[−][src]Struct sequoia_openpgp::cert::SubkeyRevocationBuilder
A builder for revocation certificates for subkeys.
A revocation certificate for a subkey has three degrees of freedom: the certificate, the key used to generate the revocation certificate, and the subkey being revoked.
Normally, the key used to sign the revocation certificate is the
certificate's primary key, and the subkey is a subkey that is
bound to the certificate. However, this is not required. For
instance, if Alice has marked Robert's certificate (R
) as a
designated revoker for her certificate (A
), then R
can
revoke A
or parts of A
. In such a case, the certificate is
A
, the key used to sign the revocation certificate comes from
R
, and the subkey being revoked is bound to A
.
But, the subkey doesn't technically need to be bound to the
certificate either. For instance, it is technically possible for
R
to create a revocation certificate for a subkey in the context
of A
, even if that subkey is not bound to A
. Semantically,
such a revocation certificate is currently meaningless.
Examples
Revoke a subkey, which is now considered to be too weak:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; use openpgp::policy::StandardPolicy; use openpgp::types::ReasonForRevocation; use openpgp::types::RevocationStatus; use openpgp::types::SignatureType; let p = &StandardPolicy::new(); // Create and sign a revocation certificate. let mut signer = cert.primary_key().key().clone() .parts_into_secret()?.into_keypair()?; let subkey = cert.keys().subkeys().nth(0).unwrap(); let sig = SubkeyRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::KeyRetired, b"Revoking due to the recent crypto vulnerabilities.")? .build(&mut signer, &cert, subkey.key(), None)?; // Merge it into the certificate. let cert = cert.merge_packets(sig.clone())?; // Now it's revoked. let subkey = cert.keys().subkeys().nth(0).unwrap(); if let RevocationStatus::Revoked(revocations) = subkey.revocation_status(p, None) { assert_eq!(revocations.len(), 1); assert_eq!(*revocations[0], sig); } else { panic!("Subkey is not revoked."); } // But the certificate isn't. assert_eq!(RevocationStatus::NotAsFarAsWeKnow, cert.revocation_status(p, None));
Implementations
impl SubkeyRevocationBuilder
[src]
pub fn new() -> Self
[src]
Returns a new SubkeyRevocationBuilder
.
Examples
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; let builder = SubkeyRevocationBuilder::new();
pub fn set_reason_for_revocation(
self,
code: ReasonForRevocation,
reason: &[u8]
) -> Result<Self>
[src]
self,
code: ReasonForRevocation,
reason: &[u8]
) -> Result<Self>
Sets the reason for revocation.
Examples
Revoke a possibly compromised subkey:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; use openpgp::types::ReasonForRevocation; let builder = SubkeyRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::KeyCompromised, b"I lost my smartcard.");
pub fn set_signature_creation_time(
self,
creation_time: SystemTime
) -> Result<Self>
[src]
self,
creation_time: SystemTime
) -> Result<Self>
Sets the revocation certificate's creation time.
The creation time is interpreted as the time at which the subkey should be considered revoked. For a soft revocation, artifacts created prior to the revocation are still considered valid.
You'll usually want to set this explicitly and not use the current time. In particular, if a subkey is compromised, you'll want to set this to the time when the compromise happened.
Examples
Create a revocation certificate for a subkey that was compromised yesterday:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; let builder = SubkeyRevocationBuilder::new() .set_signature_creation_time(yesterday);
pub fn build<H, P>(
self,
signer: &mut dyn Signer,
cert: &Cert,
key: &Key<P, SubordinateRole>,
hash_algo: H
) -> Result<Signature> where
H: Into<Option<HashAlgorithm>>,
P: KeyParts,
[src]
self,
signer: &mut dyn Signer,
cert: &Cert,
key: &Key<P, SubordinateRole>,
hash_algo: H
) -> Result<Signature> where
H: Into<Option<HashAlgorithm>>,
P: KeyParts,
Returns a signed revocation certificate.
A revocation certificate is generated for cert
and key
and
signed using signer
with the specified hash algorithm.
Normally, you should pass None
to select the default hash
algorithm.
Examples
Revoke a subkey, which is now considered to be too weak:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; use openpgp::policy::StandardPolicy; use openpgp::types::ReasonForRevocation; let p = &StandardPolicy::new(); // Create and sign a revocation certificate. let mut signer = cert.primary_key().key().clone() .parts_into_secret()?.into_keypair()?; let subkey = cert.keys().subkeys().nth(0).unwrap(); let sig = SubkeyRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::KeyRetired, b"Revoking due to the recent crypto vulnerabilities.")? .build(&mut signer, &cert, subkey.key(), None)?;
Methods from Deref<Target = SignatureBuilder>
pub fn version(&self) -> u8
[src]
Gets the version.
pub fn typ(&self) -> SignatureType
[src]
Gets the signature type.
pub fn pk_algo(&self) -> PublicKeyAlgorithm
[src]
Gets the public key algorithm.
pub fn hash_algo(&self) -> HashAlgorithm
[src]
Gets the hash algorithm.
Trait Implementations
impl Deref for SubkeyRevocationBuilder
[src]
type Target = SignatureBuilder
The resulting type after dereferencing.
fn deref(&self) -> &Self::Target
[src]
Auto Trait Implementations
impl RefUnwindSafe for SubkeyRevocationBuilder
impl Send for SubkeyRevocationBuilder
impl Sync for SubkeyRevocationBuilder
impl Unpin for SubkeyRevocationBuilder
impl UnwindSafe for SubkeyRevocationBuilder
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,