Commit Graph

632 Commits

Author SHA1 Message Date
Neal H. Walfield
6f452d51c6
Rename UseridRevocationReason to UserIDReasonForRevocation.
- Rename `UseridRevocationReason` to `UserIDReasonForRevocation`,
    which is more consistent with other identifiers.
2024-06-12 16:47:50 +02:00
Neal H. Walfield
8ae03f1945
Rename RevocationReason to KeyReasonForRevocation.
- Rename `RevocationReason` to `KeyReasonForRevocation`.
    `RevocationReason` sounds generic, but there is also
    `UseridRevocationReason`.

  - This name aligns better with the type from `sequoia-openpgp` that
    it wraps, `ReasonForRevocation`.
2024-06-12 16:46:55 +02:00
Neal H. Walfield
bc5c0cf9f1
Rename the --expiry argument to --expiration.
- Rename the `--expiry` argument to `--expiration`, and adjust the
    name of the corresponding fields, and data structures.

  - Expiration and expiry have about the same meaning.  According to
    my research, "expiration" is used in American English whereas
    both are used in British English.

  - This change aligns the usage with RFC 4880's terminology, which
    uses the word "expiration" many times, but never uses "expiry".
2024-06-11 22:51:40 +02:00
Neal H. Walfield
fa773b0e78
Improve Expiry's Debug implementation.
- Improve `Expiry`'s Debug implementation: use a bigger unit when
    possible.
2024-06-11 12:15:41 +02:00
Neal H. Walfield
8463e8c5e5
Improve sq key generate's --help output. 2024-06-11 12:15:35 +02:00
Neal H. Walfield
c3582bea01
Port sq key generate's examples to the example framework.
- Port `sq key generate`'s examples to the example framework, and
    improve the examples.
2024-06-11 10:27:47 +02:00
Neal H. Walfield
d76e1ae4db
Change sq key attest-certifications to support the key store and cert store.
- Change `sq key attest-certifications` to use the key store and the
    cert store.

  - See #205.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
353c21554a
Don't have sq key attest-certifications' --all be the default.
- In `sq key attest-certifications`, don't make `--all` the
    default, but require the user to specify it explicitly.

  - This makes it easier to introduce more fine-grained selectors in
    the future.

  - See #262.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
6dcfb270ad
Make sq key attest-certifications' positional parameter a named parameter.
- In `sq key attest-certifications`, change the certificate file
     parameter from a positional parameter to a named parameter,
     `--cert-file`.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
90bad2927a
Add test for sq key attest-certifications. 2024-06-10 23:24:33 +02:00
Neal H. Walfield
f1a99b10d9
Change sq key adopt to support the cert store.
- Change `sq key adopt` to use the cert store.

  - See #205.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
a08b536225
Add a convenience function to import a certificate.
- Add `Sq::import_cert`, which is a convenience function that
    imports a certificate into the cert store.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
f3037392f6
Change sq key adopt to support the key store.
- Change `sq key adopt` to use the key store.

  - See #205.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
54ae8eda30
Add functions to lookup a certificate with an alternate policy.
- Add `Sq::lookup_with_policy` and `Sq::lookup_one_with_policy` to
    lookup a certificate using an alternate policy.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
47e076d890
If secret key material is passed via --keyring, use it.
- If the user supplies a keyring using `--keyring`, and it contains
    the secret key material that we are looking for, use it.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
cb13f883be
Make sq key adopt's positional parameter a named parameter.
- In `sq key adopt`, change the certifier file parameter from a
     positional parameter to a named parameter, `--cert-file`.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
d76d0fcd52
Change the sq key adopt's tests to use the common test framework. 2024-06-10 23:24:19 +02:00
Neal H. Walfield
a82d9908f9
Change sq pki certify to support the cert store and key store.
- Change `sq pki certify` to support the cert store and key store.

  - See #205.
2024-06-10 23:10:44 +02:00
Neal H. Walfield
028983d40f
Change the sq pki certify tests to use the common test framework. 2024-06-10 23:10:23 +02:00
Neal H. Walfield
c8c7e24fe9
Drop unnecessary requirement on certificates being certified.
- The certificate being certified doesn't need to be certification
    capable.

  - Drop the check.
2024-06-07 18:11:09 +02:00
Neal H. Walfield
b5a680e4f9
Show a lint when secret key material is missing, but required.
- Extend `Sq::get_keys` lints to also check if the secret key
    material is missing.
2024-06-05 12:40:13 +02:00
Neal H. Walfield
b55d1f3239
Make sq pki certify's positional parameter a named parameter.
- In `sq pki certify`, change the certifier file parameter from a
     positional parameter to a named parameter, `--certifier-file`.
2024-06-05 12:33:07 +02:00
Neal H. Walfield
bb0aa2f555
Change sq pki certify to use Sq::lookup_one.
- Change `sq pki certify` to use `Sq::lookup_one` when looking up
    the certifier.  This ensures that the certificate is certification
    capable.
2024-06-05 10:07:48 +02:00
Neal H. Walfield
4b3e459cea
Change sq pki certify's certifier parameter to understand -.
- Change `sq pki certify`'s certifier parameter from a `PathBuf` to
    a `FileOrStdin` so that it interprets `-` as meaning it should
    read the certificate from stdin.
2024-06-05 09:57:53 +02:00
Neal H. Walfield
a8eb598cd0
Add sq key delete.
- Add `sq key delete`, to delete secret key material.
2024-06-05 09:35:13 +02:00
Neal H. Walfield
6eef5e9ffc
Change sq key password to support the cert store and key store.
- Change `sq key password` to support the cert store and key store.

  - See #205.
2024-06-05 09:35:11 +02:00
Neal H. Walfield
4a97011452
Add a test for sq key password.
- Add a test for `sq key password`.
2024-06-05 09:32:30 +02:00
Neal H. Walfield
721d680627
Make sq key password's positional parameter a named parameter.
- In `sq key password`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
178679e838
Add the --password-file argument to sq sign.
- Add the `--password-file` argument to the `sq sign` command to
    allow the user to prefill the password cache with a password from a
    file.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
3f86cdbf93
Dry out sq sign.
- Dry out `sq sign` by using `Sq::get_signing_keys`.

  - This means that `sq sign` also uses the password cache.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
256679bce3
Use the password cache when unlocking keys managed by the key store.
- Change `Sq::get_signer` to also consider the password cache when
    unlocking a key managed by the key store.
2024-06-05 00:50:27 +02:00
Neal H. Walfield
a2c482e4f3
Add a password cache to Sq.
- `sq cert line` manually manages a password cache.

  - Move the password cache to `Sq` so the functionality can be used
    elsewhere.
2024-06-05 00:16:49 +02:00
Neal H. Walfield
1a33500c26
Change sq key expire etc. to support the cert store and key store.
- Change `sq key expire` and `sq key subkey expire` to support the
    cert store and key store.

  - See #205.
2024-06-05 00:13:50 +02:00
Neal H. Walfield
8006f7cc2f
Add a new convenience type, FileStdinOrKeyHandle.
- Add a new convenience type, `FileStdinOrKeyHandle`, which is
    either a path, stdin, or a key handle.

  - Extend `sq:lookup` and `sq::lookup_one` to take a
    `FileStdinOrKeyHandle` instead of just a `KeyHandle`.
2024-06-05 00:06:26 +02:00
Neal H. Walfield
bb3215adfe
Move subkey functionality from sq key expire into its own command.
- Split the subkey functionality out of `sq key expire` into its own
    command, `sq key subkey expire`.
2024-06-05 00:06:24 +02:00
Neal H. Walfield
52d88e615e
Add a test for sq key expire. 2024-06-05 00:04:31 +02:00
Neal H. Walfield
0b012bfe48
Fix sq key expire to respect the reference time.
- Fix `sq key expire` to set the new signature's creation time to
    the reference time as set by the `--time` parameter.

  - When getting a valid certificate, use the reference time, not the
    current time.
2024-06-05 00:04:31 +02:00
Neal H. Walfield
d3d809a6fe
Make sq key expire's positional parameter a named parameter.
- In `sq key expire`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
2024-06-05 00:01:38 +02:00
Neal H. Walfield
bd235e7f67
Move the key expiration functionality to common::expire.
- Move the expiration logic from `commands:🔑:expire` to
    `commands:common::expire`.

  - Change `commands:🔑:expire` to use it.
2024-06-04 23:24:21 +02:00
Neal H. Walfield
fb5227f8e3
Update NEWS. 2024-05-30 20:26:33 +02:00
Neal H. Walfield
779eaecabd
Fix sq key subkey add to save the new subkey to the key store.
- When saving the new subkey, `sq key subkey add` accidentally only
    saved the public key.

  - Also save the secret key.
2024-05-30 20:26:32 +02:00
Neal H. Walfield
7866b2f5bb
Change sq key subkey add to support the cert store and key store.
- See #205.
2024-05-29 16:03:06 +02:00
Neal H. Walfield
fb16a29f00
Make sq key subkey add's positional parameter a named parameter.
- In `sq key subkey add`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
2024-05-29 14:00:30 +02:00
Neal H. Walfield
42cca6b172
When reading from a file, default to writing to stdout.
- Change `sq key revoke`, `sq key userid revoke`, and `sq key subkey
    revoke` to default to writing to stdout when reading from a file.
2024-05-29 09:41:58 +02:00
Neal H. Walfield
3debf8b584
Modify the sq key revoke tests to test the cert store integration.
- Modify the `sq key revoke` tests to also test the cert store and
    key store integration.

  - Somehow this wasn't added to
    cca564356c.
2024-05-28 15:04:48 +02:00
Neal H. Walfield
ab0e2a446c
Change sq cert lint to support the cert store and key store.
- See #205.
2024-05-28 14:33:27 +02:00
Neal H. Walfield
5c1cf92f9b
Make sq cert lint's position parameter a named parameter.
- In `sq cert lint`, change the certificate file parameter from a
    position parameter to a named parameter, `--cert-file`.
2024-05-28 14:24:58 +02:00
Neal H. Walfield
54bf3e977b
Add Sq::get_signer.
- Add a convenience function to `Sq`, `get_signer`, to get a signer
    for a given key.

  - Change `Sq::get_keys` to use it.
2024-05-28 14:03:52 +02:00
Neal H. Walfield
f4fe306093
Use the configured home directory to find the keystore.
- Respect `--home` when locating the keystore.

  - Fixes e75ad72c65.
2024-05-28 13:46:22 +02:00
Neal H. Walfield
22cc90e11f
Change sq cert lint to not read from stdin by default.
- Reading from stdin by default has caused confusion.  If the user
    wants to read from stdin, then they should explicitly opt-in.
2024-05-28 09:22:19 +02:00