Crate sequoia_gpg_agent

Crate sequoia_gpg_agent 

Source
Expand description

This crate includes functionality for interacting with GnuPG’s gpg-agent.

gpg-agent is a secret key store, which is shipped as part of GnuPG. It is used to manage secret key material, and hardware devices that contain secret key material. It provides an RPC interface using the Assuan protocol.

This is how gpg, GnuPG’s primary command-line interface, communicates with it.

This crate provides a Rust API for interacting with gpg-agent.

Note: this crate communicates directly with gpg-agent; it does not go via gpg.

§Examples

Import secret key material, list the keys, and sign a message:

use std::io::{Read, Write};

use sequoia_openpgp as openpgp;
use openpgp::Cert;
use openpgp::packet::signature;
use openpgp::parse::Parse;
use openpgp::policy::StandardPolicy;
use openpgp::serialize::stream::{Message, Signer, LiteralWriter};
use openpgp::types::HashAlgorithm;
use openpgp::types::SignatureType;

use sequoia_gpg_agent as gpg_agent;
use gpg_agent::KeyPair;

const P: &StandardPolicy = &StandardPolicy::new();

// Load a TSK, i.e., a certificate with secret key material.
let key = // ...
let cert = Cert::from_bytes(key)?;
assert!(cert.is_tsk());

// Connect to a temporary GnuPG home directory.  Usually,
// you'll want to connect to the default home directory using
// Agent::connect_to_default.
let mut agent = gpg_agent::Agent::connect_to_ephemeral().await?;

// Import the secret key material into gpg-agent.
for k in cert.keys().secret() {
    agent.import(P,
                 &cert, k.key().parts_as_secret().expect("have secret"),
                 true, true).await?;
}

// List the keys.
let list = agent.list_keys().await?;
println!("gpg agent manages {} keys:", list.len());
for k in list.iter() {
    eprintln!("  - {}", k.keygrip());
}

// Sign a message using the signing key we just imported.
let signing_key = cert.with_policy(P, None)?
    .keys().for_signing()
    .next().expect("Have a signing-capable subkey.");

let mut keypair = agent.keypair(signing_key.key())?;

let mut signed_message = Vec::new();
let message = Message::new(&mut signed_message);
let message = Signer::new(message, keypair)?.build()?;
let mut message = LiteralWriter::new(message).build()?;
message.write_all(b"I love you!")?;
message.finalize()?;

Re-exports§

pub use gnupg::Context;
pub use sequoia_ipc;

Modules§

assuan
Assuan RPC support.
cardinfo
CardInfo and related data structures.
gnupg
GnuPG RPC support.
keyinfo
KeyInfo and related data structures.

Structs§

Agent
A connection to a GnuPG agent.
KeyPair
A cryptographic key pair.

Enums§

Error
Errors used in this module.
PinentryMode
Controls how gpg-agent inquires passwords.

Functions§

cacheid_of
Computes the cache id for a SKESK.
cacheid_over_all
Computes the cache id for a set of SKESKs.
trace
Controls tracing in this module.
traced
Returns whether tracing is enabled in this module.