Expand description
Signed Secret and Public Key
Signed secret keys shall be used to sign and decrypt, whereas public keys can verify and encrypt. Note that technically secret keys also can by definition derive a public key and hence themselves perform verify and encrypt as a public key can.
Key generation is handled separately. For signing directly with an RFC 9580 compliant internal hashing, see signing and verifying based on packets.
§Sign and Verify Example
let signing_key = signed_secret_key;
let verification_key = public_key;
use pgp::Signature;
use chrono;
let now = chrono::Utc::now();
let passwd_fn = || String::new();
// simulate a digest, make sure it is a compliant produce with RFC 9580
// i.e. depending on the version one needs a special suffix / prefix
// and length encoding. The following is NOT compliant:
use sha2::{Sha256, Digest};
let digest = {
let mut hasher = Sha256::new();
hasher.update(DATA);
hasher.finalize()
};
let digest = digest.as_slice();
// creates the cryptographic core of the signature without any metadata
let signature = signing_key
.create_signature(passwd_fn, HashAlgorithm::SHA2_256, digest)
.expect("Failed to crate signature");
// the signature can already be verified
verification_key
.verify_signature(HashAlgorithm::SHA2_256, digest, &signature)
.expect("Failed to validate signature");
// wraps the signature in the appropriate package fmt ready to be serialized
let signature = Signature::v4(
types::Version::Old,
packet::SignatureType::Binary,
PublicKeyAlgorithm::RSA,
HashAlgorithm::SHA2_256,
[digest[0], digest[1]],
signature,
vec![
packet::Subpacket::regular(packet::SubpacketData::SignatureCreationTime(now)),
packet::Subpacket::regular(packet::SubpacketData::Issuer(signing_key.key_id())),
],
vec![],
);
// sign and and write the package (the package written here is NOT RFC 9580 compliant)
let mut signature_bytes = Vec::with_capacity(1024);
packet::write_packet(&mut signature_bytes, &signature)
.expect("Write must succeed");
let raw_signature = signature.signature;
verification_key
.verify_signature(HashAlgorithm::SHA2_256, digest, &raw_signature)
.expect("Verify must succeed");Structs§
- PubPriv
Iterator - Signed
KeyDetails - Shared details between secret and public keys.
- Signed
Public Key - A Public OpenPGP key (“Transferable Public Key”), complete with self-signatures (and optionally third party signatures). This format can be used to transfer a public key to other OpenPGP users.
- Signed
Public KeyParser - Parse transferable public keys from the given packets. Ref: https://www.rfc-editor.org/rfc/rfc9580.html#name-transferable-public-keys
- Signed
Public SubKey - Represents a Public PGP SubKey.
- Signed
Secret Key - Represents a secret signed PGP key.
- Signed
Secret KeyParser - Parse OpenPGP secret keys (“Transferable Secret Keys”) from the given packets. Ref: https://www.rfc-editor.org/rfc/rfc9580.html#name-transferable-secret-keys
- Signed
Secret SubKey - Represents a composed secret PGP SubKey.
Enums§
Functions§
- from_
armor_ many - Parses a list of secret and public keys from ascii armored text.
- from_
armor_ many_ buf - Parses a list of secret and public keys from ascii armored text.
- from_
bytes_ many - Parses a list of secret and public keys from raw bytes.
- from_
reader_ many - Parses a list of secret and public keys, from either ASCII-armored or binary OpenPGP data.
- from_
reader_ many_ buf