Enum sequoia_openpgp::types::RevocationType

source · 
pub enum RevocationType {
    Hard,
    Soft,
}
Expand description

Describes whether a ReasonForRevocation should be consider hard or soft.

A hard revocation is a revocation that indicates that the key was somehow compromised, and the provenance of all artifacts should be called into question.

A soft revocation is a revocation that indicates that the key should be considered invalid after the revocation signature’s creation time. KeySuperseded, KeyRetired, and UIDRetired are considered soft revocations.

§Examples

A certificate is considered to be revoked when a hard revocation is present even if it is not live at the specified time.

Here, a certificate is generated at t0 and then revoked later at t2. At t1 (t0 < t1 < t2) depending on the revocation type it will be either considered revoked (hard revocation) or not revoked (soft revocation):

use std::time::{Duration, SystemTime};
use openpgp::cert::prelude::*;
use openpgp::types::{RevocationStatus, ReasonForRevocation};
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let t0 = SystemTime::now();
let (cert, _) =
    CertBuilder::general_purpose(None, Some("alice@example.org"))
    .set_creation_time(t0)
    .generate()?;

let t2 = t0 + Duration::from_secs(3600);

let mut signer = cert.primary_key().key().clone()
    .parts_into_secret()?.into_keypair()?;

// Create a hard revocation (KeyCompromised):
let sig = CertRevocationBuilder::new()
    .set_reason_for_revocation(ReasonForRevocation::KeyCompromised,
                               b"The butler did it :/")?
    .set_signature_creation_time(t2)?
    .build(&mut signer, &cert, None)?;

let t1 = t0 + Duration::from_secs(1200);
let cert1 = cert.clone().insert_packets(sig.clone())?;
assert_eq!(cert1.revocation_status(p, Some(t1)),
           RevocationStatus::Revoked(vec![&sig.into()]));

// Create a soft revocation (KeySuperseded):
let sig = CertRevocationBuilder::new()
    .set_reason_for_revocation(ReasonForRevocation::KeySuperseded,
                               b"Migrated to key XYZ")?
    .set_signature_creation_time(t2)?
    .build(&mut signer, &cert, None)?;

let t1 = t0 + Duration::from_secs(1200);
let cert2 = cert.clone().insert_packets(sig.clone())?;
assert_eq!(cert2.revocation_status(p, Some(t1)),
           RevocationStatus::NotAsFarAsWeKnow);

Variants§

§

Hard

A hard revocation.

Artifacts stemming from the revoked object should not be trusted.

§

Soft

A soft revocation.

Artifacts stemming from the revoked object after the revocation time should not be trusted. Earlier objects should be considered okay.

Only KeySuperseded, KeyRetired, and UIDRetired are considered soft revocations. All other reasons for revocations including unknown reasons are considered hard revocations.

Trait Implementations§

source§

impl Clone for RevocationType

source§

fn clone(&self) -> RevocationType

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for RevocationType

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl PartialEq for RevocationType

source§

fn eq(&self, other: &RevocationType) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Copy for RevocationType

source§

impl Eq for RevocationType

source§

impl StructuralPartialEq for RevocationType

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> DynClone for T
where T: Clone,

source§

fn __clone_box(&self, _: Private) -> *mut ()

source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.