tool: Introduce key manipulation subcommand.

  - And move the key generation subcommand there, calling it
    `generate`.

  - Fixes #163.

3 files changed, 82 insertions, 52 deletions

diff --git a/tool/src/sq-usage.rs b/tool/src/sq-usage.rs
index e6f261d0..7c06615b 100644
--- a/tool/src/sq-usage.rs
+++ b/tool/src/sq-usage.rs
@@ -31,7 +31,7 @@
 //!     dump         Lists OpenPGP packets
 //!     enarmor      Applies ASCII Armor to a file
 //!     help         Prints this message or the help of the given subcommand(s)
-//!     keygen       Generate a new key
+//!     key          Manipulates keys
 //!     list         Lists key stores and known keys
 //!     split        Splits a message into OpenPGP packets
 //! ```
@@ -421,16 +421,33 @@
 //!     <FILE>    Sets the input file to use
 //! ```
 //!
-//! ## Subcommand keygen
+//! ## Subcommand key
 //!
 //! ```text
-//! Generate a new key
+//! Manipulates keys
 //!
 //! USAGE:
-//!     sq keygen [FLAGS] [OPTIONS] --export <OUTFILE>
+//!     sq key [SUBCOMMAND]
 //!
 //! FLAGS:
-//!         --can-sign          The key has a signing-capable subkey (Default)
+//!     -h, --help       Prints help information
+//!     -V, --version    Prints version information
+//!
+//! SUBCOMMANDS:
+//!     generate    Generates a new key
+//!     help        Prints this message or the help of the given subcommand(s)
+//! ```
+//!
+//! ### Subcommand key generate
+//!
+//! ```text
+//! Generates a new key
+//!
+//! USAGE:
+//!     sq key generate [FLAGS] [OPTIONS] --export <OUTFILE>
+//!
+//! FLAGS:
+//!         --can-sign          The key has a signing-capable subkey (default)
 //!         --cannot-encrypt    The key will not be able to encrypt data
 //!         --cannot-sign       The key will not be able to sign data
 //!     -h, --help              Prints help information
@@ -438,7 +455,7 @@
 //!         --with-password     Prompt for a password to protect the generated key with.
 //!
 //! OPTIONS:
-//!         --can-encrypt <PURPOSE>          The key has an encryption-capable subkey (Default) [default: all]  [possible
+//!         --can-encrypt <PURPOSE>          The key has an encryption-capable subkey (default) [default: all]  [possible
 //!                                          values: transport, rest, all]
 //!     -c, --cipher-suite <CIPHER-SUITE>    Cryptographic algorithms used for the key. [default: rsa3k]  [possible values:
 //!                                          rsa3k, cv25519]
diff --git a/tool/src/sq.rs b/tool/src/sq.rs
index 162e8288..2242d6e6 100644
--- a/tool/src/sq.rs
+++ b/tool/src/sq.rs
@@ -412,9 +412,10 @@ fn real_main() -> Result<(), failure::Error> {
                 },
             }
         },
-        ("keygen",  Some(m)) => {
-            commands::key::generate(m, force)?;
-        }
+        ("key", Some(m)) => match m.subcommand() {
+            ("generate", Some(m)) => commands::key::generate(m, force)?,
+            _ => unreachable!(),
+        },
         _ => {
             eprintln!("No subcommand given.");
             exit(1);
diff --git a/tool/src/sq_cli.rs b/tool/src/sq_cli.rs
index eb98fd17..d3489e6e 100644
--- a/tool/src/sq_cli.rs
+++ b/tool/src/sq_cli.rs
@@ -318,49 +318,61 @@ pub fn build() -> App<'static, 'static> {
                                 .about("Lists all keys in the common key pool"))
                     .subcommand(SubCommand::with_name("log")
                                 .about("Lists the server log")))
-        .subcommand(SubCommand::with_name("keygen")
-                    .about("Generate a new key")
-                    .arg(Arg::with_name("userid").value_name("EMAIL")
-                         .long("userid")
-                         .short("u")
-                         .help("Primary user ID"))
-                    .arg(Arg::with_name("cipher-suite").value_name("CIPHER-SUITE")
-                         .long("cipher-suite")
-                         .short("c")
-                         .possible_values(&["rsa3k", "cv25519"])
-                         .default_value("rsa3k")
-                         .help("Cryptographic algorithms used for the key."))
-                    .arg(Arg::with_name("with-password")
-                         .long("with-password")
-                         .help("Prompt for a password to protect the generated \
-                                key with."))
+        .subcommand(
+            SubCommand::with_name("key")
+                .about("Manipulates keys")
+                .setting(AppSettings::ArgRequiredElseHelp)
+                .subcommand(
+                    SubCommand::with_name("generate")
+                        .about("Generates a new key")
+                        .arg(Arg::with_name("userid")
+                             .value_name("EMAIL")
+                             .long("userid")
+                             .short("u")
+                             .help("Primary user ID"))
+                        .arg(Arg::with_name("cipher-suite")
+                             .value_name("CIPHER-SUITE")
+                             .long("cipher-suite")
+                             .short("c")
+                             .possible_values(&["rsa3k", "cv25519"])
+                             .default_value("rsa3k")
+                             .help("Cryptographic algorithms used for the key."))
+                        .arg(Arg::with_name("with-password")
+                             .long("with-password")
+                             .help("Prompt for a password to protect the \
+                                    generated key with."))
 
-                    .group(ArgGroup::with_name("cap-sign")
-                           .args(&["can-sign", "cannot-sign"]))
-                    .arg(Arg::with_name("can-sign")
-                         .long("can-sign")
-                         .help("The key has a signing-capable subkey (Default)"))
-                    .arg(Arg::with_name("cannot-sign")
-                         .long("cannot-sign")
-                         .help("The key will not be able to sign data"))
+                        .group(ArgGroup::with_name("cap-sign")
+                               .args(&["can-sign", "cannot-sign"]))
+                        .arg(Arg::with_name("can-sign")
+                             .long("can-sign")
+                             .help("The key has a signing-capable subkey \
+                                    (default)"))
+                        .arg(Arg::with_name("cannot-sign")
+                             .long("cannot-sign")
+                             .help("The key will not be able to sign data"))
 
-                    .group(ArgGroup::with_name("cap-encrypt")
-                           .args(&["can-encrypt", "cannot-encrypt"]))
-                    .arg(Arg::with_name("can-encrypt").value_name("PURPOSE")
-                         .long("can-encrypt")
-                         .possible_values(&["transport", "rest", "all"])
-                         .default_value("all")
-                         .help("The key has an encryption-capable subkey (Default)"))
-                    .arg(Arg::with_name("cannot-encrypt")
-                         .long("cannot-encrypt")
-                         .help("The key will not be able to encrypt data"))
-                    .arg(Arg::with_name("export").value_name("OUTFILE")
-                         .long("export")
-                         .short("e")
-                         .help("Exports the key instead of saving it in the store")
-                         .required(true))
-                    .arg(Arg::with_name("rev-cert").value_name("FILE or -")
-                         .long("rev-cert")
-                         .required_if("export", "-")
-                         .help("Sets the output file for the revocation certificate. Default is <OUTFILE>.rev, mandatory if OUTFILE is '-'.")))
+                        .group(ArgGroup::with_name("cap-encrypt")
+                               .args(&["can-encrypt", "cannot-encrypt"]))
+                        .arg(Arg::with_name("can-encrypt").value_name("PURPOSE")
+                             .long("can-encrypt")
+                             .possible_values(&["transport", "rest", "all"])
+                             .default_value("all")
+                             .help("The key has an encryption-capable subkey \
+                                    (default)"))
+                        .arg(Arg::with_name("cannot-encrypt")
+                             .long("cannot-encrypt")
+                             .help("The key will not be able to encrypt data"))
+                        .arg(Arg::with_name("export").value_name("OUTFILE")
+                             .long("export")
+                             .short("e")
+                             .help("Exports the key instead of saving it in \
+                                    the store")
+                             .required(true))
+                        .arg(Arg::with_name("rev-cert").value_name("FILE or -")
+                             .long("rev-cert")
+                             .required_if("export", "-")
+                             .help("Sets the output file for the revocation \
+                                    certificate. Default is <OUTFILE>.rev, \
+                                    mandatory if OUTFILE is '-'."))))
 }