diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2019-12-04 13:07:24 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2019-12-04 13:21:47 +0100 |
| commit | 43f4017c820c9b67c9e08f860182ab5c7126fc68 (patch) | |
| tree | 0f6fc3ad9fceca65988212fea94f816928d8c74f | |
| parent | 98253e6dbeffdff0e74ed4258fbc7a3fe38232a0 (diff) | |
openpgp: Refine CertBuilder::add_encryption_subkey.
| -rw-r--r-- | guide/src/chapter_02.md | 12 | ||||
| -rw-r--r-- | ipc/tests/gpg-agent.rs | 2 | ||||
| -rw-r--r-- | openpgp-ffi/include/sequoia/openpgp.h | 2 | ||||
| -rw-r--r-- | openpgp-ffi/src/cert.rs | 6 | ||||
| -rw-r--r-- | openpgp/examples/generate-encrypt-decrypt.rs | 3 | ||||
| -rw-r--r-- | openpgp/src/cert/builder.rs | 25 | ||||
| -rw-r--r-- | openpgp/src/cert/keyiter.rs | 9 | ||||
| -rw-r--r-- | openpgp/src/cert/mod.rs | 4 | ||||
| -rw-r--r-- | openpgp/src/cert/revoke.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 2 | ||||
| -rw-r--r-- | sqv/tests/wrong-key-flags.rs | 2 | ||||
| -rw-r--r-- | tool/src/commands/key.rs | 11 |
12 files changed, 40 insertions, 40 deletions
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index bfaccfb8..cc024348 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -38,7 +38,7 @@ fn main() { # fn generate() -> openpgp::Result<openpgp::Cert> { # let (cert, _revocation) = openpgp::cert::CertBuilder::new() # .add_userid("someone@example.org") -# .add_encryption_subkey() +# .add_transport_encryption_subkey() # .generate()?; # # // Save the revocation certificate somewhere. @@ -52,7 +52,6 @@ fn main() { # // Build a vector of recipients to hand to Encryptor. # let mut recipients = # recipient.keys_valid() -# .for_storage_encryption() # .for_transport_encryption() # .map(|(_, _, key)| key.into()) # .collect::<Vec<_>>(); @@ -180,7 +179,7 @@ create it: fn generate() -> openpgp::Result<openpgp::Cert> { let (cert, _revocation) = openpgp::cert::CertBuilder::new() .add_userid("someone@example.org") - .add_encryption_subkey() + .add_transport_encryption_subkey() .generate()?; // Save the revocation certificate somewhere. @@ -194,7 +193,6 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # // Build a vector of recipients to hand to Encryptor. # let mut recipients = # recipient.keys_valid() -# .for_storage_encryption() # .for_transport_encryption() # .map(|(_, _, key)| key.into()) # .collect::<Vec<_>>(); @@ -322,7 +320,7 @@ implements [`io::Write`], and we simply write the plaintext to it. # fn generate() -> openpgp::Result<openpgp::Cert> { # let (cert, _revocation) = openpgp::cert::CertBuilder::new() # .add_userid("someone@example.org") -# .add_encryption_subkey() +# .add_transport_encryption_subkey() # .generate()?; # # // Save the revocation certificate somewhere. @@ -336,7 +334,6 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::Cert) // Build a vector of recipients to hand to Encryptor. let mut recipients = recipient.keys_valid() - .for_storage_encryption() .for_transport_encryption() .map(|(_, _, key)| key.into()) .collect::<Vec<_>>(); @@ -478,7 +475,7 @@ Decrypted data can be read from this using [`io::Read`]. # fn generate() -> openpgp::Result<openpgp::Cert> { # let (cert, _revocation) = openpgp::cert::CertBuilder::new() # .add_userid("someone@example.org") -# .add_encryption_subkey() +# .add_transport_encryption_subkey() # .generate()?; # # // Save the revocation certificate somewhere. @@ -492,7 +489,6 @@ Decrypted data can be read from this using [`io::Read`]. # // Build a vector of recipients to hand to Encryptor. # let mut recipients = # recipient.keys_valid() -# .for_storage_encryption() # .for_transport_encryption() # .map(|(_, _, key)| key.into()) # .collect::<Vec<_>>(); diff --git a/ipc/tests/gpg-agent.rs b/ipc/tests/gpg-agent.rs index ce494e60..c284117f 100644 --- a/ipc/tests/gpg-agent.rs +++ b/ipc/tests/gpg-agent.rs @@ -198,7 +198,7 @@ fn decrypt() { let (cert, _) = CertBuilder::new() .set_cipher_suite(*cs) .add_userid("someone@example.org") - .add_encryption_subkey() + .add_transport_encryption_subkey() .generate().unwrap(); let mut buf = Vec::new(); diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index b1de42e3..2672836b 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -1045,7 +1045,7 @@ void pgp_cert_builder_add_signing_subkey(pgp_cert_builder_t *certb); /*/ /// Adds an encryption capable subkey. /*/ -void pgp_cert_builder_add_encryption_subkey(pgp_cert_builder_t *certb); +void pgp_cert_builder_add_transport_encryption_subkey(pgp_cert_builder_t *certb); /*/ /// Adds an certification capable subkey. diff --git a/openpgp-ffi/src/cert.rs b/openpgp-ffi/src/cert.rs index 6b223a3a..561d0c2c 100644 --- a/openpgp-ffi/src/cert.rs +++ b/openpgp-ffi/src/cert.rs @@ -797,7 +797,7 @@ pub extern "C" fn pgp_cert_parser_free(parser: Option<&mut CertParserWrapper>) /// pgp_cert_builder_set_cipher_suite (&builder, PGP_CERT_CIPHER_SUITE_CV25519); /// pgp_cert_builder_add_userid (&builder, "some@example.org"); /// pgp_cert_builder_add_signing_subkey (&builder); -/// pgp_cert_builder_add_encryption_subkey (&builder); +/// pgp_cert_builder_add_transport_encryption_subkey (&builder); /// pgp_cert_builder_generate (NULL, builder, &cert, &revocation); /// assert (cert); /// assert (revocation); @@ -918,12 +918,12 @@ pub extern "C" fn pgp_cert_builder_add_signing_subkey /// Adds an encryption capable subkey. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] -pub extern "C" fn pgp_cert_builder_add_encryption_subkey +pub extern "C" fn pgp_cert_builder_add_transport_encryption_subkey (certb: *mut *mut CertBuilder) { let certb = ffi_param_ref_mut!(certb); let certb_ = ffi_param_move!(*certb); - let certb_ = certb_.add_encryption_subkey(); + let certb_ = certb_.add_transport_encryption_subkey(); *certb = box_raw!(certb_); } diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index 5baef893..55ea89d6 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -29,7 +29,7 @@ fn main() { fn generate() -> openpgp::Result<openpgp::Cert> { let (cert, _revocation) = openpgp::cert::CertBuilder::new() .add_userid("someone@example.org") - .add_encryption_subkey() + .add_transport_encryption_subkey() .generate()?; // Save the revocation certificate somewhere. @@ -43,7 +43,6 @@ fn encrypt(sink: &mut dyn Write, plaintext: &str, recipient: &openpgp::Cert) // Build a vector of recipients to hand to Encryptor. let mut recipients = recipient.keys_valid() - .for_storage_encryption() .for_transport_encryption() .map(|(_, _, key)| key.into()) .collect::<Vec<_>>(); diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index ba534608..393c2e6c 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -124,7 +124,7 @@ impl CertBuilder { /// certification-capable primary key using the default cipher /// suite. You'll almost certainly want to add subkeys (using /// `CertBuilder::add_signing_subkey`, or - /// `CertBuilder::add_encryption_subkey`, for instance), and user + /// `CertBuilder::add_transport_encryption_subkey`, for instance), and user /// ids (using `CertBuilder::add_userid`). pub fn new() -> Self { CertBuilder{ @@ -243,11 +243,16 @@ impl CertBuilder { self.add_subkey(KeyFlags::default().set_signing(true), None) } - /// Adds an encryption capable subkey. - pub fn add_encryption_subkey(self) -> Self { - self.add_subkey(KeyFlags::default() - .set_transport_encryption(true) - .set_storage_encryption(true), None) + /// Adds a subkey suitable for transport encryption. + pub fn add_transport_encryption_subkey(self) -> Self { + self.add_subkey(KeyFlags::default().set_transport_encryption(true), + None) + } + + /// Adds a subkey suitable for storage encryption. + pub fn add_storage_encryption_subkey(self) -> Self { + self.add_subkey(KeyFlags::default().set_storage_encryption(true), + None) } /// Adds an certification capable subkey. @@ -449,7 +454,7 @@ mod tests { .add_userid("test1@example.com") .add_userid("test2@example.com") .add_signing_subkey() - .add_encryption_subkey() + .add_transport_encryption_subkey() .add_certification_subkey() .generate().unwrap(); @@ -470,7 +475,7 @@ mod tests { let (cert, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) .add_signing_subkey() - .add_encryption_subkey() + .add_transport_encryption_subkey() .add_certification_subkey() .generate().unwrap(); @@ -497,7 +502,7 @@ mod tests { let (cert2, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::RSA3k) .add_userid("test2@example.com") - .add_encryption_subkey() + .add_transport_encryption_subkey() .generate().unwrap(); assert_eq!(cert2.primary().pk_algo(), PublicKeyAlgorithm::RSAEncryptSign); @@ -553,7 +558,7 @@ mod tests { let (cert1, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) .primary_keyflags(KeyFlags::default()) - .add_encryption_subkey() + .add_transport_encryption_subkey() .generate().unwrap(); let sig_pkts = &cert1.primary_key_signature(None).unwrap().hashed_area(); diff --git a/openpgp/src/cert/keyiter.rs b/openpgp/src/cert/keyiter.rs index 76f273d9..fb0e5caf 100644 --- a/openpgp/src/cert/keyiter.rs +++ b/openpgp/src/cert/keyiter.rs @@ -441,7 +441,7 @@ mod test { #[test] fn select_valid_and_right_flags() { let (cert, _) = CertBuilder::new() - .add_encryption_subkey() + .add_transport_encryption_subkey() .generate().unwrap(); let flags = KeyFlags::default().set_transport_encryption(true); @@ -451,7 +451,7 @@ mod test { #[test] fn select_valid_and_wrong_flags() { let (cert, _) = CertBuilder::new() - .add_encryption_subkey() + .add_transport_encryption_subkey() .add_signing_subkey() .generate().unwrap(); let flags = KeyFlags::default().set_transport_encryption(true); @@ -462,7 +462,7 @@ mod test { #[test] fn select_invalid_and_right_flags() { let (cert, _) = CertBuilder::new() - .add_encryption_subkey() + .add_transport_encryption_subkey() .generate().unwrap(); let flags = KeyFlags::default().set_transport_encryption(true); @@ -486,7 +486,8 @@ mod test { let (cert, _) = CertBuilder::new() .add_signing_subkey() .add_certification_subkey() - .add_encryption_subkey() + .add_transport_encryption_subkey() + .add_storage_encryption_subkey() .add_authentication_subkey() .generate().unwrap(); assert_eq!(cert.keys_valid().for_certification().count(), 2); diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index 59ee509a..9bb3f918 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -2305,7 +2305,7 @@ mod test { use std::{thread, time}; let (cert, _) = CertBuilder::new() - .add_encryption_subkey() + .add_transport_encryption_subkey() .generate().unwrap(); thread::sleep(time::Duration::from_secs(2)); @@ -2776,7 +2776,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= let (cert, _) = CertBuilder::new() .add_userid("test1@example.com") .add_userid("test2@example.com") - .add_encryption_subkey() + .add_transport_encryption_subkey() .add_certification_subkey() .generate().unwrap(); assert_eq!(cert.subkeys().len(), 2); diff --git a/openpgp/src/cert/revoke.rs b/openpgp/src/cert/revoke.rs index c1c827f1..f4f6e31c 100644 --- a/openpgp/src/cert/revoke.rs +++ b/openpgp/src/cert/revoke.rs @@ -159,7 +159,7 @@ impl Deref for CertRevocationBuilder { /// # fn f() -> Result<()> { /// // Generate a Cert, and create a keypair from the primary key. /// let (cert, _) = CertBuilder::new() -/// .add_encryption_subkey() +/// .add_transport_encryption_subkey() /// .generate()?; /// let mut keypair = cert.primary().clone() /// .mark_parts_secret()?.into_keypair()?; diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index f020f342..0ee18a18 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -1653,7 +1653,7 @@ mod test { let (tsk, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) - .add_encryption_subkey() + .add_transport_encryption_subkey() .generate().unwrap(); struct Helper<'a> { diff --git a/sqv/tests/wrong-key-flags.rs b/sqv/tests/wrong-key-flags.rs index c1f8ab7f..2823380f 100644 --- a/sqv/tests/wrong-key-flags.rs +++ b/sqv/tests/wrong-key-flags.rs @@ -41,7 +41,7 @@ mod integration { // // let (cert, _) = CertBuilder::default() // .add_userid("Testy Mc Test") -// .add_encryption_subkey() +// .add_transport_encryption_subkey() // .generate().unwrap(); // let subkey = cert.subkeys().next().unwrap(); // let key = subkey.subkey(); diff --git a/tool/src/commands/key.rs b/tool/src/commands/key.rs index 2c081f65..259f08ab 100644 --- a/tool/src/commands/key.rs +++ b/tool/src/commands/key.rs @@ -146,17 +146,16 @@ pub fn generate(m: &ArgMatches, force: bool) -> failure::Fallible<()> { // Encryption Capability match (m.value_of("can-encrypt"), m.is_present("cannot-encrypt")) { (Some("all"), false) | (None, false) => { - builder = builder.add_encryption_subkey(); - } - (Some("rest"), false) => { builder = builder.add_subkey(KeyFlags::default() + .set_transport_encryption(true) .set_storage_encryption(true), None); } + (Some("rest"), false) => { + builder = builder.add_storage_encryption_subkey(); + } (Some("transport"), false) => { - builder = builder.add_subkey(KeyFlags::default() - .set_transport_encryption(true), - None); + builder = builder.add_transport_encryption_subkey(); } (None, true) => { /* no encryption subkey */ } (Some(_), true) => { |