Struct sequoia_openpgp::cert::amalgamation::key::ValidKeyAmalgamation[][src]

pub struct ValidKeyAmalgamation<'a, P, R, R2> where
    P: 'a + KeyParts,
    R: 'a + KeyRole,
    R2: Copy
{ /* fields omitted */ }
Expand description

A KeyAmalgamation plus a Policy and a reference time.

In the same way that a ValidComponentAmalgamation extends a ComponentAmalgamation, a ValidKeyAmalgamation extends a KeyAmalgamation: a ValidKeyAmalgamation combines a KeyAmalgamation, a Policy, and a reference time. This allows it to implement the ValidAmalgamation trait, which provides methods like ValidAmalgamation::binding_signature that require a Policy and a reference time. Although KeyAmalgamation could implement these methods by requiring that the caller explicitly pass them in, embedding them in the ValidKeyAmalgamation helps ensure that multipart operations, even those that span multiple functions, use the same Policy and reference time.

A ValidKeyAmalgamation can be obtained by transforming a KeyAmalgamation using ValidateAmalgamation::with_policy. A KeyAmalgamationIter can also be changed to yield ValidKeyAmalgamations.

A ValidKeyAmalgamation is guaranteed to come from a valid certificate, and have a valid and live binding signature at the specified reference time. Note: this only means that the binding signatures are live; it says nothing about whether the certificate or the Key is live and non-revoked. If you care about those things, you need to check them separately.

Examples:

Find all non-revoked, live, signing-capable keys:

use openpgp::policy::StandardPolicy;
use openpgp::types::RevocationStatus;

let p = &StandardPolicy::new();

// `with_policy` ensures that the certificate and any components
// that it returns have valid *binding signatures*.  But, we still
// need to check that the certificate and `Key` are not revoked,
// and live.
//
// Note: `ValidKeyAmalgamation::revocation_status`, etc. use the
// embedded policy and timestamp.  Even though we used `None` for
// the timestamp (i.e., now), they are guaranteed to use the same
// timestamp, because `with_policy` eagerly transforms it into
// the current time.
let cert = cert.with_policy(p, None)?;
if let RevocationStatus::Revoked(_revs) = cert.revocation_status() {
    // Revoked by the certificate holder.  (If we care about
    // designated revokers, then we need to check those
    // ourselves.)
} else if let Err(_err) = cert.alive() {
    // Certificate was created in the future or is expired.
} else {
    // `ValidCert::keys` returns `ValidKeyAmalgamation`s.
    for ka in cert.keys() {
        if let RevocationStatus::Revoked(_revs) = ka.revocation_status() {
            // Revoked by the key owner.  (If we care about
            // designated revokers, then we need to check those
            // ourselves.)
        } else if let Err(_err) = ka.alive() {
            // Key was created in the future or is expired.
        } else if ! ka.for_signing() {
            // We're looking for a signing-capable key, skip this one.
        } else {
            // Use it!
        }
    }
}

Implementations

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to UnspecifiedParts.

Returns whether the key is alive as of the amalgamation’s reference time.

A ValidKeyAmalgamation is guaranteed to have a live binding signature. This is independent of whether the component is live.

If the certificate is not alive as of the reference time, no subkey can be alive.

This function considers both the binding signature and the direct key signature. Information in the binding signature takes precedence over the direct key signature. See Section 5.2.3.3 of RFC 4880.

For a definition of liveness, see the key_alive method.

Examples

use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let ka = cert.primary_key().with_policy(p, None)?;
if let Err(_err) = ka.alive() {
    // Not alive.
}

Returns the wrapped KeyAmalgamation.

Examples

use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let ka = cert.primary_key();

// `with_policy` takes ownership of `ka`.
let vka = ka.with_policy(p, None)?;

// And here we get it back:
let ka = vka.into_key_amalgamation();

Creates signatures that cause the key to expire at the specified time.

This function creates new binding signatures that cause the key to expire at the specified time when integrated into the certificate. For the primary key, it is necessary to create a new self-signature for each non-revoked User ID, and to create a direct key signature. This is needed, because the primary User ID is first consulted when determining the primary key’s expiration time, and certificates can be distributed with a possibly empty subset of User IDs.

Setting a key’s expiry time means updating an existing binding signature—when looking up information, only one binding signature is normally considered, and we don’t want to drop the other information stored in the current binding signature. This function uses the binding signature determined by ValidKeyAmalgamation’s policy and reference time for this.

Examples

use std::time;
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let vc = cert.with_policy(p, None)?;

// Assert that the primary key is not expired.
assert!(vc.primary_key().alive().is_ok());

// Make the primary key expire in a week.
let t = time::SystemTime::now()
    + time::Duration::from_secs(7 * 24 * 60 * 60);

// We assume that the secret key material is available, and not
// password protected.
let mut signer = vc.primary_key()
    .key().clone().parts_into_secret()?.into_keypair()?;

let sigs = vc.primary_key().set_expiration_time(&mut signer, Some(t))?;
let cert = cert.insert_packets(sigs)?;

// The primary key isn't expired yet.
let vc = cert.with_policy(p, None)?;
assert!(vc.primary_key().alive().is_ok());

// But in two weeks, it will be...
let t = time::SystemTime::now()
    + time::Duration::from_secs(2 * 7 * 24 * 60 * 60);
let vc = cert.with_policy(p, t)?;
assert!(vc.primary_key().alive().is_err());

Creates signatures that cause the key to expire at the specified time.

This function creates new binding signatures that cause the key to expire at the specified time when integrated into the certificate. For subkeys, a single Signature is returned.

Setting a key’s expiry time means updating an existing binding signature—when looking up information, only one binding signature is normally considered, and we don’t want to drop the other information stored in the current binding signature. This function uses the binding signature determined by ValidKeyAmalgamation’s policy and reference time for this.

When updating the expiration time of signing-capable subkeys, we need to create a new primary key binding signature. Therefore, we need a signer for the subkey. If subkey_signer is None, and this is a signing-capable subkey, this function fails with Error::InvalidArgument. Likewise, this function fails if subkey_signer is not None when updating the expiration of an non signing-capable subkey.

Examples

use std::time;
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let vc = cert.with_policy(p, None)?;

// Assert that the keys are not expired.
for ka in vc.keys() {
    assert!(ka.alive().is_ok());
}

// Make the keys expire in a week.
let t = time::SystemTime::now()
    + time::Duration::from_secs(7 * 24 * 60 * 60);

// We assume that the secret key material is available, and not
// password protected.
let mut primary_signer = vc.primary_key()
    .key().clone().parts_into_secret()?.into_keypair()?;
let mut signing_subkey_signer = vc.keys().for_signing().nth(0).unwrap()
    .key().clone().parts_into_secret()?.into_keypair()?;

let mut sigs = Vec::new();
for ka in vc.keys() {
    if ! ka.for_signing() {
        // Non-signing-capable subkeys are easy to update.
        sigs.append(&mut ka.set_expiration_time(&mut primary_signer,
                                                None, Some(t))?);
    } else {
        // Signing-capable subkeys need to create a primary
        // key binding signature with the subkey:
        assert!(ka.set_expiration_time(&mut primary_signer,
                                       None, Some(t)).is_err());

        // Here, we need the subkey's signer:
        sigs.append(&mut ka.set_expiration_time(&mut primary_signer,
                                                Some(&mut signing_subkey_signer),
                                                Some(t))?);
    }
}
let cert = cert.insert_packets(sigs)?;

// They aren't expired yet.
let vc = cert.with_policy(p, None)?;
for ka in vc.keys() {
    assert!(ka.alive().is_ok());
}

// But in two weeks, they will be...
let t = time::SystemTime::now()
    + time::Duration::from_secs(2 * 7 * 24 * 60 * 60);
let vc = cert.with_policy(p, t)?;
for ka in vc.keys() {
    assert!(ka.alive().is_err());
}

Creates signatures that cause the key to expire at the specified time.

This function creates new binding signatures that cause the key to expire at the specified time when integrated into the certificate. For subkeys, only a single Signature is returned. For the primary key, however, it is necessary to create a new self-signature for each non-revoked User ID, and to create a direct key signature. This is needed, because the primary User ID is first consulted when determining the primary key’s expiration time, and certificates can be distributed with a possibly empty subset of User IDs.

Setting a key’s expiry time means updating an existing binding signature—when looking up information, only one binding signature is normally considered, and we don’t want to drop the other information stored in the current binding signature. This function uses the binding signature determined by ValidKeyAmalgamation’s policy and reference time for this.

When updating the expiration time of signing-capable subkeys, we need to create a new primary key binding signature. Therefore, we need a signer for the subkey. If subkey_signer is None, and this is a signing-capable subkey, this function fails with Error::InvalidArgument. Likewise, this function fails if subkey_signer is not None when updating the expiration of the primary key, or an non signing-capable subkey.

Examples

use std::time;
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let vc = cert.with_policy(p, None)?;

// Assert that the keys are not expired.
for ka in vc.keys() {
    assert!(ka.alive().is_ok());
}

// Make the keys expire in a week.
let t = time::SystemTime::now()
    + time::Duration::from_secs(7 * 24 * 60 * 60);

// We assume that the secret key material is available, and not
// password protected.
let mut primary_signer = vc.primary_key()
    .key().clone().parts_into_secret()?.into_keypair()?;
let mut signing_subkey_signer = vc.keys().for_signing().nth(0).unwrap()
    .key().clone().parts_into_secret()?.into_keypair()?;

let mut sigs = Vec::new();
for ka in vc.keys() {
    if ! ka.for_signing() {
        // Non-signing-capable subkeys are easy to update.
        sigs.append(&mut ka.set_expiration_time(&mut primary_signer,
                                                None, Some(t))?);
    } else {
        // Signing-capable subkeys need to create a primary
        // key binding signature with the subkey:
        assert!(ka.set_expiration_time(&mut primary_signer,
                                       None, Some(t)).is_err());

        // Here, we need the subkey's signer:
        sigs.append(&mut ka.set_expiration_time(&mut primary_signer,
                                                Some(&mut signing_subkey_signer),
                                                Some(t))?);
    }
}
let cert = cert.insert_packets(sigs)?;

// They aren't expired yet.
let vc = cert.with_policy(p, None)?;
for ka in vc.keys() {
    assert!(ka.alive().is_ok());
}

// But in two weeks, they will be...
let t = time::SystemTime::now()
    + time::Duration::from_secs(2 * 7 * 24 * 60 * 60);
let vc = cert.with_policy(p, t)?;
for ka in vc.keys() {
    assert!(ka.alive().is_err());
}

Returns the key’s Key Flags.

A Key’s Key Flags holds information about the key. As of RFC 4880, this information is primarily concerned with the key’s capabilities (e.g., whether it may be used for signing). The other information that has been defined is: whether the key has been split using something like SSS, and whether the primary key material is held by multiple parties. In practice, the latter two flags are ignored.

As per Section 5.2.3.3 of RFC 4880, when looking for the Key Flags, the key’s binding signature is first consulted (in the case of the primary Key, this is the binding signature of the primary User ID). If the Key Flags subpacket is not present, then the direct key signature is consulted.

Since the key flags are taken from the active self signature, a key’s flags may change depending on the policy and the reference time.

Examples

let ka = cert.primary_key();
println!("Primary Key's Key Flags: {:?}", ka.key_flags());

Returns whether the key has at least one of the specified key flags.

The key flags are looked up as described in ValidKeyAmalgamation::key_flags.

Examples

Finds keys that may be used for transport encryption (data in motion) or storage encryption (data at rest):

use openpgp::policy::StandardPolicy;
use openpgp::types::KeyFlags;

let p = &StandardPolicy::new();

for ka in cert.keys().with_policy(p, None) {
    if ka.has_any_key_flag(KeyFlags::empty()
       .set_storage_encryption()
       .set_transport_encryption())
    {
        // `ka` is encryption capable.
    }
}

Returns whether the key is certification capable.

Note: Section 12.1 of RFC 4880 says that the primary key is certification capable independent of the Key Flags subpacket:

In a V4 key, the primary key MUST be a key capable of certification.

This function only reflects what is stored in the Key Flags packet; it does not implicitly set this flag. In practice, there are keys whose primary key’s Key Flags do not have the certification capable flag set. Some versions of netpgp, for instance, create keys like this. Sequoia’s higher-level functionality correctly handles these keys by always considering the primary key to be certification capable. Users of this interface should too.

The key flags are looked up as described in ValidKeyAmalgamation::key_flags.

Examples

Finds keys that are certification capable:

use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

for ka in cert.keys().with_policy(p, None) {
    if ka.primary() || ka.for_certification() {
        // `ka` is certification capable.
    }
}

Returns whether the key is signing capable.

The key flags are looked up as described in ValidKeyAmalgamation::key_flags.

Examples

Finds keys that are signing capable:

use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

for ka in cert.keys().with_policy(p, None) {
    if ka.for_signing() {
        // `ka` is signing capable.
    }
}

Returns whether the key is authentication capable.

The key flags are looked up as described in ValidKeyAmalgamation::key_flags.

Examples

Finds keys that are authentication capable:

use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

for ka in cert.keys().with_policy(p, None) {
    if ka.for_authentication() {
        // `ka` is authentication capable.
    }
}

Returns whether the key is storage-encryption capable.

OpenPGP distinguishes two types of encryption keys: those for storage (data at rest) and those for transport (data in transit). Most OpenPGP implementations, however, don’t distinguish between them in practice. Instead, when they create a new encryption key, they just set both flags. Likewise, when encrypting a message, it is not typically possible to indicate the type of protection that is needed. Sequoia supports creating keys with only one of these flags set, and makes it easy to select the right type of key when encrypting messages.

The key flags are looked up as described in ValidKeyAmalgamation::key_flags.

Examples

Finds keys that are storage-encryption capable:

use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

for ka in cert.keys().with_policy(p, None) {
    if ka.for_storage_encryption() {
        // `ka` is storage-encryption capable.
    }
}

Returns whether the key is transport-encryption capable.

OpenPGP distinguishes two types of encryption keys: those for storage (data at rest) and those for transport (data in transit). Most OpenPGP implementations, however, don’t distinguish between them in practice. Instead, when they create a new encryption key, they just set both flags. Likewise, when encrypting a message, it is not typically possible to indicate the type of protection that is needed. Sequoia supports creating keys with only one of these flags set, and makes it easy to select the right type of key when encrypting messages.

The key flags are looked up as described in ValidKeyAmalgamation::key_flags.

Examples

Finds keys that are transport-encryption capable:

use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

for ka in cert.keys().with_policy(p, None) {
    if ka.for_transport_encryption() {
        // `ka` is transport-encryption capable.
    }
}

Returns how long the key is live.

This returns how long the key is live relative to its creation time. Use ValidKeyAmalgamation::key_expiration_time to get the key’s absolute expiry time.

This function considers both the binding signature and the direct key signature. Information in the binding signature takes precedence over the direct key signature. See Section 5.2.3.3 of RFC 4880.

Examples

use std::time;
use std::convert::TryInto;
use openpgp::policy::StandardPolicy;
use openpgp::types::Timestamp;

let p = &StandardPolicy::new();

// OpenPGP Timestamps have a one-second resolution.  Since we
// want to round trip the time, round it down.
let now: Timestamp = time::SystemTime::now().try_into()?;
let now: time::SystemTime = now.try_into()?;

let a_week = time::Duration::from_secs(7 * 24 * 60 * 60);

let (cert, _) =
    CertBuilder::general_purpose(None, Some("alice@example.org"))
    .set_creation_time(now)
    .set_validity_period(a_week)
    .generate()?;

assert_eq!(cert.primary_key().with_policy(p, None)?.key_validity_period(),
           Some(a_week));

Returns the key’s expiration time.

If this function returns None, the key does not expire.

This returns the key’s expiration time. Use ValidKeyAmalgamation::key_validity_period to get the duration of the key’s lifetime.

This function considers both the binding signature and the direct key signature. Information in the binding signature takes precedence over the direct key signature. See Section 5.2.3.3 of RFC 4880.

Examples

use std::time;
use std::convert::TryInto;
use openpgp::policy::StandardPolicy;
use openpgp::types::Timestamp;

let p = &StandardPolicy::new();

// OpenPGP Timestamps have a one-second resolution.  Since we
// want to round trip the time, round it down.
let now: Timestamp = time::SystemTime::now().try_into()?;
let now: time::SystemTime = now.try_into()?;
let a_week = time::Duration::from_secs(7 * 24 * 60 * 60);
let a_week_later = now + a_week;

let (cert, _) =
    CertBuilder::general_purpose(None, Some("alice@example.org"))
    .set_creation_time(now)
    .set_validity_period(a_week)
    .generate()?;

assert_eq!(cert.primary_key().with_policy(p, None)?.key_expiration_time(),
           Some(a_week_later));

Methods from Deref<Target = KeyAmalgamation<'a, P, R, R2>>

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Changes the key’s parts tag to PublicParts.

Changes the key’s parts tag to SecretParts.

Changes the key’s parts tag to UnspecifiedParts.

Returns the KeyAmalgamation’s ComponentAmalgamation.

Returns the KeyAmalgamation’s key.

Normally, a type implementing KeyAmalgamation eventually derefs to a Key, however, this method provides a more accurate lifetime. See the documentation for ComponentAmalgamation::component for an explanation.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

The resulting type after dereferencing.

Dereferences the value.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Returns the valid amalgamation’s associated certificate. Read more

Returns the amalgamation’s reference time. Read more

Returns the amalgamation’s policy. Read more

Returns the component’s binding signature as of the reference time. Read more

Returns the component’s revocation status as of the amalgamation’s reference time. Read more

Returns a list of any designated revokers for this component. Read more

Maps the given function over binding and direct key signature. Read more

Returns the certificate’s direct key signature as of the reference time, if any. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Performs the conversion.

Performs the conversion.

Should always be Self

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

recently added

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.