openpgp: Use Cert::keys instead of Cert::subkeys.

5 files changed, 27 insertions, 51 deletions

diff --git a/examples/guide-exploring-openpgp.rs b/examples/guide-exploring-openpgp.rs
index c4d15bf9..004c9899 100644
--- a/examples/guide-exploring-openpgp.rs
+++ b/examples/guide-exploring-openpgp.rs
@@ -60,10 +60,10 @@ fn main() {
     }
 
     // List subkeys.
-    for (i, s) in cert.subkeys().enumerate() {
+    for (i, ka) in cert.keys().policy(None).skip(1).enumerate() {
         println!("{}: Fingerprint: {}, {} self-signature(s), {} certification(s)",
-                 i, s.key().fingerprint(),
-                 s.self_signatures().len(),
-                 s.certifications().len());
+                 i, ka.key().fingerprint(),
+                 ka.component().self_signatures().len(),
+                 ka.component().certifications().len());
     }
 }
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md
index c9c22961..697f93cf 100644
--- a/guide/src/chapter_02.md
+++ b/guide/src/chapter_02.md
@@ -125,9 +125,8 @@ fn main() {
 #         where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
 #     {
 #         // The encryption key is the first and only subkey.
-#         let key = self.secret.subkeys().nth(0)
-#             .map(|binding| binding.key().clone())
-#             .unwrap();
+#         let key = self.secret.keys().policy(None)
+#             .for_transport_encryption().nth(0).unwrap().key().clone();
 #
 #         // The secret key is not encrypted.
 #         let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap();
@@ -266,9 +265,8 @@ fn generate() -> openpgp::Result<openpgp::Cert> {
 #         where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
 #     {
 #         // The encryption key is the first and only subkey.
-#         let key = self.secret.subkeys().nth(0)
-#             .map(|binding| binding.key().clone())
-#             .unwrap();
+#         let key = self.secret.keys().policy(None)
+#             .for_transport_encryption().nth(0).unwrap().key().clone();
 #
 #         // The secret key is not encrypted.
 #         let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap();
@@ -407,9 +405,8 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::Cert)
 #         where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
 #     {
 #         // The encryption key is the first and only subkey.
-#         let key = self.secret.subkeys().nth(0)
-#             .map(|binding| binding.key().clone())
-#             .unwrap();
+#         let key = self.secret.keys().policy(None)
+#             .for_transport_encryption().nth(0).unwrap().key().clone();
 #
 #         // The secret key is not encrypted.
 #         let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap();
@@ -561,10 +558,8 @@ impl<'a> DecryptionHelper for Helper<'a> {
                   -> openpgp::Result<Option<openpgp::Fingerprint>>
         where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
     {
-        // The encryption key is the first and only subkey.
-        let key = self.secret.subkeys().nth(0)
-            .map(|binding| binding.key().clone())
-            .unwrap();
+        let key = self.secret.keys().policy(None)
+            .for_transport_encryption().nth(0).unwrap().key().clone();
 
         // The secret key is not encrypted.
         let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap();
diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs
index 4d456193..0e109ccd 100644
--- a/openpgp/examples/generate-encrypt-decrypt.rs
+++ b/openpgp/examples/generate-encrypt-decrypt.rs
@@ -115,10 +115,8 @@ impl<'a> DecryptionHelper for Helper<'a> {
                   -> openpgp::Result<Option<openpgp::Fingerprint>>
         where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
     {
-        // The encryption key is the first and only subkey.
-        let key = self.secret.subkeys().nth(0)
-            .map(|binding| binding.key().clone())
-            .unwrap();
+        let key = self.secret.keys().policy(None)
+            .for_transport_encryption().nth(0).unwrap().key().clone();
 
         // The secret key is not encrypted.
         let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap();
diff --git a/tool/src/commands/decrypt.rs b/tool/src/commands/decrypt.rs
index 325a657d..4c378a34 100644
--- a/tool/src/commands/decrypt.rs
+++ b/tool/src/commands/decrypt.rs
@@ -44,40 +44,23 @@ impl<'a> Helper<'a> {
         let mut identities: HashMap<KeyID, Fingerprint> = HashMap::new();
         let mut hints: HashMap<KeyID, String> = HashMap::new();
         for tsk in secrets {
-            fn can_encrypt<R, P>(_: &Key<P, R>, sig: Option<&Signature>) -> bool
-                where P: key::KeyParts,
-                      R: key::KeyRole,
-            {
-                if let Some(sig) = sig {
-                    sig.key_flags().for_storage_encryption()
-                        || sig.key_flags().for_transport_encryption()
-                } else {
-                    false
-                }
-            }
-
             let hint = match tsk.userids().nth(0) {
                 Some(uid) => format!("{} ({})", uid.userid(),
                                      KeyID::from(tsk.fingerprint())),
                 None => format!("{}", KeyID::from(tsk.fingerprint())),
             };
 
-            if can_encrypt(tsk.primary(), tsk.primary_key_signature(None)) {
-                let id: KeyID = tsk.fingerprint().into();
-                keys.insert(id.clone(), tsk.primary().clone().into());
+            for ka in tsk.keys()
+            // XXX: Should use the message's creation time that we do not know.
+                .policy(None)
+                .for_transport_encryption().for_storage_encryption()
+                .secret()
+            {
+                let id: KeyID = ka.key().fingerprint().into();
+                keys.insert(id.clone(), ka.key().clone().into());
                 identities.insert(id.clone(), tsk.fingerprint());
                 hints.insert(id, hint.clone());
             }
-
-            for skb in tsk.subkeys() {
-                let key = skb.key();
-                if can_encrypt(key, skb.binding_signature(None)) {
-                    let id: KeyID = key.fingerprint().into();
-                    keys.insert(id.clone(), key.clone().into());
-                    identities.insert(id.clone(), tsk.fingerprint());
-                    hints.insert(id, hint.clone());
-                }
-            }
         }
 
         Helper {
diff --git a/tool/src/commands/inspect.rs b/tool/src/commands/inspect.rs
index 8849b0ad..417ded93 100644
--- a/tool/src/commands/inspect.rs
+++ b/tool/src/commands/inspect.rs
@@ -138,11 +138,11 @@ fn inspect_cert(output: &mut dyn io::Write, cert: &openpgp::Cert,
                 print_keygrips, print_certifications)?;
     writeln!(output)?;
 
-    for skb in cert.subkeys() {
-        writeln!(output, "         Subkey: {}", skb.key().fingerprint())?;
-        inspect_revocation(output, "", skb.revoked(None))?;
-        inspect_key(output, "", skb.key(), skb.binding_signature(None),
-                    skb.certifications(),
+    for ka in cert.keys().policy(None).skip(1) {
+        writeln!(output, "         Subkey: {}", ka.key().fingerprint())?;
+        inspect_revocation(output, "", ka.revoked())?;
+        inspect_key(output, "", ka.key(), ka.binding_signature(),
+                    ka.component().certifications(),
                     print_keygrips, print_certifications)?;
         writeln!(output)?;
     }