| Age | Commit message (Collapse) | Author |
|---|
|
- Implement `sq keystore list` to list all of the keys on the
keystore.
|
|
- Support interacting with the keystore either explicitly via a
command-line option, or implicitly when decrypting a session key.
- Keys on the keystore can be specified as follows:
```
$ sq encrypt --signer-keystore KEYID ...
$ sq decrypt --recipient-keystore KEYID ...
$ sq sign --signer-keystore KEYID ...
$ sq packet decrypt --recipient-file KEYID ...
```
|
|
- Rename `--recipient-cert` to `--recipient-file`, `--signer-cert`
to `--signer-file`, and `--certificate` to `--certificate-file`.
- This rename makes it clearer that the argument is a file
containing a certificate.
- See #933.
|
|
- The argument to --signer-cert, --recipient-cert, and --certificate
is a certificate *file*, not a certificate. Update the description
and the documentation to reflect this.
|
|
- Rename `--recipient-key` to `--recipient-file`, `--signer-key` to
`--signer-file`, and `--revocation-key` to `--revocation-file`.
- This rename makes it clearer that the argument is a file.
- This paves the way for other ways to address keys.
- See #933.
|
|
- The argument to --signer-key, --recipient-key, and
--revocation-key is a key *file*, not a key. Update the description
and the documentation to reflect this.
|
|
- rpassword underwent some rework. The successor of
read_password_from_tty seems to be prompt_password, relevant commits
to rpassword:
- e6023757df00a67a1e16796db50c5ffad41b6268
- 2edf6cee07573ec4aa86531e6177ee90331d5c60
|
|
|
|
|
|
|
|
Generate an all-in-one manual page sq.1, and a separate manual page
for each leaf level subcommand: sq-armor.1, seq-key-generate.1, etc.
We've previously had a grouping of subcommands per top level
subcommand: all sub-subcommands of "sq key" would go into sq-key.1.
However, I found that to be hard to follow, as a reader. I prefer
either all in one, or just the one subcommand in a page.
Use custom code to generate the manual page, in sq/src/man.rs, because
I wasn't happy with clap_mangen output, and wanted something more
idiomatic. The custom code is a little specific for sq, and may or may
not be possible to use for other programs.
To trigger manual page generation, run sq with SQ_MAN set to the name
of a directory where the manual pages should be written, when running
sq. This was an easier way to do this than a new, hidden
subcommand ("sq generate-man" or something like that).
Add the roff crate as a dependency. It's used to generate troff source
code for manual pages. Generating correct troff is tricky enough that
there's no point in doing it manually.
Move the "SEE ALSO" section in the "after_help" text for "sq verify"
into the "before_help" so that it doesn't end up as plain text in the
manual page. This was an easier change than making the "sq help text
markup" parser in sq/src/man.rs understand the SEE ALSO heading.
Sponsored-by: pep.foundation
|
|
Update the dependency on Subplot to 0.5.0.
Subplot 0.5.0 requires document metadata (title, bindings files, etc)
to be in its own YAML file, where previous versions required it to be
embedded in Markdown (still as YAML). Move the metadata to sq.subplot
and fix what breaks.
Sponsored-by: pep.foundation
|
|
- Similar to "wkd get" this command will fetch OpenPGP certificates
and display them in armored form with comments.
- Fixes #865.
|
|
- Add dane::get.
- Make EmailAddress functions pub(crate) to use them from the DANE
module.
- Add tests for generating correct FQDN.
- See #865.
|
|
- Reexport the capnp_rpc crate to make it easier to users of the ipc
library to use the same version of capnp_rpc as the ipc library.
- This is needed, because some `capnp_rpc` types are part of the
public API (specifically, the `Handler::handle` function).
|
|
|
|
- create_or_stdout is deprecated and only used by Config, pull it into
impl Config.
|
|
- We 'use sequoia_openpgp as openpgp' in sq.rs. That allows members
referencing it as crate::openpgp. This is highly confusing, as
openpgp is not actually part of this crate.
- Fix the confusion by explicitly importing sequoia_openpgp.
|
|
|
|
|
|
- Expose `oid()` function for all cryptographic backends.
- Fix the description to accurately describe the bytes that are being
returned.
- Add the reference and note to the common use of this function.
- Add practical example of computing the entire `DigestInfo`
structure.
- Add mention of the change to the NEWS file.
- Add test case to check if the values match what Nettle is using.
- Fixes #919.
|
|
- We have copies of this macro in buffered_reader and openpgp with the
same semantics.
- Use the code from buffered_reader and openpgp, to reduce confusion.
|
|
- Previously, the doctests for the macros were not run, and hence
not tested. Fix the few issues that came up when Rust 1.62
started running doctests.
- We cannot test the macros in doctests, because the macros are
not public. Add equivalent unit tests instead.
- Changes copied from 9d4be0b243b6a0d61c7fa1b33d6b1f978f1b6601.
- Fixes #916.
|
|
- Since 8919c8100f72f6313071bb221550c606a38f3747, only buffered-reader
and openpgp were tested on windows-gnu with nettle. This leaves out
the other crates, especially net and ipc.
- Test the whole workspace in windows-gnu-nettle, so that all crates
are tested on Windows.
|
|
- MSYS2 has gnupg 2.2.36, but the version installed when building the
docker image is still 2.2.35.
- Fixes #873
|
|
|
|
- Previously, we used EAX for memory encryption because it was
supported by all cryptographic backends. However, this is
problematic for OpenSSL, which doesn't support EAX.
- Instead, have the backends provide a default algorithm to use
that they support.
|
|
|
|
- ArmorKind and PacketKind represent the same values to the cli and
are basically identical.
- Unify them to ArmorKind.
|
|
|
|
|
|
- sq_cli.rs has become unwieldy.
- Refactor, so that each first level subcommand has its own module.
|
|
This will let `sq` not depend on `clap` version 2, even transitively.
Sponsored-by: pep.foundation
|
|
- When the decryptor returns a short session key without reporting
an error, an overflow occurs. Avoid this by using saturating
subtraction. Then, the resulting range is empty, and an error
will be reported just a few lines down.
- Fixes #913.
|
|
This is the most conservative possible relaxation of the dependency,
and it makes the tool buildable on debian stable, where serde_json is
currently blocked by a confusing mess (https://bugs.debian.org/1015743)
I suspect it could be relaxed even further (best would be serde_json =
"1"), but i haven't tested it against serde 1.0.0, and this change is
sufficient for my purposes for now.
|
|
This allows the user to query what output versions are available and
what is the current default one.
Sponsored-by: NLnet Foundation; NGI Assure
|
|
This makes it easier to manage them in one place. Also, allows one
place where the output model version is picked.
Also add integration tests to sq-subplot.md.
Sponsored-by: NLnet Foundation; NGI Assure
|
|
The JSON is the same same for both subcommands on the assumption that
if someone is consuming JSON, they will pick the field relevant to
them in any case. For someone consuming the default output format,
they choose by using the right subcommand and don't have to parse the
output.
Sponsored-by: NLnet Foundation; NGI Assure
|
|
|
|
- Use clap-provided mechanisms instead of manually parsing --help
output.
- Fixes #872.
|
|
|
|
- This is more intuitive instead of fiddling with display_order
numbers.
- Allows iterating over the subcommands in the order they are
displayed.
|
|
- Remove the workaround that was required to include help output in
docs.
|
|
|
|
SQ_OUTPUT_FORMAT and SQ_OUTPUT_VERSION will be obeyed unless the
corresponding options are used.
Sponsored-by: NLnet Foundation; NGI Assure
|
|
Sponsored-by: NLnet Foundation; NGI Assure
|
|
This heavily changes the subcommand implementation. The original code
mixed concerns (iterating over certificates, making decisions about
primary UserID, and formatting output). This changes things so that
the concerns are more separate.
Formatting of JSON output is done using the serde_json crate. This
makes it easy to add other formats supported by serde later.
Unfortunately, using serde means the whole parsed keyring must be kept
in memory at once, because serde doesn't know how to serialize an
iterator: a serde serializer gets an immutable reference to the data
being serialized, and an iterator must be mutable. We may need
to fix that later, but all my attempts to do so failed.
Sponsored-by: NLnet Foundation; NGI Assure
|
|
These aren't used yet, this is preparation for future changes.
Sponsored-by: NLnet Foundation; NGI Assure
|
|
Nothing implements these yet, this is preparation for future changes.
Sponsored-by: NLnet Foundation; NGI Assure
|
|
These are not yet used, this is preparation for future changes.
Sponsored-by: NLnet Foundation; NGI Assure
|
