[][src]Struct sequoia_openpgp::parse::stream::Verifier

pub struct Verifier<'a, H: VerificationHelper> { /* fields omitted */ }

Verifies a signed OpenPGP message.

Signature verification requires processing the whole message first. Therefore, OpenPGP implementations supporting streaming operations necessarily must output unverified data. This has been a source of problems in the past. To alleviate this, we buffer the message first (up to 25 megabytes of net message data by default, see DEFAULT_BUFFER_SIZE), and verify the signatures if the message fits into our buffer. Nevertheless it is important to treat the data as unverified and untrustworthy until you have seen a positive verification.

For a signature to be considered valid: The signature must have a Signature Creation Time subpacket. The signature must be alive at the signature verification time (the time passed to Verifier::from_reader). The key used to verify the signature must be alive at the signature creation time, not have been soft revoked at the signature creation time, not have ever been hard revoked, and be signing capable at the signature creation time.


use std::io::Read;
use sequoia_openpgp as openpgp;
use openpgp::{KeyHandle, Cert, Result};
use openpgp::parse::stream::*;
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

// This fetches keys and computes the validity of the verification.
struct Helper {};
impl VerificationHelper for Helper {
    fn get_certs(&mut self, ids: &[KeyHandle]) -> Result<Vec<Cert>> {
        let mut certs = Vec::new();
        for id in ids {

    fn check(&mut self, structure: MessageStructure) -> Result<()> {
        for (i, layer) in structure.into_iter().enumerate() {
            match layer {
                MessageLayer::Encryption { .. } if i == 0 => (),
                MessageLayer::Compression { .. } if i == 1 => (),
                MessageLayer::SignatureGroup { ref results } => {
                    if ! results.iter().any(|r| r.is_ok()) {
                        return Err(anyhow::anyhow!(
                                       "No valid signature"));
                _ => return Err(anyhow::anyhow!(
                                    "Unexpected message structure")),

let message =
   b"-----BEGIN PGP MESSAGE-----

     -----END PGP MESSAGE-----

let h = Helper {};
let mut v = VerifierBuilder::from_bytes(&message[..])?
    .with_policy(p, None, h)?;

let mut content = Vec::new();
v.read_to_end(&mut content)?;
assert_eq!(content, b"Hello World!");


impl<'a, H: VerificationHelper> Verifier<'a, H>[src]

pub fn helper_ref(&self) -> &H[src]

Returns a reference to the helper.

pub fn helper_mut(&mut self) -> &mut H[src]

Returns a mutable reference to the helper.

pub fn into_helper(self) -> H[src]

Recovers the helper.

pub fn message_processed(&self) -> bool[src]

Returns true if the whole message has been processed and the verification result is ready.

If the function returns false the message did not fit into the internal buffer and unverified data must be read() from the instance until EOF.

Trait Implementations

impl<'a, H: VerificationHelper> Read for Verifier<'a, H>[src]

Auto Trait Implementations

impl<'a, H> !RefUnwindSafe for Verifier<'a, H>

impl<'a, H> !Send for Verifier<'a, H>

impl<'a, H> !Sync for Verifier<'a, H>

impl<'a, H> Unpin for Verifier<'a, H> where
    H: Unpin

impl<'a, H> !UnwindSafe for Verifier<'a, H>

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized

impl<T> Borrow<T> for T where
    T: ?Sized

impl<T> BorrowMut<T> for T where
    T: ?Sized

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.