Open ronaldtse opened 7 years ago
Feel free to add/modify the above list (with discussions).
@ronaldtse I agree on the list of high-level commands. However thinking now about required arguments for each of them, like hash algorithms, symmetric algorithms, key protection (S2K iterations/sym arg) and so on.
Agree with @ni4's comment on elaborating out the details of CLI arguments. The other use case that was mentioned (I think @flowher and @ni4 ), but we didn't elaborate, is using rnp to simply encrypt a file using a passphrase. We should do it here.
For now I see the following commands and/or parameters. Some of the are not implemented, some of them may be renamed or not required right now. It is just to have the whole list. Discussion/comments are appreciated.
For rnp
:
Following commands and configuration parameters should be supported:
-s, --sign sign a file or stdin. May be stacked with -e (to produce signed and encrypted data).
[--signer] : signing key id or user id, may be multiple for multiple signing keys
[--hash] : hash algorithm where it is applicable (mostly for RSA)
[--duration] : signature validity duration, as 120d, 1y etc
[--creationtime] : signature validity start
[-z 0..9] : compression level for the stored data (not applicable for detached)
[--zlib, --bzip, --zip] : compression algorithm selection
[-a, --armour] : armored output
[--detached] : produce detached signature
[--cleartext] : treat input as the text and produce cleartext signature
[--filename] : set the signed data filename to the specified value (for stdin signing or if out file name must be different from source)
[--output] : output file name
[--password] : password for the secret key
[--pass-fd] : file descriptor for password input
--verify verify file’s/stdin’s signature. Also can be used to verify detached signature
--verify-cat verify signature and display output/save it to the file
[--output] : output file name
-e, --encrypt encrypt data
[--recipient] : recipient(s) key id or user id
[--encalg] : encryption algorithm, i.e. ‘aes-256’ and so on
[-z 0..9] : compression level for the stored data
[--zlib, --bzip, --zip] : compression algorithm selection
[-a, --armour] : armored output
[--filename] : set the encrypted data filename to the specified value (for stdin signing or if out file name must be different from source)
[--output] : output file name
-d, --decrypt decrypt data (default)
-c, --symmetric encryption with password. May be stacked with -e. All parameters from -e, except --userid, apply.
[--password] : password for symmetric encryption
[--pass-fd] : file descriptor for password input
-j [--json] : batch/json input mode : input to the CLI is in JSON format where all commands and parameters are specified
For rnpkeys
:
-k, --list-keys list keys
--generate-key generate a new key pair
[--rsa, --dsa, --ecdsa, --eddsa] : choose key algorithm accordingly
[--bits, --numbits] : number of key bits where applicable (RSA/DSA)
[--curve] : curve for ECDSA
[--password] : password for key encryption
[--pass-fd] : file descriptor for password input
[--hash] : hash algorithm for s2k
[--iterations] : number of iterations for s2k
[--subkey-bits] : number of bits in subkey
[--userid] : user id of key owner
[--expires] : key expiration time
--delete-keys remove keys with specified id/user id from the public keyring
--delete-secret-keys remove keys with specified id/user id from the secret keyring
--generate-interactive full featured (interactive) key pair generation
--export export keys
--import import/merge keys
--add-user-id add user id to the key
--add-subkey add subway to the key
--change-password change password of the key and/or s2k parameters
--sign-key sign public key with other key
--trust-key change public key trust parameters
-j [--json] : batch/json input mode : input to the CLI is in JSON format where all commands and parameters are specified
(Nitpick - I think we should stop using the terms birthtime and duration, and eventually purge them from the code. Instead, we should use what the RFC uses: creation time and expiration time.)
Completely agree on this. Created #329.
-z
we should also allow selecting compression algorithms, such as bzip
.hashalg
and encalg
we should allow choice of asymmetric algorithm. (-e
)@ronaldtse Asymmetric algorithm is picked according to the key used, or what do you mean? Agree, adding compression algorithm selection to the comment.
Ah you're right. I got confused with the userid
argument 😉 . Maybe it should really have separate user-id
and key-id
arguments.
We can separate it so user-id
will be used only in key context - generation, addition of user id.
And for signing/encryption we may use signer
and recipient
. This would also help to distinguish keys when data is signed-and-encrypted. What do you think?
I agree, the signer
and recipient
distinction is more clear for users, especially if they are combined with the key identification.
The compression selection is also mentioned in #359 .
@dewyatt @catap do the above command line options look good to you?
They look great to me.
Thanks @dewyatt 👍
Same for me!
@ni4 could you help update the full list of commands according to https://github.com/riboseinc/rnp/issues/514 ? Then we can start implementing them. Thanks!
Description
"must have full support" for @flowher:
For
rnp
:Maybe in a separate CLI
rnpk
orrekey
using librekey:Steps to Reproduce
N/A.
Expected Behavior
All of the listed commands are working.
Actual Behavior
N/A.