Struct sequoia_openpgp::cert::KeyBuilder

source ·

pub struct KeyBuilder { /* private fields */ }

Expand description

A Key builder.

A KeyBuilder is used to create a key, which can then be attached to an existing certificate as a subkey using KeyBuilder::subkey.

§Examples

Generate a signing key and attach it to a certificate:

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::KeyFlags;

let p = &StandardPolicy::new();

let vc = cert.with_policy(p, None)?;
let cert_new = KeyBuilder::new(KeyFlags::empty().set_signing())
    .subkey(vc)?
    .attach_cert()?;

Implementations§

source §

impl KeyBuilder

source

pub fn new(flags: KeyFlags) -> Self

Returns a new KeyBuilder.

Use KeyBuilder::subkey to generate a subkey and get a SubkeyBuilder, which can be used to add the subkey to a certificate.

source

pub fn cipher_suite(&self) -> CipherSuite

Returns the selected cipher suite.

source

pub fn set_cipher_suite(self, cipher_suite: CipherSuite) -> Self

Sets the cipher suite.

source

pub fn creation_time(&self) -> Option<SystemTime>

Returns the creation time.

Returns None if the creation time hasn’t been specified. In that case, the creation time will be set to the current time when the key material is generated by KeyBuilder::subkey.

source

pub fn set_creation_time<T>(self, creation_time: T) -> Self
where T: Into<Option<SystemTime>>,

Sets the creation time.

If None, then the creation time will be set to the current time when the key material is generated by KeyBuilder::subkey.

source

pub fn password(&self) -> Option<&Password>

Returns the password, if any.

source

pub fn set_password<T>(self, password: T) -> Self
where T: Into<Option<Password>>,

Sets the password.

source

pub fn subkey(self, vc: ValidCert<'_>) -> Result<SubkeyBuilder<'_>>

Generates a key, and returns a SubkeyBuilder.

The SubkeyBuilder will add the key to the specified certificate.

If the key creation time has not been explicitly set using KeyBuilder::set_creation_time, then the key’s creation time is set to the current time minus a few seconds.

Setting the creation time to a short time in the past solves two problems. First, when a new binding signature is created, it must have a newer time than the previous binding signature. This policy ensures that if a second binding signature is immediately created after the key is created it does not need to be postdated and thus can be used immediately. Second, if the key is immediately transferred to another computer and its clock is not quite synchronized, the key may appear to have been created in the future and will thus be ignored. Although NTP is widely used, empirically it seems that some virtual machines have laggy clocks.