Struct sequoia_openpgp::cert::CertBuilder[−][src]

pub struct CertBuilder<'a> { /* fields omitted */ }

Expand description

Simplifies the generation of OpenPGP certificates.

A builder to generate complex certificate hierarchies with multiple UserIDs, UserAttributes, and Keys.

This builder does not aim to be as flexible as creating certificates manually, but it should be sufficiently powerful to cover most use cases.

Examples

Generate a general-purpose certificate with one User ID:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;

let (cert, rev) =
    CertBuilder::general_purpose(None, Some("alice@example.org"))
        .generate()?;

Implementations

[src]

impl CertBuilder<'_>

[src]

pub fn new() -> Self

Returns a new CertBuilder.

The returned builder is configured to generate a minimal OpenPGP certificate, a certificate with just a certification-capable primary key. You’ll typically want to add at least one User ID (using CertBuilder::add_userid). and some subkeys (using CertBuilder::add_signing_subkey, CertBuilder::add_transport_encryption_subkey, etc.).

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;

let (cert, rev) =
    CertBuilder::new()
        .add_userid("Alice Lovelace <alice@lovelace.name>")
        .add_signing_subkey()
        .add_transport_encryption_subkey()
        .add_storage_encryption_subkey()
        .generate()?;

[src]

pub fn general_purpose<C, U>(ciphersuite: C, userid: Option) -> Self where
C: Into<Option<CipherSuite>>,
U: Into<UserID>,

Generates a general-purpose certificate.

The returned builder is set to generate a certificate with a certification-capable primary key, a signing-capable subkey, and an encryption-capable subkey. The encryption subkey is marked as being appropriate for both data in transit and data at rest.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;

let (cert, rev) =
    CertBuilder::general_purpose(None,
                                 Some("Alice Lovelace <alice@example.org>"))
        .generate()?;

[src]

pub fn set_creation_time<T>(self, creation_time: T) -> Self where
T: Into<Option<SystemTime>>,

Sets the creation time.

If creation_time is not None, this causes the CertBuilder to use that time when CertBuilder::generate is called. If it is None, the default, then the current time minus 60 seconds is used as creation time. Backdating the certificate by a minute has the advantage that the certificate can immediately be customized:

In order to reliably override a binding signature, the overriding binding signature must be newer than the existing signature. If, however, the existing signature is created now, any newer signature must have a future creation time, and is considered invalid by Sequoia. To avoid this, we backdate certificate creation times (and hence binding signature creation times), so that there is “space” between the creation time and now for signature updates.

Warning: this function takes a SystemTime. A SystemTime has a higher resolution, and a larger range than an OpenPGP Timestamp. Assuming the creation_time is in range, it will automatically be truncated to the nearest time that is representable by a Timestamp. If it is not in range, generate will return an error.

Examples

Generate a backdated certificate:

use std::time::{SystemTime, Duration};
use std::convert::TryFrom;

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::types::Timestamp;

let t = SystemTime::now() - Duration::from_secs(365 * 24 * 60 * 60);
// Roundtrip the time so that the assert below works.
let t = SystemTime::from(Timestamp::try_from(t)?);

let (cert, rev) =
    CertBuilder::general_purpose(None,
                                 Some("Alice Lovelace <alice@example.org>"))
        .set_creation_time(t)
        .generate()?;
assert_eq!(cert.primary_key().self_signatures().nth(0).unwrap()
           .signature_creation_time(),
           Some(t));

[src]

pub fn creation_time(&self) -> Option<SystemTime>

Returns the configured creation time, if any.

Examples

use std::time::SystemTime;

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;

let mut builder = CertBuilder::new();
assert!(builder.creation_time().is_none());

let now = std::time::SystemTime::now();
builder = builder.set_creation_time(Some(now));
assert_eq!(builder.creation_time(), Some(now));

builder = builder.set_creation_time(None);
assert!(builder.creation_time().is_none());

[src]

pub fn set_cipher_suite(self, cs: CipherSuite) -> Self

Sets the default asymmetric algorithms.

This method controls the set of algorithms that is used to generate the certificate’s keys.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::types::PublicKeyAlgorithm;

let (ecc, _) =
    CertBuilder::general_purpose(None, Some("alice@example.org"))
        .set_cipher_suite(CipherSuite::Cv25519)
        .generate()?;
assert_eq!(ecc.primary_key().pk_algo(), PublicKeyAlgorithm::EdDSA);

let (rsa, _) =
    CertBuilder::general_purpose(None, Some("alice@example.org"))
        .set_cipher_suite(CipherSuite::RSA4k)
        .generate()?;
assert_eq!(rsa.primary_key().pk_algo(), PublicKeyAlgorithm::RSAEncryptSign);

[src]

pub fn add_userid(self, uid: U) -> Self where
U: Into<UserID>,

Adds a User ID.

Adds a User ID to the certificate. The first User ID that is added, whether via this interface or another interface, e.g., CertBuilder::general_purpose, will have the primary User ID flag set.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::packet::prelude::*;
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let (cert, rev) =
    CertBuilder::general_purpose(None,
                                 Some("Alice Lovelace <alice@example.org>"))
        .add_userid("Alice Lovelace <alice@lovelace.name>")
        .generate()?;

assert_eq!(cert.userids().count(), 2);
let mut userids = cert.with_policy(p, None)?.userids().collect::<Vec<_>>();
// Sort lexicographically.
userids.sort_by(|a, b| a.value().cmp(b.value()));
assert_eq!(userids[0].userid(),
           &UserID::from("Alice Lovelace <alice@example.org>"));
assert_eq!(userids[1].userid(),
           &UserID::from("Alice Lovelace <alice@lovelace.name>"));


assert_eq!(userids[0].binding_signature().primary_userid().unwrap_or(false), true);
assert_eq!(userids[1].binding_signature().primary_userid().unwrap_or(false), false);

[src]

pub fn add_userid_with<U, B>(self, uid: U, builder: B) -> Result<Self> where
U: Into<UserID>,
B: Into<SignatureBuilder>,

Adds a User ID with a binding signature based on builder.

Adds a User ID to the certificate, creating the binding signature using builder. The builders signature type must be a certification signature (i.e. either GenericCertification, PersonaCertification, CasualCertification, or PositiveCertification).

The key generation step uses builder as a template, but tweaks it so the signature is a valid binding signature. If you need more control, consider using UserID::bind.

The following modifications are performed on builder:

An appropriate hash algorithm is selected.
The creation time is set.
Primary key metadata is added (key flags, key validity period).
Certificate metadata is added (feature flags, algorithm preferences).
The CertBuilder marks exactly one User ID or User Attribute as primary: The first one provided to CertBuilder::add_userid_with or CertBuilder::add_user_attribute_with (the UserID takes precedence) that is marked as primary, or the first User ID or User Attribute added to the CertBuilder.

Examples

This example very casually binds a User ID to a certificate.

let (cert, revocation_cert) =
    CertBuilder::general_purpose(
        None, Some("Alice Lovelace <alice@example.org>"))
    .add_userid_with(
        "trinity",
        SignatureBuilder::new(SignatureType::CasualCertification)
            .set_notation("rabbit@example.org", b"follow me",
                          NotationDataFlags::empty().set_human_readable(),
                          false)?)?
    .generate()?;

assert_eq!(cert.userids().count(), 2);
let mut userids = cert.with_policy(policy, None)?.userids().collect::<Vec<_>>();
// Sort lexicographically.
userids.sort_by(|a, b| a.value().cmp(b.value()));
assert_eq!(userids[0].userid(),
           &UserID::from("Alice Lovelace <alice@example.org>"));
assert_eq!(userids[1].userid(),
           &UserID::from("trinity"));

assert!(userids[0].binding_signature().primary_userid().unwrap_or(false));
assert!(! userids[1].binding_signature().primary_userid().unwrap_or(false));
assert_eq!(userids[1].binding_signature().notation("rabbit@example.org")
           .next().unwrap(), b"follow me");

[src]

pub fn add_user_attribute(self, ua: U) -> Self where
U: Into<UserAttribute>,

Adds a new User Attribute.

Adds a User Attribute to the certificate. If there are no User IDs, the first User attribute that is added, whether via this interface or another interface, will have the primary User ID flag set.

Examples

When there are no User IDs, the first User Attribute has the primary User ID flag set:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::packet::prelude::*;
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let (cert, rev) =
    CertBuilder::new()
        .add_user_attribute(user_attribute)
        .generate()?;

assert_eq!(cert.userids().count(), 0);
assert_eq!(cert.user_attributes().count(), 1);
let mut uas = cert.with_policy(p, None)?.user_attributes().collect::<Vec<_>>();
assert_eq!(uas[0].binding_signature().primary_userid().unwrap_or(false), true);

Where there are User IDs, then the primary User ID flag is not set:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::packet::prelude::*;
use openpgp::policy::StandardPolicy;

let p = &StandardPolicy::new();

let (cert, rev) =
    CertBuilder::new()
        .add_userid("alice@example.org")
        .add_user_attribute(user_attribute)
        .generate()?;

assert_eq!(cert.userids().count(), 1);
assert_eq!(cert.user_attributes().count(), 1);
let mut uas = cert.with_policy(p, None)?.user_attributes().collect::<Vec<_>>();
assert_eq!(uas[0].binding_signature().primary_userid().unwrap_or(false), false);

[src]

pub fn add_user_attribute_with<U, B>(self, ua: U, builder: B) -> Result<Self> where
U: Into<UserAttribute>,
B: Into<SignatureBuilder>,

Adds a User Attribute with a binding signature based on builder.

Adds a User Attribute to the certificate, creating the binding signature using builder. The builders signature type must be a certification signature (i.e. either GenericCertification, PersonaCertification, CasualCertification, or PositiveCertification).

The key generation step uses builder as a template, but tweaks it so the signature is a valid binding signature. If you need more control, consider using UserAttribute::bind.

The following modifications are performed on builder:

An appropriate hash algorithm is selected.
The creation time is set.
Primary key metadata is added (key flags, key validity period).
Certificate metadata is added (feature flags, algorithm preferences).
The CertBuilder marks exactly one User ID or User Attribute as primary: The first one provided to CertBuilder::add_userid_with or CertBuilder::add_user_attribute_with (the UserID takes precedence) that is marked as primary, or the first User ID or User Attribute added to the CertBuilder.

Examples

This example very casually binds a user attribute to a certificate.

let (cert, revocation_cert) =
    CertBuilder::general_purpose(
        None, Some("Alice Lovelace <alice@example.org>"))
    .add_user_attribute_with(
        user_attribute,
        SignatureBuilder::new(SignatureType::CasualCertification)
            .set_notation("rabbit@example.org", b"follow me",
                          NotationDataFlags::empty().set_human_readable(),
                          false)?)?
    .generate()?;

let uas = cert.with_policy(policy, None)?.user_attributes().collect::<Vec<_>>();
assert_eq!(uas.len(), 1);
assert!(! uas[0].binding_signature().primary_userid().unwrap_or(false));
assert_eq!(uas[0].binding_signature().notation("rabbit@example.org")
           .next().unwrap(), b"follow me");

[src]

pub fn add_signing_subkey(self) -> Self

Adds a signing-capable subkey.

The key uses the default cipher suite (see CertBuilder::set_cipher_suite), and is not set to expire. Use CertBuilder::add_subkey if you need to change these parameters.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::KeyFlags;

let p = &StandardPolicy::new();

let (cert, rev) =
    CertBuilder::new()
        .add_signing_subkey()
        .generate()?;

assert_eq!(cert.keys().count(), 2);
let ka = cert.with_policy(p, None)?.keys().nth(1).unwrap();
assert_eq!(ka.key_flags(),
           Some(KeyFlags::empty().set_signing()));

[src]

pub fn add_transport_encryption_subkey(self) -> Self

Adds a subkey suitable for transport encryption.

The key uses the default cipher suite (see CertBuilder::set_cipher_suite), and is not set to expire. Use CertBuilder::add_subkey if you need to change these parameters.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::KeyFlags;

let p = &StandardPolicy::new();

let (cert, rev) =
    CertBuilder::new()
        .add_transport_encryption_subkey()
        .generate()?;

assert_eq!(cert.keys().count(), 2);
let ka = cert.with_policy(p, None)?.keys().nth(1).unwrap();
assert_eq!(ka.key_flags(),
           Some(KeyFlags::empty().set_transport_encryption()));

[src]

pub fn add_storage_encryption_subkey(self) -> Self

Adds a subkey suitable for storage encryption.

The key uses the default cipher suite (see CertBuilder::set_cipher_suite), and is not set to expire. Use CertBuilder::add_subkey if you need to change these parameters.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::KeyFlags;

let p = &StandardPolicy::new();

let (cert, rev) =
    CertBuilder::new()
        .add_storage_encryption_subkey()
        .generate()?;

assert_eq!(cert.keys().count(), 2);
let ka = cert.with_policy(p, None)?.keys().nth(1).unwrap();
assert_eq!(ka.key_flags(),
           Some(KeyFlags::empty().set_storage_encryption()));

[src]

pub fn add_certification_subkey(self) -> Self

Adds an certification-capable subkey.

The key uses the default cipher suite (see CertBuilder::set_cipher_suite), and is not set to expire. Use CertBuilder::add_subkey if you need to change these parameters.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::KeyFlags;

let p = &StandardPolicy::new();

let (cert, rev) =
    CertBuilder::new()
        .add_certification_subkey()
        .generate()?;

assert_eq!(cert.keys().count(), 2);
let ka = cert.with_policy(p, None)?.keys().nth(1).unwrap();
assert_eq!(ka.key_flags(),
           Some(KeyFlags::empty().set_certification()));

[src]

pub fn add_authentication_subkey(self) -> Self

Adds an authentication-capable subkey.

The key uses the default cipher suite (see CertBuilder::set_cipher_suite), and is not set to expire. Use CertBuilder::add_subkey if you need to change these parameters.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::KeyFlags;

let p = &StandardPolicy::new();

let (cert, rev) =
    CertBuilder::new()
        .add_authentication_subkey()
        .generate()?;

assert_eq!(cert.keys().count(), 2);
let ka = cert.with_policy(p, None)?.keys().nth(1).unwrap();
assert_eq!(ka.key_flags(),
           Some(KeyFlags::empty().set_authentication()));

[src]

pub fn add_subkey<T, C>(self, flags: KeyFlags, validity: T, cs: C) -> Self where
T: Into<Option<Duration>>,
C: Into<Option<CipherSuite>>,

Adds a custom subkey.

If expiration is None, the subkey uses the same expiration time as the primary key.

Likewise, if cs is None, the same cipher suite is used as for the primary key.

Examples

Generates a certificate with an encryption subkey that is for protecting both data in transit and data at rest, and expires at a different time from the primary key:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::KeyFlags;

let p = &StandardPolicy::new();

let now = std::time::SystemTime::now();
let y = std::time::Duration::new(365 * 24 * 60 * 60, 0);

// Make the certificate expire in 2 years, and the subkey
// expire in a year.
let (cert,_) = CertBuilder::new()
    .set_creation_time(now)
    .set_validity_period(2 * y)
    .add_subkey(KeyFlags::empty()
                    .set_storage_encryption()
                    .set_transport_encryption(),
                y,
                None)
    .generate()?;

assert_eq!(cert.with_policy(p, now)?.keys().alive().count(), 2);
assert_eq!(cert.with_policy(p, now + y)?.keys().alive().count(), 1);
assert_eq!(cert.with_policy(p, now + 2 * y)?.keys().alive().count(), 0);

let ka = cert.with_policy(p, None)?.keys().nth(1).unwrap();
assert_eq!(ka.key_flags(),
           Some(KeyFlags::empty()
                    .set_storage_encryption()
                    .set_transport_encryption()));

[src]

pub fn add_subkey_with<T, C, B>(
 self,
 flags: KeyFlags,
 validity: T,
 cs: C,
 builder: B
) -> Result<Self> where
 T: Into<Option<Duration>>,
 C: Into<Option<CipherSuite>>,
 B: Into<SignatureBuilder>,

Adds a subkey with a binding signature based on builder.

Adds a subkey to the certificate, creating the binding signature using builder. The builders signature type must be SubkeyBinding.

The key generation step uses builder as a template, but adds all subpackets that the signature needs to be a valid binding signature. If you need more control, or want to adopt existing keys, consider using Key::bind.

The following modifications are performed on builder:

An appropriate hash algorithm is selected.
The creation time is set.
Key metadata is added (key flags, key validity period).

Examples

This example binds a signing subkey to a certificate, restricting its use to authentication of software.

let (cert, revocation_cert) =
    CertBuilder::general_purpose(
        None, Some("Alice Lovelace <alice@example.org>"))
    .add_subkey_with(
        KeyFlags::empty().set_signing(), None, None,
        SignatureBuilder::new(SignatureType::SubkeyBinding)
            // Add a critical notation!
            .set_notation("code-signing@policy.example.org", b"",
                          NotationDataFlags::empty(), true)?)?
    .generate()?;

// Under the standard policy, the additional signing subkey
// is not bound.
let p = StandardPolicy::new();
assert_eq!(cert.with_policy(&p, None)?.keys().for_signing().count(), 1);

// However, software implementing the notation see the additional
// signing subkey.
let mut p = StandardPolicy::new();
p.good_critical_notations(&["code-signing@policy.example.org"]);
assert_eq!(cert.with_policy(&p, None)?.keys().for_signing().count(), 2);

[src]

pub fn set_primary_key_flags(self, flags: KeyFlags) -> Self

Sets the primary key’s key flags.

By default, the primary key is set to only be certification capable. This allows the caller to set additional flags.

Examples

Make the primary key certification and signing capable:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::KeyFlags;

let p = &StandardPolicy::new();

let (cert, rev) =
    CertBuilder::general_purpose(None,
                                 Some("Alice Lovelace <alice@example.org>"))
        .set_primary_key_flags(KeyFlags::empty().set_signing())
        .generate()?;

// Observe that the primary key's certification capability is
// set implicitly.
assert_eq!(cert.with_policy(p, None)?.primary_key().key_flags(),
           Some(KeyFlags::empty().set_signing().set_certification()));

[src]

pub fn set_password(self, password: Option<Password>) -> Self

Sets a password to encrypt the secret keys with.

The password is used to encrypt all secret key material.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;

// Make the certificate expire in 10 minutes.
let (cert, rev) =
    CertBuilder::general_purpose(None,
                                 Some("Alice Lovelace <alice@example.org>"))
        .set_password(Some("1234".into()))
        .generate()?;

for ka in cert.keys() {
    assert!(ka.has_secret());
}

[src]

pub fn set_validity_period<T>(self, validity: T) -> Self where
T: Into<Option<Duration>>,

Sets the certificate’s validity period.

The determines how long the certificate is valid. That is, after the validity period, the certificate is considered to be expired.

A value of None means that the certificate never expires.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::RevocationKey;

let p = &StandardPolicy::new();

let now = std::time::SystemTime::now();
let s = std::time::Duration::new(1, 0);

// Make the certificate expire in 10 minutes.
let (cert,_) = CertBuilder::new()
    .set_creation_time(now)
    .set_validity_period(600 * s)
    .generate()?;

assert!(cert.with_policy(p, now)?.primary_key().alive().is_ok());
assert!(cert.with_policy(p, now + 599 * s)?.primary_key().alive().is_ok());
assert!(cert.with_policy(p, now + 600 * s)?.primary_key().alive().is_err());

[src]

pub fn set_revocation_keys(self, revocation_keys: Vec<RevocationKey>) -> Self

Sets designated revokers.

Adds designated revokers to the primary key. This allows the designated revoker to issue revocation certificates on behalf of the primary key.

Examples

Make Alice a designated revoker for Bob:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::RevocationKey;

let p = &StandardPolicy::new();

let (alice, _) =
    CertBuilder::general_purpose(None, Some("alice@example.org"))
        .generate()?;
let (bob, _) =
    CertBuilder::general_purpose(None, Some("bob@example.org"))
        .set_revocation_keys(vec![(&alice).into()])
        .generate()?;

// Make sure Alice is listed as a designated revoker for Bob.
assert_eq!(bob.revocation_keys(p).collect::<Vec<&RevocationKey>>(),
           vec![&(&alice).into()]);

[src]

pub fn generate(self) -> Result<(Cert, Signature )>

Generates a certificate.

Examples

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::RevocationKey;

let p = &StandardPolicy::new();

let (alice, _) =
    CertBuilder::general_purpose(None, Some("alice@example.org"))
        .generate()?;