1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
use clap::{ArgEnum, Parser};
use super::{IoArgs, Time};
#[derive(Parser, Debug)]
#[clap(
name = "encrypt",
about = "Encrypts a message",
long_about =
"Encrypts a message
Encrypts a message for any number of recipients and with any number of
passwords, optionally signing the message in the process.
The converse operation is \"sq decrypt\".
",
after_help =
"EXAMPLES:
# Encrypt a file using a certificate
$ sq encrypt --recipient-cert romeo.pgp message.txt
# Encrypt a file creating a signature in the process
$ sq encrypt --recipient-cert romeo.pgp --signer-key juliet.pgp message.txt
# Encrypt a file using a password
$ sq encrypt --symmetric message.txt
",
)]
pub struct Command {
#[clap(flatten)]
pub io: IoArgs,
#[clap(
short = 'B',
long,
help = "Emits binary data",
)]
pub binary: bool,
#[clap(
long = "recipient-cert",
value_name = "CERT-RING",
multiple_occurrences = true,
help = "Encrypts for all recipients in CERT-RING",
)]
pub recipients_cert_file: Vec<String>,
#[clap(
long = "signer-key",
value_name = "KEY",
help = "Signs the message with KEY",
)]
pub signer_key_file: Vec<String>,
#[clap(
long = "private-key-store",
value_name = "KEY_STORE",
help = "Provides parameters for private key store",
)]
pub private_key_store: Option<String>,
#[clap(
short = 's',
long = "symmetric",
help = "Adds a password to encrypt with",
multiple_occurrences = true,
long_help = "Adds a password to encrypt with. \
The message can be decrypted with \
either one of the recipient's keys, or any password.",
parse(from_occurrences)
)]
pub symmetric: usize,
#[clap(
long = "mode",
value_name = "MODE",
default_value_t = EncryptionMode::All,
help = "Selects what kind of keys are considered for encryption.",
long_help =
"Selects what kind of keys are considered for \
encryption. Transport select subkeys marked \
as suitable for transport encryption, rest \
selects those for encrypting data at rest, \
and all selects all encryption-capable \
subkeys.",
arg_enum,
)]
pub mode: EncryptionMode,
#[clap(
long = "compression",
value_name = "KIND",
default_value_t = CompressionMode::Pad,
help = "Selects compression scheme to use",
arg_enum,
)]
pub compression: CompressionMode,
#[clap(
short = 't',
long = "time",
value_name = "TIME",
help = "Chooses keys valid at the specified time and \
sets the signature's creation time",
)]
pub time: Option<Time>,
#[clap(
long = "use-expired-subkey",
help = "Falls back to expired encryption subkeys",
long_help =
"If a certificate has only expired \
encryption-capable subkeys, falls back \
to using the one that expired last",
)]
pub use_expired_subkey: bool,
}
#[derive(ArgEnum, Debug, Clone)]
pub enum EncryptionMode {
Transport,
Rest,
All
}
#[derive(ArgEnum, Debug, Clone)]
pub enum CompressionMode {
None,
Pad,
Zip,
Zlib,
Bzip2
}
|
