Struct sequoia_openpgp::types::Timestamp
source · [−]pub struct Timestamp(_);
Expand description
A timestamp representable by OpenPGP.
OpenPGP timestamps are represented as u32
containing the number of seconds
elapsed since midnight, 1 January 1970 UTC (Section 3.5 of RFC 4880).
They cannot express dates further than 7th February of 2106 or earlier than
the UNIX epoch. Unlike Unix’s time_t
, OpenPGP’s timestamp is unsigned so
it rollsover in 2106, not 2038.
Examples
Signature creation time is internally stored as a Timestamp
:
Note that this example retrieves raw packet value.
Use SubpacketAreas::signature_creation_time
to get the signature creation time.
use sequoia_openpgp as openpgp;
use std::convert::From;
use std::time::SystemTime;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::packet::signature::subpacket::{SubpacketTag, SubpacketValue};
let (cert, _) =
CertBuilder::general_purpose(None, Some("alice@example.org"))
.generate()?;
let subkey = cert.keys().subkeys().next().unwrap();
let packets = subkey.bundle().self_signatures()[0].hashed_area();
match packets.subpacket(SubpacketTag::SignatureCreationTime).unwrap().value() {
SubpacketValue::SignatureCreationTime(ts) => assert!(u32::from(*ts) > 0),
v => panic!("Unexpected subpacket: {:?}", v),
}
let p = &StandardPolicy::new();
let now = SystemTime::now();
assert!(subkey.binding_signature(p, now)?.signature_creation_time().is_some());
Implementations
sourceimpl Timestamp
impl Timestamp
sourcepub fn checked_add(&self, d: Duration) -> Option<Timestamp>
pub fn checked_add(&self, d: Duration) -> Option<Timestamp>
Adds a duration to this timestamp.
Returns None
if the resulting timestamp is not
representable.
sourcepub fn checked_sub(&self, d: Duration) -> Option<Timestamp>
pub fn checked_sub(&self, d: Duration) -> Option<Timestamp>
Subtracts a duration from this timestamp.
Returns None
if the resulting timestamp is not
representable.
sourcepub fn round_down<P, F>(&self, precision: P, floor: F) -> Result<Timestamp> where
P: Into<Option<u8>>,
F: Into<Option<SystemTime>>,
pub fn round_down<P, F>(&self, precision: P, floor: F) -> Result<Timestamp> where
P: Into<Option<u8>>,
F: Into<Option<SystemTime>>,
Rounds down to the given level of precision.
This can be used to reduce the metadata leak resulting from time stamps. For example, a group of people attending a key signing event could be identified by comparing the time stamps of resulting certifications. By rounding the creation time of these signatures down, all of them, and others, fall into the same bucket.
The given level p
determines the resulting resolution of
2^p
seconds. The default is 21
, which results in a
resolution of 24 days, or roughly a month. p
must be lower
than 32.
The lower limit floor
represents the earliest time the timestamp will be
rounded down to.
See also Duration::round_up
.
Important note
If we create a signature, it is important that the signature’s
creation time does not predate the signing keys creation time,
or otherwise violate the key’s validity constraints.
This can be achieved by using the floor
parameter.
To ensure validity, use this function to round the time down, using the latest known relevant timestamp as a floor. Then, lookup all keys and other objects like userids using this timestamp, and on success create the signature:
use sequoia_openpgp::policy::StandardPolicy;
let policy = &StandardPolicy::new();
// Let's fix a time.
let now = Timestamp::from(1583436160);
let cert_creation_alice = now.checked_sub(Duration::weeks(2)?).unwrap();
let cert_creation_bob = now.checked_sub(Duration::weeks(1)?).unwrap();
// Generate a Cert for Alice.
let (alice, _) = CertBuilder::new()
.set_creation_time(cert_creation_alice)
.set_primary_key_flags(KeyFlags::empty().set_certification())
.add_userid("alice@example.org")
.generate()?;
// Generate a Cert for Bob.
let (bob, _) = CertBuilder::new()
.set_creation_time(cert_creation_bob)
.set_primary_key_flags(KeyFlags::empty().set_certification())
.add_userid("bob@example.org")
.generate()?;
let sign_with_p = |p| -> Result<Signature> {
// Round `now` down, then use `t` for all lookups.
// Use the creation time of Bob's Cert as lower bound for rounding.
let t: std::time::SystemTime = now.round_down(p, cert_creation_bob)?.into();
// First, get the certification key.
let mut keypair =
alice.keys().with_policy(policy, t).secret().for_certification()
.nth(0).ok_or_else(|| anyhow::anyhow!("no valid key at"))?
.key().clone().into_keypair()?;
// Then, lookup the binding between `bob@example.org` and
// `bob` at `t`.
let ca = bob.userids().with_policy(policy, t)
.filter(|ca| ca.userid().value() == b"bob@example.org")
.nth(0).ok_or_else(|| anyhow::anyhow!("no valid userid"))?;
// Finally, Alice certifies the binding between
// `bob@example.org` and `bob` at `t`.
ca.userid().certify(&mut keypair, &bob,
SignatureType::PositiveCertification, None, t)
};
assert!(sign_with_p(21).is_ok());
assert!(sign_with_p(22).is_ok()); // Rounded to bob's cert's creation time.
assert!(sign_with_p(32).is_err()); // Invalid precision
Trait Implementations
sourceimpl From<Timestamp> for SystemTime
impl From<Timestamp> for SystemTime
SystemTime’s underlying datatype may be only i32
, e.g. on 32bit Unix.
As OpenPGP’s timestamp datatype is u32
, there are timestamps (i32::MAX + 1
to u32::MAX
) which are not representable on such systems.
In this case, the result is clamped to i32::MAX
.
sourceimpl From<Timestamp> for Option<SystemTime>
impl From<Timestamp> for Option<SystemTime>
sourceimpl Ord for Timestamp
impl Ord for Timestamp
sourceimpl PartialOrd<Timestamp> for Timestamp
impl PartialOrd<Timestamp> for Timestamp
sourcefn partial_cmp(&self, other: &Timestamp) -> Option<Ordering>
fn partial_cmp(&self, other: &Timestamp) -> Option<Ordering>
This method returns an ordering between self
and other
values if one exists. Read more
1.0.0 · sourcefn lt(&self, other: &Rhs) -> bool
fn lt(&self, other: &Rhs) -> bool
This method tests less than (for self
and other
) and is used by the <
operator. Read more
1.0.0 · sourcefn le(&self, other: &Rhs) -> bool
fn le(&self, other: &Rhs) -> bool
This method tests less than or equal to (for self
and other
) and is used by the <=
operator. Read more
sourceimpl TryFrom<SystemTime> for Timestamp
impl TryFrom<SystemTime> for Timestamp
impl Copy for Timestamp
impl Eq for Timestamp
impl StructuralEq for Timestamp
impl StructuralPartialEq for Timestamp
Auto Trait Implementations
impl RefUnwindSafe for Timestamp
impl Send for Timestamp
impl Sync for Timestamp
impl Unpin for Timestamp
impl UnwindSafe for Timestamp
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more