Type Definition sequoia_openpgp::cert::amalgamation::key::ValidPrimaryKeyAmalgamation

source · [−]

pub type ValidPrimaryKeyAmalgamation<'a, P> = ValidKeyAmalgamation<'a, P, PrimaryRole, ()>;

Expand description

A Valid primary Key, and its associated data.

A specialized version of ValidKeyAmalgamation.

Implementations

source

impl<'a, P> ValidPrimaryKeyAmalgamation<'a, P> where
P: KeyParts,

source

pub fn parts_into_public(self) -> ValidPrimaryKeyAmalgamation<'a, PublicParts>

Changes the key’s parts tag to PublicParts.

source

pub fn parts_as_public(
&'a self
) -> &'a ValidPrimaryKeyAmalgamation<'a, PublicParts>

Changes the key’s parts tag to PublicParts.

source

pub fn parts_into_secret(
self
) -> Result<ValidPrimaryKeyAmalgamation<'a, SecretParts>>

Changes the key’s parts tag to SecretParts.

source

pub fn parts_as_secret(
&'a self
) -> Result<&'a ValidPrimaryKeyAmalgamation<'a, SecretParts>>

Changes the key’s parts tag to SecretParts.

source

pub fn parts_into_unspecified(
self
) -> ValidPrimaryKeyAmalgamation<'a, UnspecifiedParts>

Changes the key’s parts tag to UnspecifiedParts.

source

pub fn parts_as_unspecified(
&'a self
) -> &ValidPrimaryKeyAmalgamation<'a, UnspecifiedParts>

Changes the key’s parts tag to UnspecifiedParts.

source

impl<'a, P> ValidPrimaryKeyAmalgamation<'a, P> where
P: 'a + KeyParts,

source

pub fn set_expiration_time(
    &self,
    primary_signer: &mut dyn Signer,
    expiration: Option<SystemTime>
) -> Result<Vec<Signature>>

Creates signatures that cause the key to expire at the specified time.

This function creates new binding signatures that cause the key to expire at the specified time when integrated into the certificate. For the primary key, it is necessary to create a new self-signature for each non-revoked User ID, and to create a direct key signature. This is needed, because the primary User ID is first consulted when determining the primary key’s expiration time, and certificates can be distributed with a possibly empty subset of User IDs.

Setting a key’s expiry time means updating an existing binding signature—when looking up information, only one binding signature is normally considered, and we don’t want to drop the other information stored in the current binding signature. This function uses the binding signature determined by ValidKeyAmalgamation’s policy and reference time for this.

Examples

use std::time;
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let vc = cert.with_policy(p, None)?;

// Assert that the primary key is not expired.
assert!(vc.primary_key().alive().is_ok());

// Make the primary key expire in a week.
let t = time::SystemTime::now()
    + time::Duration::from_secs(7 * 24 * 60 * 60);

// We assume that the secret key material is available, and not
// password protected.
let mut signer = vc.primary_key()
    .key().clone().parts_into_secret()?.into_keypair()?;

let sigs = vc.primary_key().set_expiration_time(&mut signer, Some(t))?;
let cert = cert.insert_packets(sigs)?;

// The primary key isn't expired yet.
let vc = cert.with_policy(p, None)?;
assert!(vc.primary_key().alive().is_ok());

// But in two weeks, it will be...
let t = time::SystemTime::now()
    + time::Duration::from_secs(2 * 7 * 24 * 60 * 60);
let vc = cert.with_policy(p, t)?;
assert!(vc.primary_key().alive().is_err());

Trait Implementations

source