1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
//! Signed Secret and Public Key //! //! Signed secret keys shall be used to sign and decrypt, where as public keys //! can verify and encrypt. //! Note that technically secret keys also can by definition derive a public key //! and hence themself perform verify and encrypt as a secret key can. //! //! [Key generation] is handled seperately. //! For signing directly with an RFC4880 compliant internal hashing, see [signing and verifying based on packets]. //! //! [Key generation]: super::key //! [signing and verifying based on packets]: crate::packet //! //! # Sign and Verify Example //! //! ```rust //! # const DATA :&'static [u8] = b"Hello World"; //! # use pgp::composed::{self, KeyType, KeyDetails, SecretKey, SecretSubkey, key::SecretKeyParamsBuilder}; //! # use pgp::errors::Result; //! # use pgp::packet::{self, KeyFlags, UserAttribute, UserId}; //! # use pgp::crypto::{self, sym::SymmetricKeyAlgorithm, hash::HashAlgorithm, public_key::PublicKeyAlgorithm}; //! # use pgp::types::{self, PublicKeyTrait, SecretKeyTrait, CompressionAlgorithm}; //! # use smallvec::*; //! # //! # let mut key_params = SecretKeyParamsBuilder::default(); //! # key_params //! # .key_type(KeyType::Rsa(2048)) //! # .can_create_certificates(false) //! # .can_sign(true) //! # .primary_user_id("Me <me@example.com>".into()) //! # .preferred_symmetric_algorithms(smallvec![ //! # SymmetricKeyAlgorithm::AES256, //! # ]) //! # .preferred_hash_algorithms(smallvec![ //! # HashAlgorithm::SHA2_256, //! # ]) //! # .preferred_compression_algorithms(smallvec![ //! # CompressionAlgorithm::ZLIB, //! # ]); //! # let secret_key_params = key_params.build().expect("Must be able to create secret key params"); //! # let secret_key = secret_key_params.generate().expect("Failed to generate a plain key."); //! # let passwd_fn = || String::new(); //! # let signed_secret_key = secret_key.sign(passwd_fn).expect("Must be able to sign its own metadata"); //! # let public_key = signed_secret_key.public_key(); //! let signing_key = signed_secret_key; //! let verification_key = public_key; //! //! use pgp::types::KeyTrait; //! use pgp::Signature; //! use chrono; //! use std::io::Cursor; //! //! let now = chrono::Utc::now(); //! //! let passwd_fn = || String::new(); //! //! // simulate a digest, make sure it is a compliant produce with RFC4880 //! // i.e. depending on the version one needs a special suffix / prefix //! // and length encoding. The following is NOT compliant: //! use sha2::{Sha256, Digest}; //! let digest = { //! let mut hasher = Sha256::new(); //! hasher.update(DATA); //! hasher.finalize() //! }; //! let digest = digest.as_slice(); //! //! // creates the cryptographic core of the signature without any metadata //! let signature = signing_key //! .create_signature(passwd_fn, HashAlgorithm::SHA2_256, digest) //! .expect("Failed to crate signature"); //! //! // the signature can already be verified //! verification_key //! .verify_signature(HashAlgorithm::SHA2_256, digest, &signature) //! .expect("Failed to validate signature"); //! //! // wraps the signature in the apropriate package fmt ready to be serialized //! let signature = Signature::new( //! types::Version::Old, //! packet::SignatureVersion::V4, //! packet::SignatureType::Binary, //! PublicKeyAlgorithm::RSA, //! HashAlgorithm::SHA2_256, //! [digest[0], digest[1]], //! signature, //! vec![ //! packet::Subpacket::SignatureCreationTime(now), //! packet::Subpacket::Issuer(signing_key.key_id()), //! ], //! vec![], //! ); //! //! // sign and and write the package (the package written here is NOT rfc4880 compliant) //! let mut signature_bytes = Vec::with_capacity(1024); //! //! let mut buff = Cursor::new(&mut signature_bytes); //! packet::write_packet(&mut buff, &signature) //! .expect("Write must succeed"); //! //! //! let raw_signature = signature.signature; //! verification_key //! .verify_signature(HashAlgorithm::SHA2_256, digest, &raw_signature) //! .expect("Verify must succeed"); //! ``` #[macro_use] mod key_parser_macros; pub mod parse; pub mod public; pub mod secret; pub mod shared; pub use self::parse::*; pub use self::public::*; pub use self::secret::*; pub use self::shared::*;