diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-10-22 16:29:33 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-10-22 16:43:51 +0200 |
commit | c677bae2a7d0875c430eb641ec7601398ced9b14 (patch) | |
tree | 138ee348861d82b6a355b24186e803dad7b73bb9 /openpgp/examples | |
parent | 5ff30d8ed398fc6c3e973773043c8211214db63c (diff) |
openpgp: Improve documentation on how to encrypt for multiple certs.
Diffstat (limited to 'openpgp/examples')
-rw-r--r-- | openpgp/examples/encrypt-for.rs | 24 | ||||
-rw-r--r-- | openpgp/examples/pad.rs | 30 |
2 files changed, 37 insertions, 17 deletions
diff --git a/openpgp/examples/encrypt-for.rs b/openpgp/examples/encrypt-for.rs index a9414a19..0b0bc998 100644 --- a/openpgp/examples/encrypt-for.rs +++ b/openpgp/examples/encrypt-for.rs @@ -40,12 +40,24 @@ fn main() -> openpgp::Result<()> { }).collect::<openpgp::Result<Vec<_>>>() .context("Failed to read key")?; - let recipients = - certs.iter() - .flat_map(|cert| { - cert.keys() - .with_policy(p, None).alive().revoked(false).key_flags(&mode) - }); + // Build a list of recipient subkeys. + let mut recipients = Vec::new(); + for cert in certs.iter() { + // Make sure we add at least one subkey from every + // certificate. + let mut found_one = false; + for key in cert.keys().with_policy(p, None) + .supported().alive().revoked(false).key_flags(&mode) + { + recipients.push(key); + found_one = true; + } + + if ! found_one { + return Err(anyhow::anyhow!("No suitable encryption subkey for {}", + cert)); + } + } // Compose a writer stack corresponding to the output format and // packet structure we want. diff --git a/openpgp/examples/pad.rs b/openpgp/examples/pad.rs index 7977c697..b90b8982 100644 --- a/openpgp/examples/pad.rs +++ b/openpgp/examples/pad.rs @@ -8,11 +8,10 @@ use anyhow::Context; use sequoia_openpgp as openpgp; -use crate::openpgp::KeyID; use crate::openpgp::types::KeyFlags; use crate::openpgp::parse::Parse; use crate::openpgp::serialize::stream::{ - Armorer, Message, LiteralWriter, Encryptor, Recipient, padding::*, + Armorer, Message, LiteralWriter, Encryptor, padding::*, }; use crate::openpgp::policy::StandardPolicy as P; @@ -38,15 +37,24 @@ fn main() -> openpgp::Result<()> { openpgp::Cert::from_file(f) }).collect::<openpgp::Result<Vec<_>>>().context("Failed to read key")?; - // Build a vector of recipients to hand to Encryptor. - let recipients = certs - .iter() - .flat_map(|cert| { - cert.keys() - .with_policy(p, None).alive().revoked(false).key_flags(&mode) - }) - .map(|ka| Recipient::new(KeyID::wildcard(), ka.key())) - .collect::<Vec<_>>(); + // Build a list of recipient subkeys. + let mut recipients = Vec::new(); + for cert in certs.iter() { + // Make sure we add at least one subkey from every + // certificate. + let mut found_one = false; + for key in cert.keys().with_policy(p, None) + .supported().alive().revoked(false).key_flags(&mode) + { + recipients.push(key); + found_one = true; + } + + if ! found_one { + return Err(anyhow::anyhow!("No suitable encryption subkey for {}", + cert)); + } + } // Compose a writer stack corresponding to the output format and // packet structure we want. |