Commit Graph

707 Commits

Author SHA1 Message Date
Neal H. Walfield
cee60e89df
Make sq cert export more consistent with other commands.
- Unlike other commands, `sq cert export`'s `--cert` argument only
    matches on the certificate's key handle (i.e., the primary key's
    key handle).  It also has a `--key` argument to match on the
    primary key's key handle or a subkey's key handle, which are
    the semantics of the `--cert` argument for other commands.

  - Change the semantics of `--cert` to that of `--key`, i.e., change
    `--cert` to also match on subkey key handles.  Remove the `--key`
    argument since it is now redundant.
2024-08-22 11:13:54 +02:00
Justus Winter
180bc310e7
Silently import Alice's key in the examples.
- We want the examples to be relevant and to the point, and reflect
    the work flows that we want our users to have.  Notably, we want
    them to have their secret key material in the key store, not
    laying around on their file system.
2024-08-16 18:32:01 +02:00
Justus Winter
05dc2f85c5
Update description of the assets used in the examples. 2024-08-16 17:49:55 +02:00
Justus Winter
3836dcdbae
Add missing NEWS item for sq key approvals list. 2024-08-16 17:35:07 +02:00
Justus Winter
31af0dd857
Implement sq key approvals list.
- Fixes #94.
2024-08-16 17:03:22 +02:00
Justus Winter
b52c18f558
Make --binary require --output in the trivial cases.
- --binary is a modifier for --output.  If we don't output anything,
    the modifier doesn't make sense, and should raise an error.

  - Unfortunately, many places where we have an output parameter are
    quite complex.  For example, the absence of an output parameter
    means don't output anything when we got a cert from the cert
    store, and means output to stdout when we got the cert from a
    file.

  - This change covers the trivial cases.
2024-08-16 16:46:16 +02:00
Justus Winter
5c91d0cad3
Fix value names. 2024-08-16 14:45:50 +02:00
Justus Winter
0ccd7141ae
Mark certifications from shadow CAs as non-exportable. 2024-08-16 14:45:50 +02:00
Neal H. Walfield
62f514d06b
Fix last commit.
- Correct the logic test.  Specifically, fail if the password is
    empty and `allow_none` is `false` (not `true`).
2024-08-16 12:34:35 +02:00
Neal H. Walfield
9836873d7a
Don't terminate the program if the user doesn't provide a password.
- When encrypting a message with a password, don't terminate the
    program if user doesn't provide a password.  Instead, show an
    error, and prompt the user for a password again.
2024-08-16 10:24:42 +02:00
Neal H. Walfield
9e38b2d9e2
Fix text. 2024-08-16 09:22:42 +02:00
Justus Winter
07d4bf7b96
Port some examples to the examples framework. 2024-08-15 20:14:03 +02:00
Justus Winter
761f373754
Compile the RustCrypto crates with optimizations. 2024-08-15 15:48:32 +02:00
Justus Winter
372150dd12
Use sh instead of bash. 2024-08-15 15:11:55 +02:00
Justus Winter
2391f98c5b
ci: Enable subplot tests.
- Fixes #265.
2024-08-15 14:49:01 +02:00
Justus Winter
bd69e399e5
Fix the subplot tests. 2024-08-15 14:38:42 +02:00
Justus Winter
c94fb2249d
Improve the way we make the subplot tests opt-in.
- Promote subplotlib to a proper dependency, as dev-dependencies can
    not be optional.
2024-08-15 14:16:26 +02:00
Justus Winter
9b16970655
Drop the "integration" module from the integration tests. 2024-08-15 14:05:24 +02:00
Justus Winter
a470f5946d
Consolidate all integration tests.
- This way they only have to be compiled once, and can all be run
    concurrently.
2024-08-15 13:38:43 +02:00
Justus Winter
bd6313df7f
Make sq key userid strip operate on the cert store.
- Fixes #6.
2024-08-15 13:02:48 +02:00
Justus Winter
83f81b5765
Add test for sq key userid strip. 2024-08-15 13:02:37 +02:00
Justus Winter
93d108738a
Port sq key userid strip examples to the example framework. 2024-08-15 10:30:37 +02:00
Justus Winter
0c9f1d8d4f
Move the sq key userid CLI definitions to its own module. 2024-08-15 10:20:24 +02:00
Neal H. Walfield
fc7aac2726
Improve the new password prompt.
- Add text to the new password prompt indicating that using a
    password is optional.
2024-08-14 18:21:25 +02:00
Neal H. Walfield
cd8283d851
Prompt for a password by default.
- Change `sq key generate` and `sq key subkey add` to prompt for a
    password by default.

  - Fixes #226.
2024-08-14 18:19:14 +02:00
Neal H. Walfield
ba844c8c25
When returning a signer or decryptor don't return the password.
- `Sq::decrypt_key`, `Sq::get_signer`, `Sq::get_keys`,
    `Sq::get_primary_keys`, `Sq::get_primary_key`,
    `Sq::get_signing_keys`, `Sq::get_signing_key`,
    `Sq::get_certification_keys`, and `Sq::get_certification_key`
    return a signer or decryptor, as well as the password used to
    unlock the key, if any.  No callers actually use the password, and
    the returned password is not reliable, because the key may be
    managed by the secret key server, and already be unlocked, or the
    key may be unlocked externally, and the password is not available.

  - Simply the functions and don't return the password.
2024-08-14 17:09:09 +02:00
Neal H. Walfield
1b5c643fac
Don't implicitly reuse the primary key's password.
- When adding a new subkey, we implicitly reuse the password that
    was used to unlock the primary key.

  - These semantics are confusing.  If the key is managed by the
    secret key store, we may not have to prompt the user for the
    password, because the key is already unlocked, or because the key
    is protected by an external password.  In these cases, since we
    don't actually unlock the primary key, the new subkey won't be
    password protected even though the primary key is!

  - Be more predictable, and don't automatically reuse what we think is
    the primary key's password.
2024-08-14 16:36:40 +02:00
Neal H. Walfield
93344e71a6
New subcommand sq key subkey export.
- `sq key export` can either export all keys associated with a
    certificate or individual keys.

  - Split the subkey-related functionality out of `sq key export` and
    into the new subcommand `sq key subkey export`

  - Fixes #294.
2024-08-14 15:21:30 +02:00
Neal H. Walfield
b395ca0cae
Improve subcommand's documentation. 2024-08-14 15:18:37 +02:00
Justus Winter
20eb29930f
Remove the dot output.
- The dot output does not fit into the output framework: it can only
    describe graphs, and most of what sq emits are not graphs.  Once
    sq gains machine-readable output, the current functionality can be
    implemented by emitting the graph data as machine-readable data,
    then transforming it into dot.

  - Fixes #290.

  - Fixes #137.
2024-08-14 14:29:04 +02:00
Justus Winter
b2d7f48230
Add missing NEWS items. 2024-08-14 14:29:04 +02:00
Justus Winter
e3f9463a43
man: Fix iterating over table we modify. 2024-08-14 14:29:04 +02:00
Neal H. Walfield
916c110626
Port sq key import / export test to the common test framework.
- Port the `sq key import` / `sq key export` test to the common
    test framework.
2024-08-14 13:58:15 +02:00
Neal H. Walfield
8849a8c627
Always summarize sq's result when running it from the test suite.
- When running `sq`, summarize the result even if we don't
    explicitly expect it to succeed or fail.
2024-08-14 13:57:52 +02:00
Justus Winter
f7ce1fa2a1
Remove all short options (except for -v).
- During development, we added short options, even for arguments
    that may not be used often, or those we don't want people to use
    often.  Remove them now, and judiciously add them before releasing
    1.0 for the most important options.

  - See #303.  Fixes #302.
2024-08-14 11:55:06 +02:00
Justus Winter
75e8339bbe
Implement sq key userid add --name and --email.
- A user ID is an OpenPGP concept.  Most people think in terms of
    names and email addresses.

  - Add and promote --name and --email arguments for sq key userid
    add.

  - Fixes #291.
2024-08-14 11:22:07 +02:00
Justus Winter
099de6d868
Implement sq key generate --name and --email.
- A user ID is an OpenPGP concept.  Most people think in terms of
    names and email addresses.

  - Add and promote --name and --email arguments for sq key generate.

  - See #291.
2024-08-14 11:18:50 +02:00
Justus Winter
658596b0ac
Port test to the common test framework. 2024-08-14 11:18:50 +02:00
Justus Winter
15a53f750c
Fix comment. 2024-08-14 08:47:30 +02:00
Justus Winter
e354edc3ce
Fix iterative sq network fetch.
- Previously, if a cert was discovered, that in the subsequent
    iteration was not found again, this was considered an error, even
    though the whole operation should be considered a success because
    a cert was indeed found.

  - Notably, if a cert was fetched over http which could not otherwise
    be found in the local cert store, key server, via WKD or DANE,
    an error was returned and the cert was not imported.

  - Fix this by considering the operation successful if we found at
    least one cert.

  - Fixes #300.
2024-08-13 17:58:25 +02:00
Justus Winter
764e1ca6d9
Account for the http request in the progress bar. 2024-08-13 17:58:01 +02:00
Justus Winter
64da372561
Use the hint framework. 2024-08-13 15:41:38 +02:00
Justus Winter
2ac745aee3
Implement sq network keyserver publish --cert <HANDLE>.
- Adapt hints accordingly.  Fixes #298.
2024-08-13 15:29:26 +02:00
Neal H. Walfield
38221a3d7d
tests: Dry out the test framework.
- Replace uses of `sq_key_generate` with `Sq::key_generate`, and
    remove `sq_key_generate`.
2024-08-13 10:08:04 +02:00
Neal H. Walfield
a92ab98f4f
New subcommand sq key subkey password.
- Add a new subcommand, `sq key subkey password`, which changes the
    password protecting the secret key material of a primary key or a
    subkey.

  - Fixes #106.
2024-08-13 10:08:04 +02:00
Neal H. Walfield
e35b87ec5b
Refactor key::password.
- Refactor `common:🔑:password` to use the common key lookup
    functionality in `common::get_keys`.
2024-08-13 10:08:04 +02:00
Neal H. Walfield
2dbfd64772
Split the key lookup functionality out of key::delete.
- Move the key lookup functionality in `common:🔑:delete` into a
    convenience function in `common::get_keys`.
2024-08-13 10:08:04 +02:00
Justus Winter
5b033c55b9
Update openssl to address RUSTSEC-2024-0357.
- See https://rustsec.org/advisories/RUSTSEC-2024-0357
2024-08-12 16:23:23 +02:00
Justus Winter
49b7f25cc4
Rename key attest-certifications to key approvals update.
- Fixes #295.
2024-08-12 16:21:00 +02:00
Neal H. Walfield
1f0a500fe8
Refactor the sq key password test.
- Add `Sq::key_password` and `Sq::sign` based on the code in the
    `sq key password` test.

  - Implement the `sq key password` test in terms of those functions.
2024-07-18 23:14:08 +02:00