diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2021-04-20 15:52:25 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2021-04-26 13:13:22 +0200 |
| commit | 0c349869786194214aca9ccb5f66640b28163f79 (patch) | |
| tree | 5e2895d67d7fe9c58c99c7bf6ae9eb7ff6655809 /sq | |
| parent | 7961a663239567089508c7962a6c77d22b588c3a (diff) | |
openpgp: Expose support for attested certifications.
- This is a low-level interface. We will provide nicer abstractions
in a followup.
- See #335.
Diffstat (limited to 'sq')
| -rw-r--r-- | sq/src/commands/dump.rs | 11 | ||||
| -rw-r--r-- | sq/src/commands/key.rs | 30 |
2 files changed, 13 insertions, 28 deletions
diff --git a/sq/src/commands/dump.rs b/sq/src/commands/dump.rs index 782344aa..081760a6 100644 --- a/sq/src/commands/dump.rs +++ b/sq/src/commands/dump.rs @@ -868,6 +868,17 @@ impl PacketDumper { .collect::<Vec<String>>().join(", "))?, IntendedRecipient(ref fp) => write!(output, "{} Intended Recipient: {}", i, fp)?, + AttestedCertifications(digests) => { + write!(output, "{} Attested Certifications:", i)?; + if digests.is_empty() { + writeln!(output, " None")?; + } else { + writeln!(output)?; + for d in digests { + writeln!(output, "{} {}", i, hex::encode(d))?; + } + } + }, // SubpacketValue is non-exhaustive. u => writeln!(output, "{} Unknown variant: {:?}", i, u)?, diff --git a/sq/src/commands/key.rs b/sq/src/commands/key.rs index 5dd45809..6073e886 100644 --- a/sq/src/commands/key.rs +++ b/sq/src/commands/key.rs @@ -429,15 +429,11 @@ fn attest_certifications(config: Config, m: &ArgMatches) // been standardized yet. use sequoia_openpgp::{ crypto::hash::{Hash, Digest}, - packet::signature::subpacket::*, types::HashAlgorithm, }; #[allow(non_upper_case_globals)] const SignatureType__AttestedKey: SignatureType = SignatureType::Unknown(0x16); - #[allow(non_upper_case_globals)] - const SubpacketTag__AttestedCertifications: SubpacketTag = - SubpacketTag::Unknown(37); // Attest to all certifications? let all = ! m.is_present("none"); // All is the default. @@ -495,21 +491,10 @@ fn attest_certifications(config: Config, m: &ArgMatches) uid.hash(&mut hash); for digests in attestations.chunks(digests_per_sig) { - let mut body = Vec::with_capacity(digest_size * digests.len()); - digests.iter().for_each(|d| body.extend(d)); - attestation_signatures.push( SignatureBuilder::new(SignatureType__AttestedKey) .set_signature_creation_time(t)? - .modify_hashed_area(|mut a| { - a.add(Subpacket::new( - SubpacketValue::Unknown { - tag: SubpacketTag__AttestedCertifications, - body, - }, - true)?)?; - Ok(a) - })? + .set_attested_certifications(digests)? .sign_hash(&mut pk_signer, hash.clone())?); } } @@ -538,21 +523,10 @@ fn attest_certifications(config: Config, m: &ArgMatches) ua.hash(&mut hash); for digests in attestations.chunks(digests_per_sig) { - let mut body = Vec::with_capacity(digest_size * digests.len()); - digests.iter().for_each(|d| body.extend(d)); - attestation_signatures.push( SignatureBuilder::new(SignatureType__AttestedKey) .set_signature_creation_time(t)? - .modify_hashed_area(|mut a| { - a.add(Subpacket::new( - SubpacketValue::Unknown { - tag: SubpacketTag__AttestedCertifications, - body, - }, - true)?)?; - Ok(a) - })? + .set_attested_certifications(digests)? .sign_hash(&mut pk_signer, hash.clone())?); } } |