[−][src]Struct sequoia_openpgp::cert::UserIDRevocationBuilder
A builder for revocation certificates for User ID.
A revocation certificate for a User ID has three degrees of freedom: the certificate, the key used to generate the revocation certificate, and the User ID being revoked.
Normally, the key used to sign the revocation certificate is the
certificate's primary key, and the User ID is a User ID that is
bound to the certificate. However, this is not required. For
instance, if Alice has marked Robert's certificate (R
) as a
designated revoker for her certificate (A
), then R
can
revoke A
or parts of A
. In such a case, the certificate is
A
, the key used to sign the revocation certificate comes from
R
, and the User ID being revoked is bound to A
.
But, the User ID doesn't technically need to be bound to the
certificate either. For instance, it is technically possible for
R
to create a revocation certificate for a User ID in the
context of A
, even if that User ID is not bound to A
.
Semantically, such a revocation certificate is currently
meaningless.
Examples
Revoke a User ID that is no longer valid:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; use openpgp::policy::StandardPolicy; use openpgp::types::ReasonForRevocation; use openpgp::types::RevocationStatus; use openpgp::types::SignatureType; let p = &StandardPolicy::new(); // Create and sign a revocation certificate. let mut signer = cert.primary_key().key().clone() .parts_into_secret()?.into_keypair()?; let ua = cert.userids().nth(0).unwrap(); let sig = UserIDRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::UIDRetired, b"Left example.org.")? .build(&mut signer, &cert, ua.userid(), None)?; // Merge it into the certificate. let cert = cert.merge_packets(sig.clone())?; // Now it's revoked. let ua = cert.userids().nth(0).unwrap(); if let RevocationStatus::Revoked(revocations) = ua.revocation_status(p, None) { assert_eq!(revocations.len(), 1); assert_eq!(*revocations[0], sig); } else { panic!("User ID is not revoked."); } // But the certificate isn't. assert_eq!(RevocationStatus::NotAsFarAsWeKnow, cert.revocation_status(p, None));
Implementations
impl UserIDRevocationBuilder
[src]
pub fn new() -> Self
[src]
Returns a new UserIDRevocationBuilder
.
Examples
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; let builder = UserIDRevocationBuilder::new();
pub fn set_reason_for_revocation(
self,
code: ReasonForRevocation,
reason: &[u8]
) -> Result<Self>
[src]
self,
code: ReasonForRevocation,
reason: &[u8]
) -> Result<Self>
Sets the reason for revocation.
Note: of the assigned reasons for revocation, only
ReasonForRevocation::UIDRetired
is appropriate for User
IDs. This parameter is not fixed, however, to allow the use
of the private name space.
Examples
Revoke a User ID that is no longer valid:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; use openpgp::types::ReasonForRevocation; let builder = UserIDRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::UIDRetired, b"Left example.org.");
pub fn set_signature_creation_time(
self,
creation_time: SystemTime
) -> Result<Self>
[src]
self,
creation_time: SystemTime
) -> Result<Self>
Sets the revocation certificate's creation time.
The creation time is interpreted as the time at which the User ID should be considered revoked.
You'll usually want to set this explicitly and not use the current time. In particular, if a User ID is retired, you'll want to set this to the time when the User ID was actually retired.
Examples
Create a revocation certificate for a User ID that was retired yesterday:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; let builder = UserIDRevocationBuilder::new() .set_signature_creation_time(yesterday);
pub fn build<H>(
self,
signer: &mut dyn Signer,
cert: &Cert,
userid: &UserID,
hash_algo: H
) -> Result<Signature> where
H: Into<Option<HashAlgorithm>>,
[src]
self,
signer: &mut dyn Signer,
cert: &Cert,
userid: &UserID,
hash_algo: H
) -> Result<Signature> where
H: Into<Option<HashAlgorithm>>,
Returns a signed revocation certificate.
A revocation certificate is generated for cert
and userid
and signed using signer
with the specified hash algorithm.
Normally, you should pass None
to select the default hash
algorithm.
Examples
Revoke a User ID, because the user has left the organization:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; use openpgp::policy::StandardPolicy; use openpgp::types::ReasonForRevocation; let p = &StandardPolicy::new(); // Create and sign a revocation certificate. let mut signer = cert.primary_key().key().clone() .parts_into_secret()?.into_keypair()?; let ua = cert.userids().nth(0).unwrap(); let sig = UserIDRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::UIDRetired, b"Left example.org.")? .build(&mut signer, &cert, ua.userid(), None)?;
Methods from Deref<Target = SignatureBuilder>
Trait Implementations
impl Deref for UserIDRevocationBuilder
[src]
type Target = SignatureBuilder
The resulting type after dereferencing.
fn deref(&self) -> &Self::Target
[src]
Auto Trait Implementations
impl RefUnwindSafe for UserIDRevocationBuilder
impl Send for UserIDRevocationBuilder
impl Sync for UserIDRevocationBuilder
impl Unpin for UserIDRevocationBuilder
impl UnwindSafe for UserIDRevocationBuilder
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,