IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- When adopting a bare key, the creation time is the Unix epoch.
If the user doesn't manually override this using
`--creation-time`, use the current time (while respecting
`--time`).
- Add `--can-sign`, `--cannot-sign`, `--can-authenticate`,
`--cannot-authenticate`, `--can-encrypt`, `--cannot-encrypt` to `sq
key adopt`, which modify the key flags of the adopted key.
- Change `sq key adopt` to not require the key that is being adopted
to have a binding signature.
- This allows adopting "bare keys," i.e., a certificate consisting
of just a primary key. Bare keys are useful when working with raw
keys, e.g., keys generated on an OpenPGP card, a TPM device, etc.
To add them to a certificate, they just need to be wrapped in a
minimal amount of OpenPGP framing; no signatures are required.
- Fixes#25.
- Unlike other commands, `sq cert export`'s `--cert` argument only
matches on the certificate's key handle (i.e., the primary key's
key handle). It also has a `--key` argument to match on the
primary key's key handle or a subkey's key handle, which are
the semantics of the `--cert` argument for other commands.
- Change the semantics of `--cert` to that of `--key`, i.e., change
`--cert` to also match on subkey key handles. Remove the `--key`
argument since it is now redundant.
- `sq key export` can either export all keys associated with a
certificate or individual keys.
- Split the subkey-related functionality out of `sq key export` and
into the new subcommand `sq key subkey export`
- Fixes#294.
- The dot output does not fit into the output framework: it can only
describe graphs, and most of what sq emits are not graphs. Once
sq gains machine-readable output, the current functionality can be
implemented by emitting the graph data as machine-readable data,
then transforming it into dot.
- Fixes#290.
- Fixes#137.
- Add a new subcommand, `sq key subkey password`, which changes the
password protecting the secret key material of a primary key or a
subkey.
- Fixes#106.
- `sq key password`, and `sq sign --symmetric` have local arguments
to seed the password cache.
- Many commands could benefit from similar functionality.
- Add a new top-level argument, `--password-file`, to seed the
password cache.
- Rename the `--expiry` argument to `--expiration`, and adjust the
name of the corresponding fields, and data structures.
- Expiration and expiry have about the same meaning. According to
my research, "expiration" is used in American English whereas
both are used in British English.
- This change aligns the usage with RFC 4880's terminology, which
uses the word "expiration" many times, but never uses "expiry".
- In `sq key attest-certifications`, don't make `--all` the
default, but require the user to specify it explicitly.
- This makes it easier to introduce more fine-grained selectors in
the future.
- See #262.
- Change `sq pki certify`'s certifier parameter from a `PathBuf` to
a `FileOrStdin` so that it interprets `-` as meaning it should
read the certificate from stdin.
- Change `sq key revoke`, `sq key subkey revoke`, and `sq key userid
revoke` to support the cert store and key store.
- Add `--cert` to specify a certificate by key ID or fingerprint.
- If `--output` is not specified and `--cert` is, import the
modified certificate into the cert store. If `--output` is not
specified and `--cert-file` is, write the modified certificate to
stdout.
- Change the `--cert-file` and `--revoker-file` arguments to `sq key
revoked`, `sq key userid revoke`, and `sq key subkey revoke` to
interpret `-` as meaning reading from stdin.
- `sq key revoked`, `sq key userid revoke`, and `sq key subkey
revoke` have two arguments for naming a certificate:
`--certificate-file` and `--cert-file`. The latter is an alias.
Drop `--certificate-file` and promote `--cert-file`. This
harmonizes these subcommands with other subcommands, which only
use `--cert-file`.
- Rename `--revocation-file` to `--revoker-file`, as the file
contains a "revoker" not a "revocation."
- Change `sq key userid add` to support the cert store and key
store.
- Add `--cert` to specify a certificate by key ID or fingerprint.
- Change the positional file argument to `--cert-file`.
- Change the positional user ID to `--userid`.
- If `--output` is not specified and `--cert` is, import the
modified certificate into the cert store. If `--output` is not
specified and `--cert-file` is, write the modified certificate to
stdout
- Support using keys managed by `sequoia-keystore`.
- When decrypting a message, have `sq` automatically ask the
key store to decrypt the PKESKs.
- Extend `sq sign` and `sq encrypt` with the `--signer-key`
parameter to use a key managed by the keystore.
- Add two top-level options: `--no-key-store`, which disables the
use of the key store, and `--key-store`, which uses an alternate
key store instance.
- Add `sq key list` to list keys on the key store.
