Struct sequoia_openpgp::cert::SubkeyRevocationBuilder[][src]

pub struct SubkeyRevocationBuilder { /* fields omitted */ }
Expand description

A builder for revocation certificates for subkeys.

A revocation certificate for a subkey has three degrees of freedom: the certificate, the key used to generate the revocation certificate, and the subkey being revoked.

Normally, the key used to sign the revocation certificate is the certificate’s primary key, and the subkey is a subkey that is bound to the certificate. However, this is not required. For instance, if Alice has marked Robert’s certificate (R) as a designated revoker for her certificate (A), then R can revoke A or parts of A. In such a case, the certificate is A, the key used to sign the revocation certificate comes from R, and the subkey being revoked is bound to A.

But, the subkey doesn’t technically need to be bound to the certificate either. For instance, it is technically possible for R to create a revocation certificate for a subkey in the context of A, even if that subkey is not bound to A. Semantically, such a revocation certificate is currently meaningless.

Examples

Revoke a subkey, which is now considered to be too weak:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::ReasonForRevocation;
use openpgp::types::RevocationStatus;
use openpgp::types::SignatureType;

let p = &StandardPolicy::new();

// Create and sign a revocation certificate.
let mut signer = cert.primary_key().key().clone()
    .parts_into_secret()?.into_keypair()?;
let subkey = cert.keys().subkeys().nth(0).unwrap();
let sig = SubkeyRevocationBuilder::new()
    .set_reason_for_revocation(ReasonForRevocation::KeyRetired,
                               b"Revoking due to the recent crypto vulnerabilities.")?
    .build(&mut signer, &cert, subkey.key(), None)?;

// Merge it into the certificate.
let cert = cert.insert_packets(sig.clone())?;

// Now it's revoked.
let subkey = cert.keys().subkeys().nth(0).unwrap();
if let RevocationStatus::Revoked(revocations) = subkey.revocation_status(p, None) {
    assert_eq!(revocations.len(), 1);
    assert_eq!(*revocations[0], sig);
} else {
    panic!("Subkey is not revoked.");
}

// But the certificate isn't.
assert_eq!(RevocationStatus::NotAsFarAsWeKnow,
           cert.revocation_status(p, None));

Implementations

Returns a new SubkeyRevocationBuilder.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;

let builder = SubkeyRevocationBuilder::new();

Sets the reason for revocation.

Examples

Revoke a possibly compromised subkey:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::types::ReasonForRevocation;

let builder = SubkeyRevocationBuilder::new()
    .set_reason_for_revocation(ReasonForRevocation::KeyCompromised,
                               b"I lost my smartcard.");

Sets the revocation certificate’s creation time.

The creation time is interpreted as the time at which the subkey should be considered revoked. For a soft revocation, artifacts created prior to the revocation are still considered valid.

You’ll usually want to set this explicitly and not use the current time. In particular, if a subkey is compromised, you’ll want to set this to the time when the compromise happened.

Examples

Create a revocation certificate for a subkey that was compromised yesterday:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;

let builder = SubkeyRevocationBuilder::new()
    .set_signature_creation_time(yesterday);

Adds a notation to the revocation certificate.

Unlike the SubkeyRevocationBuilder::set_notation method, this function does not first remove any existing notation with the specified name.

See SignatureBuilder::add_notation for further documentation.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::packet::signature::subpacket::NotationDataFlags;

let builder = CertRevocationBuilder::new().add_notation(
    "revocation-policy@example.org",
    "https://policy.example.org/cert-revocation-policy",
    NotationDataFlags::empty().set_human_readable(),
    false,
);

Sets a notation to the revocation certificate.

Unlike the SubkeyRevocationBuilder::add_notation method, this function first removes any existing notation with the specified name.

See SignatureBuilder::set_notation for further documentation.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::packet::signature::subpacket::NotationDataFlags;

let builder = CertRevocationBuilder::new().set_notation(
    "revocation-policy@example.org",
    "https://policy.example.org/cert-revocation-policy",
    NotationDataFlags::empty().set_human_readable(),
    false,
);

Returns a signed revocation certificate.

A revocation certificate is generated for cert and key and signed using signer with the specified hash algorithm. Normally, you should pass None to select the default hash algorithm.

Examples

Revoke a subkey, which is now considered to be too weak:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::ReasonForRevocation;

let p = &StandardPolicy::new();

// Create and sign a revocation certificate.
let mut signer = cert.primary_key().key().clone()
    .parts_into_secret()?.into_keypair()?;
let subkey = cert.keys().subkeys().nth(0).unwrap();
let sig = SubkeyRevocationBuilder::new()
    .set_reason_for_revocation(ReasonForRevocation::KeyRetired,
                               b"Revoking due to the recent crypto vulnerabilities.")?
    .build(&mut signer, &cert, subkey.key(), None)?;

Methods from Deref<Target = SignatureBuilder>

Trait Implementations

The resulting type after dereferencing.

Dereferences the value.

The type returned in the event of a conversion error.

Performs the conversion.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Performs the conversion.

Performs the conversion.

Should always be Self

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.