Struct sequoia_openpgp::serialize::stream::Signer[][src]

pub struct Signer<'a> { /* fields omitted */ }

Signs a message.

Signs a message with every crypto::Signer added to the streaming signer.

Implementations

impl<'a> Signer<'a>[src]

pub fn new<S>(inner: Message<'a>, signer: S) -> Self where
    S: Signer + Send + Sync + 'a, 
[src]

Creates a signer.

Signs the message with the given crypto::Signer. To create more than one signature, add more crypto::Signers using Signer::add_signer. Properties of the signatures can be tweaked using the methods of this type. Notably, to generate a detached signature (see Section 11.4 of RFC 4880), use Signer::detached. For even more control over the generated signatures, use Signer::with_template.

Examples

use std::io::{Read, Write};
use sequoia_openpgp as openpgp;
use openpgp::serialize::stream::{Message, Signer, LiteralWriter};
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();
let cert: Cert = // ...
let signing_keypair = cert.keys().secret()
    .with_policy(p, None).supported().alive().revoked(false).for_signing()
    .nth(0).unwrap()
    .key().clone().into_keypair()?;

let mut sink = vec![];
{
    let message = Message::new(&mut sink);
    let message = Signer::new(message, signing_keypair)
        // Customize the `Signer` here.
        .build()?;
    let mut message = LiteralWriter::new(message).build()?;
    message.write_all(b"Make it so, number one!")?;
    message.finalize()?;
}

// Now check the signature.
struct Helper<'a>(&'a openpgp::Cert);
impl<'a> VerificationHelper for Helper<'a> {
    fn get_certs(&mut self, _: &[openpgp::KeyHandle])
                       -> openpgp::Result<Vec<openpgp::Cert>> {
        Ok(vec![self.0.clone()])
    }

    fn check(&mut self, structure: MessageStructure)
             -> openpgp::Result<()> {
        if let MessageLayer::SignatureGroup { ref results } =
            structure.iter().nth(0).unwrap()
        {
            results.get(0).unwrap().as_ref().unwrap();
            Ok(())
        } else { panic!() }
    }
}

let mut verifier = VerifierBuilder::from_bytes(&sink)?
    .with_policy(p, None, Helper(&cert))?;

let mut message = String::new();
verifier.read_to_string(&mut message)?;
assert_eq!(&message, "Make it so, number one!");

pub fn with_template<S, T>(inner: Message<'a>, signer: S, template: T) -> Self where
    S: Signer + Send + Sync + 'a,
    T: Into<SignatureBuilder>, 
[src]

Creates a signer with a given signature template.

Signs the message with the given crypto::Signer like Signer::new, but allows more control over the generated signatures. The given signature::SignatureBuilder is used to create all the signatures.

For every signature, the creation time is set to the current time or the one specified using Signer::creation_time, the intended recipients are added (see Signer::add_intended_recipient), the issuer and issuer fingerprint subpackets are set according to the signing key, and the hash algorithm set using Signer::hash_algo is used to create the signature.

Examples

use std::io::{Read, Write};
use sequoia_openpgp as openpgp;
use openpgp::types::SignatureType;
use openpgp::packet::signature;
use openpgp::serialize::stream::{Message, Signer, LiteralWriter};

let message = Message::new(&mut sink);
let message = Signer::with_template(
    message, signing_keypair,
    signature::SignatureBuilder::new(SignatureType::Text)
        .add_notation("issuer@starfleet.command", "Jean-Luc Picard",
                      None, true)?)
    // Further customize the `Signer` here.
    .build()?;
let mut message = LiteralWriter::new(message).build()?;
message.write_all(b"Make it so, number one!")?;
message.finalize()?;

pub fn detached(self) -> Self[src]

Creates a signer for a detached signature.

Changes the Signer to create a detached signature (see Section 11.4 of RFC 4880). Note that the literal data must not be wrapped using the LiteralWriter.

This overrides any prior call to Signer::cleartext.

Examples

use std::io::Write;
use sequoia_openpgp as openpgp;
use openpgp::serialize::stream::{Message, Signer};
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let mut sink = vec![];
{
    let message = Message::new(&mut sink);
    let mut signer = Signer::new(message, signing_keypair)
        .detached()
        // Customize the `Signer` here.
        .build()?;

    // Write the data directly to the `Signer`.
    signer.write_all(b"Make it so, number one!")?;
    // In reality, just io::copy() the file to be signed.
    signer.finalize()?;
}

// Now check the signature.
struct Helper<'a>(&'a openpgp::Cert);
impl<'a> VerificationHelper for Helper<'a> {
    fn get_certs(&mut self, _: &[openpgp::KeyHandle])
                       -> openpgp::Result<Vec<openpgp::Cert>> {
        Ok(vec![self.0.clone()])
    }

    fn check(&mut self, structure: MessageStructure)
             -> openpgp::Result<()> {
        if let MessageLayer::SignatureGroup { ref results } =
            structure.iter().nth(0).unwrap()
        {
            results.get(0).unwrap().as_ref().unwrap();
            Ok(())
        } else { panic!() }
    }
}

let mut verifier = DetachedVerifierBuilder::from_bytes(&sink)?
    .with_policy(p, None, Helper(&cert))?;

verifier.verify_bytes(b"Make it so, number one!")?;

pub fn cleartext(self) -> Self[src]

Creates a signer for a cleartext signed message.

Changes the Signer to create a cleartext signed message (see Section 7 of RFC 4880). Note that the literal data must not be wrapped using the LiteralWriter. This implies ASCII armored output, do not add an Armorer to the stack.

Note:

  • If your message does not end in a newline, creating a signed message using the Cleartext Signature Framework will add one.

  • The cleartext signature framework does not hash trailing whitespace (in this case, space and tab, see Section 7.1 of RFC 4880 for more information). We align what we emit and what is being signed by trimming whitespace off of line endings.

  • That means that you can not recover a byte-accurate copy of the signed message if your message contains either a line with trailing whitespace, or no final newline. This is a limitation of the Cleartext Signature Framework, which is not designed to be reversible (see Section 7 of RFC 4880).

This overrides any prior call to Signer::detached.

Examples

use std::io::{Write, Read};
use sequoia_openpgp as openpgp;
use openpgp::serialize::stream::{Message, Signer};
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let mut sink = vec![];
{
    let message = Message::new(&mut sink);
    let mut signer = Signer::new(message, signing_keypair)
        .cleartext()
        // Customize the `Signer` here.
        .build()?;

    // Write the data directly to the `Signer`.
    signer.write_all(b"Make it so, number one!")?;
    // In reality, just io::copy() the file to be signed.
    signer.finalize()?;
}

// Now check the signature.
struct Helper<'a>(&'a openpgp::Cert);
impl<'a> VerificationHelper for Helper<'a> {
    fn get_certs(&mut self, _: &[openpgp::KeyHandle])
                       -> openpgp::Result<Vec<openpgp::Cert>> {
        Ok(vec![self.0.clone()])
    }

    fn check(&mut self, structure: MessageStructure)
             -> openpgp::Result<()> {
        if let MessageLayer::SignatureGroup { ref results } =
            structure.iter().nth(0).unwrap()
        {
            results.get(0).unwrap().as_ref().unwrap();
            Ok(())
        } else { panic!() }
    }
}

let mut verifier = VerifierBuilder::from_bytes(&sink)?
    .with_policy(p, None, Helper(&cert))?;

let mut content = Vec::new();
verifier.read_to_end(&mut content)?;
assert_eq!(content, b"Make it so, number one!\n");

pub fn add_signer<S>(self, signer: S) -> Self where
    S: Signer + Send + Sync + 'a, 
[src]

Adds an additional signer.

Can be used multiple times.

Examples

use std::io::Write;
use sequoia_openpgp as openpgp;
use openpgp::serialize::stream::{Message, Signer, LiteralWriter};


let message = Message::new(&mut sink);
let message = Signer::new(message, signing_keypair)
    .add_signer(additional_signing_keypair)
    .build()?;
let mut message = LiteralWriter::new(message).build()?;
message.write_all(b"Make it so, number one!")?;
message.finalize()?;

pub fn add_intended_recipient(self, recipient: &Cert) -> Self[src]

Adds an intended recipient.

Indicates that the given certificate is an intended recipient of this message. Can be used multiple times. This prevents Surreptitious Forwarding of encrypted and signed messages, i.e. forwarding a signed message using a different encryption context.

Examples

use std::io::Write;
use sequoia_openpgp as openpgp;
use openpgp::serialize::stream::{Message, Signer, LiteralWriter};

let recipient: Cert = // ...

let message = Message::new(&mut sink);
let message = Signer::new(message, signing_keypair)
    .add_intended_recipient(&recipient)
    .build()?;
let mut message = LiteralWriter::new(message).build()?;
message.write_all(b"Make it so, number one!")?;
message.finalize()?;

pub fn hash_algo(self, algo: HashAlgorithm) -> Result<Self>[src]

Sets the hash algorithm to use for the signatures.

Examples

use std::io::Write;
use sequoia_openpgp as openpgp;
use openpgp::types::HashAlgorithm;
use openpgp::serialize::stream::{Message, Signer, LiteralWriter};


let message = Message::new(&mut sink);
let message = Signer::new(message, signing_keypair)
    .hash_algo(HashAlgorithm::SHA384)?
    .build()?;
let mut message = LiteralWriter::new(message).build()?;
message.write_all(b"Make it so, number one!")?;
message.finalize()?;

pub fn creation_time<T: Into<SystemTime>>(self, creation_time: T) -> Self[src]

Sets the signature’s creation time to time.

Note: it is up to the caller to make sure the signing keys are actually valid as of time.

Examples

use std::io::Write;
use sequoia_openpgp as openpgp;
use openpgp::types::Timestamp;
use openpgp::serialize::stream::{Message, Signer, LiteralWriter};
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();
let cert: Cert = // ...
let signing_key = cert.keys().secret()
    .with_policy(p, None).supported().alive().revoked(false).for_signing()
    .nth(0).unwrap()
    .key();
let signing_keypair = signing_key.clone().into_keypair()?;

let message = Message::new(&mut sink);
let message = Signer::new(message, signing_keypair)
    .creation_time(Timestamp::now()
                   .round_down(None, signing_key.creation_time())?)
    .build()?;
let mut message = LiteralWriter::new(message).build()?;
message.write_all(b"Make it so, number one!")?;
message.finalize()?;

pub fn build(self) -> Result<Message<'a>>[src]

Builds the signer, returning the writer stack.

The most useful filter to push to the writer stack next is the LiteralWriter. Note, if you are creating a signed OpenPGP message (see Section 11.3 of RFC 4880), literal data must be wrapped using the LiteralWriter. On the other hand, if you are creating a detached signature (see Section 11.4 of RFC 4880), the literal data must not be wrapped using the LiteralWriter.

Examples

use std::io::Write;
use sequoia_openpgp as openpgp;
use openpgp::types::Timestamp;
use openpgp::serialize::stream::{Message, Signer};

let message = Message::new(&mut sink);
let message = Signer::new(message, signing_keypair)
    // Customize the `Signer` here.
    .build()?;

Trait Implementations

impl<'a> Debug for Signer<'a>[src]

fn fmt(&self, f: &mut Formatter<'_>) -> Result[src]

Formats the value using the given formatter. Read more

impl<'a> Write for Signer<'a>[src]

fn write(&mut self, buf: &[u8]) -> Result<usize>[src]

Write a buffer into this writer, returning how many bytes were written. Read more

fn flush(&mut self) -> Result<()>[src]

Flush this output stream, ensuring that all intermediately buffered contents reach their destination. Read more

fn write_vectored(&mut self, bufs: &[IoSlice<'_>]) -> Result<usize, Error>1.36.0[src]

Like write, except that it writes from a slice of buffers. Read more

fn is_write_vectored(&self) -> bool[src]

🔬 This is a nightly-only experimental API. (can_vector)

Determines if this Writer has an efficient write_vectored implementation. Read more

fn write_all(&mut self, buf: &[u8]) -> Result<(), Error>1.0.0[src]

Attempts to write an entire buffer into this writer. Read more

fn write_all_vectored(&mut self, bufs: &mut [IoSlice<'_>]) -> Result<(), Error>[src]

🔬 This is a nightly-only experimental API. (write_all_vectored)

Attempts to write multiple buffers into this writer. Read more

fn write_fmt(&mut self, fmt: Arguments<'_>) -> Result<(), Error>1.0.0[src]

Writes a formatted string into this writer, returning any error encountered. Read more

fn by_ref(&mut self) -> &mut Self1.0.0[src]

Creates a “by reference” adaptor for this instance of Write. Read more

Auto Trait Implementations

impl<'a> !RefUnwindSafe for Signer<'a>

impl<'a> Send for Signer<'a>

impl<'a> Sync for Signer<'a>

impl<'a> Unpin for Signer<'a>

impl<'a> !UnwindSafe for Signer<'a>

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

pub fn type_id(&self) -> TypeId[src]

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

pub fn borrow(&self) -> &T[src]

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

pub fn borrow_mut(&mut self) -> &mut T[src]

Mutably borrows from an owned value. Read more

impl<T> From<T> for T[src]

pub fn from(t: T) -> T[src]

Performs the conversion.

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

pub fn into(self) -> U[src]

Performs the conversion.

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = Infallible

The type returned in the event of a conversion error.

pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]

Performs the conversion.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

pub fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>[src]

Performs the conversion.