[−][src]Struct sequoia_openpgp::cert::UserAttributeRevocationBuilder
A builder for revocation certificates for User Attributes.
A revocation certificate for a User Attribute has three degrees of freedom: the certificate, the key used to generate the revocation certificate, and the User Attribute being revoked.
Normally, the key used to sign the revocation certificate is the
certificate's primary key, and the User Attribute is a User
Attribute that is bound to the certificate. However, this is not
required. For instance, if Alice has marked Robert's certificate
(R
) as a designated revoker for her certificate (A
), then
R
can revoke A
or parts of A
. In such a case, the
certificate is A
, the key used to sign the revocation
certificate comes from R
, and the User Attribute being revoked
is bound to A
.
But, the User Attribute doesn't technically need to be bound to
the certificate either. For instance, it is technically possible
for R
to create a revocation certificate for a User Attribute in
the context of A
, even if that User Attribute is not bound to
A
. Semantically, such a revocation certificate is currently
meaningless.
Examples
Revoke a User Attribute that is no longer valid:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; use openpgp::policy::StandardPolicy; use openpgp::types::ReasonForRevocation; use openpgp::types::RevocationStatus; use openpgp::types::SignatureType; let p = &StandardPolicy::new(); // Create and sign a revocation certificate. let mut signer = cert.primary_key().key().clone() .parts_into_secret()?.into_keypair()?; let ua = cert.user_attributes().nth(0).unwrap(); let sig = UserAttributeRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::UIDRetired, b"Lost the beard.")? .build(&mut signer, &cert, ua.user_attribute(), None)?; // Merge it into the certificate. let cert = cert.insert_packets(sig.clone())?; // Now it's revoked. let ua = cert.user_attributes().nth(0).unwrap(); if let RevocationStatus::Revoked(revocations) = ua.revocation_status(p, None) { assert_eq!(revocations.len(), 1); assert_eq!(*revocations[0], sig); } else { panic!("User Attribute is not revoked."); } // But the certificate isn't. assert_eq!(RevocationStatus::NotAsFarAsWeKnow, cert.revocation_status(p, None));
Implementations
impl UserAttributeRevocationBuilder
[src]
pub fn new() -> Self
[src]
Returns a new UserAttributeRevocationBuilder
.
Examples
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; let builder = UserAttributeRevocationBuilder::new();
pub fn set_reason_for_revocation(
self,
code: ReasonForRevocation,
reason: &[u8]
) -> Result<Self>
[src]
self,
code: ReasonForRevocation,
reason: &[u8]
) -> Result<Self>
Sets the reason for revocation.
Note: of the assigned reasons for revocation, only
ReasonForRevocation::UIDRetired
is appropriate for User
Attributes. This parameter is not fixed, however, to allow
the use of the private name space.
Examples
Revoke a User Attribute that is no longer valid:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; use openpgp::types::ReasonForRevocation; let builder = UserAttributeRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::UIDRetired, b"Lost the beard.");
pub fn set_signature_creation_time(
self,
creation_time: SystemTime
) -> Result<Self>
[src]
self,
creation_time: SystemTime
) -> Result<Self>
Sets the revocation certificate's creation time.
The creation time is interpreted as the time at which the User Attribute should be considered revoked.
You'll usually want to set this explicitly and not use the current time. In particular, if a User Attribute is retired, you'll want to set this to the time when the User Attribute was actually retired.
Examples
Create a revocation certificate for a User Attribute that was retired yesterday:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; let builder = UserAttributeRevocationBuilder::new() .set_signature_creation_time(yesterday);
pub fn build<H>(
self,
signer: &mut dyn Signer,
cert: &Cert,
ua: &UserAttribute,
hash_algo: H
) -> Result<Signature> where
H: Into<Option<HashAlgorithm>>,
[src]
self,
signer: &mut dyn Signer,
cert: &Cert,
ua: &UserAttribute,
hash_algo: H
) -> Result<Signature> where
H: Into<Option<HashAlgorithm>>,
Returns a signed revocation certificate.
A revocation certificate is generated for cert
and ua
and
signed using signer
with the specified hash algorithm.
Normally, you should pass None
to select the default hash
algorithm.
Examples
Revoke a User Attribute, because the identity is no longer valid:
use sequoia_openpgp as openpgp; use openpgp::cert::prelude::*; use openpgp::policy::StandardPolicy; use openpgp::types::ReasonForRevocation; let p = &StandardPolicy::new(); // Create and sign a revocation certificate. let mut signer = cert.primary_key().key().clone() .parts_into_secret()?.into_keypair()?; let ua = cert.user_attributes().nth(0).unwrap(); let sig = UserAttributeRevocationBuilder::new() .set_reason_for_revocation(ReasonForRevocation::UIDRetired, b"Lost the beard.")? .build(&mut signer, &cert, ua.user_attribute(), None)?;
Methods from Deref<Target = SignatureBuilder>
Trait Implementations
impl Deref for UserAttributeRevocationBuilder
[src]
type Target = SignatureBuilder
The resulting type after dereferencing.
pub fn deref(&self) -> &Self::Target
[src]
Auto Trait Implementations
impl RefUnwindSafe for UserAttributeRevocationBuilder
[src]
impl Send for UserAttributeRevocationBuilder
[src]
impl Sync for UserAttributeRevocationBuilder
[src]
impl Unpin for UserAttributeRevocationBuilder
[src]
impl UnwindSafe for UserAttributeRevocationBuilder
[src]
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,