Enum sequoia_openpgp::types::RevocationType [−][src]
pub enum RevocationType { Hard, Soft, }
Describes whether a ReasonForRevocation
should be consider hard
or soft.
A hard revocation is a revocation that indicates that the key was somehow compromised, and the provence of all artifacts should be called into question.
A soft revocation is a revocation that indicates that the key
should be considered invalid after the revocation signature’s
creation time. KeySuperseded
, KeyRetired
, and UIDRetired
are considered soft revocations.
Examples
A certificate is considered to be revoked when a hard revocation is present even if it is not live at the specified time.
Here, a certificate is generated at t0
and then revoked later at t2
.
At t1
(t0
< t1
< t2
) depending on the revocation type it will be
either considered revoked (hard revocation) or not revoked (soft revocation):
use std::time::{Duration, SystemTime}; use openpgp::cert::prelude::*; use openpgp::types::{RevocationStatus, ReasonForRevocation}; use openpgp::policy::StandardPolicy; let p = &StandardPolicy::new(); let t0 = SystemTime::now(); let (cert, _) = CertBuilder::general_purpose(None, Some("alice@example.org")) .set_creation_time(t0) .generate()?; let t2 = t0 + Duration::from_secs(3600); let mut signer = cert.primary_key().key().clone() .parts_into_secret()?.into_keypair()?; // Create a hard revocation (KeyCompromised): let sig = CertRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::KeyCompromised, b"The butler did it :/")? .set_signature_creation_time(t2)? .build(&mut signer, &cert, None)?; let t1 = t0 + Duration::from_secs(1200); let cert1 = cert.clone().insert_packets(sig.clone())?; assert_eq!(cert1.revocation_status(p, Some(t1)), RevocationStatus::Revoked(vec![&sig.into()])); // Create a soft revocation (KeySuperseded): let sig = CertRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::KeySuperseded, b"Migrated to key XYZ")? .set_signature_creation_time(t2)? .build(&mut signer, &cert, None)?; let t1 = t0 + Duration::from_secs(1200); let cert2 = cert.clone().insert_packets(sig.clone())?; assert_eq!(cert2.revocation_status(p, Some(t1)), RevocationStatus::NotAsFarAsWeKnow);
Variants
A hard revocation.
Artifacts stemming from the revoked object should not be trusted.
A soft revocation.
Artifacts stemming from the revoked object after the revocation time should not be trusted. Earlier objects should be considered okay.
Only KeySuperseded
, KeyRetired
, and UIDRetired
are
considered soft revocations. All other reasons for
revocations including unknown reasons are considered hard
revocations.
Trait Implementations
impl Clone for RevocationType
[src]
impl Clone for RevocationType
[src]fn clone(&self) -> RevocationType
[src]
fn clone(&self) -> RevocationType
[src]Returns a copy of the value. Read more
fn clone_from(&mut self, source: &Self)
1.0.0[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]Performs copy-assignment from source
. Read more
impl Debug for RevocationType
[src]
impl Debug for RevocationType
[src]impl PartialEq<RevocationType> for RevocationType
[src]
impl PartialEq<RevocationType> for RevocationType
[src]impl Copy for RevocationType
[src]
impl Eq for RevocationType
[src]
impl StructuralEq for RevocationType
[src]
impl StructuralPartialEq for RevocationType
[src]
Auto Trait Implementations
impl RefUnwindSafe for RevocationType
impl Send for RevocationType
impl Sync for RevocationType
impl Unpin for RevocationType
impl UnwindSafe for RevocationType
Blanket Implementations
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]pub fn borrow_mut(&mut self) -> &mut T
[src]
pub fn borrow_mut(&mut self) -> &mut T
[src]Mutably borrows from an owned value. Read more
impl<T> Same<T> for T
impl<T> Same<T> for T
type Output = T
type Output = T
Should always be Self
impl<T> ToOwned for T where
T: Clone,
[src]
impl<T> ToOwned for T where
T: Clone,
[src]type Owned = T
type Owned = T
The resulting type after obtaining ownership.
pub fn to_owned(&self) -> T
[src]
pub fn to_owned(&self) -> T
[src]Creates owned data from borrowed data, usually by cloning. Read more
pub fn clone_into(&self, target: &mut T)
[src]
pub fn clone_into(&self, target: &mut T)
[src]🔬 This is a nightly-only experimental API. (toowned_clone_into
)
recently added
Uses borrowed data to replace owned data, usually by cloning. Read more