if a user ID doesn't have a valid self signature.
- User IDs, however, don't need to be self signed! For instance, a
user ID may only have a third-party certification.
- Relax `sq key expire` to only add a self signature for a user ID,
if the user ID already has a self signature.
- Never call `exit`. If there is an error, propagate the error to
the caller. This ensures that any clean up handlers (like
flushing state to disk) are run.
- When adopting a bare key, the creation time is the Unix epoch.
If the user doesn't manually override this using
`--creation-time`, use the current time (while respecting
`--time`).
- Change `sq key adopt` to not require the key that is being adopted
to have a binding signature.
- This allows adopting "bare keys," i.e., a certificate consisting
of just a primary key. Bare keys are useful when working with raw
keys, e.g., keys generated on an OpenPGP card, a TPM device, etc.
To add them to a certificate, they just need to be wrapped in a
minimal amount of OpenPGP framing; no signatures are required.
- Fixes#25.
- When designating a certificate multiple times, the certificate
should only be used once. Assert that this is the case in the `sq
encrypt` tests by checking that the PKESKs are not redundant.
- Note: this was fixed by 437ae24.
- A `sq cert export` test vector specified `--email
carol@example.org`, which doesn't match any certificates. The error
was hidden, because we were not strict about ensuring that all
certificate designators actually match at least one certificate.
- Fix the test vector.
- Add a test for `sq encrypt` that checks that the different ways of
designating a certificate work including making sure that only
authenticated names can be used to designate a certificate.
- Add `Sq::preserve` to prevent the files created by an `Sq`
instance from being deleted when the `Sq` instance is dropped.
- Preserving the state makes it easier to debug a test that is
failing.
- This is an ugly gpgism. All encrypted messages are symmetrically
encrypted. Not all password-encrypted messages encrypt the
session key symmetrically. Use language the user understands.
- Fixes#331.
- Unlike other commands, `sq cert export`'s `--cert` argument only
matches on the certificate's key handle (i.e., the primary key's
key handle). It also has a `--key` argument to match on the
primary key's key handle or a subkey's key handle, which are
the semantics of the `--cert` argument for other commands.
- Change the semantics of `--cert` to that of `--key`, i.e., change
`--cert` to also match on subkey key handles. Remove the `--key`
argument since it is now redundant.
