public
/
keyfork
5
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Projects Releases Wiki Activity

keyfork-shard: re-enable standard policy, alive check still disabled, add check for encryption keys when discovering certs

This commit is contained in:
Ryan Heywood 2024-08-11 18:57:43 -04:00
parent c25c11d1a0
commit c36fe0a1b1
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
crates/keyfork-shard/src/openpgp.rs
View File

@ -25,7 +25,7 @@ use openpgp::{
stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper}, stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper},
Parse, Parse,
}, },
policy::{NullPolicy, Policy}, policy::{NullPolicy, StandardPolicy, Policy},
serialize::{ serialize::{
stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer}, stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer},
Marshal, Marshal,
@ -77,6 +77,10 @@ pub enum Error {
/// An IO error occurred. /// An IO error occurred.
#[error("IO error: {0}")] #[error("IO error: {0}")]
Io(#[source] std::io::Error), Io(#[source] std::io::Error),
/// No valid keys were found for the given recipient.
#[error("No valid keys were found for the recipient {0}")]
NoValidKeys(KeyID),
} }
#[allow(missing_docs)] #[allow(missing_docs)]
@ -239,6 +243,13 @@ impl<P: PromptHandler> OpenPGP<P> {
certs.insert(certfp, cert); certs.insert(certfp, cert);
} }
} }
for cert in certs.values() {
let policy = StandardPolicy::new();
let valid_cert = cert.with_policy(&policy, None).map_err(Error::Sequoia)?;
if get_encryption_keys(&valid_cert).next().is_none() {
return Err(Error::NoValidKeys(valid_cert.keyid()))
}
}
Ok(certs.into_values().collect()) Ok(certs.into_values().collect())
} }
} }
@ -276,7 +287,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
key_data: &[Self::PublicKey], key_data: &[Self::PublicKey],
threshold: u8, threshold: u8,
) -> Result<Self::EncryptedData, Self::Error> { ) -> Result<Self::EncryptedData, Self::Error> {
let policy = NullPolicy::new(); let policy = StandardPolicy::new();
let mut pp = vec![SHARD_METADATA_VERSION, threshold]; let mut pp = vec![SHARD_METADATA_VERSION, threshold];
// Note: Sequoia does not export private keys on a Cert, only on a TSK // Note: Sequoia does not export private keys on a Cert, only on a TSK
signing_key signing_key
@ -362,7 +373,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
public_key: &Cert, public_key: &Cert,
signing_key: &mut Self::SigningKey, signing_key: &mut Self::SigningKey,
) -> Result<EncryptedMessage> { ) -> Result<EncryptedMessage> {
let policy = NullPolicy::new(); let policy = StandardPolicy::new();
let valid_cert = public_key let valid_cert = public_key
.with_policy(&policy, None) .with_policy(&policy, None)
.map_err(Error::Sequoia)?; .map_err(Error::Sequoia)?;