diff options
| -rw-r--r-- | openpgp-ffi/src/tpk.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/autocrypt.rs | 12 | ||||
| -rw-r--r-- | openpgp/src/crypto/hash.rs | 6 | ||||
| -rw-r--r-- | openpgp/src/packet/key/mod.rs | 6 | ||||
| -rw-r--r-- | openpgp/src/packet/signature/mod.rs | 12 | ||||
| -rw-r--r-- | openpgp/src/parse/stream.rs | 4 | ||||
| -rw-r--r-- | openpgp/src/serialize/mod.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/serialize/tpk.rs | 46 | ||||
| -rw-r--r-- | openpgp/src/tpk/bindings.rs | 22 | ||||
| -rw-r--r-- | openpgp/src/tpk/builder.rs | 12 | ||||
| -rw-r--r-- | openpgp/src/tpk/keyiter.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/tpk/mod.rs | 84 | ||||
| -rw-r--r-- | openpgp/src/tpk/parser/mod.rs | 8 | ||||
| -rw-r--r-- | sqv/src/sqv.rs | 2 | ||||
| -rw-r--r-- | tool/src/commands/decrypt.rs | 4 | ||||
| -rw-r--r-- | tool/src/commands/inspect.rs | 4 |
16 files changed, 130 insertions, 98 deletions
diff --git a/openpgp-ffi/src/tpk.rs b/openpgp-ffi/src/tpk.rs index 0d59bf00..613dc2d4 100644 --- a/openpgp-ffi/src/tpk.rs +++ b/openpgp-ffi/src/tpk.rs @@ -149,7 +149,7 @@ fn pgp_tpk_as_tsk(tpk: *const TPK) -> *mut TSK<'static> { #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" fn pgp_tpk_primary_key(tpk: *const TPK) -> *const Key { let key : &self::openpgp::packet::key::UnspecifiedKey - = tpk.ref_raw().primary().key().into(); + = tpk.ref_raw().primary().into(); key.move_into_raw() } diff --git a/openpgp/src/autocrypt.rs b/openpgp/src/autocrypt.rs index e2ae988f..6c1186ec 100644 --- a/openpgp/src/autocrypt.rs +++ b/openpgp/src/autocrypt.rs @@ -106,8 +106,8 @@ impl AutocryptHeader { let mut acc = Vec::new(); // The primary key and the most recent selfsig. - acc.push(tpk.primary().key().clone().into()); - tpk.primary().selfsigs().iter().take(1) + acc.push(tpk.primary().clone().into()); + tpk.direct_signatures().iter().take(1) .for_each(|s| acc.push(s.clone().into())); // The subkeys and the most recent selfsig. @@ -906,7 +906,7 @@ In the light of the Efail vulnerability I am asking myself if it's let tpk = ac.headers[0].key.as_ref() .expect("Failed to parse key material."); - assert_eq!(tpk.primary().key().fingerprint(), + assert_eq!(tpk.primary().fingerprint(), Fingerprint::from_hex( &"156962B0F3115069ACA970C68E3B03A279B772D6"[..]).unwrap()); assert_eq!(tpk.userids().next().unwrap().userid().value(), @@ -929,7 +929,7 @@ In the light of the Efail vulnerability I am asking myself if it's let tpk = ac.headers[0].key.as_ref() .expect("Failed to parse key material."); - assert_eq!(tpk.primary().key().fingerprint(), + assert_eq!(tpk.primary().fingerprint(), Fingerprint::from_hex( &"D4AB192964F76A7F8F8A9B357BD18320DEADFA11"[..]).unwrap()); assert_eq!(tpk.userids().next().unwrap().userid().value(), @@ -952,7 +952,7 @@ In the light of the Efail vulnerability I am asking myself if it's let tpk = ac.headers[0].key.as_ref() .expect("Failed to parse key material."); - assert_eq!(tpk.primary().key().fingerprint(), + assert_eq!(tpk.primary().fingerprint(), Fingerprint::from_hex( &"4F9F89F5505AC1D1A260631CDB1187B9DD5F693B"[..]).unwrap()); assert_eq!(tpk.userids().next().unwrap().userid().value(), @@ -1085,7 +1085,7 @@ In the light of the Efail vulnerability I am asking myself if it's let tpk = ac.headers[0].key.as_ref() .expect("Failed to parse key material."); - assert_eq!(&tpk.primary().key().fingerprint().to_string(), + assert_eq!(&tpk.primary().fingerprint().to_string(), "3E88 77C8 7727 4692 9751 89F5 D03F 6F86 5226 FE8B"); assert_eq!(tpk.userids().len(), 1); assert_eq!(tpk.subkeys().len(), 1); diff --git a/openpgp/src/crypto/hash.rs b/openpgp/src/crypto/hash.rs index 34189653..b7c19c9b 100644 --- a/openpgp/src/crypto/hash.rs +++ b/openpgp/src/crypto/hash.rs @@ -463,7 +463,7 @@ mod test { for selfsig in binding.selfsigs() { let h = Signature::userid_binding_hash( selfsig, - tpk.primary().key(), + tpk.primary(), binding.userid()).unwrap(); if &h[..2] != selfsig.hash_prefix() { eprintln!("{:?}: {:?} / {:?}", @@ -479,7 +479,7 @@ mod test { for selfsig in binding.selfsigs() { let h = Signature::user_attribute_binding_hash( selfsig, - tpk.primary().key(), + tpk.primary(), binding.user_attribute()).unwrap(); if &h[..2] != selfsig.hash_prefix() { eprintln!("{:?}: {:?} / {:?}", @@ -495,7 +495,7 @@ mod test { for selfsig in binding.selfsigs() { let h = Signature::subkey_binding_hash( selfsig, - tpk.primary().key(), + tpk.primary(), binding.key()).unwrap(); if &h[..2] != selfsig.hash_prefix() { eprintln!("{:?}: {:?}", i, binding); diff --git a/openpgp/src/packet/key/mod.rs b/openpgp/src/packet/key/mod.rs index 0c134e70..22636759 100644 --- a/openpgp/src/packet/key/mod.rs +++ b/openpgp/src/packet/key/mod.rs @@ -42,10 +42,10 @@ //! # .generate()?; //! // Get a handle to the TPK's primary key that allows using the //! // secret key material. -//! let sk : &key::SecretKey = tpk.primary().key().into(); +//! let sk : &key::SecretKey = tpk.primary().into(); //! //! // Make the conversion explicit. -//! let sk : &key::SecretKey = tpk.primary().key().mark_parts_secret_ref(); +//! let sk : &key::SecretKey = tpk.primary().mark_parts_secret_ref(); //! # Ok(()) //! # } //! ``` @@ -1255,7 +1255,7 @@ mod tests { fn encrypted_rsa_key() { let tpk = TPK::from_bytes( crate::tests::key("testy-new-encrypted-with-123.pgp")).unwrap(); - let mut pair = tpk.primary().key().clone(); + let mut pair = tpk.primary().clone(); let pk_algo = pair.pk_algo(); let secret = pair.secret.as_mut().unwrap(); diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index eed113f4..38902527 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -1222,9 +1222,9 @@ mod test { crate::tests::message(test.data)).unwrap(); while let PacketParserResult::Some(pp) = ppr { if let Packet::Signature(ref sig) = pp.packet { - let result = sig.verify(tpk.primary().key()).unwrap_or(false); + let result = sig.verify(tpk.primary()).unwrap_or(false); eprintln!(" Primary {:?}: {:?}", - tpk.primary().key().fingerprint(), result); + tpk.primary().fingerprint(), result); if result { good += 1; } @@ -1282,7 +1282,7 @@ mod test { "emmelie-dorothea-dina-samantha-awina-ed25519-private.pgp", ] { let tpk = TPK::from_bytes(crate::tests::key(key)).unwrap(); - let mut pair = tpk.primary().key().clone() + let mut pair = tpk.primary().clone() .mark_parts_secret() .into_keypair() .expect("secret key is encrypted/missing"); @@ -1339,7 +1339,7 @@ mod test { panic!("Expected a Signature, got: {:?}", p); }; - assert!(sig.verify_message(tpk.primary().key(), &msg[..]).unwrap()); + assert!(sig.verify_message(tpk.primary(), &msg[..]).unwrap()); } #[test] @@ -1399,7 +1399,7 @@ mod test { let cert = &uid_binding.certifications()[0]; assert_eq!(cert.verify_userid_binding(cert_key1, - test2.primary().key(), + test2.primary(), uid_binding.userid()).ok(), Some(true)); } @@ -1483,7 +1483,7 @@ mod test { if let Packet::Signature(sig) = p { let digest = Signature::standalone_hash(&sig).unwrap(); eprintln!("{}", crate::conversions::hex::encode(&digest)); - assert!(sig.verify_timestamp(alpha.primary().key()).unwrap()); + assert!(sig.verify_timestamp(alpha.primary()).unwrap()); } else { panic!("expected a signature packet"); } diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index 6a1246af..4a97134b 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -518,7 +518,7 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { v.tpks = v.helper.get_public_keys(&issuers)?; for (i, tpk) in v.tpks.iter().enumerate() { - if can_sign(tpk.primary().key(), + if can_sign(tpk.primary(), tpk.primary_key_signature(None), t) { v.keys.insert(tpk.keyid(), (i, 0)); } @@ -1305,7 +1305,7 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { } }; - if can_sign(tpk.primary().key().into(), + if can_sign(tpk.primary().into(), tpk.primary_key_signature(None)) { v.keys.insert(tpk.keyid(), (i, 0)); } diff --git a/openpgp/src/serialize/mod.rs b/openpgp/src/serialize/mod.rs index fe1a901d..6b3b5f1e 100644 --- a/openpgp/src/serialize/mod.rs +++ b/openpgp/src/serialize/mod.rs @@ -2937,7 +2937,7 @@ mod test { use crate::tpk::TPKBuilder; let (tpk, _) = TPKBuilder::new().generate().unwrap(); - let mut keypair = tpk.primary().key().clone().mark_parts_secret() + let mut keypair = tpk.primary().clone().mark_parts_secret() .into_keypair().unwrap(); let uid = UserID::from("foo"); diff --git a/openpgp/src/serialize/tpk.rs b/openpgp/src/serialize/tpk.rs index f020e128..82b87c23 100644 --- a/openpgp/src/serialize/tpk.rs +++ b/openpgp/src/serialize/tpk.rs @@ -25,7 +25,7 @@ impl TPK { fn serialize_common(&self, o: &mut dyn std::io::Write, export: bool) -> Result<()> { - PacketRef::PublicKey(self.primary().key()).serialize(o)?; + PacketRef::PublicKey(self.primary()).serialize(o)?; // Writes a signature if it is exportable or `! export`. let serialize_sig = @@ -41,16 +41,16 @@ impl TPK { Ok(()) }; - for s in self.primary().selfsigs() { + for s in self.direct_signatures() { serialize_sig(o, s)?; } - for s in self.primary().self_revocations() { + for s in self.self_revocations() { serialize_sig(o, s)?; } - for s in self.primary().other_revocations() { + for s in self.other_revocations() { serialize_sig(o, s)?; } - for s in self.primary().certifications() { + for s in self.certifications() { serialize_sig(o, s)?; } @@ -158,18 +158,18 @@ impl TPK { impl SerializeInto for TPK { fn serialized_len(&self) -> usize { let mut l = 0; - l += PacketRef::PublicKey(self.primary().key()).serialized_len(); + l += PacketRef::PublicKey(self.primary()).serialized_len(); - for s in self.primary().selfsigs() { + for s in self.direct_signatures() { l += PacketRef::Signature(s).serialized_len(); } - for s in self.primary().self_revocations() { + for s in self.self_revocations() { l += PacketRef::Signature(s).serialized_len(); } - for s in self.primary().other_revocations() { + for s in self.other_revocations() { l += PacketRef::Signature(s).serialized_len(); } - for s in self.primary().certifications() { + for s in self.certifications() { l += PacketRef::Signature(s).serialized_len(); } @@ -322,13 +322,13 @@ impl<'a> TSK<'a> { /// let mut buf = Vec::new(); /// tpk.as_tsk() /// .set_filter( - /// |k| k == tpk.primary().key() + /// |k| k == tpk.primary() /// .mark_parts_secret_ref().mark_role_unspecified_ref()) /// .serialize(&mut buf)?; /// /// let tpk_ = TPK::from_bytes(&buf)?; /// assert_eq!(tpk_.keys_valid().secret(true).count(), 1); - /// assert!(tpk_.primary().key().secret().is_some()); + /// assert!(tpk_.primary().secret().is_some()); /// # Ok(()) } pub fn set_filter<P>(mut self, predicate: P) -> Self where P: 'a + Fn(&'a key::UnspecifiedSecret) -> bool @@ -383,19 +383,19 @@ impl<'a> TSK<'a> { _ => unreachable!(), } }; - serialize_key(o, self.tpk.primary().key().into(), + serialize_key(o, self.tpk.primary().into(), Tag::PublicKey, Tag::SecretKey)?; - for s in self.tpk.primary().selfsigs() { + for s in self.tpk.direct_signatures() { serialize_sig(o, s)?; } - for s in self.tpk.primary().self_revocations() { + for s in self.tpk.self_revocations() { serialize_sig(o, s)?; } - for s in self.tpk.primary().certifications() { + for s in self.tpk.certifications() { serialize_sig(o, s)?; } - for s in self.tpk.primary().other_revocations() { + for s in self.tpk.other_revocations() { serialize_sig(o, s)?; } @@ -536,19 +536,19 @@ impl<'a> SerializeInto for TSK<'a> { packet.serialized_len() }; - l += serialized_len_key(self.tpk.primary().key().into(), + l += serialized_len_key(self.tpk.primary().into(), Tag::PublicKey, Tag::SecretKey); - for s in self.tpk.primary().selfsigs() { + for s in self.tpk.direct_signatures() { l += PacketRef::Signature(s).serialized_len(); } - for s in self.tpk.primary().self_revocations() { + for s in self.tpk.self_revocations() { l += PacketRef::Signature(s).serialized_len(); } - for s in self.tpk.primary().other_revocations() { + for s in self.tpk.other_revocations() { l += PacketRef::Signature(s).serialized_len(); } - for s in self.tpk.primary().certifications() { + for s in self.tpk.certifications() { l += PacketRef::Signature(s).serialized_len(); } @@ -726,7 +726,7 @@ mod test { }; let (tpk, _) = TPKBuilder::new().generate().unwrap(); - let mut keypair = tpk.primary().key().clone().mark_parts_secret() + let mut keypair = tpk.primary().clone().mark_parts_secret() .into_keypair().unwrap(); let key: key::SecretSubkey = diff --git a/openpgp/src/tpk/bindings.rs b/openpgp/src/tpk/bindings.rs index 3caf80eb..e85d1e7f 100644 --- a/openpgp/src/tpk/bindings.rs +++ b/openpgp/src/tpk/bindings.rs @@ -29,7 +29,7 @@ impl Key<key::PublicParts, key::SubordinateRole> { /// # fn f() -> Result<()> { /// // Generate a TPK, and create a keypair from the primary key. /// let (tpk, _) = TPKBuilder::new().generate()?; - /// let mut keypair = tpk.primary().key().clone() + /// let mut keypair = tpk.primary().clone() /// .mark_parts_secret().into_keypair()?; /// /// // Let's add an encryption subkey. @@ -64,7 +64,7 @@ impl Key<key::PublicParts, key::SubordinateRole> { .set_issuer_fingerprint(signer.public().fingerprint())? .set_issuer(signer.public().keyid())? .sign_subkey_binding( - signer, tpk.primary().key(), self, + signer, tpk.primary(), self, hash_algo.into().unwrap_or(HashAlgorithm::SHA512)) } @@ -90,7 +90,7 @@ impl Key<key::PublicParts, key::SubordinateRole> { /// let (tpk, _) = TPKBuilder::new() /// .add_encryption_subkey() /// .generate()?; - /// let mut keypair = tpk.primary().key().clone() + /// let mut keypair = tpk.primary().clone() /// .mark_parts_secret().into_keypair()?; /// /// // Generate the revocation for the first and only Subkey. @@ -156,7 +156,7 @@ impl UserID { /// # fn f() -> Result<()> { /// // Generate a TPK, and create a keypair from the primary key. /// let (tpk, _) = TPKBuilder::new().generate()?; - /// let mut keypair = tpk.primary().key().clone() + /// let mut keypair = tpk.primary().clone() /// .mark_parts_secret().into_keypair()?; /// assert_eq!(tpk.userids().len(), 0); /// @@ -186,7 +186,7 @@ impl UserID { .set_issuer_fingerprint(signer.public().fingerprint())? .set_issuer(signer.public().keyid())? .sign_userid_binding( - signer, tpk.primary().key(), self, + signer, tpk.primary(), self, hash_algo.into().unwrap_or(HashAlgorithm::SHA512)) } @@ -221,7 +221,7 @@ impl UserID { /// .primary_keyflags(KeyFlags::default().set_certify(true)) /// .add_userid("alice@example.org") /// .generate()?; - /// let mut keypair = alice.primary().key().clone() + /// let mut keypair = alice.primary().clone() /// .mark_parts_secret().into_keypair()?; /// /// // Generate a TPK for Bob. @@ -290,7 +290,7 @@ impl UserID { /// let (tpk, _) = TPKBuilder::new() /// .add_userid("some@example.org") /// .generate()?; - /// let mut keypair = tpk.primary().key().clone() + /// let mut keypair = tpk.primary().clone() /// .mark_parts_secret().into_keypair()?; /// /// // Generate the revocation for the first and only UserID. @@ -358,7 +358,7 @@ impl UserAttribute { /// // Generate a TPK, and create a keypair from the primary key. /// let (tpk, _) = TPKBuilder::new() /// .generate()?; - /// let mut keypair = tpk.primary().key().clone() + /// let mut keypair = tpk.primary().clone() /// .mark_parts_secret().into_keypair()?; /// assert_eq!(tpk.userids().len(), 0); /// @@ -391,7 +391,7 @@ impl UserAttribute { .set_issuer_fingerprint(signer.public().fingerprint())? .set_issuer(signer.public().keyid())? .sign_user_attribute_binding( - signer, tpk.primary().key(), self, + signer, tpk.primary(), self, hash_algo.into().unwrap_or(HashAlgorithm::SHA512)) } @@ -426,7 +426,7 @@ impl UserAttribute { /// let (alice, _) = TPKBuilder::new() /// .add_userid("alice@example.org") /// .generate()?; - /// let mut keypair = alice.primary().key().clone() + /// let mut keypair = alice.primary().clone() /// .mark_parts_secret().into_keypair()?; /// /// // Generate a TPK for Bob. @@ -505,7 +505,7 @@ impl UserAttribute { /// let (tpk, _) = TPKBuilder::new() /// .add_user_attribute(user_attr) /// .generate()?; - /// let mut keypair = tpk.primary().key().clone() + /// let mut keypair = tpk.primary().clone() /// .mark_parts_secret().into_keypair()?; /// /// // Generate the revocation for the first and only UserAttribute. diff --git a/openpgp/src/tpk/builder.rs b/openpgp/src/tpk/builder.rs index 5a74ea81..fff5663b 100644 --- a/openpgp/src/tpk/builder.rs +++ b/openpgp/src/tpk/builder.rs @@ -460,14 +460,14 @@ mod tests { .set_cipher_suite(CipherSuite::RSA3k) .set_cipher_suite(CipherSuite::Cv25519) .generate().unwrap(); - assert_eq!(tpk1.primary().key().pk_algo(), PublicKeyAlgorithm::EdDSA); + assert_eq!(tpk1.primary().pk_algo(), PublicKeyAlgorithm::EdDSA); let (tpk2, _) = TPKBuilder::new() .set_cipher_suite(CipherSuite::RSA3k) .add_userid("test2@example.com") .add_encryption_subkey() .generate().unwrap(); - assert_eq!(tpk2.primary().key().pk_algo(), + assert_eq!(tpk2.primary().pk_algo(), PublicKeyAlgorithm::RSAEncryptSign); assert_eq!(tpk2.subkeys().next().unwrap().key().pk_algo(), PublicKeyAlgorithm::RSAEncryptSign); @@ -478,7 +478,7 @@ mod tests { let (tpk1, _) = TPKBuilder::new() .add_userid("test2@example.com") .generate().unwrap(); - assert_eq!(tpk1.primary().key().pk_algo(), + assert_eq!(tpk1.primary().pk_algo(), PublicKeyAlgorithm::EdDSA); assert!(tpk1.subkeys().next().is_none()); if let Some(sig) = tpk1.primary_key_signature(None) { @@ -494,7 +494,7 @@ mod tests { let (tpk1, _) = TPKBuilder::autocrypt(Autocrypt::V1, Some("Foo")) .generate().unwrap(); - assert_eq!(tpk1.primary().key().pk_algo(), + assert_eq!(tpk1.primary().pk_algo(), PublicKeyAlgorithm::RSAEncryptSign); assert_eq!(tpk1.subkeys().next().unwrap().key().pk_algo(), PublicKeyAlgorithm::RSAEncryptSign); @@ -506,7 +506,7 @@ mod tests { let (tpk1, _) = TPKBuilder::autocrypt(Autocrypt::V1_1, Some("Foo")) .generate().unwrap(); - assert_eq!(tpk1.primary().key().pk_algo(), + assert_eq!(tpk1.primary().pk_algo(), PublicKeyAlgorithm::EdDSA); assert_eq!(tpk1.subkeys().next().unwrap().key().pk_algo(), PublicKeyAlgorithm::ECDH); @@ -590,7 +590,7 @@ mod tests { .set_cipher_suite(CipherSuite::Cv25519) .set_password(Some(String::from("streng geheim").into())) .generate().unwrap(); - assert!(tpk.primary().key().secret().unwrap().is_encrypted()); + assert!(tpk.primary().secret().unwrap().is_encrypted()); } #[test] diff --git a/openpgp/src/tpk/keyiter.rs b/openpgp/src/tpk/keyiter.rs index 98a0b57c..f5b4e5ee 100644 --- a/openpgp/src/tpk/keyiter.rs +++ b/openpgp/src/tpk/keyiter.rs @@ -97,7 +97,7 @@ impl<'a, P: 'a + key::KeyParts, R: 'a + key::KeyRole> Iterator (tpk.primary_key_signature(None), tpk.revoked(None), - tpk.primary().key().into()) + tpk.primary().into()) } else { self.subkey_iter.next() .map(|sk_binding| (sk_binding.binding_signature(None), diff --git a/openpgp/src/tpk/mod.rs b/openpgp/src/tpk/mod.rs index 8f01ab24..37fbc51f 100644 --- a/openpgp/src/tpk/mod.rs +++ b/openpgp/src/tpk/mod.rs @@ -748,7 +748,7 @@ impl Ord for UnknownBinding impl fmt::Display for TPK { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", self.primary().key().fingerprint()) + write!(f, "{}", self.primary().fingerprint()) } } @@ -954,7 +954,7 @@ pub type UnknownBindings = ComponentBindings<Unknown>; /// # let ppr = PacketParser::from_bytes(&b""[..])?; /// match TPK::from_packet_parser(ppr) { /// Ok(tpk) => { -/// println!("Key: {}", tpk.primary().key()); +/// println!("Key: {}", tpk.primary()); /// for binding in tpk.userids() { /// println!("User ID: {}", binding.userid()); /// } @@ -1017,8 +1017,8 @@ impl TPK { /// information is not contained in the key binding. Instead, you /// should use methods like `TPK::primary_key_signature()` to get /// information about the primary key. - pub fn primary(&self) -> &PrimaryKeyBinding<key::PublicParts> { - &self.primary + pub fn primary(&self) -> &key::PublicKey { + &self.primary.key() } /// Returns the binding for the primary User ID at time `t`. @@ -1166,6 +1166,38 @@ impl TPK { } } + /// The direct signatures. + /// + /// All revocations are validated, and they are sorted by their + /// creation time. + pub fn direct_signatures(&self) -> &[Signature] { + &self.primary.selfsigs + } + + /// Third-party certifications. + /// + /// The signatures are *not* validated. They are sorted by their + /// creation time. + pub fn certifications(&self) -> &[Signature] { + &self.primary.certifications + } + + /// Revocations issued by the key itself. + /// + /// All revocations are validated, and they are sorted by their + /// creation time. + pub fn self_revocations(&self) -> &[Signature] { + &self.primary.self_revocations + } + + /// Revocations issued by other keys. + /// + /// The revocations are *not* validated. They are sorted by their + /// creation time. + pub fn other_revocations(&self) -> &[Signature] { + &self.primary.other_revocations + } + /// Returns the TPK's revocation status at time `t`. /// /// A TPK is revoked at time `t` if: @@ -1209,7 +1241,7 @@ impl TPK { /// assert_eq!(RevocationStatus::NotAsFarAsWeKnow, /// tpk.revoked(None)); /// - /// let mut keypair = tpk.primary().key().clone() + /// let mut keypair = tpk.primary().clone() /// .mark_parts_secret().into_keypair()?; /// let sig = tpk.revoke(&mut keypair, ReasonForRevocation::KeyCompromised, /// b"It was the maid :/")?; @@ -1228,7 +1260,7 @@ impl TPK { // Recompute the signature. let hash_algo = HashAlgorithm::SHA512; let mut hash = hash_algo.context()?; - let pair = self.primary().key(); + let pair = self.primary(); pair.hash(&mut hash); signature::Builder::new(SignatureType::KeyRevocation) @@ -1260,7 +1292,7 @@ impl TPK { /// assert_eq!(RevocationStatus::NotAsFarAsWeKnow, /// tpk.revoked(None)); /// - /// let mut keypair = tpk.primary().key().clone() + /// let mut keypair = tpk.primary().clone() /// .mark_parts_secret().into_keypair()?; /// let tpk = tpk.revoke_in_place(&mut keypair, /// ReasonForRevocation::KeyCompromised, @@ -1292,7 +1324,7 @@ impl TPK { { let t = t.into(); if let Some(Signature::V4(sig)) = self.primary_key_signature(t) |