1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
/// Generates a key, then encrypts and decrypts a message.
use std::io::{self, Write};
extern crate sequoia_openpgp as openpgp;
use openpgp::serialize::stream::*;
use openpgp::parse::stream::*;
use openpgp::packet::key::SecretKey;
const MESSAGE: &'static str = "дружба";
fn main() {
// Generate a key.
let key = generate().unwrap();
// Encrypt the message.
let mut ciphertext = Vec::new();
encrypt(&mut ciphertext, MESSAGE, &key).unwrap();
// Decrypt the message.
let mut plaintext = Vec::new();
decrypt(&mut plaintext, &ciphertext, &key).unwrap();
assert_eq!(MESSAGE.as_bytes(), &plaintext[..]);
}
/// Generates an encryption-capable key.
fn generate() -> openpgp::Result<openpgp::TPK> {
let (tpk, _revocation) = openpgp::tpk::TPKBuilder::default()
.add_userid("someone@example.org")
.add_encryption_subkey()
.generate()?;
// Save the revocation certificate somewhere.
Ok(tpk)
}
/// Encrypts the given message.
fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK)
-> openpgp::Result<()> {
// Start streaming an OpenPGP message.
let message = Message::new(sink);
// We want to encrypt a literal data packet.
let encryptor = Encryptor::new(message,
&[], // No symmetric encryption.
&[recipient],
EncryptionMode::ForTransport)?;
// Emit a literal data packet.
let mut literal_writer = LiteralWriter::new(
encryptor, openpgp::constants::DataFormat::Binary, None, None)?;
// Encrypt the data.
literal_writer.write_all(plaintext.as_bytes())?;
// Finalize the OpenPGP message to make sure that all data is
// written.
literal_writer.finalize()?;
Ok(())
}
/// Decrypts the given message.
fn decrypt(sink: &mut Write, ciphertext: &[u8], recipient: &openpgp::TPK)
-> openpgp::Result<()> {
// Make a helper that that feeds the recipient's secret key to the
// decryptor.
let helper = Helper {
secret: recipient,
};
// Now, create a decryptor with a helper using the given TPKs.
let mut decryptor = Decryptor::from_bytes(ciphertext, helper)?;
// Decrypt the data.
io::copy(&mut decryptor, sink)?;
Ok(())
}
struct Helper<'a> {
secret: &'a openpgp::TPK,
}
impl<'a> VerificationHelper for Helper<'a> {
fn get_public_keys(&mut self, _ids: &[openpgp::KeyID])
-> openpgp::Result<Vec<openpgp::TPK>> {
// Return public keys for signature verification here.
Ok(Vec::new())
}
fn check(&mut self, _sigs: Vec<Vec<VerificationResult>>)
-> openpgp::Result<()> {
// Implement your signature verification policy here.
Ok(())
}
}
impl<'a> DecryptionHelper for Helper<'a> {
fn get_secret(&mut self,
_pkesks: &[&openpgp::packet::PKESK],
_skesks: &[&openpgp::packet::SKESK])
-> openpgp::Result<Option<Secret>>
{
// The encryption key is the first and only subkey.
let key = self.secret.subkeys().nth(0)
.map(|binding| binding.subkey().clone())
.unwrap();
// The secret key is not encrypted.
let secret =
if let Some(SecretKey::Unencrypted {
ref mpis,
}) = key.secret() {
mpis.clone()
} else {
unreachable!()
};
Ok(Some(Secret::Asymmetric {
identity: self.secret.fingerprint(),
key: key,
secret: secret,
}))
}
}
|
