keyfork-derive-openpgp: document KEYFORK_OPENPGP_EXPIRE
This commit is contained in:
parent
289cec36ef
commit
f0e5ae9a8b
|
@ -59,8 +59,12 @@ pub enum Error {
|
||||||
#[allow(missing_docs)]
|
#[allow(missing_docs)]
|
||||||
pub type Result<T, E = Error> = std::result::Result<T, E>;
|
pub type Result<T, E = Error> = std::result::Result<T, E>;
|
||||||
|
|
||||||
/// Create an OpenPGP Cert with derived keys from the given derivation response, keys, and User
|
/// Create an OpenPGP Cert with private key data, with derived keys from the given derivation
|
||||||
/// ID.
|
/// response, keys, and User ID.
|
||||||
|
///
|
||||||
|
/// Certificates are created with a default expiration of one day, but may be configured to expire
|
||||||
|
/// later using the `KEYFORK_OPENPGP_EXPIRE` environment variable using values such as "15d" (15
|
||||||
|
/// days), "1m" (one month), or "2y" (two years).
|
||||||
///
|
///
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// The function may error for any condition mentioned in [`Error`].
|
/// The function may error for any condition mentioned in [`Error`].
|
||||||
|
@ -109,7 +113,7 @@ pub fn derive(xprv: XPrv, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
|
||||||
let cert = cert.insert_packets(vec![Packet::from(userid.clone()), binding.into()])?;
|
let cert = cert.insert_packets(vec![Packet::from(userid.clone()), binding.into()])?;
|
||||||
let policy = sequoia_openpgp::policy::StandardPolicy::new();
|
let policy = sequoia_openpgp::policy::StandardPolicy::new();
|
||||||
|
|
||||||
// Set certificate expiration to one day
|
// Set certificate expiration to configured expiration or (default) one day
|
||||||
let mut keypair = primary_key.clone().into_keypair()?;
|
let mut keypair = primary_key.clone().into_keypair()?;
|
||||||
let signatures =
|
let signatures =
|
||||||
cert.set_expiration_time(&policy, None, &mut keypair, Some(expiration_date))?;
|
cert.set_expiration_time(&policy, None, &mut keypair, Some(expiration_date))?;
|
||||||
|
|
|
@ -20,8 +20,12 @@ pub enum DeriveSubcommands {
|
||||||
/// Derive an OpenPGP Transferable Secret Key (private key). The key is encoded using OpenPGP
|
/// Derive an OpenPGP Transferable Secret Key (private key). The key is encoded using OpenPGP
|
||||||
/// ASCII Armor, a format usable by most programs using OpenPGP.
|
/// ASCII Armor, a format usable by most programs using OpenPGP.
|
||||||
///
|
///
|
||||||
/// The key is generated with a 24-hour expiration time. The operation to set the expiration
|
/// Certificates are created with a default expiration of one day, but may be configured to
|
||||||
/// time to a higher value is left to the user to ensure the key is usable by the user.
|
/// expire later using the `KEYFORK_OPENPGP_EXPIRE` environment variable using values such as
|
||||||
|
/// "15d" (15 days), "1m" (one month), or "2y" (two years).
|
||||||
|
///
|
||||||
|
/// It is recommended to use the default expiration of one day and to change the expiration
|
||||||
|
/// using an external utility, to ensure the Certify key is usable.
|
||||||
#[command(name = "openpgp")]
|
#[command(name = "openpgp")]
|
||||||
OpenPGP {
|
OpenPGP {
|
||||||
/// Default User ID for the certificate, using the OpenPGP User ID format.
|
/// Default User ID for the certificate, using the OpenPGP User ID format.
|
||||||
|
|
Loading…
Reference in New Issue