Trait KeyHandle

pub trait KeyHandle {
    // Required methods
    fn id(&self) -> String;
    fn fingerprint(&self) -> Fingerprint;
    fn device<'a, 'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = Box<dyn DeviceHandle + Send + Sync + 'a>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'a: 'async_trait,
             'life0: 'async_trait;
    fn available<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn locked<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = Protection> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn password_source<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = PasswordSource> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn decryption_capable<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn signing_capable<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn public_key<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = Key<PublicParts, UnspecifiedRole>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn decrypt_ciphertext<'life0, 'life1, 'async_trait>(
        &'life0 mut self,
        ciphertext: &'life1 Ciphertext,
        plaintext_len: Option<usize>,
    ) -> Pin<Box<dyn Future<Output = Result<SessionKey>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn sign<'life0, 'life1, 'async_trait>(
        &'life0 mut self,
        hash_algo: HashAlgorithm,
        text: &'life1 [u8],
    ) -> Pin<Box<dyn Future<Output = Result<(PublicKeyAlgorithm, Signature)>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn export<'life0, 'async_trait>(
        &'life0 mut self,
    ) -> Pin<Box<dyn Future<Output = Result<Key<SecretParts, UnspecifiedRole>>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn change_password<'life0, 'life1, 'async_trait>(
        &'life0 mut self,
        new_password: Option<&'life1 Password>,
    ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn delete_secret_key_material<'life0, 'async_trait>(
        &'life0 mut self,
    ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;

    // Provided methods
    fn key_handle(&self) -> KeyHandle { ... }
    fn keyid(&self) -> KeyID { ... }
    fn unlock<'life0, 'life1, 'async_trait>(
        &'life0 mut self,
        _password: Option<&'life1 Password>,
    ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
       where Self: Send + 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait { ... }
    fn lock<'life0, 'async_trait>(
        &'life0 mut self,
    ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
       where Self: Send + 'async_trait,
             'life0: 'async_trait { ... }
    fn decrypt_pkesk<'life0, 'life1, 'async_trait>(
        &'life0 mut self,
        pkesk: &'life1 PKESK,
    ) -> Pin<Box<dyn Future<Output = Option<(Option<SymmetricAlgorithm>, SessionKey)>> + Send + 'async_trait>>
       where Self: Send + 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait { ... }
}

A Key on a Device.

A key may or may not be available. This is a function of the device.

Required Methods

fn id(&self) -> String

Returns the key’s id.

The id is a globally unique, stable, and mostly human readable identifier. An example of a good id is the concatenation of the the key’s fingerprint, and the device’s serial number, e.g., “Key 8F17777118A33DDA9BA48E62AACB3243630052D9 on Yubikey 5 #217813388320.”

fn fingerprint(&self) -> Fingerprint

Returns the key’s fingerprint.

fn device<'a, 'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Box<dyn DeviceHandle + Send + Sync + 'a>> + Send + 'async_trait>>

where Self: 'async_trait, 'a: 'async_trait, 'life0: 'async_trait,

Returns the key’s device.

fn available<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Returns whether the key is available.

fn locked<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Protection> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Returns whether the key is locked.

fn password_source<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = PasswordSource> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Returns how the password is obtained.

This is similar to, but not identical to KeyHandle::locked. This function indicates how the password must be provided independency of the current protection.

fn decryption_capable<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Returns whether the key is decryption capable.

fn signing_capable<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Returns whether the key is signing capable.

fn public_key<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Key<PublicParts, UnspecifiedRole>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Returns the corresponding public key.

The backend SHOULD ensure that the secret key material is removed.

fn decrypt_ciphertext<'life0, 'life1, 'async_trait>( &'life0 mut self, ciphertext: &'life1 Ciphertext, plaintext_len: Option<usize>, ) -> Pin<Box<dyn Future<Output = Result<SessionKey>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Decrypts a ciphertext.

This method has the same semantics as sequoia_openpgp::crypto::Decryptor::decrypt.

Returns the session key.

fn sign<'life0, 'life1, 'async_trait>( &'life0 mut self, hash_algo: HashAlgorithm, text: &'life1 [u8], ) -> Pin<Box<dyn Future<Output = Result<(PublicKeyAlgorithm, Signature)>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Signs a message.

text is the message to sign.

fn export<'life0, 'async_trait>( &'life0 mut self, ) -> Pin<Box<dyn Future<Output = Result<Key<SecretParts, UnspecifiedRole>>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Exports the secret key material.

fn change_password<'life0, 'life1, 'async_trait>( &'life0 mut self, new_password: Option<&'life1 Password>, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Changes the key’s password.

Changes the password. Before calling this function, you should call KeyHandle::password_source to determine if you need to unlock the key, and whether you need to provide the new password directly, or if that is obtained externally.

If new_password is Some and KeyHandle::password_source indicates that the password cannot be provided inline, then the backend must return Error::NoInlinePassword. Likewise, if new_password is None, and KeyHandle::password_source does not indicate that the user can be prompted for the password, then the backend must return Error::NoExternalPassword.

fn delete_secret_key_material<'life0, 'async_trait>( &'life0 mut self, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Deletes the key.

This destroys the key’s secret key material.

If the key has to be unlocked, and the key is locked, the backend should return an error.

If the device managing the key does not support deleting keys, then it should return Error::OperationNotSupported.

Provided Methods

fn key_handle(&self) -> KeyHandle

Returns the key’s handle.

fn keyid(&self) -> KeyID

Returns the key’s key ID.

fn unlock<'life0, 'life1, 'async_trait>( &'life0 mut self, _password: Option<&'life1 Password>, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>

where Self: Send + 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Unlocks a key.

A key is typically unlocked by providing a password or pin. Not all keys are locked. If the key is not available, this should attempt to connect to the device. If the device is not available or cannot be initialized, then this should fail.

If password is Some and KeyHandle::password_source indicates that the password cannot be provided inline, then the backend must return Error::NoInlinePassword. Likewise, if password is None, and KeyHandle::password_source does not indicate that the user can be prompted for the password (PasswordSource::ExternalOnDemand), then the backend must return Error::NoExternalPassword.

If the key is already unlocked, this returns Error::AlreadyUnlocked.

fn lock<'life0, 'async_trait>( &'life0 mut self, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>

where Self: Send + 'async_trait, 'life0: 'async_trait,

Lock a key.

Relocks the key. This usually causes the backend to forget the key’s password.

fn decrypt_pkesk<'life0, 'life1, 'async_trait>( &'life0 mut self, pkesk: &'life1 PKESK, ) -> Pin<Box<dyn Future<Output = Option<(Option<SymmetricAlgorithm>, SessionKey)>> + Send + 'async_trait>>

where Self: Send + 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Decrypts a PKESK.

Implementors