diff options
Diffstat (limited to 'openpgp/src/packet/key.rs')
| -rw-r--r-- | openpgp/src/packet/key.rs | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/openpgp/src/packet/key.rs b/openpgp/src/packet/key.rs index 4003e507..87745997 100644 --- a/openpgp/src/packet/key.rs +++ b/openpgp/src/packet/key.rs @@ -110,6 +110,7 @@ use crate::crypto::Password; use crate::KeyID; use crate::Fingerprint; use crate::KeyHandle; +use crate::policy::HashAlgoSecurity; mod conversions; @@ -832,6 +833,35 @@ impl<P, R> Key4<P, R> where P: key::KeyParts, R: key::KeyRole, { + /// The security requirements of the hash algorithm for + /// self-signatures. + /// + /// A cryptographic hash algorithm usually has [three security + /// properties]: pre-image resistance, second pre-image + /// resistance, and collision resistance. If an attacker can + /// influence the signed data, then the hash algorithm needs to + /// have both second pre-image resistance, and collision + /// resistance. If not, second pre-image resistance is + /// sufficient. + /// + /// [three security properties]: https://en.wikipedia.org/wiki/Cryptographic_hash_function#Properties + /// + /// In general, an attacker may be able to influence third-party + /// signatures. But direct key signatures, and binding signatures + /// are only over data fully determined by signer. And, an + /// attacker's control over self signatures over User IDs is + /// limited due to their structure. + /// + /// These observations can be used to extend the life of a hash + /// algorithm after its collision resistance has been partially + /// compromised, but not completely broken. For more details, + /// please refer to the documentation for [HashAlgoSecurity]. + /// + /// [HashAlgoSecurity]: ../policy/enum.HashAlgoSecurity.html + pub fn hash_algo_security(&self) -> HashAlgoSecurity { + HashAlgoSecurity::SecondPreImageResistance + } + /// Compares the public bits of two keys. /// /// This returns `Ordering::Equal` if the public MPIs, creation |