Note: This documents the main development branch. For specific versions, see docs.rs.

logo

Struct sequoia_openpgp::cert::amalgamation::key::KeyAmalgamation

source · []
pub struct KeyAmalgamation<'a, P, R, R2> where
    P: 'a + KeyParts,
    R: 'a + KeyRole { /* private fields */ }
Expand description

A key, and its associated data, and useful methods.

A KeyAmalgamation is like a ComponentAmalgamation, but specialized for keys. Due to the requirement to keep track of the key’s role when it is erased (see the module’s documentation for more details), this is a different data structure rather than a specialized type alias.

Generally, you won’t use this type directly, but instead use PrimaryKeyAmalgamation, SubordinateKeyAmalgamation, or ErasedKeyAmalgamation.

A KeyAmalgamation is returned by Cert::primary_key, and Cert::keys.

KeyAmalgamation implements ValidateAmalgamation, which allows you to turn a KeyAmalgamation into a ValidKeyAmalgamation using KeyAmalgamation::with_policy.

Examples

Iterating over all keys:

for ka in cert.keys() {
    let ka: ErasedKeyAmalgamation<_> = ka;
}

Getting the primary key:

let ka: PrimaryKeyAmalgamation<_> = cert.primary_key();

Iterating over just the subkeys:

// We can skip the primary key (it's always first):
for ka in cert.keys().skip(1) {
    let ka: ErasedKeyAmalgamation<_> = ka;
}

// Or use `subkeys`, which returns a more accurate type:
for ka in cert.keys().subkeys() {
    let ka: SubordinateKeyAmalgamation<_> = ka;
}

Implementations

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to UnspecifiedParts.

Returns the KeyAmalgamation’s ComponentAmalgamation.

Returns the KeyAmalgamation’s key.

Normally, a type implementing KeyAmalgamation eventually derefs to a Key, however, this method provides a more accurate lifetime. See the documentation for ComponentAmalgamation::component for an explanation.

Methods from Deref<Target = ComponentAmalgamation<'a, Key<P, R>>>

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s role tag to PrimaryRole.

Changes the key’s role tag to SubordinateRole.

Changes the key’s role tag to UnspecifiedRole.

Returns the component’s associated certificate.

for u in cert.userids() {
    // It's not only an identical `Cert`, it's the same one.
    assert!(std::ptr::eq(u.cert(), &cert));
}

Returns this amalgamation’s bundle.

Note: although ComponentAmalgamation derefs to a &ComponentBundle, this method provides a more accurate lifetime, which is helpful when returning the reference from a function. See the module’s documentation for more details.

Examples
use openpgp::cert::prelude::*;
use openpgp::packet::prelude::*;

cert.userids()
    .map(|ua| {
        // The following doesn't work:
        //
        //   let b: &ComponentBundle<_> = &ua; b
        //
        // Because ua's lifetime is this closure and autoderef
        // assigns `b` the same lifetime as `ua`.  `bundle()`,
        // however, returns a reference whose lifetime is that
        // of `cert`.
        ua.bundle()
    })
    .collect::<Vec<&ComponentBundle<_>>>();

Returns this amalgamation’s component.

Note: although ComponentAmalgamation derefs to a &Component (via &ComponentBundle), this method provides a more accurate lifetime, which is helpful when returning the reference from a function. See the module’s documentation for more details.

The component’s self-signatures.

The component’s third-party certifications.

The component’s revocations that were issued by the certificate holder.

The component’s revocations that were issued by other certificates.

Returns all of the component’s signatures.

Returns a reference to the User ID.

Note: although ComponentAmalgamation<UserID> derefs to a &UserID (via &ComponentBundle), this method provides a more accurate lifetime, which is helpful when returning the reference from a function. See the module’s documentation for more details.

Attests to third-party certifications.

This feature is experimental.

Allows the certificate owner to attest to third party certifications. See Section 5.2.3.30 of RFC 4880bis for details. This can be used to address certificate flooding concerns.

A policy is needed, because the expiration is updated by updating the current binding signatures.

Examples
let (alice, _) = CertBuilder::new()
    .add_userid("alice@example.org")
    .generate()?;
let mut alice_signer =
    alice.primary_key().key().clone().parts_into_secret()?
    .into_keypair()?;

let (bob, _) = CertBuilder::new()
    .add_userid("bob@example.org")
    .generate()?;
let mut bob_signer =
    bob.primary_key().key().clone().parts_into_secret()?
    .into_keypair()?;
let bob_pristine = bob.clone();

// Have Alice certify the binding between "bob@example.org" and
// Bob's key.
let alice_certifies_bob
    = bob.userids().next().unwrap().userid().bind(
        &mut alice_signer, &bob,
        SignatureBuilder::new(SignatureType::GenericCertification))?;
let bob = bob.insert_packets(vec![alice_certifies_bob.clone()])?;

// Have Bob attest that certification.
let bobs_uid = bob.userids().next().unwrap();
let attestations =
    bobs_uid.attest_certifications(
        policy,
        &mut bob_signer,
        bobs_uid.certifications())?;
let bob = bob.insert_packets(attestations)?;

assert_eq!(bob.bad_signatures().count(), 0);
assert_eq!(bob.userids().next().unwrap().certifications().next(),
           Some(&alice_certifies_bob));

Returns a reference to the User Attribute.

Note: although ComponentAmalgamation<UserAttribute> derefs to a &UserAttribute (via &ComponentBundle), this method provides a more accurate lifetime, which is helpful when returning the reference from a function. See the module’s documentation for more details.

Attests to third-party certifications.

This feature is experimental.

Allows the certificate owner to attest to third party certifications. See Section 5.2.3.30 of RFC 4880bis for details. This can be used to address certificate flooding concerns.

A policy is needed, because the expiration is updated by updating the current binding signatures.

Examples

See UserIDAmalgamation::attest_certifications#examples.

Methods from Deref<Target = ComponentBundle<C>>

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s role tag to PrimaryRole.

Changes the key’s role tag to SubordinateRole.

Changes the key’s role tag to UnspecifiedRole.

Returns a reference to the bundle’s component.

Examples
// Display some information about any unknown components.
for u in cert.unknowns() {
    eprintln!(" - {:?}", u.component());
}

Returns the active binding signature at time t.

The active binding signature is the most recent, non-revoked self-signature that is valid according to the policy and alive at time t (creation time <= t, t < expiry). If there are multiple such signatures then the signatures are ordered by their MPIs interpreted as byte strings.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

// Display information about each User ID's current active
// binding signature (the `time` parameter is `None`), if any.
for ua in cert.userids() {
    eprintln!("{:?}", ua.binding_signature(p, None));
}

Returns the component’s self-signatures.

The signatures are validated, and they are sorted by their creation time, most recent first.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for (i, ka) in cert.keys().enumerate() {
    eprintln!("Key #{} ({}) has {:?} self signatures",
              i, ka.fingerprint(),
              ka.bundle().self_signatures().len());
}

Returns the component’s third-party certifications.

The signatures are not validated. They are sorted by their creation time, most recent first.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for ua in cert.userids() {
    eprintln!("User ID {} has {:?} unverified, third-party certifications",
              String::from_utf8_lossy(ua.userid().value()),
              ua.bundle().certifications().len());
}

Returns the component’s revocations that were issued by the certificate holder.

The revocations are validated, and they are sorted by their creation time, most recent first.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for u in cert.userids() {
    eprintln!("User ID {} has {:?} revocation certificates.",
              String::from_utf8_lossy(u.userid().value()),
              u.bundle().self_revocations().len());
}

Returns the component’s revocations that were issued by other certificates.

The revocations are not validated. They are sorted by their creation time, most recent first.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for u in cert.userids() {
    eprintln!("User ID {} has {:?} unverified, third-party revocation certificates.",
              String::from_utf8_lossy(u.userid().value()),
              u.bundle().other_revocations().len());
}

Returns all of the component’s Attestation Key Signatures.

This feature is experimental.

The signatures are validated, and they are sorted by their creation time, most recent first.

A certificate owner can use Attestation Key Signatures to attest to third party certifications. Currently, only userid and user attribute certifications can be attested. See Section 5.2.3.30 of RFC 4880bis for details.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for (i, uid) in cert.userids().enumerate() {
    eprintln!("UserID #{} ({:?}) has {:?} attestation key signatures",
              i, uid.email(),
              uid.attestations().count());
}

Returns all of the component’s signatures.

Only the self-signatures are validated. The signatures are sorted first by type, then by creation time. The self revocations come first, then the self signatures, then any key attestation signatures, certifications, and third-party revocations coming last. This function may return additional types of signatures that could be associated to this component.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for (i, ka) in cert.keys().enumerate() {
    eprintln!("Key #{} ({}) has {:?} signatures",
              i, ka.fingerprint(),
              ka.signatures().count());
}

Returns a reference to the key.

This is just a type-specific alias for ComponentBundle::component.

Examples
// Display some information about the keys.
for ka in cert.keys() {
    eprintln!(" - {:?}", ka.key());
}

Returns the subkey’s revocation status at time t.

A subkey is revoked at time t if:

  • There is a live revocation at time t that is newer than all live self signatures at time t, or

  • There is a hard revocation (even if it is not live at time t, and even if there is a newer self-signature).

Note: Certs and subkeys have different criteria from User IDs and User Attributes.

Note: this only returns whether this subkey is revoked; it does not imply anything about the Cert or other components.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

// Display the subkeys' revocation status.
for ka in cert.keys().subkeys() {
    eprintln!(" Revocation status of {}: {:?}",
              ka.fingerprint(), ka.revocation_status(p, None));
}

Returns a reference to the User ID.

This is just a type-specific alias for ComponentBundle::component.

Examples
// Display some information about the User IDs.
for ua in cert.userids() {
    eprintln!(" - {:?}", ua.userid());
}

Returns the User ID’s revocation status at time t.

A User ID is revoked at time t if:

  • There is a live revocation at time t that is newer than all live self signatures at time t.

Note: Certs and subkeys have different criteria from User IDs and User Attributes.

Note: this only returns whether this User ID is revoked; it does not imply anything about the Cert or other components.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

// Display the User IDs' revocation status.
for ua in cert.userids() {
    eprintln!(" Revocation status of {}: {:?}",
              String::from_utf8_lossy(ua.userid().value()),
              ua.revocation_status(p, None));
}

Returns a reference to the User Attribute.

This is just a type-specific alias for ComponentBundle::component.

Examples
// Display some information about the User Attributes
for ua in cert.user_attributes() {
    eprintln!(" - {:?}", ua.user_attribute());
}

Returns the User Attribute’s revocation status at time t.

A User Attribute is revoked at time t if:

  • There is a live revocation at time t that is newer than all live self signatures at time t.

Note: Certs and subkeys have different criteria from User IDs and User Attributes.

Note: this only returns whether this User Attribute is revoked; it does not imply anything about the Cert or other components.

Examples
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

// Display the User Attributes' revocation status.
for (i, ua) in cert.user_attributes().enumerate() {
    eprintln!(" Revocation status of User Attribute #{}: {:?}",
              i, ua.revocation_status(p, None));
}

Returns a reference to the unknown component.

This is just a type-specific alias for ComponentBundle::component.

Examples
// Display some information about the User Attributes
for u in cert.unknowns() {
    eprintln!(" - {:?}", u.unknown());
}

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

The resulting type after dereferencing.

Dereferences the value.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

Converts to this type from the input type.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

source

fn __clone_box(&self, Private) -> *mut ()

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Should always be Self

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.