diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2020-12-22 14:07:21 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2020-12-22 14:08:58 +0100 |
| commit | 8117d594fb75fc32b2b2b26cf46fde6758be2203 (patch) | |
| tree | 5d58a6205535657ea5eabf3dbe6fba912680fcdb | |
| parent | 60c7375eaa93867f1b917d5eef163762ef9dc55e (diff) | |
sq: Add --allow-broken-crypto to 'sq key adopt'.
- Add an option to `sq key adopt` to allow adopting keys from
certificates using broken crypto.
| -rw-r--r-- | sq/src/commands/key.rs | 10 | ||||
| -rw-r--r-- | sq/src/sq-usage.rs | 7 | ||||
| -rw-r--r-- | sq/src/sq_cli.rs | 8 |
3 files changed, 21 insertions, 4 deletions
diff --git a/sq/src/commands/key.rs b/sq/src/commands/key.rs index b10da74a..964f4a66 100644 --- a/sq/src/commands/key.rs +++ b/sq/src/commands/key.rs @@ -273,13 +273,21 @@ pub fn adopt(m: &ArgMatches, p: &dyn Policy) -> Result<()> { wanted.push((h, None)); } + let null_policy = &crate::openpgp::policy::NullPolicy::new(); + let adoptee_policy = if m.values_of("allow-broken-crypto").is_some() { + null_policy + } else { + p + }; + // Find the corresponding keys. for keyring in m.values_of("keyring").unwrap_or_default() { for cert in CertParser::from_file(keyring) .context(format!("Parsing: {}", keyring))? { let cert = cert.context(format!("Parsing {}", keyring))?; - let vc = match cert.with_policy(p, None) { + + let vc = match cert.with_policy(adoptee_policy, None) { Ok(vc) => vc, Err(err) => { eprintln!("Ignoring {} from '{}': {}", diff --git a/sq/src/sq-usage.rs b/sq/src/sq-usage.rs index e3d442b9..1c968e48 100644 --- a/sq/src/sq-usage.rs +++ b/sq/src/sq-usage.rs @@ -489,11 +489,12 @@ //! Bind keys from one certificate to another. //! //! USAGE: -//! sq key adopt [OPTIONS] <CERT> --key <KEY>... +//! sq key adopt [FLAGS] [OPTIONS] <CERT> --key <KEY>... //! //! FLAGS: -//! -h, --help Prints help information -//! -V, --version Prints version information +//! --allow-broken-crypto Allows adopting keys from certificates using broken cryptography. +//! -h, --help Prints help information +//! -V, --version Prints version information //! //! OPTIONS: //! -k, --key <KEY>... Adds the specified key or subkey to the certificate. diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs index a61a7a60..a050aa45 100644 --- a/sq/src/sq_cli.rs +++ b/sq/src/sq_cli.rs @@ -485,6 +485,14 @@ pub fn build() -> App<'static, 'static> { .required(true) .help("Adds the specified key or subkey to the \ certificate.")) + .arg(Arg::with_name("allow-broken-crypto") + .value_name("ALLOW-BROKEN-CRYPTO") + .long("allow-broken-crypto") + .multiple(false) + .number_of_values(0) + .takes_value(false) + .help("Allows adopting keys from certificates \ + using broken cryptography.")) .arg(Arg::with_name("certificate") .value_name("CERT") .required(true) |