[][src]Struct sequoia_openpgp::parse::stream::Verifier

pub struct Verifier<'a, H: VerificationHelper> { /* fields omitted */ }

Verifies a signed OpenPGP message.

Signature verification requires processing the whole message first. Therefore, OpenPGP implementations supporting streaming operations necessarily must output unverified data. This has been a source of problems in the past. To alleviate this, we buffer up to 25 megabytes of net message data first, and verify the signatures if the message fits into our buffer. Nevertheless it is important to treat the data as unverified and untrustworthy until you have seen a positive verification.

For a signature to be considered valid: The signature must have a Signature Creation Time subpacket. The signature must be alive at the signature verification time (the time passed to Verifier::from_reader). The key used to verify the signature must be alive at the signature creation time, not have been soft revoked at the signature creation time, not have ever been hard revoked, and be signing capable at the signature creation time.

Example

extern crate sequoia_openpgp as openpgp;
extern crate failure;
use std::io::Read;
use openpgp::{KeyID, Cert, Result};
use openpgp::parse::stream::*;
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

// This fetches keys and computes the validity of the verification.
struct Helper {};
impl VerificationHelper for Helper {
    fn get_public_keys(&mut self, _ids: &[openpgp::KeyHandle]) -> Result<Vec<Cert>> {
        Ok(Vec::new()) // Feed the Certs to the verifier here...
    }
    fn check(&mut self, structure: MessageStructure) -> Result<()> {
        Ok(()) // Implement your verification policy here.
    }
}

let message =
   b"-----BEGIN PGP MESSAGE-----

     xA0DAAoWBpwMNI3YLBkByxJiAAAAAABIZWxsbyBXb3JsZCHCdQQAFgoAJwWCW37P
     8RahBI6MM/pGJjN5dtl5eAacDDSN2CwZCZAGnAw0jdgsGQAAeZQA/2amPbBXT96Q
     O7PFms9DRuehsVVrFkaDtjN2WSxI4RGvAQDq/pzNdCMpy/Yo7AZNqZv5qNMtDdhE
     b2WH5lghfKe/AQ==
     =DjuO
     -----END PGP MESSAGE-----";

let h = Helper {};
let mut v = Verifier::from_bytes(p, message, h, None)?;

let mut content = Vec::new();
v.read_to_end(&mut content)
    .map_err(|e| if e.get_ref().is_some() {
        // Wrapped failure::Error.  Recover it.
        failure::Error::from_boxed_compat(e.into_inner().unwrap())
    } else {
        // Plain io::Error.
        e.into()
    })?;

assert_eq!(content, b"Hello World!");

Methods

impl<'a, H: VerificationHelper> Verifier<'a, H>[src]

pub fn from_reader<R, T>(
    policy: &'a dyn Policy,
    reader: R,
    helper: H,
    t: T
) -> Result<Verifier<'a, H>> where
    R: Read + 'a,
    T: Into<Option<SystemTime>>, 
[src]

Creates a Verifier from the given reader.

Signature verifications are done relative to time t, or the current time, if t is None.

pub fn from_file<P, T>(
    policy: &'a dyn Policy,
    path: P,
    helper: H,
    t: T
) -> Result<Verifier<'a, H>> where
    P: AsRef<Path>,
    T: Into<Option<SystemTime>>, 
[src]

Creates a Verifier from the given file.

Signature verifications are done relative to time t, or the current time, if t is None.

pub fn from_bytes<T>(
    policy: &'a dyn Policy,
    bytes: &'a [u8],
    helper: H,
    t: T
) -> Result<Verifier<'a, H>> where
    T: Into<Option<SystemTime>>, 
[src]

Creates a Verifier from the given buffer.

Signature verifications are done relative to time t, or the current time, if t is None.

pub fn helper_ref(&self) -> &H[src]

Returns a reference to the helper.

pub fn helper_mut(&mut self) -> &mut H[src]

Returns a mutable reference to the helper.

pub fn into_helper(self) -> H[src]

Recovers the helper.

pub fn message_processed(&self) -> bool[src]

Returns true if the whole message has been processed and the verification result is ready. If the function returns false the message did not fit into the internal buffer and unverified data must be read() from the instance until EOF.

Trait Implementations

impl<'a, H: VerificationHelper> Read for Verifier<'a, H>[src]

fn read_vectored(&mut self, bufs: &mut [IoVecMut]) -> Result<usize, Error>[src]

🔬 This is a nightly-only experimental API. (iovec)

Like read, except that it reads into a slice of buffers. Read more

unsafe fn initializer(&self) -> Initializer[src]

🔬 This is a nightly-only experimental API. (read_initializer)

Determines if this Reader can work with buffers of uninitialized memory. Read more

fn read_to_end(&mut self, buf: &mut Vec<u8>) -> Result<usize, Error>
1.0.0
[src]

Read all bytes until EOF in this source, placing them into buf. Read more

fn read_to_string(&mut self, buf: &mut String) -> Result<usize, Error>
1.0.0
[src]

Read all bytes until EOF in this source, appending them to buf. Read more

fn read_exact(&mut self, buf: &mut [u8]) -> Result<(), Error>
1.6.0
[src]

Read the exact number of bytes required to fill buf. Read more

fn by_ref(&mut self) -> &mut Self
1.0.0
[src]

Creates a "by reference" adaptor for this instance of Read. Read more

fn bytes(self) -> Bytes<Self>
1.0.0
[src]

Transforms this Read instance to an [Iterator] over its bytes. Read more

fn chain<R>(self, next: R) -> Chain<Self, R> where
    R: Read
1.0.0
[src]

Creates an adaptor which will chain this stream with another. Read more

fn take(self, limit: u64) -> Take<Self>
1.0.0
[src]

Creates an adaptor which will read at most limit bytes from it. Read more

Auto Trait Implementations

impl<'a, H> !Send for Verifier<'a, H>

impl<'a, H> !Sync for Verifier<'a, H>

Blanket Implementations

impl<T> From for T[src]

impl<T, U> Into for T where
    U: From<T>, 
[src]

impl<T, U> TryFrom for T where
    U: Into<T>, 
[src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T> Borrow for T where
    T: ?Sized
[src]

impl<T> BorrowMut for T where
    T: ?Sized
[src]

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T, U> TryInto for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip for T where
    V: MultiLane<T>,