Enum sequoia_openpgp::types::RevocationType
source · [−]pub enum RevocationType {
Hard,
Soft,
}
Expand description
Describes whether a ReasonForRevocation
should be consider hard
or soft.
A hard revocation is a revocation that indicates that the key was somehow compromised, and the provenance of all artifacts should be called into question.
A soft revocation is a revocation that indicates that the key
should be considered invalid after the revocation signature’s
creation time. KeySuperseded
, KeyRetired
, and UIDRetired
are considered soft revocations.
Examples
A certificate is considered to be revoked when a hard revocation is present even if it is not live at the specified time.
Here, a certificate is generated at t0
and then revoked later at t2
.
At t1
(t0
< t1
< t2
) depending on the revocation type it will be
either considered revoked (hard revocation) or not revoked (soft revocation):
use std::time::{Duration, SystemTime};
use openpgp::cert::prelude::*;
use openpgp::types::{RevocationStatus, ReasonForRevocation};
use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();
let t0 = SystemTime::now();
let (cert, _) =
CertBuilder::general_purpose(None, Some("alice@example.org"))
.set_creation_time(t0)
.generate()?;
let t2 = t0 + Duration::from_secs(3600);
let mut signer = cert.primary_key().key().clone()
.parts_into_secret()?.into_keypair()?;
// Create a hard revocation (KeyCompromised):
let sig = CertRevocationBuilder::new()
.set_reason_for_revocation(ReasonForRevocation::KeyCompromised,
b"The butler did it :/")?
.set_signature_creation_time(t2)?
.build(&mut signer, &cert, None)?;
let t1 = t0 + Duration::from_secs(1200);
let cert1 = cert.clone().insert_packets(sig.clone())?;
assert_eq!(cert1.revocation_status(p, Some(t1)),
RevocationStatus::Revoked(vec![&sig.into()]));
// Create a soft revocation (KeySuperseded):
let sig = CertRevocationBuilder::new()
.set_reason_for_revocation(ReasonForRevocation::KeySuperseded,
b"Migrated to key XYZ")?
.set_signature_creation_time(t2)?
.build(&mut signer, &cert, None)?;
let t1 = t0 + Duration::from_secs(1200);
let cert2 = cert.clone().insert_packets(sig.clone())?;
assert_eq!(cert2.revocation_status(p, Some(t1)),
RevocationStatus::NotAsFarAsWeKnow);
Variants
Hard
A hard revocation.
Artifacts stemming from the revoked object should not be trusted.
Soft
A soft revocation.
Artifacts stemming from the revoked object after the revocation time should not be trusted. Earlier objects should be considered okay.
Only KeySuperseded
, KeyRetired
, and UIDRetired
are
considered soft revocations. All other reasons for
revocations including unknown reasons are considered hard
revocations.
Trait Implementations
sourceimpl Clone for RevocationType
impl Clone for RevocationType
sourcefn clone(&self) -> RevocationType
fn clone(&self) -> RevocationType
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
sourceimpl Debug for RevocationType
impl Debug for RevocationType
sourceimpl PartialEq<RevocationType> for RevocationType
impl PartialEq<RevocationType> for RevocationType
impl Copy for RevocationType
impl Eq for RevocationType
impl StructuralEq for RevocationType
impl StructuralPartialEq for RevocationType
Auto Trait Implementations
impl RefUnwindSafe for RevocationType
impl Send for RevocationType
impl Sync for RevocationType
impl Unpin for RevocationType
impl UnwindSafe for RevocationType
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more