| Age | Commit message (Collapse) | Author |
|---|
|
- Add a function to convert a KeyHandle to a String like there are
functions to convert a Fingerprint and a KeyID to a String.
|
|
- Add Signer::creation_time so that a user of a Signer object can
determine the signature's creation time.
|
|
- Fixes #411.
|
|
|
|
|
|
- This is better expressed as an error.
|
|
|
|
|
|
- Signature4 is only a storage format. The high-level functionality
should be implemented on the version enum.
|
|
|
|
|
|
- If the streaming verifier doesn't find a key, because it was
rejected by the policy, don't return
`VerificationResult::MissingKey`, which is misleading, return
`VerificationResult::Error` with an explanation of what happened.
|
|
|
|
|
|
|
|
|
|
- The streaming verifier needs to check not only that the key is
alive and non-revoked, but also that the certificate is alive and
non-revoked.
|
|
- Given a `KeyAmalgamation`, it is often necessary to determine the
certificate's revocation status, or whether it is alive.
- It is possible to get the `Cert` using `KeyAmalgamation::cert`,
and to query it directly, but then the referece time needs to be
provided.
- To make it harder for the user to pass the wrong reference time,
and to simplify the code, add methods to query the certificate
using the KeyAmalgamation's reference time.
|
|
- Just use `.into()`.
|
|
|
|
|
|
- When verifying a signature using the streaming verifier, try all
issuers.
|
|
- Use `ValidKeyIter::key_handles` instead of reproducing it inline.
|
|
- The lifetime of the KeyHandle iterator passed to
`KeyIter::hey_handles` and `ValidKeyIter::hey_handles` does not
need to outlive the `KeyIter` or `ValidKeyIter`.
- Give it a different lifetime.
|
|
- In the stream verifier, don't use revoked keys to verify
signatures.
|
|
- Select keys only when verifying the signatures: the relevant keys
depend on the timestamp in the signature, and different signatures
may have different time stamps.
- If the signature doens't have a Signature Creation Time stamp,
return that the signature is invalid.
|
|
- VerificationResult::NotAlive means that the signature is not
alive. This has nothing to do with a specific key. Indeed, there
might not even be a key available, but we can still detect this
error condition.
- As such, remove the cert and key fields from
VerificationResult::NotAlive.
|
|
|
|
- Add a method to KeyAmalgamation to return the key's certificate.
|
|
- Add an Error variant to VerificationResult.
|
|
- Add KeyIter::key_handle, KeyIter::key_handles,
ValidKeyIter::key_handle, and ValidKeyIter::key_handles to filter
keys by key handles.
|
|
- This is a shorter way of writing `key.fingerprint().into()`.
- Also, that doesn't always work, because the type sometimes can't
be inferred.
|
|
- Like we have functions to convert a slice of bytes to a KeyID or a
Fingerprint, and a &Fingerprint to a KeyID, add functions to
convert a &KeyID or a &Fingerprint to a KeyHandle.
|
|
- The current PartialOrd and PartialEq implementations for
KeyHandles considers KeyIDs and Fingerprints to not be equal.
Since most users of this interface expect key identifiers to be
interchangeable, this means that they have to pull KeyHandles
apart when comparing them, like this:
match (a, b) {
(KeyHandle::Fingerprint(a),
KeyHandle::Fingerprint(b)) => a == b,
(KeyHandle::Fingerprint(a),
KeyHandle::KeyID(b)) => a.keyid() == b,
...
}
This is unergonomic, and easy to forget to do.
- The obvious fix would be to change the PartialOrd and PartialEq
implementations to do this for the user. Unfortunately, this is
not possible, because they must be transitive and two
fingerprints (a and b) maybe different but have the same keyid.
That is, the following is possible:
a == keyid, b == keyid, but a != b
That makes this comparison function non-transitive and
inappropriate for the PartialOrd and PartialEq traits.
- Nevertheless, we can implement PartialOrd and PartialEq and return
None when a keyid and a fingerprint match. (A consequence of this
is that KeyHandle can no longer implement Eq or Ord.) This
prevents users of this interface from naively comparing
KeyHandles.
- Using this interface, we provide the desired, non-transitive,
comparison function via a method (KeyHandle::aliases).
- This change means that a `KeyHandle` can no longer be used as a
Key in a HashMap. In these cases, we instead use a vector.
- Fixes #412.
|
|
|
|
- Add a consuming iterator to MessageStructure.
- This requires introducing the MessageStructureIntoIter type.
|
|
- Instead of passing MessageStructure to VerificationHelper::check
by reference, pass it by value.
- After calling VerificationHelper::check, it is dropped. Passing
it by value allows the caller to avoid some cloning.
|
|
- Timestamps can be used to identify people attending a common
event, like a key signing party. By reducing the resolution of
the time stamps, we can alleviate this problem.
- Fixes #216.
|
|
- See #216.
|
|
- This can already be achieved by customizing the signature builder,
and by default the signature builder uses the current time.
|
|
|
|
|
|
- We explicitly exclude the common fields.
- See #92.
|
|
- Previously, we compared the serialized forms. This, however,
involves making heap allocations. For me, that breaks the
expectation that equality should be free of side-effects, and
fast. Compare the fields instead.
|
|
- Including the reference time in the KeyAmalgamation structure
rather than having the user supply it to the individual
methods (like `KeyAmalgamation::alive`) helps ensure that the key
is used consistent. For instance, this makes it harder to
mistakenly query key's liveness at time t, but then use the
current time to determine the key's capabilities.
|
|
|
|
|
|
- Only the amalgamation allows proper checking of a key's
properties, the binding signature alone isn't sufficient.
- Fixes #408.
|
|
|
|
- This was only implemented for the container types because
previously, the container logic was implemented in Common. That
is no longer the case and explicit forwarders for the Container
type are added.
|
