Struct sequoia_openpgp::packet::signature::Signature4

pub struct Signature4 { /* fields omitted */ }

Holds a signature packet.

Signature packets are used both for certification purposes as well as for document signing purposes.

See Section 5.2 of RFC 4880 for details.

Methods

impl Signature4

pub fn version(&self) -> u8

Gets the version.

pub fn typ(&self) -> SignatureType

Gets the signature type.

pub fn pk_algo(&self) -> PublicKeyAlgorithm

Gets the public key algorithm.

pub fn hash_algo(&self) -> HashAlgorithm

Gets the hash algorithm.

impl Signature4

pub fn new(
    typ: SignatureType,
    pk_algo: PublicKeyAlgorithm,
    hash_algo: HashAlgorithm,
    hashed_area: SubpacketArea,
    unhashed_area: SubpacketArea,
    digest_prefix: [u8; 2],
    mpis: Signature
) -> Self

Creates a new signature packet.

If you want to sign something, consider using the Builder interface.

pub fn digest_prefix(&self) -> &[u8; 2]

Gets the hash prefix.

pub fn mpis(&self) -> &Signature

Gets the signature packet's MPIs.

pub fn computed_digest(&self) -> Option<&[u8]>

Gets the computed hash value.

pub fn level(&self) -> usize

Gets the signature level.

A level of 0 indicates that the signature is directly over the data, a level of 1 means that the signature is a notarization over all level 0 signatures and the data, and so on.

pub fn get_issuers(&self) -> HashSet<KeyHandle>

Collects all the issuers.

A signature can contain multiple hints as to who issued the signature.

pub fn normalize(&self) -> Self

Normalizes the signature.

This function normalizes the unhashed signature subpackets. All but the following subpackets are removed:

• SubpacketValue::Issuer is left in place, is added, or updated from the hashed signature subpackets, and
• the first SubpacketValue::EmbeddedSignature is left in place.

pub fn verify_digest<P, R, D>(&self, key: &Key<P, R>, digest: D) -> Result<bool> where
    P: KeyParts,
    R: KeyRole,
    D: AsRef<[u8]>, 

Verifies the signature against hash.

Note: Due to limited context, this only verifies the cryptographic signature and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether key can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify<P, R>(&self, key: &Key<P, R>) -> Result<bool> where
    P: KeyParts,
    R: KeyRole, 

Verifies the signature over text or binary documents using key.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether key can make valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_standalone<P, R>(&self, key: &Key<P, R>) -> Result<bool> where
    P: KeyParts,
    R: KeyRole, 

Verifies the standalone signature using key.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether key can make valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_timestamp<P, R>(&self, key: &Key<P, R>) -> Result<bool> where
    P: KeyParts,
    R: KeyRole, 

Verifies the timestamp signature using key.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether key can make valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_direct_key<P, Q, R>(
    &self,
    signer: &Key<P, R>,
    pk: &Key<Q, PrimaryRole>
) -> Result<bool> where
    P: KeyParts,
    Q: KeyParts,
    R: KeyRole, 

Verifies the direct key signature.

self is the direct key signature, signer is the key that allegedly made the signature, and pk is the primary key.

For a self-signature, signer and pk will be the same.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether signer can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_primary_key_revocation<P, Q, R>(
    &self,
    signer: &Key<P, R>,
    pk: &Key<Q, PrimaryRole>
) -> Result<bool> where
    P: KeyParts,
    Q: KeyParts,
    R: KeyRole, 

Verifies the primary key revocation certificate.

self is the primary key revocation certificate, signer is the key that allegedly made the signature, and pk is the primary key,

For a self-signature, signer and pk will be the same.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether signer can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_subkey_binding<P, Q, R, S>(
    &self,
    signer: &Key<P, R>,
    pk: &Key<Q, PrimaryRole>,
    subkey: &Key<S, SubordinateRole>
) -> Result<bool> where
    P: KeyParts,
    Q: KeyParts,
    R: KeyRole,
    S: KeyParts, 

Verifies the subkey binding.

self is the subkey key binding signature, signer is the key that allegedly made the signature, pk is the primary key, and subkey is the subkey.

For a self-signature, signer and pk will be the same.

If the signature indicates that this is a Signing capable subkey, then the back signature is also verified. If it is missing or can't be verified, then this function returns false.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether signer can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_primary_key_binding<P, Q>(
    &self,
    pk: &Key<P, PrimaryRole>,
    subkey: &Key<Q, SubordinateRole>
) -> Result<bool> where
    P: KeyParts,
    Q: KeyParts, 

Verifies the primary key binding.

self is the primary key binding signature, pk is the primary key, and subkey is the subkey.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether subkey can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_subkey_revocation<P, Q, R, S>(
    &self,
    signer: &Key<P, R>,
    pk: &Key<Q, PrimaryRole>,
    subkey: &Key<S, SubordinateRole>
) -> Result<bool> where
    P: KeyParts,
    Q: KeyParts,
    R: KeyRole,
    S: KeyParts, 

Verifies the subkey revocation.

self is the subkey key revocation certificate, signer is the key that allegedly made the signature, pk is the primary key, and subkey is the subkey.

For a self-revocation, signer and pk will be the same.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether signer can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_userid_binding<P, Q, R>(
    &self,
    signer: &Key<P, R>,
    pk: &Key<Q, PrimaryRole>,
    userid: &UserID
) -> Result<bool> where
    P: KeyParts,
    Q: KeyParts,
    R: KeyRole, 

Verifies the user id binding.

self is the user id binding signature, signer is the key that allegedly made the signature, pk is the primary key, and userid is the user id.

For a self-signature, signer and pk will be the same.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether signer can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_userid_revocation<P, Q, R>(
    &self,
    signer: &Key<P, R>,
    pk: &Key<Q, PrimaryRole>,
    userid: &UserID
) -> Result<bool> where
    P: KeyParts,
    Q: KeyParts,
    R: KeyRole, 

Verifies the user id revocation certificate.

self is the revocation certificate, signer is the key that allegedly made the signature, pk is the primary key, and userid is the user id.

For a self-signature, signer and pk will be the same.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether signer can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_user_attribute_binding<P, Q, R>(
    &self,
    signer: &Key<P, R>,
    pk: &Key<Q, PrimaryRole>,
    ua: &UserAttribute
) -> Result<bool> where
    P: KeyParts,
    Q: KeyParts,
    R: KeyRole, 

Verifies the user attribute binding.

self is the user attribute binding signature, signer is the key that allegedly made the signature, pk is the primary key, and ua is the user attribute.

For a self-signature, signer and pk will be the same.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether signer can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_user_attribute_revocation<P, Q, R>(
    &self,
    signer: &Key<P, R>,
    pk: &Key<Q, PrimaryRole>,
    ua: &UserAttribute
) -> Result<bool> where
    P: KeyParts,
    Q: KeyParts,
    R: KeyRole, 

Verifies the user attribute revocation certificate.

self is the user attribute binding signature, signer is the key that allegedly made the signature, pk is the primary key, and ua is the user attribute.

For a self-signature, signer and pk will be the same.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether signer can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

pub fn verify_message<M, P, R>(
    &self,
    signer: &Key<P, R>,
    msg: M
) -> Result<bool> where
    M: AsRef<[u8]>,
    P: KeyParts,
    R: KeyRole, 

Verifies a signature of a message.

self is the message signature, signer is the key that allegedly made the signature and msg is the message.

This function is for short messages, if you want to verify larger files use Verifier.

Note: Due to limited context, this only verifies the cryptographic signature, checks the signature's type, and checks that the key predates the signature. Further constraints on the signature, like creation and expiration time, or signature revocations must be checked by the caller.

Likewise, this function does not check whether signer can made valid signatures; it is up to the caller to make sure the key is not revoked, not expired, has a valid self-signature, has a subkey binding signature (if appropriate), has the signing capability, etc.

Methods from Deref<Target = Builder>

pub fn version(&self) -> u8

Gets the version.

pub fn typ(&self) -> SignatureType

Gets the signature type.

pub fn pk_algo(&self) -> PublicKeyAlgorithm

Gets the public key algorithm.

pub fn hash_algo(&self) -> HashAlgorithm

Gets the hash algorithm.

Trait Implementations

impl Clone for Signature4

fn clone(&self) -> Signature4

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Signature4

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Deref for Signature4

type Target = Builder

The resulting type after dereferencing.

fn deref(&self) -> &Self::Target

Dereferences the value.

impl DerefMut for Signature4

fn deref_mut(&mut self) -> &mut Self::Target

Mutably dereferences the value.

impl Eq for Signature4

impl<'a> From<&'a Signature4> for &'a Builder

fn from(sig: &'a Signature4) -> Self

Performs the conversion.

impl From<Signature4> for Builder

fn from(sig: Signature4) -> Self

Performs the conversion.

impl From<Signature4> for Packet

fn from(s: Signature4) -> Self

Performs the conversion.

impl From<Signature4> for Signature

fn from(s: Signature4) -> Self

Performs the conversion.

impl Hash for Signature4

fn hash(&self, hash: &mut Context)

Adds the Signature to the provided hash context.

impl Hash for Signature4

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given [Hasher].

fn hash_slice<H>(data: &[Self], state: &mut H) where
    H: Hasher, 

Feeds a slice of this type into the given [Hasher].

impl PartialEq<Signature4> for Signature4

fn eq(&self, other: &Signature4) -> bool

This method tests for self and other values to be equal, and is used by ==.

Note: We ignore the unhashed subpacket area when comparing signatures. This prevents a malicious party to take valid signatures, add subpackets to the unhashed area, yielding valid but distinct signatures.

The problem we are trying to avoid here is signature spamming. Ignoring the unhashed subpackets means that we can deduplicate signatures using this predicate.

#[must_use] fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl Serialize for Signature4

fn serialize(&self, o: &mut dyn Write) -> Result<()>

Writes a serialized version of the specified Signature packet to o.

Errors

Returns Error::InvalidArgument if either the hashed-area or the unhashed-area exceeds the size limit of 2^16.

fn export(&self, o: &mut dyn Write) -> Result<()>

Exports a serialized version of the object to o.

impl SerializeInto for Signature4

fn serialized_len(&self) -> usize

Computes the maximal length of the serialized representation.

fn serialize_into(&self, buf: &mut [u8]) -> Result<usize>

Serializes into the given buffer.

fn export_into(&self, buf: &mut [u8]) -> Result<usize>

Exports into the given buffer.

fn export_to_vec(&self) -> Result<Vec<u8>>

Exports to a vector.

fn to_vec(&self) -> Result<Vec<u8>>

Serializes the packet to a vector.

impl StructuralEq for Signature4