From c677bae2a7d0875c430eb641ec7601398ced9b14 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Thu, 22 Oct 2020 16:29:33 +0200
Subject: openpgp: Improve documentation on how to encrypt for multiple certs.

---
 openpgp/examples/encrypt-for.rs | 24 ++++++++++++++++++------
 openpgp/examples/pad.rs         | 30 +++++++++++++++++++-----------
 2 files changed, 37 insertions(+), 17 deletions(-)

(limited to 'openpgp/examples')

diff --git a/openpgp/examples/encrypt-for.rs b/openpgp/examples/encrypt-for.rs
index a9414a19..0b0bc998 100644
--- a/openpgp/examples/encrypt-for.rs
+++ b/openpgp/examples/encrypt-for.rs
@@ -40,12 +40,24 @@ fn main() -> openpgp::Result<()> {
     }).collect::<openpgp::Result<Vec<_>>>()
     .context("Failed to read key")?;
 
-    let recipients =
-        certs.iter()
-        .flat_map(|cert| {
-            cert.keys()
-                .with_policy(p, None).alive().revoked(false).key_flags(&mode)
-        });
+    // Build a list of recipient subkeys.
+    let mut recipients = Vec::new();
+    for cert in certs.iter() {
+        // Make sure we add at least one subkey from every
+        // certificate.
+        let mut found_one = false;
+        for key in cert.keys().with_policy(p, None)
+            .supported().alive().revoked(false).key_flags(&mode)
+        {
+            recipients.push(key);
+            found_one = true;
+        }
+
+        if ! found_one {
+            return Err(anyhow::anyhow!("No suitable encryption subkey for {}",
+                                       cert));
+        }
+    }
 
     // Compose a writer stack corresponding to the output format and
     // packet structure we want.
diff --git a/openpgp/examples/pad.rs b/openpgp/examples/pad.rs
index 7977c697..b90b8982 100644
--- a/openpgp/examples/pad.rs
+++ b/openpgp/examples/pad.rs
@@ -8,11 +8,10 @@ use anyhow::Context;
 
 use sequoia_openpgp as openpgp;
 
-use crate::openpgp::KeyID;
 use crate::openpgp::types::KeyFlags;
 use crate::openpgp::parse::Parse;
 use crate::openpgp::serialize::stream::{
-    Armorer, Message, LiteralWriter, Encryptor, Recipient, padding::*,
+    Armorer, Message, LiteralWriter, Encryptor, padding::*,
 };
 use crate::openpgp::policy::StandardPolicy as P;
 
@@ -38,15 +37,24 @@ fn main() -> openpgp::Result<()> {
         openpgp::Cert::from_file(f)
     }).collect::<openpgp::Result<Vec<_>>>().context("Failed to read key")?;
 
-    // Build a vector of recipients to hand to Encryptor.
-    let recipients = certs
-        .iter()
-        .flat_map(|cert| {
-            cert.keys()
-                .with_policy(p, None).alive().revoked(false).key_flags(&mode)
-        })
-        .map(|ka| Recipient::new(KeyID::wildcard(), ka.key()))
-        .collect::<Vec<_>>();
+    // Build a list of recipient subkeys.
+    let mut recipients = Vec::new();
+    for cert in certs.iter() {
+        // Make sure we add at least one subkey from every
+        // certificate.
+        let mut found_one = false;
+        for key in cert.keys().with_policy(p, None)
+            .supported().alive().revoked(false).key_flags(&mode)
+        {
+            recipients.push(key);
+            found_one = true;
+        }
+
+        if ! found_one {
+            return Err(anyhow::anyhow!("No suitable encryption subkey for {}",
+                                       cert));
+        }
+    }
 
     // Compose a writer stack corresponding to the output format and
     // packet structure we want.
-- 
cgit v1.2.3