Go to file
Neal H. Walfield 4a5ce6603c
Change sq key subkey {password,delete} to work with weak bindings.
- Currently, it is not possible to delete secret key material that
    is only associated with a certificate that is not valid under the
    current policy.  The same goes for changing the password protecting
    the secret key material.

  - Users shouldn't have to first update a key's binding signature to
    delete it, or change its password.

  - Change `sq key subkey delete` and `sq key subkey password` to use
    the null policy.  This is not a security concern, because even if
    the binding signature is weak, both the certificate and the key
    are explicitly named.

  - See #375
2024-11-21 12:14:24 +01:00
src Change sq key subkey {password,delete} to work with weak bindings. 2024-11-21 12:14:24 +01:00
subplot Set a SEQUOIA_HOME directory for the subplot tests. 2024-10-21 13:00:08 +02:00
tests Change sq key subkey {password,delete} to work with weak bindings. 2024-11-21 12:14:24 +01:00
.dockerignore add dockerignore file 2024-11-20 02:07:59 +00:00
.gitattributes Add git configuration. 2023-02-23 11:22:01 +01:00
.gitignore Add a framework to format and test examples. 2024-02-09 18:08:09 +01:00
.gitlab-ci.yml rename Dockerfile to vendor-neutral Containerfile 2024-11-20 01:37:40 +00:00
build.rs Only show global options in the top-level help output. 2024-02-21 12:28:32 +01:00
Cargo.lock Certify newly created keys with a per-host shadow CA. 2024-11-20 14:13:52 +01:00
Cargo.toml Certify newly created keys with a per-host shadow CA. 2024-11-20 14:13:52 +01:00
Containerfile make container a single-user environment 2024-11-20 02:07:59 +00:00
LICENSE.txt Fix license 2023-11-24 16:37:14 +01:00
NEWS Rename --notation to --signature-notation. 2024-11-21 11:38:59 +01:00
openpgp-policy.toml add openpgp-policy 2024-03-06 12:35:27 -05:00
README.md update container examples in readme 2024-11-20 02:12:26 +00:00
sq-subplot.md Rename sq pki vouch certify to sq pki vouch add. 2024-11-20 12:00:23 +01:00
sq.subplot Update to the latest version of subplot 2023-03-17 10:07:17 +01:00

sq, the Sequoia-PGP command line tool

Sequoia-PGP is an implementation of OpenPGP in Rust. It includes a suite of library crates, which are meant to be used from applications. This crate provides the sq command line application. sq is aimed at command line users as a way to use OpenPGP conveniently from the command line.

See the sq user documentation for instructions. The program also has built-in help, using the --help option and help subcommand:

$ sq help
...

You can also browse the manual pages, look at our acceptance criteria, and browse the rustdoc output if you want to learn about the implementation.

Installing

The sq tool can be installed using cargo:

cargo install sequoia-sq

Please see sequoia-openpgp's README for how to install build dependencies on your system.

Building from source

This crate can be built from a source checkout using the standard cargo toolchain:

cargo build

The above creates the sq executable, the manual pages, and its shell completions. By default, the manual pages and shell completions are put into the cargo target directory, but the exact location is unpredictable. To write the assets to a predictable location, set the environment variable ASSET_OUT_DIR to a suitable location.

Using a Container (Docker, Podman, etc.)

The command line tool sq can also be built using an OCI compatible image builder, eg. podman or docker:

$ podman build -f Containerfile -t sq .
$ podman run --rm -i sq --help

You can then use sq in the container.

For example searching for a certificate:

$ podman run --rm -i sq network search 653909A2F0E37C106F5FAF546C8857E0D8E8F074

All sq state is stored under /sequoia inside of the container, thus if you would like to persist the state between container runs you may bind mount the directory on the host.

$ mkdir sq-container # create a directory on the host where you will mount the working dir from the container
$ podman run --rm -i -v $PWD/sq-container:/sequoia sq network search 653909A2F0E37C106F5FAF546C8857E0D8E8F074
$ podman run --rm -i -v $PWD/sq-container:/sequoia sq inspect --cert 653909A2F0E37C106F5FAF546C8857E0D8E8F074

The container environment has sq manpages and bash completion configured. By default the container will run sq as its "entrypoint", so if you would like to be dropped into a shell then override the entrypoint as follows.

# Note the "-t"; Necessary for the allocation of a pseudo-TTY.
$ podman run --rm -t -i --entrypoint bash sq

A current build of the container image is available from the gitlab registry. Rename it to sq locally so that it matches the above commands and for convenience.

$ podman pull registry.gitlab.com/sequoia-pgp/sequoia-sq:latest
$ podman tag registry.gitlab.com/sequoia-pgp/sequoia-sq:latest sq
$ podman run --rm -i sq --help