Struct Uninit

pub struct Uninit { /* private fields */ }

A CA instance that has a database, which is (possibly) not initialized yet. No backend for private key operations is available at this stage.

Implementations

impl Uninit

pub fn new(db_url: Option<&str>) -> Result<Self>

Instantiate a new Uninit object (with db, but without private key backend).

This CA may be fully uninitialized and not be linked to a CA key yet.

The SQLite backend filename can be configured:

• explicitly via the db_url parameter, or
• the environment variable OPENPGP_CA_DB.

pub fn init_softkey( self, domainname: &str, name: Option<&str>, cipher_suite: Option<CipherSuite>, ) -> Result<Oca>

Init CA with softkey backend.

This generates a new OpenPGP Key for the Admin role and stores the private Key in the OpenPGP CA database.

domainname is the domain that this CA Admin is in charge of, name is a descriptive name for the CA Admin

pub fn init_card_generate_on_card( self, ident: &str, domain: &str, name: Option<&str>, algo: Option<AlgoSimple>, ) -> Result<Oca>

Init CA with OpenPGP card backend. Generate key material on the card.

This assumes that:

• all key slots on the card are currently empty
• the PINs are set to their default values (User PIN is ‘123456’, Admin PIN is ‘12345678’)

The User PIN is changed to a new, random 8-digit value and persisted in the CA database.

The user is encouraged to change the Admin PIN to a different setting.

pub fn init_card_generate_on_host( self, ident: &str, domain: &str, name: Option<&str>, cipher_suite: Option<CipherSuite>, ) -> Result<(Oca, String)>

pub fn init_card_import_card( self, card_ident: &str, user_pin: &str, domain: &str, ca_cert: &[u8], ) -> Result<Oca>

Import the CA’s public key and use it with a pre-initialized OpenPGP card.

pub fn init_card_import_key( self, card_ident: &str, domain: &str, ca_key: &[u8], ) -> Result<Oca>

Import existing CA private key onto a blank OpenPGP card.

pub fn migrate_card_import_key(self, card_ident: &str) -> Result<Oca>

Migrate an existing softkey CA onto a blank OpenPGP card.

Caution: If you want to keep a backup of your CA private key material, you need to make it before calling this!

1. The private CA key material gets imported to the blank OpenPGP card.

2. The CA is then switched from the softkey backend to the card backend. The CA private key material in the database is replaced with the CA public key material.

3. “VACUUM” is called on the database after removing the CA private key from the database. According to SQLite documentation, this will remove any traces of the key material from the database (however, no guarantees can be made about the underlying storage!).