diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2019-12-03 17:50:12 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2019-12-04 13:21:47 +0100 |
| commit | 8354d849b19170a9a2c2b97179d9aaedb6fca6cf (patch) | |
| tree | 12578d07af9c4d104571e1055e1d40af4eae99ed /openpgp/src | |
| parent | 807eee2432de52715a2e3c7167d5e859ca3315a8 (diff) | |
openpgp: Rename KeyFlag's accessors.
- Fixes #359.
Diffstat (limited to 'openpgp/src')
| -rw-r--r-- | openpgp/src/cert/bindings.rs | 8 | ||||
| -rw-r--r-- | openpgp/src/cert/builder.rs | 54 | ||||
| -rw-r--r-- | openpgp/src/cert/keyiter.rs | 22 | ||||
| -rw-r--r-- | openpgp/src/cert/mod.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/packet/signature/mod.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/packet/signature/subpacket.rs | 8 | ||||
| -rw-r--r-- | openpgp/src/parse/parse.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/parse/stream.rs | 24 | ||||
| -rw-r--r-- | openpgp/src/serialize/cert.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 10 | ||||
| -rw-r--r-- | openpgp/src/types/key_flags.rs | 90 | ||||
| -rw-r--r-- | openpgp/src/types/mod.rs | 2 |
12 files changed, 113 insertions, 113 deletions
diff --git a/openpgp/src/cert/bindings.rs b/openpgp/src/cert/bindings.rs index 2bd82f16..70ade707 100644 --- a/openpgp/src/cert/bindings.rs +++ b/openpgp/src/cert/bindings.rs @@ -35,7 +35,7 @@ impl<P: key::KeyParts> Key<P, key::SubordinateRole> { /// .mark_parts_secret()?.into_keypair()?; /// /// // Let's add an encryption subkey. - /// let flags = KeyFlags::default().set_encrypt_at_rest(true); + /// let flags = KeyFlags::default().set_storage_encryption(true); /// assert_eq!(cert.keys_valid().key_flags(flags.clone()).count(), 0); /// /// // Generate a subkey and a binding signature. @@ -156,7 +156,7 @@ impl UserID { /// # fn f() -> Result<()> { /// // Generate a Cert, and create a keypair from the primary key. /// let (alice, _) = CertBuilder::new() - /// .primary_keyflags(KeyFlags::default().set_certify(true)) + /// .primary_keyflags(KeyFlags::default().set_certification(true)) /// .add_userid("alice@example.org") /// .generate()?; /// let mut keypair = alice.primary().clone() @@ -164,7 +164,7 @@ impl UserID { /// /// // Generate a Cert for Bob. /// let (bob, _) = CertBuilder::new() - /// .primary_keyflags(KeyFlags::default().set_certify(true)) + /// .primary_keyflags(KeyFlags::default().set_certification(true)) /// .add_userid("bob@example.org") /// .generate()?; /// @@ -314,7 +314,7 @@ impl UserAttribute { /// Image::Private(100, vec![0, 1, 2].into_boxed_slice())), /// ])?; /// let (bob, _) = CertBuilder::new() - /// .primary_keyflags(KeyFlags::default().set_certify(true)) + /// .primary_keyflags(KeyFlags::default().set_certification(true)) /// .add_user_attribute(user_attr) /// .generate()?; /// diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index d9f266ad..ba534608 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -63,10 +63,10 @@ impl CipherSuite { Key4::generate_rsa(4096), CipherSuite::Cv25519 | CipherSuite::P256 | CipherSuite::P384 | CipherSuite::P521 => { - let sign = flags.can_certify() || flags.can_sign() - || flags.can_authenticate(); - let encrypt = flags.can_encrypt_for_transport() - || flags.can_encrypt_at_rest(); + let sign = flags.for_certification() || flags.for_signing() + || flags.for_authentication(); + let encrypt = flags.for_transport_encryption() + || flags.for_storage_encryption(); let curve = match self { CipherSuite::Cv25519 if sign => Curve::Ed25519, CipherSuite::Cv25519 if encrypt => Curve::Cv25519, @@ -130,7 +130,7 @@ impl CertBuilder { CertBuilder{ ciphersuite: CipherSuite::default(), primary: KeyBlueprint{ - flags: KeyFlags::default().set_certify(true), + flags: KeyFlags::default().set_certification(true), expiration: None, }, subkeys: vec![], @@ -152,16 +152,16 @@ impl CertBuilder { ciphersuite: ciphersuite.into().unwrap_or(Default::default()), primary: KeyBlueprint { flags: KeyFlags::default() - .set_certify(true) - .set_sign(true), + .set_certification(true) + .set_signing(true), expiration: Some( time::Duration::new(3 * 52 * 7 * 24 * 60 * 60, 0)), }, subkeys: vec![ KeyBlueprint { flags: KeyFlags::default() - .set_encrypt_for_transport(true) - .set_encrypt_at_rest(true), + .set_transport_encryption(true) + .set_storage_encryption(true), expiration: None, } ], @@ -191,16 +191,16 @@ impl CertBuilder { }, primary: KeyBlueprint { flags: KeyFlags::default() - .set_certify(true) - .set_sign(true), + .set_certification(true) + .set_signing(true), expiration: Some( time::Duration::new(3 * 52 * 7 * 24 * 60 * 60, 0)), }, subkeys: vec![ KeyBlueprint { flags: KeyFlags::default() - .set_encrypt_for_transport(true) - .set_encrypt_at_rest(true), + .set_transport_encryption(true) + .set_storage_encryption(true), expiration: None, } ], @@ -240,24 +240,24 @@ impl CertBuilder { /// Adds a signing capable subkey. pub fn add_signing_subkey(self) -> Self { - self.add_subkey(KeyFlags::default().set_sign(true), None) + self.add_subkey(KeyFlags::default().set_signing(true), None) } /// Adds an encryption capable subkey. pub fn add_encryption_subkey(self) -> Self { self.add_subkey(KeyFlags::default() - .set_encrypt_for_transport(true) - .set_encrypt_at_rest(true), None) + .set_transport_encryption(true) + .set_storage_encryption(true), None) } /// Adds an certification capable subkey. pub fn add_certification_subkey(self) -> Self { - self.add_subkey(KeyFlags::default().set_certify(true), None) + self.add_subkey(KeyFlags::default().set_certification(true), None) } /// Adds an authentication capable subkey. pub fn add_authentication_subkey(self) -> Self { - self.add_subkey(KeyFlags::default().set_authenticate(true), None) + self.add_subkey(KeyFlags::default().set_authentication(true), None) } /// Adds a custom subkey. @@ -308,7 +308,7 @@ impl CertBuilder { // make sure the primary key can sign subkeys if !self.subkeys.is_empty() { - self.primary.flags = self.primary.flags.set_certify(true); + self.primary.flags = self.primary.flags.set_certification(true); } // Generate & and self-sign primary key. @@ -362,14 +362,14 @@ impl CertBuilder { .set_key_expiration_time( blueprint.expiration.or(self.primary.expiration))?; - if flags.can_encrypt_for_transport() || flags.can_encrypt_at_rest() + if flags.for_transport_encryption() || flags.for_storage_encryption() { builder = builder.set_preferred_symmetric_algorithms(vec![ SymmetricAlgorithm::AES256, ])?; } - if flags.can_certify() || flags.can_sign() { + if flags.for_certification() || flags.for_signing() { builder = builder.set_preferred_hash_algorithms(vec![ HashAlgorithm::SHA512, ])?; @@ -415,7 +415,7 @@ impl CertBuilder { -> Result<(key::PublicKey, Signature)> { let key = self.ciphersuite.generate_key( - &KeyFlags::default().set_certify(true))?; + &KeyFlags::default().set_certification(true))?; let sig = signature::Builder::new(SignatureType::DirectKey) // GnuPG wants at least a 512-bit hash for P521 keys. .set_hash_algo(HashAlgorithm::SHA512) @@ -558,7 +558,7 @@ mod tests { let sig_pkts = &cert1.primary_key_signature(None).unwrap().hashed_area(); match sig_pkts.lookup(SubpacketTag::KeyFlags).unwrap().value() { - SubpacketValue::KeyFlags(ref ks) => assert!(ks.can_certify()), + SubpacketValue::KeyFlags(ref ks) => assert!(ks.for_certification()), v => panic!("Unexpected subpacket: {:?}", v), } @@ -570,12 +570,12 @@ mod tests { let (cert1, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) .primary_keyflags(KeyFlags::default()) - .add_subkey(KeyFlags::default().set_certify(true), None) + .add_subkey(KeyFlags::default().set_certification(true), None) .generate().unwrap(); let sig_pkts = cert1.subkeys().next().unwrap().self_signatures[0].hashed_area(); match sig_pkts.lookup(SubpacketTag::KeyFlags).unwrap().value() { - SubpacketValue::KeyFlags(ref ks) => assert!(ks.can_certify()), + SubpacketValue::KeyFlags(ref ks) => assert!(ks.for_certification()), v => panic!("Unexpected subpacket: {:?}", v), } @@ -636,9 +636,9 @@ mod tests { let s = std::time::Duration::new(1, 0); let (cert,_) = CertBuilder::new() .set_expiration(600 * s) - .add_subkey(KeyFlags::default().set_sign(true), + .add_subkey(KeyFlags::default().set_signing(true), 300 * s) - .add_subkey(KeyFlags::default().set_authenticate(true), + .add_subkey(KeyFlags::default().set_authentication(true), None) .generate().unwrap(); diff --git a/openpgp/src/cert/keyiter.rs b/openpgp/src/cert/keyiter.rs index 13813388..76f273d9 100644 --- a/openpgp/src/cert/keyiter.rs +++ b/openpgp/src/cert/keyiter.rs @@ -299,35 +299,35 @@ impl<'a, P: 'a + key::KeyParts, R: 'a + key::KeyRole> KeyIter<'a, P, R> /// /// See `key_flags` for caveats. pub fn for_certification(self) -> Self { - self.key_flags(KeyFlags::default().set_certify(true)) + self.key_flags(KeyFlags::default().set_certification(true)) } /// Returns keys that are signing capable. /// /// See `key_flags` for caveats. pub fn for_signing(self) -> Self { - self.key_flags(KeyFlags::default().set_sign(true)) + self.key_flags(KeyFlags::default().set_signing(true)) } /// Returns keys that are authentication capable. /// /// See `key_flags` for caveats. pub fn for_authentication(self) -> Self { - self.key_flags(KeyFlags::default().set_authenticate(true)) + self.key_flags(KeyFlags::default().set_authentication(true)) } /// Returns keys that are capable of encrypting data at rest. /// /// See `key_flags` for caveats. pub fn for_storage_encryption(self) -> Self { - self.key_flags(KeyFlags::default().set_encrypt_at_rest(true)) + self.key_flags(KeyFlags::default().set_storage_encryption(true)) } /// Returns keys that are capable of encrypting data for transport. /// /// See `key_flags` for caveats. pub fn for_transport_encryption(self) -> Self { - self.key_flags(KeyFlags::default().set_encrypt_for_transport(true)) + self.key_flags(KeyFlags::default().set_transport_encryption(true)) } /// Only returns keys that are live as of `now`. @@ -433,7 +433,7 @@ mod test { fn select_no_keys() { let (cert, _) = CertBuilder::new() .generate().unwrap(); - let flags = KeyFlags::default().set_encrypt_for_transport(true); + let flags = KeyFlags::default().set_transport_encryption(true); assert_eq!(cert.keys_all().key_flags(flags).count(), 0); } @@ -443,7 +443,7 @@ mod test { let (cert, _) = CertBuilder::new() .add_encryption_subkey() .generate().unwrap(); - let flags = KeyFlags::default().set_encrypt_for_transport(true); + let flags = KeyFlags::default().set_transport_encryption(true); assert_eq!(cert.keys_all().key_flags(flags).count(), 1); } @@ -454,7 +454,7 @@ mod test { .add_encryption_subkey() .add_signing_subkey() .generate().unwrap(); - let flags = KeyFlags::default().set_encrypt_for_transport(true); + let flags = KeyFlags::default().set_transport_encryption(true); assert_eq!(cert.keys_all().key_flags(flags).count(), 1); } @@ -464,7 +464,7 @@ mod test { let (cert, _) = CertBuilder::new() .add_encryption_subkey() .generate().unwrap(); - let flags = KeyFlags::default().set_encrypt_for_transport(true); + let flags = KeyFlags::default().set_transport_encryption(true); let now = std::time::SystemTime::now() - std::time::Duration::new(52 * 7 * 24 * 60 * 60, 0); @@ -476,7 +476,7 @@ mod test { let (cert, _) = CertBuilder::new() .add_certification_subkey() .generate().unwrap(); - let flags = KeyFlags::default().set_certify(true); + let flags = KeyFlags::default().set_certification(true); assert_eq!(cert.keys_all().key_flags(flags).count(), 2); } @@ -495,6 +495,6 @@ mod test { assert_eq!(cert.keys_valid().for_storage_encryption().count(), 1); assert_eq!(cert.keys_valid().for_signing().count(), 1); assert_eq!(cert.keys_valid().key_flags( - KeyFlags::default().set_authenticate(true)).count(), 1); + KeyFlags::default().set_authentication(true)).count(), 1); } } diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index f9d9e3b6..59ee509a 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -1418,7 +1418,7 @@ impl Cert { if ! self.subkeys.is_empty() { let pk_can_certify = self.primary_key_signature(None) - .map(|sig| sig.key_flags().can_certify()) + .map(|sig| sig.key_flags().for_certification()) .unwrap_or(true); if ! pk_can_certify { diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index 1083d423..199f7a88 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -868,7 +868,7 @@ impl Signature4 { return Ok(false); } - if ! self.key_flags().can_sign() { + if ! self.key_flags().for_signing() { // No backsig required. return Ok(true) } diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index 144e58e3..e732d17e 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -2887,8 +2887,8 @@ fn accessors() { assert_eq!(sig_.policy_uri(), Some(&b"foobar"[..])); let key_flags = KeyFlags::default() - .set_certify(true) - .set_sign(true); + .set_certification(true) + .set_signing(true); sig = sig.set_key_flags(&key_flags).unwrap(); let sig_ = sig.clone().sign_hash(&mut keypair, hash.clone()).unwrap(); @@ -3174,13 +3174,13 @@ fn subpacket_test_2() { KeyServerPreferences::default().set_no_modify(true)), })); - assert!(sig.key_flags().can_certify() && sig.key_flags().can_sign()); + assert!(sig.key_flags().for_certification() && sig.key_flags().for_signing()); assert_eq!(sig.subpacket(SubpacketTag::KeyFlags), Some(Subpacket { critical: false, tag: SubpacketTag::KeyFlags, value: SubpacketValue::KeyFlags( - KeyFlags::default().set_certify(true).set_sign(true)) + KeyFlags::default().set_certification(true).set_signing(true)) })); assert_eq!(sig.features(), Features::default().set_mdc(true)); diff --git a/openpgp/src/parse/parse.rs b/openpgp/src/parse/parse.rs index 79d09137..ac484e42 100644 --- a/openpgp/src/parse/parse.rs +++ b/openpgp/src/parse/parse.rs @@ -1010,7 +1010,7 @@ impl Signature4 { unhashed_area_len as usize)); let hash_prefix1 = php_try!(php.parse_u8("hash_prefix1")); let hash_prefix2 = php_try!(php.parse_u8("hash_prefix2")); - if ! pk_algo.can_sign() { + if ! pk_algo.for_signing() { return php.fail("not a signature algorithm"); } let mpis = php_try!( diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index 4b632601..272fc78f 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -560,13 +560,13 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { let time = time .unwrap_or_else(|| time::SystemTime::now()); - fn can_sign<P, R>(key: &Key<P, R>, sig: Option<&Signature>, - time: time::SystemTime, tolerance: time::Duration) + fn for_signing<P, R>(key: &Key<P, R>, sig: Option<&Signature>, + time: time::SystemTime, tolerance: time::Duration) -> bool where P: key::KeyParts, R: key::KeyRole { if let Some(sig) = sig { - sig.key_flags().can_sign() + sig.key_flags().for_signing() // Check expiry. && sig.signature_alive(time, tolerance) && sig.key_alive(key, time) @@ -608,17 +608,17 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { v.certs = v.helper.get_public_keys(&issuers)?; for (i, cert) in v.certs.iter().enumerate() { - if can_sign(cert.primary(), - cert.primary_key_signature(None), - time, tolerance) { + if for_signing(cert.primary(), + cert.primary_key_signature(None), + time, tolerance) { v.keys.insert(cert.fingerprint().into(), (i, 0)); v.keys.insert(cert.keyid().into(), (i, 0)); } for (j, skb) in cert.subkeys().enumerate() { let key = skb.key(); - if can_sign(key, skb.binding_signature(None), - time, tolerance) { + if for_signing(key, skb.binding_signature(None), + time, tolerance) { v.keys.insert(key.fingerprint().into(), (i, j + 1)); v.keys.insert(key.keyid().into(), @@ -1433,11 +1433,11 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { v.certs = v.helper.get_public_keys(&issuers)?; for (i, cert) in v.certs.iter().enumerate() { - let can_sign = |key: &key::UnspecifiedKey, + let for_signing = |key: &key::UnspecifiedKey, sig: Option<&Signature>| -> bool { if let Some(sig) = sig { - sig.key_flags().can_sign() + sig.key_flags().for_signing() // Check expiry. && sig.signature_alive(time, tolerance) && sig.key_alive(key, time) @@ -1446,7 +1446,7 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { } }; - if can_sign(cert.primary().into(), + if for_signing(cert.primary().into(), cert.primary_key_signature(None)) { v.keys.insert(cert.fingerprint().into(), (i, 0)); v.keys.insert(cert.keyid().into(), (i, 0)); @@ -1454,7 +1454,7 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { for (j, skb) in cert.subkeys().enumerate() { let key = skb.key(); - if can_sign(key.into(), skb.binding_signature(None)) { + if for_signing(key.into(), skb.binding_signature(None)) { v.keys.insert(key.fingerprint().into(), (i, j + 1)); v.keys.insert(key.keyid().into(), diff --git a/openpgp/src/serialize/cert.rs b/openpgp/src/serialize/cert.rs index 4503441d..79af5ed9 100644 --- a/openpgp/src/serialize/cert.rs +++ b/openpgp/src/serialize/cert.rs @@ -737,7 +737,7 @@ mod test { &mut keypair, &cert, signature::Builder::new(SignatureType::SubkeyBinding) .set_key_flags( - &KeyFlags::default().set_encrypt_for_transport(true)) + &KeyFlags::default().set_transport_encryption(true)) .unwrap() .set_exportable_certification(false).unwrap(), None).unwrap(); diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 1afdb547..f020f342 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -985,8 +985,8 @@ impl<'a> Encryptor<'a> { /// let recipient = /// cert.keys_valid() /// .key_flags(KeyFlags::default() - /// .set_encrypt_at_rest(true) - /// .set_encrypt_for_transport(true)) + /// .set_storage_encryption(true) + /// .set_transport_encryption(true)) /// .map(|(_, _, key)| key.into()) /// .nth(0).unwrap(); /// @@ -1676,7 +1676,7 @@ mod test { let mut keypair = self.tsk.keys_all() .key_flags( KeyFlags::default() - .set_encrypt_for_transport(true)) + .set_transport_encryption(true)) .map(|(_, _, key)| key).next().unwrap() .clone().mark_parts_secret().unwrap() .into_keypair().unwrap(); @@ -1704,8 +1704,8 @@ mod test { let recipient = tsk.keys_all() .key_flags(KeyFlags::default() - .set_encrypt_at_rest(true) - .set_encrypt_for_transport(true)) + .set_storage_encryption(true) + .set_transport_encryption(true)) .map(|(_, _, key)| key.into()) .nth(0).unwrap(); let encryptor = Encryptor::for_recipient(m, recipient) diff --git a/openpgp/src/types/key_flags.rs b/openpgp/src/types/key_flags.rs index af766b31..51210c32 100644 --- a/openpgp/src/types/key_flags.rs +++ b/openpgp/src/types/key_flags.rs @@ -6,11 +6,11 @@ use std::ops::{BitAnd, BitOr}; /// information. #[derive(Clone, Hash)] pub struct KeyFlags{ - can_certify: bool, - can_sign: bool, - can_encrypt_for_transport: bool, - can_encrypt_at_rest: bool, - can_authenticate: bool, + for_certification: bool, + for_signing: bool, + for_transport_encryption: bool, + for_storage_encryption: bool, + for_authentication: bool, is_split_key: bool, is_group_key: bool, unknown: Box<[u8]>, @@ -24,19 +24,19 @@ impl Default for KeyFlags { impl fmt::Debug for KeyFlags { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - if self.can_certify() { + if self.for_certification() { f.write_str("C")?; } - if self.can_sign() { + if self.for_signing() { f.write_str("S")?; } - if self.can_encrypt_for_transport() { + if self.for_transport_encryption() { f.write_str("Et")?; } - if self.can_encrypt_at_rest() { + if self.for_storage_encryption() { f.write_str("Er")?; } - if self.can_authenticate() { + if self.for_authentication() { f.write_str("A")?; } if self.is_split_key() { @@ -125,15 +125,15 @@ impl BitOr for &KeyFlags { impl KeyFlags { /// Creates a new instance from `bits`. pub fn new(bits: &[u8]) -> Self { - let can_certify = bits.get(0) + let for_certification = bits.get(0) .map(|x| x & KEY_FLAG_CERTIFY != 0).unwrap_or(false); - let can_sign = bits.get(0) + let for_signing = bits.get(0) .map(|x| x & KEY_FLAG_SIGN != 0).unwrap_or(false); - let can_encrypt_for_transport = bits.get(0) + let for_transport_encryption = bits.get(0) .map(|x| x & KEY_FLAG_ENCRYPT_FOR_TRANSPORT != 0).unwrap_or(false); - let can_encrypt_at_rest = bits.get(0) + let for_storage_encryption = bits.get(0) .map(|x| x & KEY_FLAG_ENCRYPT_AT_REST != 0).unwrap_or(false); - let can_authenticate = bits.get(0) + let for_authentication = bits.get(0) .map(|x| x & KEY_FLAG_AUTHENTICATE != 0).unwrap_or(false); let is_split_key = bits.get(0) .map(|x| x & KEY_FLAG_SPLIT_KEY != 0).unwrap_or(false); @@ -155,8 +155,8 @@ impl KeyFlags { }; KeyFlags{ - can_certify, can_sign, can_encrypt_for_transport, - can_encrypt_at_rest, can_authenticate, is_split_key, + for_certification, for_signing, for_transport_encryption, + for_storage_encryption, for_authentication, is_split_key, is_group_key, unknown: unk } } @@ -174,11 +174,11 @@ impl KeyFlags { self.unknown.clone().into() }; - if self.can_certify { ret[0] |= KEY_FLAG_CERTIFY; } - if self.can_sign { ret[0] |= KEY_FLAG_SIGN; } |