diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2019-09-06 13:47:50 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2019-09-06 16:42:12 +0200 |
| commit | 38a4d2b4ff4fc4512b31a4ff4e4ddd8a6b3c7503 (patch) | |
| tree | 469d667b6bab8333df02c7a2402b9edabbe08419 /tool/src/commands/mod.rs | |
| parent | 4d642187f1df0c9a4c60dc2355c797ebac6fcd4f (diff) | |
openpgp: Rework streaming encryptor.
- Instead of giving a set of TPKs to the encryptor, hand in a set of
recipients, which are (keyid, key)-tuples, conveniently created
from key queries over TPKs. This simplifies the encryptor, and
makes the key selection explicit.
- Drop the EncryptionMode type.
- As a nice side effect, we can now generate encrypted messages with
wildcard recipient addresses.
Diffstat (limited to 'tool/src/commands/mod.rs')
| -rw-r--r-- | tool/src/commands/mod.rs | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index 0db911ce..2fc31b6a 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -24,7 +24,7 @@ use crate::openpgp::parse::stream::{ MessageStructure, MessageLayer, }; use crate::openpgp::serialize::stream::{ - Message, Signer, LiteralWriter, Encryptor, EncryptionMode, + Message, Signer, LiteralWriter, Encryptor, Recipient, Compressor, }; use crate::openpgp::serialize::padding::{ @@ -89,6 +89,7 @@ pub fn encrypt(store: &mut store::Store, input: &mut io::Read, output: &mut io::Write, npasswords: usize, recipients: Vec<&str>, mut tpks: Vec<openpgp::TPK>, signers: Vec<openpgp::TPK>, + mode: KeyFlags, compression: &str) -> Result<()> { for r in recipients { @@ -107,8 +108,23 @@ pub fn encrypt(store: &mut store::Store, let mut signers = get_signing_keys(&signers)?; - // Build a vector of references to hand to Encryptor. + // Build a vector of references to hand to Signer. let recipients: Vec<&openpgp::TPK> = tpks.iter().collect(); + + // Build a vector of recipients to hand to Encryptor. + let mut recipient_subkeys: Vec<Recipient> = Vec::new(); + for tpk in tpks.iter() { + let mut count = 0; + for (_, _, key) in tpk.keys_valid().key_flags(mode.clone()) { + recipient_subkeys.push(key.into()); + count += 1; + } + if count == 0 { + return Err(failure::format_err!( + "Key {} has no suitable encryption key", tpk)); + } + } + let passwords_: Vec<&openpgp::crypto::Password> = passwords.iter().collect(); @@ -118,8 +134,7 @@ pub fn encrypt(store: &mut store::Store, // We want to encrypt a literal data packet. let mut sink = Encryptor::new(message, &passwords_, - &recipients, - EncryptionMode::AtRest, + recipient_subkeys, None, None) .context("Failed to create encryptor")?; |