diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2021-01-22 10:11:19 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2021-01-22 10:32:02 +0100 |
| commit | a7a35e6ba322d42280930af5e00eebf63f3f9b37 (patch) | |
| tree | 64c6fbaf21c633518b5ece9d78cb735b1f2899a5 | |
| parent | eb0b42f5933772652b8e66fd7a853495b8efcd1e (diff) | |
sq: Add --to-certificate to sq keyring filter.
- Add an option to convert any keys in the input to certificates.
- This removes any secret key material thereby turning a key into a
certificate.
| -rw-r--r-- | sq/src/commands/keyring.rs | 21 | ||||
| -rw-r--r-- | sq/src/sq-usage.rs | 18 | ||||
| -rw-r--r-- | sq/src/sq_cli.rs | 14 |
3 files changed, 43 insertions, 10 deletions
diff --git a/sq/src/commands/keyring.rs b/sq/src/commands/keyring.rs index 5ebeb7aa..0c808628 100644 --- a/sq/src/commands/keyring.rs +++ b/sq/src/commands/keyring.rs @@ -106,6 +106,8 @@ pub fn dispatch(m: &clap::ArgMatches, force: bool) -> Result<()> { } }; + let to_certificate = m.is_present("to-certificate"); + // XXX: Armor type selection is a bit problematic. If any // of the certificates contain a secret key, it would be // better to use Kind::SecretKey here. However, this @@ -115,7 +117,8 @@ pub fn dispatch(m: &clap::ArgMatches, force: bool) -> Result<()> { force, m.is_present("binary"), armor::Kind::PublicKey)?; - filter(m.values_of("input"), &mut output, filter_fn)?; + filter(m.values_of("input"), &mut output, filter_fn, + to_certificate)?; output.finalize() }, ("join", Some(m)) => { @@ -128,7 +131,7 @@ pub fn dispatch(m: &clap::ArgMatches, force: bool) -> Result<()> { force, m.is_present("binary"), armor::Kind::PublicKey)?; - filter(m.values_of("input"), &mut output, |c| Some(c))?; + filter(m.values_of("input"), &mut output, |c| Some(c), false)?; output.finalize() }, ("merge", Some(m)) => { @@ -168,7 +171,7 @@ pub fn dispatch(m: &clap::ArgMatches, force: bool) -> Result<()> { /// Joins certificates and keyrings into a keyring, applying a filter. fn filter<F>(inputs: Option<clap::Values>, output: &mut dyn io::Write, - mut filter: F) + mut filter: F, to_certificate: bool) -> Result<()> where F: FnMut(Cert) -> Option<Cert>, { @@ -178,7 +181,11 @@ fn filter<F>(inputs: Option<clap::Values>, output: &mut dyn io::Write, let cert = cert.context( format!("Malformed certificate in keyring {:?}", name))?; if let Some(cert) = filter(cert) { - cert.as_tsk().serialize(output)?; + if to_certificate { + cert.serialize(output)?; + } else { + cert.as_tsk().serialize(output)?; + } } } } @@ -186,7 +193,11 @@ fn filter<F>(inputs: Option<clap::Values>, output: &mut dyn io::Write, for cert in CertParser::from_reader(io::stdin())? { let cert = cert.context("Malformed certificate in keyring")?; if let Some(cert) = filter(cert) { - cert.as_tsk().serialize(output)?; + if to_certificate { + cert.serialize(output)?; + } else { + cert.as_tsk().serialize(output)?; + } } } } diff --git a/sq/src/sq-usage.rs b/sq/src/sq-usage.rs index f83beb33..ff467d84 100644 --- a/sq/src/sq-usage.rs +++ b/sq/src/sq-usage.rs @@ -346,6 +346,11 @@ //! Manages collections of certificates (also known as 'keyrings' when they contain //! secret key material, and 'certrings' when they don't). //! +//! To convert a key to a certificate (i.e., +//! remove any secret key material), do: +//! +//! $ cat keys.pgp | sq keyring filter --to-certificate +//! //! USAGE: //! sq keyring <SUBCOMMAND> //! @@ -372,10 +377,15 @@ //! sq keyring filter [FLAGS] [OPTIONS] [--] [FILE]... //! //! FLAGS: -//! -B, --binary Emits binary data -//! -h, --help Prints help information -//! -P, --prune-certs Removes certificate components not matching the filter -//! -V, --version Prints version information +//! -B, --binary Emits binary data +//! -h, --help Prints help information +//! -P, --prune-certs Removes certificate components not matching the +//! filter +//! --to-certificate Converts any keys in the input to certificates. +//! Converting a key to a certificate removes secret key +//! material from the key thereby turning it into a +//! certificate. +//! -V, --version Prints version information //! //! OPTIONS: //! --domain <FQDN>... Matches on email domain FQDN diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs index 2678445a..4f769bcf 100644 --- a/sq/src/sq_cli.rs +++ b/sq/src/sq_cli.rs @@ -449,7 +449,12 @@ pub fn configure(app: App<'static, 'static>) -> App<'static, 'static> { "Manages collections of certificates \ (also known as 'keyrings' when they contain \ secret key material, and 'certrings' when they \ - don't).") + don't).\n\ + \n\ + To convert a key to a certificate (i.e.,\n\ + remove any secret key material), do:\n\ + \n\ + $ cat keys.pgp | sq keyring filter --to-certificate") .setting(AppSettings::SubcommandRequiredElseHelp) .subcommand( SubCommand::with_name("filter") @@ -488,6 +493,13 @@ pub fn configure(app: App<'static, 'static>) -> App<'static, 'static> { .arg(Arg::with_name("binary") .short("B").long("binary") .help("Emits binary data")) + .arg(Arg::with_name("to-certificate") + .long("to-certificate") + .help("Converts any keys in the input to \ + certificates. Converting a key to a \ + certificate removes secret key material \ + from the key thereby turning it into \ + a certificate.")) ) .subcommand( SubCommand::with_name("join") |