Commit Graph

53 Commits

Author SHA1 Message Date
Neal H. Walfield
a92ab98f4f
New subcommand sq key subkey password.
- Add a new subcommand, `sq key subkey password`, which changes the
    password protecting the secret key material of a primary key or a
    subkey.

  - Fixes #106.
2024-08-13 10:08:04 +02:00
Justus Winter
87806baf6a
Implement sq network wkd publish. 2024-07-11 14:52:35 +02:00
Neal H. Walfield
9b991045ca
New subcommand sq key subkey delete to delete secret key material. 2024-07-05 09:50:37 +02:00
Neal H. Walfield
ae392296f5
Add a top-level --password-file argument to seed the password cache.
- `sq key password`, and `sq sign --symmetric` have local arguments
    to seed the password cache.

  - Many commands could benefit from similar functionality.

  - Add a new top-level argument, `--password-file`, to seed the
    password cache.
2024-06-13 11:39:09 +02:00
Neal H. Walfield
2ed7435b63
Rename sq key password's --clear argument to --clear-password.
- This makes the argument's intent clearer and more closely mirrors
    the other arguments, like `--new-password-file`.
2024-06-13 10:56:10 +02:00
Neal H. Walfield
bc5c0cf9f1
Rename the --expiry argument to --expiration.
- Rename the `--expiry` argument to `--expiration`, and adjust the
    name of the corresponding fields, and data structures.

  - Expiration and expiry have about the same meaning.  According to
    my research, "expiration" is used in American English whereas
    both are used in British English.

  - This change aligns the usage with RFC 4880's terminology, which
    uses the word "expiration" many times, but never uses "expiry".
2024-06-11 22:51:40 +02:00
Neal H. Walfield
d76e1ae4db
Change sq key attest-certifications to support the key store and cert store.
- Change `sq key attest-certifications` to use the key store and the
    cert store.

  - See #205.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
353c21554a
Don't have sq key attest-certifications' --all be the default.
- In `sq key attest-certifications`, don't make `--all` the
    default, but require the user to specify it explicitly.

  - This makes it easier to introduce more fine-grained selectors in
    the future.

  - See #262.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
6dcfb270ad
Make sq key attest-certifications' positional parameter a named parameter.
- In `sq key attest-certifications`, change the certificate file
     parameter from a positional parameter to a named parameter,
     `--cert-file`.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
f1a99b10d9
Change sq key adopt to support the cert store.
- Change `sq key adopt` to use the cert store.

  - See #205.
2024-06-10 23:24:33 +02:00
Neal H. Walfield
f3037392f6
Change sq key adopt to support the key store.
- Change `sq key adopt` to use the key store.

  - See #205.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
cb13f883be
Make sq key adopt's positional parameter a named parameter.
- In `sq key adopt`, change the certifier file parameter from a
     positional parameter to a named parameter, `--cert-file`.
2024-06-10 23:24:32 +02:00
Neal H. Walfield
a82d9908f9
Change sq pki certify to support the cert store and key store.
- Change `sq pki certify` to support the cert store and key store.

  - See #205.
2024-06-10 23:10:44 +02:00
Neal H. Walfield
b55d1f3239
Make sq pki certify's positional parameter a named parameter.
- In `sq pki certify`, change the certifier file parameter from a
     positional parameter to a named parameter, `--certifier-file`.
2024-06-05 12:33:07 +02:00
Neal H. Walfield
4b3e459cea
Change sq pki certify's certifier parameter to understand -.
- Change `sq pki certify`'s certifier parameter from a `PathBuf` to
    a `FileOrStdin` so that it interprets `-` as meaning it should
    read the certificate from stdin.
2024-06-05 09:57:53 +02:00
Neal H. Walfield
721d680627
Make sq key password's positional parameter a named parameter.
- In `sq key password`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
178679e838
Add the --password-file argument to sq sign.
- Add the `--password-file` argument to the `sq sign` command to
    allow the user to prefill the password cache with a password from a
    file.
2024-06-05 00:50:36 +02:00
Neal H. Walfield
1a33500c26
Change sq key expire etc. to support the cert store and key store.
- Change `sq key expire` and `sq key subkey expire` to support the
    cert store and key store.

  - See #205.
2024-06-05 00:13:50 +02:00
Neal H. Walfield
bb3215adfe
Move subkey functionality from sq key expire into its own command.
- Split the subkey functionality out of `sq key expire` into its own
    command, `sq key subkey expire`.
2024-06-05 00:06:24 +02:00
Neal H. Walfield
d3d809a6fe
Make sq key expire's positional parameter a named parameter.
- In `sq key expire`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
2024-06-05 00:01:38 +02:00
Neal H. Walfield
fb5227f8e3
Update NEWS. 2024-05-30 20:26:33 +02:00
Neal H. Walfield
fb16a29f00
Make sq key subkey add's positional parameter a named parameter.
- In `sq key subkey add`, change the certificate file parameter from a
    positional parameter to a named parameter, `--cert-file`.
2024-05-29 14:00:30 +02:00
Neal H. Walfield
ab0e2a446c
Change sq cert lint to support the cert store and key store.
- See #205.
2024-05-28 14:33:27 +02:00
Neal H. Walfield
5c1cf92f9b
Make sq cert lint's position parameter a named parameter.
- In `sq cert lint`, change the certificate file parameter from a
    position parameter to a named parameter, `--cert-file`.
2024-05-28 14:24:58 +02:00
Neal H. Walfield
22cc90e11f
Change sq cert lint to not read from stdin by default.
- Reading from stdin by default has caused confusion.  If the user
    wants to read from stdin, then they should explicitly opt-in.
2024-05-28 09:22:19 +02:00
Neal H. Walfield
5f8ef02cd4
Require specifying --userid with sq key userid revoke.
- Change the user ID argument from a position argument in `sq key
    userid revoke` to an argument specified with `--userid`.
2024-05-27 19:14:52 +02:00
Neal H. Walfield
cca564356c
Change sq key revoke etc. to support the cert store and key store.
- Change `sq key revoke`, `sq key subkey revoke`, and `sq key userid
    revoke` to support the cert store and key store.

  - Add `--cert` to specify a certificate by key ID or fingerprint.

  - If `--output` is not specified and `--cert` is, import the
    modified certificate into the cert store.  If `--output` is not
    specified and `--cert-file` is, write the modified certificate to
    stdout.
2024-05-27 19:14:47 +02:00
Neal H. Walfield
e8dc0fd9a3
Change --cert-file and --revoker-file to also accept -.
- Change the `--cert-file` and `--revoker-file` arguments to `sq key
    revoked`, `sq key userid revoke`, and `sq key subkey revoke` to
    interpret `-` as meaning reading from stdin.
2024-05-27 19:13:57 +02:00
Neal H. Walfield
e24c9ff92e
Rename --certificate-file and --revocation-file.
- `sq key revoked`, `sq key userid revoke`, and `sq key subkey
    revoke` have two arguments for naming a certificate:
    `--certificate-file` and `--cert-file`.  The latter is an alias.
    Drop `--certificate-file` and promote `--cert-file`.  This
    harmonizes these subcommands with other subcommands, which only
    use `--cert-file`.

  - Rename `--revocation-file` to `--revoker-file`, as the file
    contains a "revoker" not a "revocation."
2024-05-27 19:12:46 +02:00
Neal H. Walfield
bbe350118a
Change sq key userid add to support the cert store and key store.
- Change `sq key userid add` to support the cert store and key
    store.

  - Add `--cert` to specify a certificate by key ID or fingerprint.

  - Change the positional file argument to `--cert-file`.

  - Change the positional user ID to `--userid`.

  - If `--output` is not specified and `--cert` is, import the
    modified certificate into the cert store.  If `--output` is not
    specified and `--cert-file` is, write the modified certificate to
    stdout
2024-05-27 13:54:02 +02:00
Neal H. Walfield
0da271c498
Remove PKS support. 2024-05-27 13:36:07 +02:00
Neal H. Walfield
2f38af4805
Update NEWS.
- This fixes the NEWS file, and adds missing information.
2024-02-29 17:35:10 +01:00
Neal H. Walfield
ed4a038321
Implement sq key import.
- Add a new subcommand, `sq key import`, which imports a soft key
    into the key store.
2024-02-20 16:27:16 +01:00
Neal H. Walfield
d55b3d5f81
Add missing NEWS.
- Mention `sq key list` in the NEWS file.
2024-02-18 16:48:25 +01:00
Neal H. Walfield
27093c1709
Add support for using a key store.
- Support using keys managed by `sequoia-keystore`.

  - When decrypting a message, have `sq` automatically ask the
    key store to decrypt the PKESKs.

  - Extend `sq sign` and `sq encrypt` with the `--signer-key`
    parameter to use a key managed by the keystore.

  - Add two top-level options: `--no-key-store`, which disables the
    use of the key store, and `--key-store`, which uses an alternate
    key store instance.

  - Add `sq key list` to list keys on the key store.
2024-02-18 15:24:02 +01:00
Justus Winter
7866605750
Update NEWS. 2024-01-19 14:06:24 +01:00
Justus Winter
40041c5885
Fix markup. 2024-01-19 13:23:54 +01:00
Justus Winter
b8195f09b5
Update NEWS. 2023-12-15 18:29:08 +01:00
David Runge
283370b155
Add NEWS entries for 0.31.0. 2023-07-03 16:35:16 +02:00
Neal H. Walfield
3433e6e806
Release 0.30.1.
* Changes in 0.30.1
 * Notable changes
   - The `crypto-botan` feature now selects Botan's v3 interface.  Use
     the new `crypto-botan2` feature to continue using Botan's v2
     interface.
 * Notable fixes
   - Several parser bugs were fixed in sequoia-openpgp 1.16.0 and
     buffered-reader 1.2.0.  These are all low-severity as Rust
     correctly detects the out of bounds access and panics.  Update
     Cargo.lock to make sure we use these versions.
2023-05-31 10:33:31 +02:00
Neal H. Walfield
60ba1d11cc
Add a feature to build sq using Botan's version 2 interface.
- sequoia-openpgp 1.16 changed `sequoia-openpgp/crypto-botan` to
    build against Botan's v3 interface, and exposed
    `sequoia-openpgp/crypto-botan2` to build against the v2 interface.

  - Do the same.  Add a `crypto-botan2` feature to allow the user to
    build against Botan's v2 interface.
2023-05-31 09:36:15 +02:00
Neal H. Walfield
a99c5acdd3
Update NEWS file
- Add missing news entries for 0.30.0.
2023-05-08 12:39:04 +02:00
Neal H. Walfield
4efea87492
Add sq inspect --cert KEYHANDLE
- Extend `sq inspect` to read from the certificate store.
2023-03-31 09:17:09 +02:00
Neal H. Walfield
2ffa96dbca
Add sq link list.
- Add the subcommand `sq link list` to list active and retracted
   links.
2023-03-30 16:08:14 +02:00
Neal H. Walfield
427487b76c
Certify fetched certificates from verifying keyservers, etc.
- When importing a certificate into the certificate store from a
    verifying keyserver (via `sq keyserver get`), WKD (via `sq wkd
    get`), or DANE (via `sq dane get`), certify the User IDs that the
    service checks (for verifying keyservers: all; for WKD and DANE:
    the User IDs with the email that was looked up).

  - Have a per-service key to do the certifications (one for
    keys.openpgp.org, one for keys.mailvelope.com, one for WKD, etc).

  - Make the per-service certificates minimally trusted (trust amount:
    1 of 120) CAs by certifying them with the local trust root.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
ba35945574
Change network getters to update the certificate store by default
- Change the network getters, `sq keyserver get`, `sq wkd get`, and
    `sq dane get` to update the certificate store by default.
2023-03-30 16:08:13 +02:00
Neal H. Walfield
47447cd7d0
Add sq wot
- Add the `sq wot` subcommand, to expose web of trust functionality.

  - This is just an import of the `sq-wot` CLI as `sq wot`.  The
    support for using the `gpg` keyring and gpg's ownertrust, however,
    is removed.
2023-03-30 16:03:48 +02:00
Neal H. Walfield
8cf08e2470
Add --keyring to specify additional keyrings to search
- Add a new top-level option, `--keyring`, which allows users to
    specify additional keyrings to search.

  - When a lookup is performed, all keyrings are searched in addition
    to any certificate store, and the results are merged.

  - Keyrings are read only.
2023-03-30 16:03:40 +02:00
Neal H. Walfield
0e59f2f560
Add sq link
- Add new commands `sq link add` and `sq link retract` to certify
    bindings using the cert-d's trust root, if any.
2023-03-30 16:03:37 +02:00
Neal H. Walfield
ae057eba88
Support authenticating signatures using the web of trust
- When verifying a signature using `sq verify`, and a signer is not
    specified using `--signer-cert`, try and authenticate them using the
    web of trust using the configured certificate store.

  - If we can fully authenticate a signer, consider the signature to
    have been authenticated by that signer.
2023-03-28 14:51:18 +02:00