diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-02-18 11:05:09 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-02-18 11:23:03 +0100 |
| commit | 32174f69cd4d94b4f621f3273781d487e97fa031 (patch) | |
| tree | 0d3aaec16fbd743609cce0539f55422daabb596c /tool/src/commands/mod.rs | |
| parent | 363110b87dd5228e5a22f336fa96fc53a17149be (diff) | |
openpgp: Improve tracking of secret keys.
- We use marker traits to track with the type system if a Key has
secret key material attached. Previously, it was possible to
subvert that by taking the secret key material using
Key4::set_secret, creating a Key4<SecretParts, ..> without any
secrets.
- Related, the accessor functions returned an
Option<SecretKeyMaterial> even for Key4<SecretParts, ..>.
- Replace set_secret by add_secret and take_secret that also change
the Key's type accordingly. Make the accessors infallible if we
know we have a secret key, rename Key4<P, R>::secret to
Key4<P, R>::optional_secret to make the distinction clear.
- Fixes #435.
Diffstat (limited to 'tool/src/commands/mod.rs')
| -rw-r--r-- | tool/src/commands/mod.rs | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index d6c6f2b5..db2c4f10 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -55,7 +55,7 @@ fn get_signing_keys(certs: &[openpgp::Cert], p: &dyn Policy, .for_signing() .map(|ka| ka.key()) { - if let Some(secret) = key.secret() { + if let Some(secret) = key.optional_secret() { let unencrypted = match secret { SecretKeyMaterial::Encrypted(ref e) => { let password = rpassword::read_password_from_tty(Some( |