1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
use sequoia_openpgp as openpgp;
use openpgp::cert::Cert;
use openpgp::policy::StandardPolicy;
use openpgp::serialize::stream::{
padding::Padder, Armorer, Encryptor, LiteralWriter, Message, Signer,
};
use std::io::Write;
/// Encrypt with password, using a minimal writer stack.
pub fn encrypt_with_password(
bytes: &[u8],
password: &str,
) -> openpgp::Result<Vec<u8>> {
let mut sink = vec![];
let message =
Encryptor::with_passwords(Message::new(&mut sink), Some(password))
.build()?;
let mut w = LiteralWriter::new(message).build()?;
w.write_all(bytes)?;
w.finalize()?;
Ok(sink)
}
/// Encrypt ignoring revocation or expiration.
/// Uses a minimal writer stack.
pub fn encrypt_to_cert(
bytes: &[u8],
cert: &Cert,
) -> openpgp::Result<Vec<u8>> {
let mut sink = vec![];
let p = &StandardPolicy::new();
let recipients = cert
.keys()
.with_policy(p, None)
.supported()
.for_transport_encryption()
.for_storage_encryption();
let message =
Encryptor::for_recipients(Message::new(&mut sink), recipients)
.build()?;
let mut w = LiteralWriter::new(message).build()?;
w.write_all(bytes)?;
w.finalize()?;
Ok(sink)
}
/// Sign ignoring revocation or expiration.
pub fn sign(bytes: &[u8], sender: &Cert) -> openpgp::Result<Vec<u8>> {
let mut sink = vec![];
let p = &StandardPolicy::new();
let signing_keypair = sender
.keys()
.with_policy(p, None)
.secret()
.for_signing()
.nth(0)
.unwrap()
.key()
.clone()
.into_keypair()?;
let message = Message::new(&mut sink);
let message = Signer::new(message, signing_keypair).build()?;
let mut w = LiteralWriter::new(message).build()?;
w.write_all(bytes)?;
w.finalize()?;
Ok(sink)
}
/// Encrypt and sign, ignoring revocation or expiration.
/// Uses a realistic writer stac with padding and armor.
pub fn encrypt_to_cert_and_sign(
bytes: &[u8],
sender: &Cert,
recipient: &Cert,
) -> openpgp::Result<Vec<u8>> {
let mut sink = vec![];
let p = &StandardPolicy::new();
let signing_keypair = sender
.keys()
.with_policy(p, None)
.secret()
.for_signing()
.nth(0)
.unwrap()
.key()
.clone()
.into_keypair()?;
let recipients = recipient
.keys()
.with_policy(p, None)
.supported()
.for_transport_encryption()
.for_storage_encryption();
let message = Message::new(&mut sink);
let message = Armorer::new(message).build()?;
let message = Encryptor::for_recipients(message, recipients).build()?;
let message = Padder::new(message).build()?;
let message = Signer::new(message, signing_keypair)
//.add_intended_recipient(&recipient)
.build()?;
let mut w = LiteralWriter::new(message).build()?;
w.write_all(bytes)?;
w.finalize()?;
Ok(sink)
}
|