diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2019-09-06 13:47:50 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2019-09-06 16:42:12 +0200 |
commit | 38a4d2b4ff4fc4512b31a4ff4e4ddd8a6b3c7503 (patch) | |
tree | 469d667b6bab8333df02c7a2402b9edabbe08419 /guide | |
parent | 4d642187f1df0c9a4c60dc2355c797ebac6fcd4f (diff) |
openpgp: Rework streaming encryptor.
- Instead of giving a set of TPKs to the encryptor, hand in a set of
recipients, which are (keyid, key)-tuples, conveniently created
from key queries over TPKs. This simplifies the encryptor, and
makes the key selection explicit.
- Drop the EncryptionMode type.
- As a nice side effect, we can now generate encrypted messages with
wildcard recipient addresses.
Diffstat (limited to 'guide')
-rw-r--r-- | guide/src/chapter_02.md | 48 |
1 files changed, 40 insertions, 8 deletions
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 7c564ff0..e29f412c 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -50,14 +50,22 @@ fn main() { # /// Encrypts the given message. # fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK) # -> openpgp::Result<()> { +# // Build a vector of recipients to hand to Encryptor. +# let recipients = +# recipient.keys_valid() +# .key_flags(KeyFlags::default() +# .set_encrypt_at_rest(true) +# .set_encrypt_for_transport(true)) +# .map(|(_, _, key)| key.into()) +# .collect::<Vec<_>>(); +# # // Start streaming an OpenPGP message. # let message = Message::new(sink); # # // We want to encrypt a literal data packet. # let encryptor = Encryptor::new(message, # &[], // No symmetric encryption. -# &[recipient], -# EncryptionMode::ForTransport, +# &recipients, # None, None)?; # # // Emit a literal data packet. @@ -186,14 +194,22 @@ fn generate() -> openpgp::Result<openpgp::TPK> { # /// Encrypts the given message. # fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK) # -> openpgp::Result<()> { +# // Build a vector of recipients to hand to Encryptor. +# let recipients = +# recipient.keys_valid() +# .key_flags(KeyFlags::default() +# .set_encrypt_at_rest(true) +# .set_encrypt_for_transport(true)) +# .map(|(_, _, key)| key.into()) +# .collect::<Vec<_>>(); +# # // Start streaming an OpenPGP message. # let message = Message::new(sink); # # // We want to encrypt a literal data packet. # let encryptor = Encryptor::new(message, # &[], // No symmetric encryption. -# &[recipient], -# EncryptionMode::ForTransport, +# &recipients, # None, None)?; # # // Emit a literal data packet. @@ -322,14 +338,22 @@ implements [`io::Write`], and we simply write the plaintext to it. /// Encrypts the given message. fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK) -> openpgp::Result<()> { + // Build a vector of recipients to hand to Encryptor. + let recipients = + recipient.keys_valid() + .key_flags(KeyFlags::default() + .set_encrypt_at_rest(true) + .set_encrypt_for_transport(true)) + .map(|(_, _, key)| key.into()) + .collect::<Vec<_>>(); + // Start streaming an OpenPGP message. let message = Message::new(sink); // We want to encrypt a literal data packet. let encryptor = Encryptor::new(message, &[], // No symmetric encryption. - &[recipient], - EncryptionMode::ForTransport, + &recipients, None, None)?; // Emit a literal data packet. @@ -472,14 +496,22 @@ Decrypted data can be read from this using [`io::Read`]. # /// Encrypts the given message. # fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK) # -> openpgp::Result<()> { +# // Build a vector of recipients to hand to Encryptor. +# let recipients = +# recipient.keys_valid() +# .key_flags(KeyFlags::default() +# .set_encrypt_at_rest(true) +# .set_encrypt_for_transport(true)) +# .map(|(_, _, key)| key.into()) +# .collect::<Vec<_>>(); +# # // Start streaming an OpenPGP message. # let message = Message::new(sink); # # // We want to encrypt a literal data packet. # let encryptor = Encryptor::new(message, # &[], // No symmetric encryption. -# &[recipient], -# EncryptionMode::ForTransport, +# &recipients, # None, None)?; # # // Emit a literal data packet. |