diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2021-02-22 17:53:49 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2021-02-24 11:08:00 +0100 |
commit | d203648fc03cf71da09be7a448dc00da31273ab1 (patch) | |
tree | d69453115a1927e954b81bde71df14fa9acde109 /openpgp/src/serialize/stream.rs | |
parent | 6abddcfda6a2cc0d68dae3f7cca3cb40db4e01df (diff) |
openpgp: Verify messages using the Cleartext Signature Framework.
- Implement verification of messages using the Cleartext Signature
Framework by detecting them in the armor reader, and transforming
them on the fly to inline signed messages.
- The transformation is not perfect. We need to synthesize
one-pass-signatures, but we only know the hash algorithm(s) used.
Luckily, this is the only information the packet parser needs.
- We only enable the transformation when using stream::Verifier.
The transformation is transparent to the caller. Currently, there
is no way to disable this. In the next major revision, we may add
ways to control this behavior.
- Fixes #151.
Diffstat (limited to 'openpgp/src/serialize/stream.rs')
-rw-r--r-- | openpgp/src/serialize/stream.rs | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 769221c2..015a2f04 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -951,7 +951,7 @@ impl<'a> Signer<'a> { /// /// ``` /// # fn main() -> sequoia_openpgp::Result<()> { - /// use std::io::Write; + /// use std::io::{Write, Read}; /// use sequoia_openpgp as openpgp; /// use openpgp::serialize::stream::{Message, Signer}; /// use openpgp::policy::StandardPolicy; @@ -983,6 +983,32 @@ impl<'a> Signer<'a> { /// // In reality, just io::copy() the file to be signed. /// signer.finalize()?; /// } + /// + /// // Now check the signature. + /// struct Helper<'a>(&'a openpgp::Cert); + /// impl<'a> VerificationHelper for Helper<'a> { + /// fn get_certs(&mut self, _: &[openpgp::KeyHandle]) + /// -> openpgp::Result<Vec<openpgp::Cert>> { + /// Ok(vec![self.0.clone()]) + /// } + /// + /// fn check(&mut self, structure: MessageStructure) + /// -> openpgp::Result<()> { + /// if let MessageLayer::SignatureGroup { ref results } = + /// structure.iter().nth(0).unwrap() + /// { + /// results.get(0).unwrap().as_ref().unwrap(); + /// Ok(()) + /// } else { panic!() } + /// } + /// } + /// + /// let mut verifier = VerifierBuilder::from_bytes(&sink)? + /// .with_policy(p, None, Helper(&cert))?; + /// + /// let mut content = Vec::new(); + /// verifier.read_to_end(&mut content)?; + /// assert_eq!(content, b"Make it so, number one!\n"); /// # Ok(()) } /// ``` // |