Age | Commit message (Collapse) | Author |
|
|
|
|
|
- Removes a duplicate dependency, as itertools:0.10 is used by
lalrpop:0.19.6, among others, anyway.
|
|
Update subplotlib and subplot-build dependencies to the recent
Subplot release. Subplot made a change that changes the document
metadata, which requires dropping the "template" field and changing
"functions" to "impls" in sq-subplot.md.
Sponsored-by: pep.foundation
|
|
Sponsored-by: pep.foundation
|
|
This makes the `sq wkd generate --skip` work with keyrings that
contain mixedn certificates some of which do not have the domain
in User IDs.
|
|
- When `sq inspect` displays a certification, also display the hash
algorithm, and whether the certification is valid according to the
currently policy.
- Recall: The standard policy rejects certifications that use SHA-1,
but GnuPG doesn't. This makes is easier for users to understand
why some certifications are ignored.
|
|
|
|
The word "no" was missing, making the requirement be the opposite of
what was intended.
Sponsored-by: pep.foundation
|
|
- I now see "Expiration time: 2038-01-19 03:14:07 UTC" in the
output, the exact timestamp that is given to --expires. However,
I don't think it is a good idea to check for second-accurate times
here, because that is OpenPGP's time resolution and there may be
rounding issues.
|
|
- assert_cli has been deprecated for a long time, assert_cmd is the
successor.
- a4cfd15805a543a327d2242f9c0f2b653a11ee55 introduced assert_cmd to
sq, in addition to assert_cli. It does not make sense to use two
different crates for cli testing.
- Closes #640.
|
|
- State default features in terms of sq's features.
|
|
- Closes #763
|
|
- Remove the compression feature, it is now redundant with
compression-bzip2 as both add the bzip2 feature to buffered-reader
and sequoia-openpgp, but compression-bzip2 is more explicit.
|
|
|
|
The new scenario is more explicit in how the verification is done
rather than just checking the output is a public key block.
Also, fix a tiny markup error in another scenario (missing _ to end
italic section).
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Fixes #811
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
|
|
- `get_keys` only returned a key for the first certificate. It should
return a key for each certificate.
- Fixes #750.
|
|
|
|
|
|
- If a key is inappropriate, include an explanation in the error
message to simplify debugging.
|
|
|
|
|
|
- Better distinguish multiple certifications. Previously just the
issuers of the certification were shown and there can be more than
one issuer subpacket per certification.
- Also, when set, display the signature's creation time, its
expiration time, and the trust depth & trust amount.
|
|
- Allow the user to explicitly set the key's creation time.
- This is useful for:
- obscuring the actual creation time.
- testing.
|
|
|
|
- `str::starts_with` already checks that the string is not empty.
Don't first check that the string is not empty.
|
|
- There may be a valid key, but not at the specified time. When no
key is found and a time stamp is given, add a diagnostic that
this might be the problem.
|
|
- Generalize the existing code to handle revoking both certificates
and User IDs.
|
|
|
|
- Generate `cert_stub` to optionally take a User ID. If a User ID
is specified emit that instead of the primary User ID.
|
|
|
|
Also, tidy up some older stuff a bit.
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
- Show the revocation certificate's human-readable revocation
message, if any.
- If the revocation certificate is a third-party revocation, then
also show the first issuer.
|
|
- Use `get_certification_keys` to get the certification key. This
also unlocks the key, if needed.
Fixes #776.
- Add `--private-key-store` as an option to also work with keys
stored on a PKS.
|
|
Verify more aspects of how sq generates keys. The scenarios now cover
all ways of running "sq key generate".
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
- Add support for revoking certificates to sq.
|
|
- Generalize get_signing_keys to lookup other types of keys.
- Rename it to get_keys, take a `KeyFlags` parameter, and implement
get_signing_keys in terms of get_keys.
|
|
- Change `get_signing_keys` to also take a `&Cert`, not just a `Cert`,
by making it polymorphic over the element type. Specifically,
change it to take a `Borrow<Cert>` instead of a `Cert`.
|
|
- Previously, the tests for sq sign used test vectors from the
openpgp crate. But, those are not bundled with the sq crate,
breaking the test when using the crate's source tarball.
- Fixes #787.
|