[][src]Struct sequoia_openpgp::cert::UserIDRevocationBuilder

pub struct UserIDRevocationBuilder { /* fields omitted */ }

A UserID revocation builder.

Note: this function has three degrees of freedom: the Cert, the key used to generate the revocation, and the user id.

Normally, the key used to generate the revocation is the Cert's primary key, and the user id is a user id that is bound to the Cert. However, this is not required.

If Alice has marked Robert's key (R) as a designated revoker for her key (A), then R can revoke A or parts of A. In this case, the Cert is A, the key used to generate the revocation comes from R, and the User ID is bound to A.

But, the component doesn't technically need to be bound to the Cert. For instance, it is possible for R to revoke the User ID "bob@example.org" in the context of A, even if "bob@example.org" is not bound to A.

Example

use sequoia_openpgp::cert::prelude::*;
use sequoia_openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

// Generate a Cert, and create a keypair from the primary key.
let (cert, _) = CertBuilder::new()
    .add_userid("some@example.org")
    .generate()?;
let mut keypair = cert.primary_key().key().clone()
    .parts_into_secret()?.into_keypair()?;
let ca = cert.userids().nth(0).unwrap();

// Generate the revocation for the first and only UserID.
let revocation =
    UserIDRevocationBuilder::new()
        .set_reason_for_revocation(
            ReasonForRevocation::KeyRetired,
            b"Left example.org.").unwrap()
        .build(&mut keypair, &cert, ca.userid(), None)?;
assert_eq!(revocation.typ(), SignatureType::CertificationRevocation);

// Now merge the revocation signature into the Cert.
let cert = cert.merge_packets(vec![revocation.clone().into()])?;

// Check that it is revoked.
let userid = cert.userids().with_policy(p, None).nth(0).unwrap();
if let RevocationStatus::Revoked(revocations) = userid.revoked() {
    assert_eq!(revocations.len(), 1);
    assert_eq!(*revocations[0], revocation);
} else {
    panic!("UserID is not revoked.");
}

Implementations

impl UserIDRevocationBuilder[src]

pub fn new() -> Self[src]

Returns a new UserIDRevocationBuilder.

pub fn set_reason_for_revocation(
    self,
    code: ReasonForRevocation,
    reason: &[u8]
) -> Result<Self>
[src]

Sets the reason for revocation.

pub fn set_signature_creation_time(
    self,
    creation_time: SystemTime
) -> Result<Self>
[src]

Sets the revocation signature's creation time.

pub fn build<H>(
    self,
    signer: &mut dyn Signer,
    cert: &Cert,
    userid: &UserID,
    hash_algo: H
) -> Result<Signature> where
    H: Into<Option<HashAlgorithm>>, 
[src]

Returns a revocation certificate for the cert Cert signed by signer.

Methods from Deref<Target = Builder>

pub fn version(&self) -> u8[src]

Gets the version.

pub fn typ(&self) -> SignatureType[src]

Gets the signature type.

pub fn pk_algo(&self) -> PublicKeyAlgorithm[src]

Gets the public key algorithm.

pub fn hash_algo(&self) -> HashAlgorithm[src]

Gets the hash algorithm.

Trait Implementations

impl Deref for UserIDRevocationBuilder[src]

type Target = Builder

The resulting type after dereferencing.

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,