openpgp: Make type aliases for keys pub(crate).

  - They can still be used as a convenience, but the documentation
    will refer to them as their expanded counterparts.

  - This makes the structure of they Key<_, _> type more visible.

8 files changed, 44 insertions, 40 deletions

diff --git a/guide/src/chapter_01.md b/guide/src/chapter_01.md
index 932f2dc8..b4a4ccab 100644
--- a/guide/src/chapter_01.md
+++ b/guide/src/chapter_01.md
@@ -51,9 +51,8 @@ fn main() {
 # fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert)
 #            -> openpgp::Result<()> {
 #     // Get the keypair to do the signing from the Cert.
-#     let key : key::UnspecifiedSecret
-#         = tsk.keys_valid().for_signing().nth(0).unwrap().2.clone().try_into()?;
-#     let keypair = key.into_keypair()?;
+#     let keypair = tsk.keys_valid().for_signing().nth(0).unwrap().2
+#         .clone().mark_parts_secret().unwrap().into_keypair()?;
 #
 #     // Start streaming an OpenPGP message.
 #     let message = Message::new(sink);
@@ -197,9 +196,8 @@ fn generate() -> openpgp::Result<openpgp::Cert> {
 # fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert)
 #            -> openpgp::Result<()> {
 #     // Get the keypair to do the signing from the Cert.
-#     let key : key::UnspecifiedSecret
-#         = tsk.keys_valid().for_signing().nth(0).unwrap().2.clone().try_into()?;
-#     let keypair = key.into_keypair()?;
+#     let keypair = tsk.keys_valid().for_signing().nth(0).unwrap().2
+#         .clone().mark_parts_secret().unwrap().into_keypair()?;
 #
 #     // Start streaming an OpenPGP message.
 #     let message = Message::new(sink);
@@ -343,9 +341,8 @@ implements [`io::Write`], and we simply write the plaintext to it.
 fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert)
            -> openpgp::Result<()> {
     // Get the keypair to do the signing from the Cert.
-    let key : key::UnspecifiedSecret
-        = tsk.keys_valid().for_signing().nth(0).unwrap().2.clone().try_into()?;
-    let keypair = key.into_keypair()?;
+    let keypair = tsk.keys_valid().for_signing().nth(0).unwrap().2
+        .clone().mark_parts_secret().unwrap().into_keypair()?;
 
     // Start streaming an OpenPGP message.
     let message = Message::new(sink);
@@ -500,9 +497,8 @@ Verified data can be read from this using [`io::Read`].
 # fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert)
 #            -> openpgp::Result<()> {
 #     // Get the keypair to do the signing from the Cert.
-#     let key : key::UnspecifiedSecret
-#         = tsk.keys_valid().for_signing().nth(0).unwrap().2.clone().try_into()?;
-#     let keypair = key.into_keypair()?;
+#     let keypair = tsk.keys_valid().for_signing().nth(0).unwrap().2
+#         .clone().mark_parts_secret().unwrap().into_keypair()?;
 # 
 #     // Start streaming an OpenPGP message.
 #     let message = Message::new(sink);
diff --git a/ipc/examples/gpg-agent-decrypt.rs b/ipc/examples/gpg-agent-decrypt.rs
index fa76c970..f59912a5 100644
--- a/ipc/examples/gpg-agent-decrypt.rs
+++ b/ipc/examples/gpg-agent-decrypt.rs
@@ -9,6 +9,7 @@ extern crate sequoia_ipc as ipc;
 
 use crate::openpgp::crypto::SessionKey;
 use crate::openpgp::types::SymmetricAlgorithm;
+use crate::openpgp::packet::key;
 use crate::openpgp::parse::{
     Parse,
     stream::{
@@ -63,7 +64,8 @@ fn main() {
 /// verification policy.
 struct Helper<'a> {
     ctx: &'a Context,
-    keys: HashMap<openpgp::KeyID, openpgp::packet::key::UnspecifiedPublic>,
+    keys: HashMap<openpgp::KeyID,
+                  openpgp::packet::Key<key::PublicParts, key::UnspecifiedRole>>,
 }
 
 impl<'a> Helper<'a> {
diff --git a/openpgp-ffi/src/cert.rs b/openpgp-ffi/src/cert.rs
index 94dbb2c8..b81150fa 100644
--- a/openpgp-ffi/src/cert.rs
+++ b/openpgp-ffi/src/cert.rs
@@ -150,8 +150,8 @@ fn pgp_cert_as_tsk(cert: *const Cert) -> *mut TSK<'static> {
 /// The cert still owns the key.  The caller must not modify the key.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
 fn pgp_cert_primary_key(cert: *const Cert) -> *const Key {
-    let key : &self::openpgp::packet::key::UnspecifiedKey
-        = cert.ref_raw().primary().into();
+    let key = cert.ref_raw().primary()
+        .mark_parts_unspecified_ref().mark_role_unspecified_ref();
     key.move_into_raw()
 }
 
@@ -704,8 +704,9 @@ pub extern "C" fn pgp_cert_key_iter_next<'a>(
             *ptr = rs.move_into_raw();
         }
 
-        let key : &self::openpgp::packet::key::UnspecifiedKey
-            = key.into();
+        let key
+            = key.mark_parts_unspecified_ref().mark_role_unspecified_ref();
+
         Some(key).move_into_raw()
     } else {
         None
diff --git a/openpgp-ffi/src/packet/key.rs b/openpgp-ffi/src/packet/key.rs
index e612e4ae..73d8350d 100644
--- a/openpgp-ffi/src/packet/key.rs
+++ b/openpgp-ffi/src/packet/key.rs
@@ -4,11 +4,10 @@
 //!
 //!   [Section 5.5 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-5.5
 
-use std::convert::TryInto;
-
 use libc::{c_int, time_t};
 
 extern crate sequoia_openpgp as openpgp;
+use self::openpgp::packet::key;
 use super::super::fingerprint::Fingerprint;
 use super::super::keyid::KeyID;
 
@@ -16,6 +15,10 @@ use crate::MoveFromRaw;
 use crate::MoveIntoRaw;
 use crate::RefRaw;
 
+/// A local alias to appease the proc macro transformation.
+type UnspecifiedKey =
+    openpgp::packet::Key<key::UnspecifiedParts, key::UnspecifiedRole>;
+
 /// Holds a public key, public subkey, private key or private subkey packet.
 ///
 /// See [Section 5.5 of RFC 4880] for details.
@@ -27,7 +30,7 @@ use crate::RefRaw;
 /// [`sequoia-openpgp::packet::key::Key`]: ../../sequoia_openpgp/packet/key/struct.Key.html
 #[crate::ffi_wrapper_type(prefix = "pgp_",
                      derive = "Clone, Debug, PartialEq, Parse")]
-pub struct Key(openpgp::packet::key::UnspecifiedKey);
+pub struct Key(UnspecifiedKey);
 
 /// Computes and returns the key's fingerprint as per Section 12.2
 /// of RFC 4880.
@@ -79,7 +82,6 @@ fn pgp_key_into_key_pair(errp: Option<&mut *mut crate::error::Error>,
                          -> *mut self::openpgp::crypto::KeyPair
 {
     ffi_make_fry_from_errp!(errp);
-    let key : self::openpgp::packet::key::UnspecifiedSecret
-        = ffi_try!(key.move_from_raw().try_into());
+    let key = ffi_try!(key.move_from_raw().mark_parts_secret());
     ffi_try_box!(key.into_keypair())
 }
diff --git a/openpgp-ffi/src/parse/stream.rs b/openpgp-ffi/src/parse/stream.rs
index 70319a40..f3b5b32f 100644
--- a/openpgp-ffi/src/parse/stream.rs
+++ b/openpgp-ffi/src/parse/stream.rs
@@ -199,8 +199,9 @@ fn $fn_name<'a>(
         }
         if let Some(mut p) = key_r {
             *unsafe { p.as_mut() } = {
-                let key : &self::openpgp::packet::key::UnspecifiedKey
-                    = (*key).into();
+                let key = key
+                    .mark_parts_unspecified_ref()
+                    .mark_role_unspecified_ref();
                 key.move_into_raw()
             };
         }
diff --git a/openpgp/src/cert/bindings.rs b/openpgp/src/cert/bindings.rs
index bfaa0534..d06dbfa6 100644
--- a/openpgp/src/cert/bindings.rs
+++ b/openpgp/src/cert/bindings.rs
@@ -39,8 +39,9 @@ impl<P: key::KeyParts> Key<P, key::SubordinateRole> {
     /// assert_eq!(cert.keys_valid().key_flags(flags.clone()).count(), 0);
     ///
     /// // Generate a subkey and a binding signature.
-    /// let subkey : key::SecretSubkey
-    ///     = Key4::generate_ecc(false, Curve::Cv25519)?.into();
+    /// let subkey: Key<_, key::SubordinateRole> =
+    ///     Key4::generate_ecc(false, Curve::Cv25519)?
+    ///     .into();
     /// let builder = signature::Builder::new(SignatureType::SubkeyBinding)
     ///     .set_key_flags(&flags)?;
     /// let binding = subkey.bind(&mut keypair, &cert, builder, None)?;
diff --git a/openpgp/src/packet/key/mod.rs b/openpgp/src/packet/key/mod.rs
index 0b06cd21..6d8b58ac 100644
--- a/openpgp/src/packet/key/mod.rs
+++ b/openpgp/src/packet/key/mod.rs
@@ -43,10 +43,10 @@
 //! // Get a handle to the Cert's primary key that allows using the
 //! // secret key material.
 //! use std::convert::TryInto;
-//! let sk : &key::SecretKey = cert.primary().try_into()?;
+//! let sk: &Key<key::SecretParts, key::PrimaryRole> = cert.primary().try_into()?;
 //!
 //! // Make the conversion explicit.
-//! let sk : &key::SecretKey = cert.primary().mark_parts_secret_ref()?;
+//! let sk = cert.primary().mark_parts_secret_ref()?;
 //! #     Ok(())
 //! # }
 //! ```
@@ -131,29 +131,31 @@ pub struct UnspecifiedRole;
 impl KeyRole for UnspecifiedRole {}
 
 /// A Public Key.
-pub type PublicKey = Key<PublicParts, PrimaryRole>;
+pub(crate) type PublicKey = Key<PublicParts, PrimaryRole>;
 /// A Public Subkey.
-pub type PublicSubkey = Key<PublicParts, SubordinateRole>;
+pub(crate) type PublicSubkey = Key<PublicParts, SubordinateRole>;
 /// A Secret Key.
-pub type SecretKey = Key<SecretParts, PrimaryRole>;
+pub(crate) type SecretKey = Key<SecretParts, PrimaryRole>;
 /// A Secret Subkey.
-pub type SecretSubkey = Key<SecretParts, SubordinateRole>;
+pub(crate) type SecretSubkey = Key<SecretParts, SubordinateRole>;
 
 /// A key with public parts, and an unspecified role
 /// (`UnspecifiedRole`).
-pub type UnspecifiedPublic = Key<PublicParts, UnspecifiedRole>;
+pub(crate) type UnspecifiedPublic = Key<PublicParts, UnspecifiedRole>;
 /// A key with secret parts, and an unspecified role
 /// (`UnspecifiedRole`).
-pub type UnspecifiedSecret = Key<SecretParts, UnspecifiedRole>;
+pub(crate) type UnspecifiedSecret = Key<SecretParts, UnspecifiedRole>;
 
 /// A primary key with unspecified parts (`UnspecifiedParts`).
-pub type UnspecifiedPrimary = Key<UnspecifiedParts, PrimaryRole>;
+#[allow(dead_code)]
+pub(crate) type UnspecifiedPrimary = Key<UnspecifiedParts, PrimaryRole>;
 /// A subkey key with unspecified parts (`UnspecifiedParts`).
-pub type UnspecifiedSecondary = Key<UnspecifiedParts, SubordinateRole>;
+#[allow(dead_code)]
+pub(crate) type UnspecifiedSecondary = Key<UnspecifiedParts, SubordinateRole>;
 
 /// A key whose parts and role are unspecified
 /// (`UnspecifiedParts`, `UnspecifiedRole`).
-pub type UnspecifiedKey = Key<UnspecifiedParts, UnspecifiedRole>;
+pub(crate) type UnspecifiedKey = Key<UnspecifiedParts, UnspecifiedRole>;
 
 macro_rules! convert {
     ( $x:ident ) => {
diff --git a/tool/src/commands/decrypt.rs b/tool/src/commands/decrypt.rs
index 4186a9f7..2ab0f32c 100644
--- a/tool/src/commands/decrypt.rs
+++ b/tool/src/commands/decrypt.rs
@@ -27,7 +27,7 @@ use super::{dump::PacketDumper, VHelper};
 struct Helper<'a> {
     vhelper: VHelper<'a>,
     secret_keys:
-        HashMap<KeyID, key::UnspecifiedSecret>,
+        HashMap<KeyID, Key<key::SecretParts, key::UnspecifiedRole>>,
     key_identities: HashMap<KeyID, Fingerprint>,
     key_hints: HashMap<KeyID, String>,
     dump_session_key: bool,
@@ -40,8 +40,7 @@ impl<'a> Helper<'a> {
            signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>,
            dump_session_key: bool, dump: bool, hex: bool)
            -> Self {
-        let mut keys: HashMap<KeyID, key::UnspecifiedSecret>
-            = HashMap::new();
+        let mut keys = HashMap::new();
         let mut identities: HashMap<KeyID, Fingerprint> = HashMap::new();
         let mut hints: HashMap<KeyID, String> = HashMap::new();
         for tsk in secrets {