summaryrefslogtreecommitdiffstats
path: root/sq/sq-subplot.md
diff options
context:
space:
mode:
Diffstat (limited to 'sq/sq-subplot.md')
-rw-r--r--sq/sq-subplot.md119
1 files changed, 116 insertions, 3 deletions
diff --git a/sq/sq-subplot.md b/sq/sq-subplot.md
index 53bf164d..8c05a19c 100644
--- a/sq/sq-subplot.md
+++ b/sq/sq-subplot.md
@@ -144,6 +144,7 @@ then stdout contains "Alice"
then stdout contains "Expiration time: 20"
then stdout contains "Key flags: certification"
then stdout contains "Key flags: signing"
+then stdout contains "Key flags: authentication"
then stdout contains "Key flags: transport encryption, data-at-rest encryption"
~~~
@@ -172,19 +173,37 @@ then file key.pgp contains "Comment: <alice@example.com>"
~~~
+### Generate a key for certification only
+
+_Requirement: We must be able to generate a key that can only be used
+for certification, and can't be used for signing, encryption or authentication._
+
+Note that `sq` always creates a key usable for certification.
+
+~~~scenario
+given an installed sq
+when I run sq key generate --export key.pgp --cannot-sign --cannot-authenticate --cannot-encrypt
+when I run sq inspect key.pgp
+then stdout contains "Key flags: certification"
+then stdout doesn't contain "Key flags: signing"
+then stdout doesn't contain "Key flags: authentication"
+then stdout doesn't contain "Key flags: transport encryption, data-at-rest encryption"
+~~~
+
### Generate a key for encryption only
_Requirement: We must be able to generate a key that can only be used
-for encryption, and can't be used for signing._
+for encryption, and can't be used for signing or authentication._
Note that `sq` always creates a key usable for certification.
~~~scenario
given an installed sq
-when I run sq key generate --export key.pgp --cannot-sign
+when I run sq key generate --export key.pgp --cannot-sign --cannot-authenticate
when I run sq inspect key.pgp
then stdout contains "Key flags: certification"
then stdout doesn't contain "Key flags: signing"
+then stdout doesn't contain "Key flags: authentication"
then stdout contains "Key flags: transport encryption, data-at-rest encryption"
~~~
@@ -223,13 +242,107 @@ for signing, and can't be used for encryption._
~~~scenario
given an installed sq
-when I run sq key generate --export key.pgp --cannot-encrypt
+when I run sq key generate --export key.pgp --cannot-encrypt --cannot-authenticate
+when I run sq inspect key.pgp
+then stdout contains "Key flags: certification"
+then stdout contains "Key flags: signing"
+then stdout doesn't contain "Key flags: transport encryption, data-at-rest encryption"
+then stdout doesn't contain "Key flags: authentication"
+~~~
+
+
+### Generate a key for authentication only
+
+_Requirement: We must be able to generate a key that can only be used
+for authentication, and can't be used for encryption or signing._
+
+Note that `sq` always creates a key usable for certification.
+
+~~~scenario
+given an installed sq
+when I run sq key generate --export key.pgp --can-authenticate --cannot-sign --cannot-encrypt
+when I run sq inspect key.pgp
+then stdout contains "Key flags: certification"
+then stdout contains "Key flags: authentication"
+then stdout doesn't contain "Key flags: signing"
+then stdout doesn't contain "Key flags: transport encryption, data-at-rest encryption"
+~~~
+
+
+### Generate a key for encryption and authentication
+
+_Requirement: We must be able to generate a key that can only be used
+for encryption and authentication, and can't be used for signing._
+
+Note that `sq` always creates a key usable for certification.
+
+~~~scenario
+given an installed sq
+when I run sq key generate --export key.pgp --cannot-sign
+when I run sq inspect key.pgp
+then stdout contains "Key flags: certification"
+then stdout contains "Key flags: authentication"
+then stdout contains "Key flags: transport encryption, data-at-rest encryption"
+then stdout doesn't contain "Key flags: signing"
+~~~
+
+
+### Generate a key for encryption and signing
+
+_Requirement: We must be able to generate a key that can only be used
+for encryption and signing, and can't be used for authentication._
+
+Note that `sq` always creates a key usable for certification.
+
+~~~scenario
+given an installed sq
+when I run sq key generate --export key.pgp --cannot-authenticate
when I run sq inspect key.pgp
then stdout contains "Key flags: certification"
+then stdout contains "Key flags: transport encryption, data-at-rest encryption"
then stdout contains "Key flags: signing"
+then stdout doesn't contain "Key flags: authentication"
+~~~
+
+
+### Generate a key for signing and authentication
+
+_Requirement: We must be able to generate a key that can only be used
+for signing and authentication, and can't be used for encryption._
+
+Note that `sq` always creates a key usable for certification.
+
+~~~scenario
+given an installed sq
+when I run sq key generate --export key.pgp --cannot-encrypt
+when I run sq inspect key.pgp
+then stdout contains "Key flags: certification"
then stdout doesn't contain "Key flags: transport encryption, data-at-rest encryption"
+then stdout contains "Key flags: signing"
+then stdout contains "Key flags: authentication"
+~~~
+
+
+
+### Generate a key for encryption, authentication and signing
+
+_Requirement: We must be able to generate a key that can be used for
+encryption, authentication and signing._
+
+Note that `sq` always creates a key usable for certification.
+
+~~~scenario
+given an installed sq
+when I run sq key generate --export key.pgp
+when I run sq inspect key.pgp
+then stdout contains "Key flags: certification"
+then stdout contains "Key flags: authentication"
+then stdout contains "Key flags: transport encryption, data-at-rest encryption"
+then stdout contains "Key flags: signing"
~~~
+
+
### Generate an elliptic curve key
_Requirement: We must be able to generate an Curve25519 key_
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 08:29:06 +0000