[−][src]Enum sequoia_openpgp::types::RevocationType
Describes whether a ReasonForRevocation
should be consider hard
or soft.
A hard revocation is a revocation that indicates that the key was somehow compromised, and the provence of all artifacts should be called into question.
A soft revocation is a revocation that indicates that the key
should be considered invalid after the revocation signature's
creation time. KeySuperseded
, KeyRetired
, and UIDRetired
are considered soft revocations.
Examples
A certificate is considered to be revoked when a hard revocation is present even if it is not live at the specified time.
Here, a certificate is generated at t0
and then revoked later at t2
.
At t1
(t0
< t1
< t2
) depending on the revocation type it will be
either considered revoked (hard revocation) or not revoked (soft revocation):
use std::time::{Duration, SystemTime}; use openpgp::cert::prelude::*; use openpgp::types::{RevocationStatus, ReasonForRevocation}; use openpgp::policy::StandardPolicy; let p = &StandardPolicy::new(); let t0 = SystemTime::now(); let (cert, _) = CertBuilder::general_purpose(None, Some("alice@example.org")) .set_creation_time(t0) .generate()?; let t2 = t0 + Duration::from_secs(3600); let mut signer = cert.primary_key().key().clone() .parts_into_secret()?.into_keypair()?; // Create a hard revocation (KeyCompromised): let sig = CertRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::KeyCompromised, b"The butler did it :/")? .set_signature_creation_time(t2)? .build(&mut signer, &cert, None)?; let t1 = t0 + Duration::from_secs(1200); let cert1 = cert.clone().merge_packets(sig.clone())?; assert_eq!(cert1.revocation_status(p, Some(t1)), RevocationStatus::Revoked(vec![ &sig.into() ])); // Create a soft revocation (KeySuperseded): let sig = CertRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::KeySuperseded, b"Migrated to key XYZ")? .set_signature_creation_time(t2)? .build(&mut signer, &cert, None)?; let t1 = t0 + Duration::from_secs(1200); let cert2 = cert.clone().merge_packets(sig.clone())?; assert_eq!(cert2.revocation_status(p, Some(t1)), RevocationStatus::NotAsFarAsWeKnow);
Variants
A hard revocation.
Artifacts stemming from the revoked object should not be trusted.
A soft revocation.
Artifacts stemming from the revoked object after the revocation time should not be trusted. Earlier objects should be considered okay.
Only KeySuperseded
, KeyRetired
, and UIDRetired
are
considered soft revocations. All other reasons for
revocations including unknown reasons are considered hard
revocations.
Trait Implementations
impl Clone for RevocationType
[src]
fn clone(&self) -> RevocationType
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
impl Copy for RevocationType
[src]
impl Debug for RevocationType
[src]
impl Eq for RevocationType
[src]
impl PartialEq<RevocationType> for RevocationType
[src]
fn eq(&self, other: &RevocationType) -> bool
[src]
#[must_use]fn ne(&self, other: &Rhs) -> bool
1.0.0[src]
impl StructuralEq for RevocationType
[src]
impl StructuralPartialEq for RevocationType
[src]
Auto Trait Implementations
impl RefUnwindSafe for RevocationType
impl Send for RevocationType
impl Sync for RevocationType
impl Unpin for RevocationType
impl UnwindSafe for RevocationType
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> DynClone for T where
T: Clone,
[src]
T: Clone,
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,