Module pgp::composed::signed_key

Signed Secret and Public Key

Signed secret keys shall be used to sign and decrypt, where as public keys can verify and encrypt. Note that technically secret keys also can by definition derive a public key and hence themself perform verify and encrypt as a secret key can.

Key generation is handled seperately. For signing directly with an RFC4880 compliant internal hashing, see signing and verifying based on packets.

Sign and Verify Example

let signing_key = signed_secret_key;
let verification_key = public_key;

use pgp::types::KeyTrait;
use pgp::Signature;
use chrono;
use std::io::Cursor;

let now = chrono::Utc::now();

let passwd_fn = || String::new();

// simulate a digest, make sure it is a compliant produce with RFC4880
// i.e. depending on the version one needs a special suffix / prefix
// and length encoding. The following is NOT compliant:
use sha2::{Sha256, Digest};
let digest = {
    let mut hasher = Sha256::new();
    hasher.update(DATA);
    hasher.finalize()
};
let digest = digest.as_slice();

// creates the cryptographic core of the signature without any metadata
let signature = signing_key
    .create_signature(passwd_fn, HashAlgorithm::SHA2_256, digest)
    .expect("Failed to crate signature");

// the signature can already be verified
verification_key
    .verify_signature(HashAlgorithm::SHA2_256, digest, &signature)
    .expect("Failed to validate signature");

// wraps the signature in the apropriate package fmt ready to be serialized
let signature = Signature::new(
    types::Version::Old,
    packet::SignatureVersion::V4,
    packet::SignatureType::Binary,
    PublicKeyAlgorithm::RSA,
    HashAlgorithm::SHA2_256,
    [digest[0], digest[1]],
    signature,
    vec![
        packet::Subpacket::regular(packet::SubpacketData::SignatureCreationTime(now)),
        packet::Subpacket::regular(packet::SubpacketData::Issuer(signing_key.key_id())),
    ],
    vec![],
);

// sign and and write the package (the package written here is NOT rfc4880 compliant)
let mut signature_bytes = Vec::with_capacity(1024);

let mut buff = Cursor::new(&mut signature_bytes);
packet::write_packet(&mut buff, &signature)
    .expect("Write must succeed");


let raw_signature = signature.signature;
verification_key
    .verify_signature(HashAlgorithm::SHA2_256, digest, &raw_signature)
    .expect("Verify must succeed");

Structs

• PubPrivIterator
• SignedKeyDetails
  Shared details between secret and public keys.
• SignedPublicKey
  Represents a Public PGP key, which is signed and either received or ready to be transferred.
• SignedPublicKeyParser
  Parse a transferable keys from the given packets. Ref: https://tools.ietf.org/html/rfc4880.html#section-11.1
• SignedPublicSubKey
  Represents a Public PGP SubKey.
• SignedSecretKey
  Represents a secret signed PGP key.
• SignedSecretKeyParser
  Parse a transferable keys from the given packets. Ref: https://tools.ietf.org/html/rfc4880.html#section-11.1
• SignedSecretSubKey
  Represents a composed secret PGP SubKey.

Enums

• PublicOrSecret

Functions

• from_armor_many
  Parses a list of secret and public keys from ascii armored text.
• from_bytes_many
  Parses a list of secret and public keys from raw bytes.