diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2021-01-20 08:50:12 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2021-01-20 11:33:45 +0100 |
commit | 360c843beb840b862db18127b509da9514f29d90 (patch) | |
tree | 4af60ea78c040516dd04aeff14c429ae245a5345 /sq | |
parent | bb04c1088e1dc07db07d76c00a4deb46f6f0a0db (diff) |
sq: Rework cert and key arguments.
- Drop the -file suffix in arguments and value names.
- Use key instead of TSK.
- Use roles (e.g. recipient) instead of key properties (e.g. having
a secret key.
Diffstat (limited to 'sq')
-rw-r--r-- | sq/src/sq-usage.rs | 57 | ||||
-rw-r--r-- | sq/src/sq_cli.rs | 34 | ||||
-rw-r--r-- | sq/tests/sq-sign.rs | 62 |
3 files changed, 74 insertions, 79 deletions
diff --git a/sq/src/sq-usage.rs b/sq/src/sq-usage.rs index 1a70741d..a8de24b2 100644 --- a/sq/src/sq-usage.rs +++ b/sq/src/sq-usage.rs @@ -53,11 +53,11 @@ //! -V, --version Prints version information //! //! OPTIONS: -//! -o, --output <FILE> Sets the output file to use -//! --secret-key-file <TSK-FILE>... Secret key to decrypt with, given as a file (can be given multiple times) -//! --sender-cert-file <CERT-FILE>... The sender's certificate to verify signatures with, given as a file (can be -//! given multiple times) -//! -n, --signatures <N> The number of valid signatures required. Default: 0 +//! -o, --output <FILE> Sets the output file to use +//! --recipient-key <KEY>... Secret key to decrypt with, given as a file (can be given multiple times) +//! --signer-cert <CERT>... The signer's certificate to verify signatures with, given as a file (can be given +//! multiple times) +//! -n, --signatures <N> The number of valid signatures required. Default: 0 //! //! ARGS: //! <FILE> Sets the input file to use @@ -80,21 +80,17 @@ //! -V, --version Prints version information //! //! OPTIONS: -//! --compression <KIND> -//! Selects compression scheme to use [default: pad] [possible values: none, pad, zip, zlib, bzip2] -//! -//! --mode <MODE> -//! Selects what kind of keys are considered for encryption. Transport select subkeys marked as suitable for -//! transport encryption, rest selects those for encrypting data at rest, and all selects all encryption-capable -//! subkeys [default: all] [possible values: transport, rest, all] -//! -o, --output <FILE> Sets the output file to use -//! --recipients-cert-file <CERTS-FILE>... -//! Recipients to encrypt for, given as a file (can be given multiple times) -//! -//! --signer-key-file <TSK-FILE>... Secret key to sign with, given as a file (can be given multiple times) -//! -t, --time <TIME> -//! Chooses keys valid at the specified time and sets the signature's creation time -//! +//! --compression <KIND> Selects compression scheme to use [default: pad] [possible values: none, +//! pad, zip, zlib, bzip2] +//! --mode <MODE> Selects what kind of keys are considered for encryption. Transport select +//! subkeys marked as suitable for transport encryption, rest selects those for +//! encrypting data at rest, and all selects all encryption-capable subkeys +//! [default: all] [possible values: transport, rest, all] +//! -o, --output <FILE> Sets the output file to use +//! --recipient-cert <CERT-RING>... Recipients to encrypt for, given as a file (can be given multiple times) +//! --signer-key <KEY>... Secret key to sign with, given as a file (can be given multiple times) +//! -t, --time <TIME> Chooses keys valid at the specified time and sets the signature's creation +//! time //! //! ARGS: //! <FILE> Sets the input file to use @@ -117,10 +113,9 @@ //! -V, --version Prints version information //! //! OPTIONS: -//! -o, --output <FILE> Sets the output file to use -//! --secret-key-file <TSK-FILE>... Secret key to sign with, given as a file (can be given multiple times) -//! -t, --time <TIME> Chooses keys valid at the specified time and sets the signature's creation -//! time +//! -o, --output <FILE> Sets the output file to use +//! --signer-key <KEY>... Secret key to sign with, given as a file (can be given multiple times) +//! -t, --time <TIME> Chooses keys valid at the specified time and sets the signature's creation time //! //! ARGS: //! <FILE> Sets the input file to use @@ -139,11 +134,11 @@ //! -V, --version Prints version information //! //! OPTIONS: -//! --detached <SIG-FILE> Verifies a detached signature -//! -o, --output <FILE> Sets the output file to use -//! --sender-cert-file <CERT-FILE>... The sender's certificate to verify signatures with, given as a file (can be -//! given multiple times) -//! -n, --signatures <N> The number of valid signatures required. Default: 0 +//! --detached <SIG> Verifies a detached signature +//! -o, --output <FILE> Sets the output file to use +//! --signer-cert <CERT>... The signer's certificate to verify signatures with, given as a file (can be given +//! multiple times) +//! -n, --signatures <N> The number of valid signatures required. Default: 0 //! //! ARGS: //! <FILE> Sets the input file to use @@ -588,8 +583,8 @@ //! -V, --version Prints version information //! //! OPTIONS: -//! -o, --output <FILE> Sets the output file to use -//! --secret-key-file <TSK-FILE>... Secret key to decrypt with, given as a file (can be given multiple times) +//! -o, --output <FILE> Sets the output file to use +//! --recipient-key <KEY>... Secret key to decrypt with, given as a file (can be given multiple times) //! //! ARGS: //! <FILE> Sets the input file to use diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs index b77cc0d6..4d664344 100644 --- a/sq/src/sq_cli.rs +++ b/sq/src/sq_cli.rs @@ -37,19 +37,19 @@ pub fn build() -> App<'static, 'static> { .short("n") .takes_value(true)) .arg(Arg::with_name("sender-cert-file") - .long("sender-cert-file") + .long("signer-cert") .multiple(true) .takes_value(true) - .value_name("CERT-FILE") + .value_name("CERT") .number_of_values(1) - .help("The sender's certificate to verify signatures \ + .help("The signer's certificate to verify signatures \ with, given as a file \ (can be given multiple times)")) .arg(Arg::with_name("secret-key-file") - .long("secret-key-file") + .long("recipient-key") .multiple(true) .takes_value(true) - .value_name("TSK-FILE") + .value_name("KEY") .number_of_values(1) .help("Secret key to decrypt with, given as a file \ (can be given multiple times)")) @@ -77,18 +77,18 @@ pub fn build() -> App<'static, 'static> { .short("B") .help("Don't ASCII-armor encode the OpenPGP data")) .arg(Arg::with_name("recipients-cert-file") - .long("recipients-cert-file") + .long("recipient-cert") .multiple(true) .takes_value(true) - .value_name("CERTS-FILE") + .value_name("CERT-RING") .number_of_values(1) .help("Recipients to encrypt for, given as a file \ (can be given multiple times)")) .arg(Arg::with_name("signer-key-file") - .long("signer-key-file") + .long("signer-key") .multiple(true) .takes_value(true) - .value_name("TSK-FILE") + .value_name("KEY") .number_of_values(1) .help("Secret key to sign with, given as a file \ (can be given multiple times)")) @@ -167,10 +167,10 @@ pub fn build() -> App<'static, 'static> { .conflicts_with("append") .help("Signs a message and all existing signatures")) .arg(Arg::with_name("secret-key-file") - .long("secret-key-file") + .long("signer-key") .multiple(true) .takes_value(true) - .value_name("TSK-FILE") + .value_name("KEY") .number_of_values(1) .help("Secret key to sign with, given as a file \ (can be given multiple times)")) @@ -191,7 +191,7 @@ pub fn build() -> App<'static, 'static> { .arg(Arg::with_name("detached") .long("detached") .takes_value(true) - .value_name("SIG-FILE") + .value_name("SIG") .help("Verifies a detached signature")) .arg(Arg::with_name("signatures").value_name("N") .help("The number of valid signatures required. \ @@ -200,12 +200,12 @@ pub fn build() -> App<'static, 'static> { .short("n") .takes_value(true)) .arg(Arg::with_name("sender-cert-file") - .long("sender-cert-file") + .long("signer-cert") .multiple(true) .takes_value(true) - .value_name("CERT-FILE") + .value_name("CERT") .number_of_values(1) - .help("The sender's certificate to verify signatures \ + .help("The signer's certificate to verify signatures \ with, given as a file \ (can be given multiple times)"))) .subcommand(SubCommand::with_name("enarmor") @@ -525,10 +525,10 @@ pub fn build() -> App<'static, 'static> { .help("Don't ASCII-armor encode the \ OpenPGP data")) .arg(Arg::with_name("secret-key-file") - .long("secret-key-file") + .long("recipient-key") .multiple(true) .takes_value(true) - .value_name("TSK-FILE") + .value_name("KEY") .number_of_values(1) .help("Secret key to decrypt with, given \ as a file \ diff --git a/sq/tests/sq-sign.rs b/sq/tests/sq-sign.rs index 2f40d137..a27ecd43 100644 --- a/sq/tests/sq-sign.rs +++ b/sq/tests/sq-sign.rs @@ -27,7 +27,7 @@ fn sq_sign() { Assert::cargo_binary("sq") .with_args( &["sign", - "--secret-key-file", + "--signer-key", &artifact("keys/dennis-simon-anton-private.pgp"), "--output", &sig.to_string_lossy(), @@ -62,7 +62,7 @@ fn sq_sign() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/dennis-simon-anton.pgp"), &sig.to_string_lossy()]) .unwrap(); @@ -77,7 +77,7 @@ fn sq_sign_append() { Assert::cargo_binary("sq") .with_args( &["sign", - "--secret-key-file", + "--signer-key", &artifact("keys/dennis-simon-anton-private.pgp"), "--output", &sig0.to_string_lossy(), @@ -112,7 +112,7 @@ fn sq_sign_append() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/dennis-simon-anton.pgp"), &sig0.to_string_lossy()]) .unwrap(); @@ -123,7 +123,7 @@ fn sq_sign_append() { .with_args( &["sign", "--append", - "--secret-key-file", + "--signer-key", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256-private.pgp"), "--output", &sig1.to_string_lossy(), @@ -171,14 +171,14 @@ fn sq_sign_append() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/dennis-simon-anton.pgp"), &sig1.to_string_lossy()]) .unwrap(); Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256.pgp"), &sig1.to_string_lossy()]) .unwrap(); @@ -242,7 +242,7 @@ fn sq_sign_append_on_compress_then_sign() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/dennis-simon-anton.pgp"), &sig0.to_string_lossy()]) .unwrap(); @@ -253,7 +253,7 @@ fn sq_sign_append_on_compress_then_sign() { .with_args( &["sign", "--append", - "--secret-key-file", + "--signer-key", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256-private.pgp"), "--output", &sig1.to_string_lossy(), @@ -305,14 +305,14 @@ fn sq_sign_append_on_compress_then_sign() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/dennis-simon-anton.pgp"), &sig0.to_string_lossy()]) .unwrap(); Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256.pgp"), &sig0.to_string_lossy()]) .unwrap(); @@ -328,7 +328,7 @@ fn sq_sign_detached() { .with_args( &["sign", "--detached", - "--secret-key-file", + "--signer-key", &artifact("keys/dennis-simon-anton-private.pgp"), "--output", &sig.to_string_lossy(), @@ -352,7 +352,7 @@ fn sq_sign_detached() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/dennis-simon-anton.pgp"), "--detached", &sig.to_string_lossy(), @@ -370,7 +370,7 @@ fn sq_sign_detached_append() { .with_args( &["sign", "--detached", - "--secret-key-file", + "--signer-key", &artifact("keys/dennis-simon-anton-private.pgp"), "--output", &sig.to_string_lossy(), @@ -394,7 +394,7 @@ fn sq_sign_detached_append() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/dennis-simon-anton.pgp"), "--detached", &sig.to_string_lossy(), @@ -406,7 +406,7 @@ fn sq_sign_detached_append() { .with_args( &["sign", "--detached", - "--secret-key-file", + "--signer-key", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256-private.pgp"), "--output", &sig.to_string_lossy(), @@ -420,7 +420,7 @@ fn sq_sign_detached_append() { &["sign", "--detached", "--append", - "--secret-key-file", + "--signer-key", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256-private.pgp"), "--output", &sig.to_string_lossy(), @@ -449,7 +449,7 @@ fn sq_sign_detached_append() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/dennis-simon-anton.pgp"), "--detached", &sig.to_string_lossy(), @@ -458,7 +458,7 @@ fn sq_sign_detached_append() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256.pgp"), "--detached", &sig.to_string_lossy(), @@ -472,7 +472,7 @@ fn sq_sign_detached_append() { &["sign", "--detached", "--append", - "--secret-key-file", + "--signer-key", // Not a private key => signing will fail. &artifact("keys/erika-corinna-daniela-simone-antonia-nistp521.pgp"), "--output", @@ -509,7 +509,7 @@ fn sq_sign_append_a_notarization() { .with_args( &["sign", "--append", - "--secret-key-file", + "--signer-key", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256-private.pgp"), "--output", &sig0.to_string_lossy(), @@ -569,21 +569,21 @@ fn sq_sign_append_a_notarization() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/neal.pgp"), &sig0.to_string_lossy()]) .unwrap(); Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/emmelie-dorothea-dina-samantha-awina-ed25519.pgp"), &sig0.to_string_lossy()]) .unwrap(); Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256.pgp"), &sig0.to_string_lossy()]) .unwrap(); @@ -599,7 +599,7 @@ fn sq_sign_notarize() { .with_args( &["sign", "--notarize", - "--secret-key-file", + "--signer-key", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256-private.pgp"), "--output", &sig0.to_string_lossy(), @@ -647,14 +647,14 @@ fn sq_sign_notarize() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/neal.pgp"), &sig0.to_string_lossy()]) .unwrap(); Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256.pgp"), &sig0.to_string_lossy()]) .unwrap(); @@ -670,7 +670,7 @@ fn sq_sign_notarize_a_notarization() { .with_args( &["sign", "--notarize", - "--secret-key-file", + "--signer-key", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256-private.pgp"), "--output", &sig0.to_string_lossy(), @@ -730,21 +730,21 @@ fn sq_sign_notarize_a_notarization() { Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/neal.pgp"), &sig0.to_string_lossy()]) .unwrap(); Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/emmelie-dorothea-dina-samantha-awina-ed25519.pgp"), &sig0.to_string_lossy()]) .unwrap(); Assert::cargo_binary("sq") .with_args( &["verify", - "--sender-cert-file", + "--signer-cert", &artifact("keys/erika-corinna-daniela-simone-antonia-nistp256.pgp"), &sig0.to_string_lossy()]) .unwrap(); |