diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-01-15 17:52:00 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-01-18 14:24:48 +0100 |
commit | 6bf3deb539ac91bba56efa57127c6c0567cf161c (patch) | |
tree | a94628796020071e2210b9c6a8d5c57b067e696e | |
parent | 94c64d7a831227888c2ab6b5fe9ec0c29781caec (diff) |
openpgp: Use Cert::keys instead of Cert::subkeys.
-rw-r--r-- | examples/guide-exploring-openpgp.rs | 8 | ||||
-rw-r--r-- | guide/src/chapter_02.md | 21 | ||||
-rw-r--r-- | openpgp/examples/generate-encrypt-decrypt.rs | 6 | ||||
-rw-r--r-- | tool/src/commands/decrypt.rs | 33 | ||||
-rw-r--r-- | tool/src/commands/inspect.rs | 10 |
5 files changed, 27 insertions, 51 deletions
diff --git a/examples/guide-exploring-openpgp.rs b/examples/guide-exploring-openpgp.rs index c4d15bf9..004c9899 100644 --- a/examples/guide-exploring-openpgp.rs +++ b/examples/guide-exploring-openpgp.rs @@ -60,10 +60,10 @@ fn main() { } // List subkeys. - for (i, s) in cert.subkeys().enumerate() { + for (i, ka) in cert.keys().policy(None).skip(1).enumerate() { println!("{}: Fingerprint: {}, {} self-signature(s), {} certification(s)", - i, s.key().fingerprint(), - s.self_signatures().len(), - s.certifications().len()); + i, ka.key().fingerprint(), + ka.component().self_signatures().len(), + ka.component().certifications().len()); } } diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index c9c22961..697f93cf 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -125,9 +125,8 @@ fn main() { # where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> # { # // The encryption key is the first and only subkey. -# let key = self.secret.subkeys().nth(0) -# .map(|binding| binding.key().clone()) -# .unwrap(); +# let key = self.secret.keys().policy(None) +# .for_transport_encryption().nth(0).unwrap().key().clone(); # # // The secret key is not encrypted. # let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); @@ -266,9 +265,8 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> # { # // The encryption key is the first and only subkey. -# let key = self.secret.subkeys().nth(0) -# .map(|binding| binding.key().clone()) -# .unwrap(); +# let key = self.secret.keys().policy(None) +# .for_transport_encryption().nth(0).unwrap().key().clone(); # # // The secret key is not encrypted. # let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); @@ -407,9 +405,8 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::Cert) # where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> # { # // The encryption key is the first and only subkey. -# let key = self.secret.subkeys().nth(0) -# .map(|binding| binding.key().clone()) -# .unwrap(); +# let key = self.secret.keys().policy(None) +# .for_transport_encryption().nth(0).unwrap().key().clone(); # # // The secret key is not encrypted. # let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); @@ -561,10 +558,8 @@ impl<'a> DecryptionHelper for Helper<'a> { -> openpgp::Result<Option<openpgp::Fingerprint>> where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> { - // The encryption key is the first and only subkey. - let key = self.secret.subkeys().nth(0) - .map(|binding| binding.key().clone()) - .unwrap(); + let key = self.secret.keys().policy(None) + .for_transport_encryption().nth(0).unwrap().key().clone(); // The secret key is not encrypted. let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index 4d456193..0e109ccd 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -115,10 +115,8 @@ impl<'a> DecryptionHelper for Helper<'a> { -> openpgp::Result<Option<openpgp::Fingerprint>> where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> { - // The encryption key is the first and only subkey. - let key = self.secret.subkeys().nth(0) - .map(|binding| binding.key().clone()) - .unwrap(); + let key = self.secret.keys().policy(None) + .for_transport_encryption().nth(0).unwrap().key().clone(); // The secret key is not encrypted. let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); diff --git a/tool/src/commands/decrypt.rs b/tool/src/commands/decrypt.rs index 325a657d..4c378a34 100644 --- a/tool/src/commands/decrypt.rs +++ b/tool/src/commands/decrypt.rs @@ -44,40 +44,23 @@ impl<'a> Helper<'a> { let mut identities: HashMap<KeyID, Fingerprint> = HashMap::new(); let mut hints: HashMap<KeyID, String> = HashMap::new(); for tsk in secrets { - fn can_encrypt<R, P>(_: &Key<P, R>, sig: Option<&Signature>) -> bool - where P: key::KeyParts, - R: key::KeyRole, - { - if let Some(sig) = sig { - sig.key_flags().for_storage_encryption() - || sig.key_flags().for_transport_encryption() - } else { - false - } - } - let hint = match tsk.userids().nth(0) { Some(uid) => format!("{} ({})", uid.userid(), KeyID::from(tsk.fingerprint())), None => format!("{}", KeyID::from(tsk.fingerprint())), }; - if can_encrypt(tsk.primary(), tsk.primary_key_signature(None)) { - let id: KeyID = tsk.fingerprint().into(); - keys.insert(id.clone(), tsk.primary().clone().into()); + for ka in tsk.keys() + // XXX: Should use the message's creation time that we do not know. + .policy(None) + .for_transport_encryption().for_storage_encryption() + .secret() + { + let id: KeyID = ka.key().fingerprint().into(); + keys.insert(id.clone(), ka.key().clone().into()); identities.insert(id.clone(), tsk.fingerprint()); hints.insert(id, hint.clone()); } - - for skb in tsk.subkeys() { - let key = skb.key(); - if can_encrypt(key, skb.binding_signature(None)) { - let id: KeyID = key.fingerprint().into(); - keys.insert(id.clone(), key.clone().into()); - identities.insert(id.clone(), tsk.fingerprint()); - hints.insert(id, hint.clone()); - } - } } Helper { diff --git a/tool/src/commands/inspect.rs b/tool/src/commands/inspect.rs index 8849b0ad..417ded93 100644 --- a/tool/src/commands/inspect.rs +++ b/tool/src/commands/inspect.rs @@ -138,11 +138,11 @@ fn inspect_cert(output: &mut dyn io::Write, cert: &openpgp::Cert, print_keygrips, print_certifications)?; writeln!(output)?; - for skb in cert.subkeys() { - writeln!(output, " Subkey: {}", skb.key().fingerprint())?; - inspect_revocation(output, "", skb.revoked(None))?; - inspect_key(output, "", skb.key(), skb.binding_signature(None), - skb.certifications(), + for ka in cert.keys().policy(None).skip(1) { + writeln!(output, " Subkey: {}", ka.key().fingerprint())?; + inspect_revocation(output, "", ka.revoked())?; + inspect_key(output, "", ka.key(), ka.binding_signature(), + ka.component().certifications(), print_keygrips, print_certifications)?; writeln!(output)?; } |