diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-10-22 16:29:02 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-10-22 16:29:02 +0200 |
| commit | 5ff30d8ed398fc6c3e973773043c8211214db63c (patch) | |
| tree | 8f74c268d420ecb227dcd028b23ffa52f09ac42c | |
| parent | 06bd95ec9165aa723356ec999f87c86f57b7e065 (diff) | |
openpgp: Select only supported encryption-capable keys.
| -rw-r--r-- | guide/src/chapter_01.md | 8 | ||||
| -rw-r--r-- | guide/src/chapter_02.md | 8 | ||||
| -rw-r--r-- | openpgp/examples/generate-encrypt-decrypt.rs | 2 | ||||
| -rw-r--r-- | openpgp/examples/generate-sign-verify.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 37 | ||||
| -rw-r--r-- | sop/src/main.rs | 4 | ||||
| -rw-r--r-- | sq/src/commands/mod.rs | 3 |
7 files changed, 35 insertions, 29 deletions
diff --git a/guide/src/chapter_01.md b/guide/src/chapter_01.md index f1dbc653..874b70e6 100644 --- a/guide/src/chapter_01.md +++ b/guide/src/chapter_01.md @@ -61,7 +61,7 @@ fn main() -> openpgp::Result<()> { # // Get the keypair to do the signing from the Cert. # let keypair = tsk # .keys().unencrypted_secret() -# .with_policy(policy, None).alive().revoked(false).for_signing() +# .with_policy(policy, None).supported().alive().revoked(false).for_signing() # .nth(0).unwrap().key().clone().into_keypair()?; # # // Start streaming an OpenPGP message. @@ -212,7 +212,7 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # // Get the keypair to do the signing from the Cert. # let keypair = tsk # .keys().unencrypted_secret() -# .with_policy(policy, None).alive().revoked(false).for_signing() +# .with_policy(policy, None).supported().alive().revoked(false).for_signing() # .nth(0).unwrap().key().clone().into_keypair()?; # # // Start streaming an OpenPGP message. @@ -363,7 +363,7 @@ fn sign(policy: &dyn Policy, // Get the keypair to do the signing from the Cert. let keypair = tsk .keys().unencrypted_secret() - .with_policy(policy, None).alive().revoked(false).for_signing() + .with_policy(policy, None).supported().alive().revoked(false).for_signing() .nth(0).unwrap().key().clone().into_keypair()?; // Start streaming an OpenPGP message. @@ -525,7 +525,7 @@ Verified data can be read from this using [`io::Read`]. # // Get the keypair to do the signing from the Cert. # let keypair = tsk # .keys().unencrypted_secret() -# .with_policy(policy, None).alive().revoked(false).for_signing() +# .with_policy(policy, None).supported().alive().revoked(false).for_signing() # .nth(0).unwrap().key().clone().into_keypair()?; # # // Start streaming an OpenPGP message. diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 052d59b8..7d663701 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -58,7 +58,7 @@ fn main() -> openpgp::Result<()> { # sink: &mut dyn Write, plaintext: &str, recipient: &openpgp::Cert) # -> openpgp::Result<()> { # let recipients = -# recipient.keys().with_policy(policy, None).alive().revoked(false) +# recipient.keys().with_policy(policy, None).supported().alive().revoked(false) # .for_transport_encryption(); # # // Start streaming an OpenPGP message. @@ -206,7 +206,7 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # sink: &mut dyn Write, plaintext: &str, recipient: &openpgp::Cert) # -> openpgp::Result<()> { # let recipients = -# recipient.keys().with_policy(policy, None).alive().revoked(false) +# recipient.keys().with_policy(policy, None).supported().alive().revoked(false) # .for_transport_encryption(); # # // Start streaming an OpenPGP message. @@ -354,7 +354,7 @@ fn encrypt(policy: &dyn Policy, sink: &mut dyn Write, plaintext: &str, recipient: &openpgp::Cert) -> openpgp::Result<()> { let recipients = - recipient.keys().with_policy(policy, None).alive().revoked(false) + recipient.keys().with_policy(policy, None).supported().alive().revoked(false) .for_transport_encryption(); // Start streaming an OpenPGP message. @@ -516,7 +516,7 @@ Decrypted data can be read from this using [`io::Read`]. # sink: &mut dyn Write, plaintext: &str, recipient: &openpgp::Cert) # -> openpgp::Result<()> { # let recipients = -# recipient.keys().with_policy(policy, None).alive().revoked(false) +# recipient.keys().with_policy(policy, None).supported().alive().revoked(false) # .for_transport_encryption(); # # // Start streaming an OpenPGP message. diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index 972ceced..bc147827 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -51,7 +51,7 @@ fn encrypt(p: &dyn Policy, sink: &mut dyn Write, plaintext: &str, -> openpgp::Result<()> { let recipients = - recipient.keys().with_policy(p, None).alive().revoked(false) + recipient.keys().with_policy(p, None).supported().alive().revoked(false) .for_transport_encryption(); // Start streaming an OpenPGP message. diff --git a/openpgp/examples/generate-sign-verify.rs b/openpgp/examples/generate-sign-verify.rs index deaa5e61..ee7b67b2 100644 --- a/openpgp/examples/generate-sign-verify.rs +++ b/openpgp/examples/generate-sign-verify.rs @@ -49,7 +49,7 @@ fn sign(p: &dyn Policy, sink: &mut dyn Write, plaintext: &str, tsk: &openpgp::Ce // Get the keypair to do the signing from the Cert. let keypair = tsk .keys().unencrypted_secret() - .with_policy(p, None).alive().revoked(false).for_signing() + .with_policy(p, None).supported().alive().revoked(false).for_signing() .nth(0).unwrap().key().clone().into_keypair()?; // Start streaming an OpenPGP message. diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 095c0d3b..0cd1902a 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -97,7 +97,7 @@ //! # Cert::from_bytes(&include_bytes!( //! # "../../tests/data/keys/testy-new-private.pgp")[..])?; //! let signing_keypair = sender.keys().secret() -//! .with_policy(p, None).alive().revoked(false).for_signing() +//! .with_policy(p, None).supported().alive().revoked(false).for_signing() //! .nth(0).unwrap() //! .key().clone().into_keypair()?; //! @@ -105,7 +105,7 @@ //! # sender.clone(); //! // Note: One certificate may contain several suitable encryption keys. //! let recipients = -//! recipient.keys().with_policy(p, None).alive().revoked(false) +//! recipient.keys().with_policy(p, None).supported().alive().revoked(false) //! // Or `for_storage_encryption()`, for data at rest. //! .for_transport_encryption(); //! @@ -679,7 +679,7 @@ impl<'a> Signer<'a> { /// # Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..])?; /// let signing_keypair = cert.keys().secret() - /// .with_policy(p, None).alive().revoked(false).for_signing() + /// .with_policy(p, None).supported().alive().revoked(false).for_signing() /// .nth(0).unwrap() /// .key().clone().into_keypair()?; /// @@ -770,7 +770,7 @@ impl<'a> Signer<'a> { /// # Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..])?; /// # let signing_keypair = cert.keys().secret() - /// # .with_policy(p, None).alive().revoked(false).for_signing() + /// # .with_policy(p, None).supported().alive().revoked(false).for_signing() /// # .nth(0).unwrap() /// # .key().clone().into_keypair()?; /// # let mut sink = vec![]; @@ -839,7 +839,7 @@ impl<'a> Signer<'a> { /// # "../../tests/data/keys/testy-new-private.pgp")[..])?; /// # let signing_keypair /// # = cert.keys().secret() - /// # .with_policy(p, None).alive().revoked(false).for_signing() + /// # .with_policy(p, None).supported().alive().revoked(false).for_signing() /// # .nth(0).unwrap() /// # .key().clone().into_keypair()?; /// @@ -908,11 +908,11 @@ impl<'a> Signer<'a> { /// # let cert = Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..])?; /// # let signing_keypair = cert.keys().secret() - /// # .with_policy(p, None).alive().revoked(false).for_signing() + /// # .with_policy(p, None).supported().alive().revoked(false).for_signing() /// # .nth(0).unwrap() /// # .key().clone().into_keypair()?; /// # let additional_signing_keypair = cert.keys().secret() - /// # .with_policy(p, None).alive().revoked(false).for_signing() + /// # .with_policy(p, None).supported().alive().revoked(false).for_signing() /// # .nth(0).unwrap() /// # .key().clone().into_keypair()?; /// @@ -961,7 +961,7 @@ impl<'a> Signer<'a> { /// # let cert = Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..])?; /// # let signing_keypair = cert.keys().secret() - /// # .with_policy(p, None).alive().revoked(false).for_signing() + /// # .with_policy(p, None).supported().alive().revoked(false).for_signing() /// # .nth(0).unwrap() /// # .key().clone().into_keypair()?; /// let recipient: Cert = // ... @@ -1003,7 +1003,7 @@ impl<'a> Signer<'a> { /// # let cert = Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..])?; /// # let signing_keypair = cert.keys().secret() - /// # .with_policy(p, None).alive().revoked(false).for_signing() + /// # .with_policy(p, None).supported().alive().revoked(false).for_signing() /// # .nth(0).unwrap() /// # .key().clone().into_keypair()?; /// @@ -1046,7 +1046,7 @@ impl<'a> Signer<'a> { /// # Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..])?; /// let signing_key = cert.keys().secret() - /// .with_policy(p, None).alive().revoked(false).for_signing() + /// .with_policy(p, None).supported().alive().revoked(false).for_signing() /// .nth(0).unwrap() /// .key(); /// let signing_keypair = signing_key.clone().into_keypair()?; @@ -1103,7 +1103,7 @@ impl<'a> Signer<'a> { /// # "../../tests/data/keys/testy-new-private.pgp")[..])?; /// # let signing_keypair /// # = cert.keys().secret() - /// # .with_policy(p, None).alive().revoked(false).for_signing() + /// # .with_policy(p, None).supported().alive().revoked(false).for_signing() /// # .nth(0).unwrap() /// # .key().clone().into_keypair()?; /// # @@ -1868,7 +1868,7 @@ impl<'a> Recipient<'a> { /// )?; /// /// let recipients = - /// cert.keys().with_policy(p, None).alive().revoked(false) + /// cert.keys().with_policy(p, None).supported().alive().revoked(false) /// // Or `for_storage_encryption()`, for data at rest. /// .for_transport_encryption() /// .map(|ka| Recipient::new(ka.key().keyid(), ka.key())); @@ -1926,7 +1926,7 @@ impl<'a> Recipient<'a> { /// )?; /// /// let recipients = - /// cert.keys().with_policy(p, None).alive().revoked(false) + /// cert.keys().with_policy(p, None).supported().alive().revoked(false) /// // Or `for_storage_encryption()`, for data at rest. /// .for_transport_encryption() /// .map(Into::into) @@ -1980,7 +1980,7 @@ impl<'a> Recipient<'a> { /// )?; /// /// let recipients = - /// cert.keys().with_policy(p, None).alive().revoked(false) + /// cert.keys().with_policy(p, None).supported().alive().revoked(false) /// // Or `for_storage_encryption()`, for data at rest. /// .for_transport_encryption() /// .map(|ka| Recipient::from(ka) @@ -2068,7 +2068,7 @@ impl<'a> Encryptor<'a> { /// )?; /// /// let recipients = - /// cert.keys().with_policy(p, None).alive().revoked(false) + /// cert.keys().with_policy(p, None).supported().alive().revoked(false) /// // Or `for_storage_encryption()`, for data at rest. /// .for_transport_encryption(); /// @@ -2198,7 +2198,7 @@ impl<'a> Encryptor<'a> { /// )?; /// /// let recipients = - /// cert.keys().with_policy(p, None).alive().revoked(false) + /// cert.keys().with_policy(p, None).supported().alive().revoked(false) /// // Or `for_storage_encryption()`, for data at rest. /// .for_transport_encryption(); /// @@ -2281,7 +2281,7 @@ impl<'a> Encryptor<'a> { /// )?; /// /// let recipients = - /// cert.keys().with_policy(p, None).alive().revoked(false) + /// cert.keys().with_policy(p, None).supported().alive().revoked(false) /// // Or `for_storage_encryption()`, for data at rest. /// .for_transport_encryption(); /// @@ -3187,7 +3187,8 @@ mod test { ] { eprintln!("{:?}", String::from_utf8(data.to_vec())?); let signing_keypair = cert.keys().secret() - .with_policy(p, None).alive().revoked(false).for_signing() + .with_policy(p, None).supported() + .alive().revoked(false).for_signing() .nth(0).unwrap() .key().clone().into_keypair()?; let mut signature = vec![]; diff --git a/sop/src/main.rs b/sop/src/main.rs index 95390fa4..7a53811f 100644 --- a/sop/src/main.rs +++ b/sop/src/main.rs @@ -126,6 +126,7 @@ fn real_main() -> Result<()> { let mut one = false; for key in tsk.keys() + .supported() .secret() .alive() .revoked(false) @@ -195,6 +196,7 @@ fn real_main() -> Result<()> { for tsk in tsks { let mut one = false; for key in tsk.keys().with_policy(p, None) + .supported() .secret() .alive() .revoked(false) @@ -281,6 +283,7 @@ fn real_main() -> Result<()> { let mut one = false; for key in cert.keys() + .supported() .alive() .revoked(false) .for_storage_encryption() @@ -643,6 +646,7 @@ impl<'a> Helper<'a> { for tsk in secrets { for ka in tsk.keys().secret() .with_policy(policy, None) + .supported() .for_transport_encryption().for_storage_encryption() { let id: KeyID = ka.key().fingerprint().into(); diff --git a/sq/src/commands/mod.rs b/sq/src/commands/mod.rs index 6415e2cf..fbf96657 100644 --- a/sq/src/commands/mod.rs +++ b/sq/src/commands/mod.rs @@ -51,6 +51,7 @@ fn get_signing_keys(certs: &[openpgp::Cert], p: &dyn Policy, 'next_cert: for tsk in certs { for key in tsk.keys().with_policy(p, timestamp).alive().revoked(false) .for_signing() + .supported() .map(|ka| ka.key()) { if let Some(secret) = key.optional_secret() { @@ -108,7 +109,7 @@ pub fn encrypt<'a>(policy: &'a dyn Policy, for cert in recipients.iter() { let mut count = 0; for key in cert.keys().with_policy(policy, None).alive().revoked(false) - .key_flags(&mode).map(|ka| ka.key()) + .key_flags(&mode).supported().map(|ka| ka.key()) { recipient_subkeys.push(key.into()); count += 1; |