diff options
47 files changed, 1188 insertions, 553 deletions
diff --git a/examples/guide-exploring-openpgp.rs b/examples/guide-exploring-openpgp.rs index e70c6361..05a777e4 100644 --- a/examples/guide-exploring-openpgp.rs +++ b/examples/guide-exploring-openpgp.rs @@ -2,8 +2,11 @@ extern crate sequoia_openpgp as openpgp; use crate::openpgp::parse::Parse; +use crate::openpgp::policy::StandardPolicy as P; fn main() { + let p = &P::new(); + let cert = "-----BEGIN PGP PUBLIC KEY BLOCK----- @@ -52,7 +55,7 @@ fn main() { println!("Fingerprint: {}", cert.fingerprint()); // List userids. - for (i, ca) in cert.userids().policy(None).enumerate() { + for (i, ca) in cert.userids().set_policy(p, None).enumerate() { println!("{}: UID: {}, {} self-signature(s), {} certification(s)", i, ca.userid(), ca.binding().self_signatures().len(), @@ -60,7 +63,7 @@ fn main() { } // List subkeys. - for (i, ka) in cert.keys().policy(None).skip(1).enumerate() { + for (i, ka) in cert.keys().set_policy(p, None).skip(1).enumerate() { println!("{}: Fingerprint: {}, {} self-signature(s), {} certification(s)", i, ka.key().fingerprint(), ka.binding().self_signatures().len(), diff --git a/guide/src/chapter_01.md b/guide/src/chapter_01.md index 16020b6b..629515eb 100644 --- a/guide/src/chapter_01.md +++ b/guide/src/chapter_01.md @@ -17,20 +17,24 @@ extern crate sequoia_openpgp as openpgp; use openpgp::serialize::stream::*; use openpgp::packet::prelude::*; use openpgp::parse::stream::*; +use openpgp::policy::Policy; +use openpgp::policy::StandardPolicy as P; const MESSAGE: &'static str = "дружба"; fn main() { + let p = &P::new(); + // Generate a key. let key = generate().unwrap(); // Sign the message. let mut signed_message = Vec::new(); - sign(&mut signed_message, MESSAGE, &key).unwrap(); + sign(p, &mut signed_message, MESSAGE, &key).unwrap(); // Verify the message. let mut plaintext = Vec::new(); - verify(&mut plaintext, &signed_message, &key).unwrap(); + verify(p, &mut plaintext, &signed_message, &key).unwrap(); assert_eq!(MESSAGE.as_bytes(), &plaintext[..]); } @@ -48,11 +52,14 @@ fn main() { # } # # /// Signs the given message. -# fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) -# -> openpgp::Result<()> { +# fn sign(policy: &dyn Policy, +# sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) +# -> openpgp::Result<()> +# { # // Get the keypair to do the signing from the Cert. -# let keypair = tsk.keys().policy(None).alive().revoked(false).for_signing().nth(0).unwrap(). -# key().clone().mark_parts_secret().unwrap().into_keypair()?; +# let keypair = tsk.keys().set_policy(policy, None) +# .alive().revoked(false).for_signing().nth(0).unwrap() +# .key().clone().mark_parts_secret().unwrap().into_keypair()?; # # // Start streaming an OpenPGP message. # let message = Message::new(sink); @@ -74,7 +81,8 @@ fn main() { # } # # /// Verifies the given message. -# fn verify(sink: &mut Write, signed_message: &[u8], sender: &openpgp::Cert) +# fn verify(policy: &dyn Policy, +# sink: &mut Write, signed_message: &[u8], sender: &openpgp::Cert) # -> openpgp::Result<()> { # // Make a helper that that feeds the sender's public key to the # // verifier. @@ -83,7 +91,7 @@ fn main() { # }; # # // Now, create a verifier with a helper using the given Certs. -# let mut verifier = Verifier::from_bytes(signed_message, helper, None)?; +# let mut verifier = Verifier::from_bytes(policy, signed_message, helper, None)?; # # // Verify the data. # io::copy(&mut verifier, sink)?; @@ -161,22 +169,26 @@ create it: # extern crate failure; # extern crate sequoia_openpgp as openpgp; # use openpgp::serialize::stream::*; -# use openpgp::parse::stream::*; # use openpgp::packet::prelude::*; +# use openpgp::parse::stream::*; +# use openpgp::policy::Policy; +# use openpgp::policy::StandardPolicy as P; # # const MESSAGE: &'static str = "дружба"; # # fn main() { +# let p = &P::new(); +# # // Generate a key. # let key = generate().unwrap(); # # // Sign the message. # let mut signed_message = Vec::new(); -# sign(&mut signed_message, MESSAGE, &key).unwrap(); +# sign(p, &mut signed_message, MESSAGE, &key).unwrap(); # # // Verify the message. # let mut plaintext = Vec::new(); -# verify(&mut plaintext, &signed_message, &key).unwrap(); +# verify(p, &mut plaintext, &signed_message, &key).unwrap(); # # assert_eq!(MESSAGE.as_bytes(), &plaintext[..]); # } @@ -194,11 +206,14 @@ fn generate() -> openpgp::Result<openpgp::Cert> { } # # /// Signs the given message. -# fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) -# -> openpgp::Result<()> { +# fn sign(policy: &dyn Policy, +# sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) +# -> openpgp::Result<()> +# { # // Get the keypair to do the signing from the Cert. -# let keypair = tsk.keys().policy(None).alive().revoked(false).for_signing().nth(0).unwrap(). -# key().clone().mark_parts_secret().unwrap().into_keypair()?; +# let keypair = tsk.keys().set_policy(policy, None) +# .alive().revoked(false).for_signing().nth(0).unwrap() +# .key().clone().mark_parts_secret().unwrap().into_keypair()?; # # // Start streaming an OpenPGP message. # let message = Message::new(sink); @@ -220,7 +235,8 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # } # # /// Verifies the given message. -# fn verify(sink: &mut Write, signed_message: &[u8], sender: &openpgp::Cert) +# fn verify(policy: &dyn Policy, +# sink: &mut Write, signed_message: &[u8], sender: &openpgp::Cert) # -> openpgp::Result<()> { # // Make a helper that that feeds the sender's public key to the # // verifier. @@ -229,7 +245,7 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # }; # # // Now, create a verifier with a helper using the given Certs. -# let mut verifier = Verifier::from_bytes(signed_message, helper, None)?; +# let mut verifier = Verifier::from_bytes(policy, signed_message, helper, None)?; # # // Verify the data. # io::copy(&mut verifier, sink)?; @@ -309,20 +325,24 @@ implements [`io::Write`], and we simply write the plaintext to it. # use openpgp::serialize::stream::*; # use openpgp::packet::prelude::*; # use openpgp::parse::stream::*; +# use openpgp::policy::Policy; +# use openpgp::policy::StandardPolicy as P; # # const MESSAGE: &'static str = "дружба"; # # fn main() { +# let p = &P::new(); +# # // Generate a key. # let key = generate().unwrap(); # # // Sign the message. # let mut signed_message = Vec::new(); -# sign(&mut signed_message, MESSAGE, &key).unwrap(); +# sign(p, &mut signed_message, MESSAGE, &key).unwrap(); # # // Verify the message. # let mut plaintext = Vec::new(); -# verify(&mut plaintext, &signed_message, &key).unwrap(); +# verify(p, &mut plaintext, &signed_message, &key).unwrap(); # # assert_eq!(MESSAGE.as_bytes(), &plaintext[..]); # } @@ -340,11 +360,14 @@ implements [`io::Write`], and we simply write the plaintext to it. # } # /// Signs the given message. -fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) - -> openpgp::Result<()> { +fn sign(policy: &dyn Policy, + sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) + -> openpgp::Result<()> +{ // Get the keypair to do the signing from the Cert. - let keypair = tsk.keys().policy(None).alive().revoked(false).for_signing().nth(0).unwrap(). - key().clone().mark_parts_secret().unwrap().into_keypair()?; + let keypair = tsk.keys().set_policy(policy, None) + .alive().revoked(false).for_signing().nth(0).unwrap() + .key().clone().mark_parts_secret().unwrap().into_keypair()?; // Start streaming an OpenPGP message. let message = Message::new(sink); @@ -366,7 +389,8 @@ fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) } # # /// Verifies the given message. -# fn verify(sink: &mut Write, signed_message: &[u8], sender: &openpgp::Cert) +# fn verify(policy: &dyn Policy, +# sink: &mut Write, signed_message: &[u8], sender: &openpgp::Cert) # -> openpgp::Result<()> { # // Make a helper that that feeds the sender's public key to the # // verifier. @@ -375,7 +399,7 @@ fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) # }; # # // Now, create a verifier with a helper using the given Certs. -# let mut verifier = Verifier::from_bytes(signed_message, helper, None)?; +# let mut verifier = Verifier::from_bytes(policy, signed_message, helper, None)?; # # // Verify the data. # io::copy(&mut verifier, sink)?; @@ -466,20 +490,24 @@ Verified data can be read from this using [`io::Read`]. # use openpgp::serialize::stream::*; # use openpgp::packet::prelude::*; # use openpgp::parse::stream::*; +# use openpgp::policy::Policy; +# use openpgp::policy::StandardPolicy as P; # # const MESSAGE: &'static str = "дружба"; # # fn main() { +# let p = &P::new(); +# # // Generate a key. # let key = generate().unwrap(); # # // Sign the message. # let mut signed_message = Vec::new(); -# sign(&mut signed_message, MESSAGE, &key).unwrap(); +# sign(p, &mut signed_message, MESSAGE, &key).unwrap(); # # // Verify the message. # let mut plaintext = Vec::new(); -# verify(&mut plaintext, &signed_message, &key).unwrap(); +# verify(p, &mut plaintext, &signed_message, &key).unwrap(); # # assert_eq!(MESSAGE.as_bytes(), &plaintext[..]); # } @@ -497,11 +525,14 @@ Verified data can be read from this using [`io::Read`]. # } # # /// Signs the given message. -# fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) -# -> openpgp::Result<()> { +# fn sign(policy: &dyn Policy, +# sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) +# -> openpgp::Result<()> +# { # // Get the keypair to do the signing from the Cert. -# let keypair = tsk.keys().policy(None).alive().revoked(false).for_signing().nth(0).unwrap(). -# key().clone().mark_parts_secret().unwrap().into_keypair()?; +# let keypair = tsk.keys().set_policy(policy, None) +# .alive().revoked(false).for_signing().nth(0).unwrap() +# .key().clone().mark_parts_secret().unwrap().into_keypair()?; # # // Start streaming an OpenPGP message. # let message = Message::new(sink); @@ -523,7 +554,8 @@ Verified data can be read from this using [`io::Read`]. # } # /// Verifies the given message. -fn verify(sink: &mut Write, signed_message: &[u8], sender: &openpgp::Cert) +fn verify(policy: &dyn Policy, + sink: &mut Write, signed_message: &[u8], sender: &openpgp::Cert) -> openpgp::Result<()> { // Make a helper that that feeds the sender's public key to the // verifier. @@ -532,7 +564,7 @@ fn verify(sink: &mut Write, signed_message: &[u8], sender: &openpgp::Cert) }; // Now, create a verifier with a helper using the given Certs. - let mut verifier = Verifier::from_bytes(signed_message, helper, None)?; + let mut verifier = Verifier::from_bytes(policy, signed_message, helper, None)?; // Verify the data. io::copy(&mut verifier, sink)?; diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 697f93cf..6f18c59c 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -16,20 +16,24 @@ use openpgp::crypto::SessionKey; use openpgp::types::SymmetricAlgorithm; use openpgp::serialize::stream::*; use openpgp::parse::stream::*; +use openpgp::policy::Policy; +use openpgp::policy::StandardPolicy as P; const MESSAGE: &'static str = "дружба"; fn main() { + let p = &P::new(); + // Generate a key. let key = generate().unwrap(); // Encrypt the message. let mut ciphertext = Vec::new(); - encrypt(&mut ciphertext, MESSAGE, &key).unwrap(); + encrypt(p, &mut ciphertext, MESSAGE, &key).unwrap(); // Decrypt the message. let mut plaintext = Vec::new(); - decrypt(&mut plaintext, &ciphertext, &key).unwrap(); + decrypt(p, &mut plaintext, &ciphertext, &key).unwrap(); assert_eq!(MESSAGE.as_bytes(), &plaintext[..]); } @@ -47,11 +51,12 @@ fn main() { # } # # /// Encrypts the given message. -# fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::Cert) +# fn encrypt(policy: &dyn Policy, +# sink: &mut Write, plaintext: &str, recipient: &openpgp::Cert) # -> openpgp::Result<()> { # // Build a vector of recipients to hand to Encryptor. # let mut recipients = -# recipient.keys().policy(None).alive().revoked(false) +# recipient.keys().set_policy(policy, None).alive().revoked(false) # .for_transport_encryption() # .map(|ka| ka.key().into()) # .collect::<Vec<_>>(); @@ -81,16 +86,18 @@ fn main() { # } # # /// Decrypts the given message. -# fn decrypt(sink: &mut Write, ciphertext: &[u8], recipient: &openpgp::Cert) +# fn decrypt(policy: &dyn Policy, +# sink: &mut Write, ciphertext: &[u8], recipient: &openpgp::Cert) # -> openpgp::Result<()> { # // Make a helper that that feeds the recipient's secret key to the # // decryptor. # let helper = Helper { +# policy: policy, # secret: recipient, # }; # # // Now, create a decryptor with a helper using the given Certs. -# let mut decryptor = Decryptor::from_bytes(ciphertext, helper, None)?; +# let mut decryptor = Decryptor::from_bytes(policy, ciphertext, helper, None)?; # # // Decrypt the data. # io::copy(&mut decryptor, sink)?; @@ -99,6 +106,7 @@ fn main() { # } # # struct Helper<'a> { +# policy: &'a dyn Policy, # secret: &'a openpgp::Cert, # } # @@ -125,7 +133,7 @@ fn main() { # where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> # { # // The encryption key is the first and only subkey. -# let key = self.secret.keys().policy(None) +# let key = self.secret.keys().set_policy(self.policy, None) # .for_transport_encryption().nth(0).unwrap().key().clone(); # # // The secret key is not encrypted. @@ -156,20 +164,24 @@ create it: # use openpgp::types::SymmetricAlgorithm; # use openpgp::serialize::stream::*; # use openpgp::parse::stream::*; +# use openpgp::policy::Policy; +# use openpgp::policy::StandardPolicy as P; # # const MESSAGE: &'static str = "дружба"; # # fn main() { +# let p = &P::new(); +# # // Generate a key. # let key = generate().unwrap(); # # // Encrypt the message. # let mut ciphertext = Vec::new(); -# encrypt(&mut ciphertext, MESSAGE, &key).unwrap(); +# encrypt(p, &mut ciphertext, MESSAGE, &key).unwrap(); # # // Decrypt the message. # let mut plaintext = Vec::new(); -# decrypt(&mut plaintext, &ciphertext, &key).unwrap(); +# decrypt(p, &mut plaintext, &ciphertext, &key).unwrap(); # # assert_eq!(MESSAGE.as_bytes(), &plaintext[..]); # } @@ -187,11 +199,12 @@ fn generate() -> openpgp::Result<openpgp::Cert> { } # # /// Encrypts the given message. -# fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::Cert) +# fn encrypt(policy: &dyn Policy, +# sink: &mut Write, plaintext: &str, recipient: &openpgp::Cert) # -> openpgp::Result<()> { # // Build a vector of recipients to hand to Encryptor. # let mut recipients = -# recipient.keys().policy(None).alive().revoked(false) +# recipient.keys().set_policy(policy, None).alive().revoked(false) # .for_transport_encryption() # .map(|ka| ka.key().into()) # .collect::<Vec<_>>(); @@ -221,16 +234,18 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # } # # /// Decrypts the given message. -# fn decrypt(sink: &mut Write, ciphertext: &[u8], recipient: &openpgp::Cert) +# fn decrypt(policy: &dyn Policy, +# sink: &mut Write, ciphertext: &[u8], recipient: &openpgp::Cert) # -> openpgp::Result<()> { # // Make a helper that that feeds the recipient's secret key to the # // decryptor. # let helper = Helper { +# policy: policy, # secret: recipient, # }; # # // Now, create a decryptor with a helper using the given Certs. -# let mut decryptor = Decryptor::from_bytes(ciphertext, helper, None)?; +# let mut decryptor = Decryptor::from_bytes(policy, ciphertext, helper, None)?; # # // Decrypt the data. # io::copy(&mut decryptor, sink)?; @@ -239,6 +254,7 @@ fn generate() -> openpgp::Result<openpgp::Cert> { |