Class: Rnp

Inherits:
Object
  • Object
show all
Defined in:
lib/rnp/rnp.rb,
lib/rnp/key.rb,
lib/rnp/misc.rb,
lib/rnp/error.rb,
lib/rnp/input.rb,
lib/rnp/utils.rb,
lib/rnp/output.rb,
lib/rnp/op/sign.rb,
lib/rnp/version.rb,
lib/rnp/op/verify.rb,
lib/rnp/op/encrypt.rb

Overview

© 2018 Ribose Inc.

Defined Under Namespace

Classes: BadFormatError, BadPasswordError, Encrypt, Error, FeatureNotAvailableError, Input, InvalidSignatureError, Key, NoSuitableKeyError, Output, Sign, Verify

Constant Summary collapse

ERRORS_MAP =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

{
  LibRnp::RNP_ERROR_BAD_PASSWORD => BadPasswordError,
  LibRnp::RNP_ERROR_SIGNATURE_INVALID => InvalidSignatureError,
  LibRnp::RNP_ERROR_BAD_FORMAT => BadFormatError,
  LibRnp::RNP_ERROR_NO_SUITABLE_KEY => NoSuitableKeyError
}.freeze
VERSION =
'1.0.3'

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pubfmt = 'GPG', secfmt = 'GPG') ⇒ Rnp

Create a new interface to RNP.

Parameters:

  • pubfmt (String) (defaults to: 'GPG')

    the public keyring format

  • secfmt (String) (defaults to: 'GPG')

    the secret keyring format


27
28
29
30
31
32
33
# File 'lib/rnp/rnp.rb', line 27

def initialize(pubfmt = 'GPG', secfmt = 'GPG')
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_ffi_create, pptr, pubfmt, secfmt)
  @ptr = FFI::AutoPointer.new(pptr.read_pointer, self.class.method(:destroy))
  @key_provider = nil
  @password_provider = nil
end

Instance Attribute Details

#ptrObject (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


21
22
23
# File 'lib/rnp/rnp.rb', line 21

def ptr
  @ptr
end

Class Method Details

.call_ffi(fn, *args) ⇒ void

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

This method returns an undefined value.

Calls the LibRnp FFI function indicated. If the return code is <0, an error will be raised.

Parameters:

  • fn (Symbol)

    the name of the function to call

  • args

    the arguments to pass to the FFI function


19
20
21
22
23
# File 'lib/rnp/utils.rb', line 19

def self.call_ffi(fn, *args)
  rc = LibRnp.method(fn).call(*args)
  Rnp.raise_error("#{fn} failed", rc) unless rc.zero?
  nil
end

.dearmor(input:, output: nil) ⇒ nil, String

Remove ASCII Armor from data.

Parameters:

  • input (Input)

    the input to read the ASCII-Armored data from

  • output (Output) (defaults to: nil)

    the output to write the dearmored data to. If nil, the result will be returned directly as a String.

Returns:

  • (nil, String)

90
91
92
93
94
# File 'lib/rnp/misc.rb', line 90

def self.dearmor(input:, output: nil)
  Output.default(output) do |output_|
    Rnp.call_ffi(:rnp_dearmor, input.ptr, output_.ptr)
  end
end

.default_homedirString

Get the default homedir for RNP.

Returns:

  • (String)

14
15
16
17
18
19
20
21
22
23
# File 'lib/rnp/misc.rb', line 14

def self.default_homedir
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_get_default_homedir, pptr)
  begin
    phomedir = pptr.read_pointer
    phomedir.read_string unless phomedir.null?
  ensure
    LibRnp.rnp_buffer_destroy(phomedir)
  end
end

.destroy(ptr) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


36
37
38
# File 'lib/rnp/rnp.rb', line 36

def self.destroy(ptr)
  LibRnp.rnp_ffi_destroy(ptr)
end

.enarmor(input:, output: nil, type: nil) ⇒ nil, String

Add ASCII Armor to data.

Parameters:

  • input (Input)

    the input to read data from

  • output (Output) (defaults to: nil)

    the output to write the armored data to. If nil, the result will be returned directly as a String.

Returns:

  • (nil, String)

78
79
80
81
82
# File 'lib/rnp/misc.rb', line 78

def self.enarmor(input:, output: nil, type: nil)
  Output.default(output) do |output_|
    Rnp.call_ffi(:rnp_enarmor, input.ptr, output_.ptr, type)
  end
end

.homedir_info(homedir) ⇒ Hash<Symbol>

Attempt to detect information about a homedir.

Parameters:

  • homedir (String)

    the homedir

Returns:

  • (Hash<Symbol>)
    • :public [Hash<Symbol>]

      • :format [String]

      • :path [String]

    • :secret [Hash<Symbol>]

      • :format [String]

      • :path [String]


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# File 'lib/rnp/misc.rb', line 35

def self.homedir_info(homedir)
  pptrs = FFI::MemoryPointer.new(:pointer, 4)
  Rnp.call_ffi(:rnp_detect_homedir_info, homedir, pptrs[0], pptrs[1],
               pptrs[2], pptrs[3])
  ptrs = (0..3).collect { |i| pptrs[i] }.map(&:read_pointer)
  return if ptrs.all?(&:null?)
  {
    public: {
      format: ptrs[0].read_string,
      path: ptrs[1].read_string
    },
    secret: {
      format: ptrs[2].read_string,
      path: ptrs[3].read_string
    }
  }
ensure
  ptrs&.each { |ptr| LibRnp.rnp_buffer_destroy(ptr) }
end

.inspect_ptr(myself) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


26
27
28
29
30
31
# File 'lib/rnp/utils.rb', line 26

def self.inspect_ptr(myself)
  ptr_format = "0x%0#{FFI::Pointer.size * 2}x"
  ptr_s = format(ptr_format, myself.instance_variable_get(:@ptr).address)
  class_name = myself.class.to_s
  "#<#{class_name}:#{ptr_s}>"
end

.key_format(key_data) ⇒ String

Attempt to detect the format of a key.

Parameters:

  • key_data (String)

    the key data

Returns:

  • (String)

59
60
61
62
63
64
65
66
67
68
69
# File 'lib/rnp/misc.rb', line 59

def self.key_format(key_data)
  pptr = FFI::MemoryPointer.new(:pointer)
  data = FFI::MemoryPointer.from_data(key_data)
  Rnp.call_ffi(:rnp_detect_key_format, data, data.size, pptr)
  begin
    pformat = pptr.read_pointer
    pformat.read_string unless pformat.null?
  ensure
    LibRnp.rnp_buffer_destroy(pformat)
  end
end

.raise_error(msg, rc = nil) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raises:

  • (klass)

33
34
35
36
# File 'lib/rnp/error.rb', line 33

def self.raise_error(msg, rc = nil)
  klass = ERRORS_MAP.fetch(rc, Error)
  raise klass.new(msg, rc)
end

.versionInteger

Get the version stamp of the rnp library as an unsigned 32-bit integer. This number can be compared against other stamps generated with version_for.

Returns:

  • (Integer)

115
116
117
# File 'lib/rnp/misc.rb', line 115

def self.version
  LibRnp.rnp_version
end

.version_for(major, minor, patch) ⇒ Integer

Encode the given major, minor, and patch numbers into a version stamp.

Returns:

  • (Integer)

123
124
125
# File 'lib/rnp/misc.rb', line 123

def self.version_for(major, minor, patch)
  LibRnp.rnp_version_for(major, minor, patch)
end

.version_major(version) ⇒ Integer

Extract the major version component from the given version stamp.

Returns:

  • (Integer)

130
131
132
# File 'lib/rnp/misc.rb', line 130

def self.version_major(version)
  LibRnp.rnp_version_major(version)
end

.version_minor(version) ⇒ Integer

Extract the minor version component from the given version stamp.

Returns:

  • (Integer)

137
138
139
# File 'lib/rnp/misc.rb', line 137

def self.version_minor(version)
  LibRnp.rnp_version_minor(version)
end

.version_patch(version) ⇒ Integer

Extract the patch version component from the given version stamp.

Returns:

  • (Integer)

144
145
146
# File 'lib/rnp/misc.rb', line 144

def self.version_patch(version)
  LibRnp.rnp_version_patch(version)
end

.version_stringString

Get the version of the rnp library as a string.

Returns:

  • (String)

99
100
101
# File 'lib/rnp/misc.rb', line 99

def self.version_string
  LibRnp.rnp_version_string
end

.version_string_fullString

Get the detailed version of the rnp library as a string.

Returns:

  • (String)

106
107
108
# File 'lib/rnp/misc.rb', line 106

def self.version_string_full
  LibRnp.rnp_version_string_full
end

Instance Method Details

#cleartext_sign(input:, output: nil, signers:, compression: nil, creation_time: nil, expiration_time: nil, hash: nil) ⇒ nil, String

Create a cleartext signature.

Parameters:

  • signers (Key, Array<Key>)

    the keys to sign with

  • input (Input)

    the input to read the data to be signed

  • output (Output) (defaults to: nil)

    the output to write the signatures. If nil, the result will be returned directly as a String.

  • compression (Hash<Symbol>) (defaults to: nil)
  • creation_time (Time, Integer) (defaults to: nil)

    the creation time to use for all signatures. As an integer, this is the number of seconds since the unix epoch.

  • expiration_time (Integer) (defaults to: nil)

    the lifetime of the signature(s), as the number of seconds. The actual expiration date/time is the creation time plus this value. A value of 0 will create signatures that do not expire.

  • hash (String) (defaults to: nil)

    the hash algorithm name

Returns:

  • (nil, String)

278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
# File 'lib/rnp/rnp.rb', line 278

def cleartext_sign(input:, output: nil, signers:,
                   compression: nil,
                   creation_time: nil,
                   expiration_time: nil,
                   hash: nil)
  Output.default(output) do |output_|
    sign = start_cleartext_sign(input: input, output: output_)
    sign.options = {
      compression: compression,
      creation_time: creation_time,
      expiration_time: expiration_time,
      hash: hash
    }
    simple_sign(sign, signers)
  end
end

#decrypt(input:, output: nil) ⇒ nil, String

Decrypt encrypted data.

Parameters:

  • input (Input)

    the input to read the encrypted data

  • output (Output) (defaults to: nil)

    the output to write the decrypted data. If nil, the result will be returned directly as a String.

Returns:

  • (nil, String)

444
445
446
447
448
# File 'lib/rnp/rnp.rb', line 444

def decrypt(input:, output: nil)
  Output.default(output) do |output_|
    Rnp.call_ffi(:rnp_decrypt, @ptr, input.ptr, output_.ptr)
  end
end

#detached_sign(input:, output: nil, signers:, armored: nil, compression: nil, creation_time: nil, expiration_time: nil, hash: nil) ⇒ nil, String

Create a detached signature.

Parameters:

  • signers (Key, Array<Key>)

    the keys to sign with

  • input (Input)

    the input to read the data to be signed

  • output (Output) (defaults to: nil)

    the output to write the signatures. If nil, the result will be returned directly as a String.

  • armored (Boolean) (defaults to: nil)

    true if the output should be ASCII-armored, false otherwise.

  • compression (Hash<Symbol>) (defaults to: nil)
  • creation_time (Time, Integer) (defaults to: nil)

    the creation time to use for all signatures. As an integer, this is the number of seconds since the unix epoch.

  • expiration_time (Integer) (defaults to: nil)

    the lifetime of the signature(s), as the number of seconds. The actual expiration date/time is the creation time plus this value. A value of 0 will create signatures that do not expire.

  • hash (String) (defaults to: nil)

    the hash algorithm name

Returns:

  • (nil, String)

306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
# File 'lib/rnp/rnp.rb', line 306

def detached_sign(input:, output: nil, signers:,
                  armored: nil,
                  compression: nil,
                  creation_time: nil,
                  expiration_time: nil,
                  hash: nil)
  Output.default(output) do |output_|
    sign = start_detached_sign(input: input, output: output_)
    sign.options = {
      armored: armored,
      compression: compression,
      creation_time: creation_time,
      expiration_time: expiration_time,
      hash: hash
    }
    simple_sign(sign, signers)
  end
end

#detached_verify(data:, signature:) ⇒ Object

Verify a detached signature.

Parameters:

  • data (Input)

    the input to read the data

  • signature (Input)

    the input to read the signatures


338
339
340
341
# File 'lib/rnp/rnp.rb', line 338

def detached_verify(data:, signature:)
  verify = start_detached_verify(data: data, signature: signature)
  verify.execute
end

#each_fingerprint(&block) ⇒ self, Enumerator

Enumerate all fingerprints.

Returns:

  • (self, Enumerator)

# File 'lib/rnp/rnp.rb', line 200

#each_grip(&block) ⇒ self, Enumerator

Enumerate all grips.

Returns:

  • (self, Enumerator)

215
216
217
218
219
220
221
222
223
# File 'lib/rnp/rnp.rb', line 215

%w[userid keyid fingerprint grip].each do |identifier_type|
  define_method("each_#{identifier_type}".to_sym) do |&block|
    each_identifier(identifier_type, &block)
  end

  define_method("#{identifier_type}s".to_sym) do
    each_identifier(identifier_type).to_a
  end
end

#each_keyid(&block) ⇒ self, Enumerator

Enumerate all keyids.

Returns:

  • (self, Enumerator)

# File 'lib/rnp/rnp.rb', line 190

#each_userid(&block) ⇒ self, Enumerator

Enumerate all userids.

Returns:

  • (self, Enumerator)

# File 'lib/rnp/rnp.rb', line 180

#encrypt(input:, output: nil, recipients:, armored: nil, compression: nil, cipher: nil) ⇒ Object

Encrypt data with a public key.

Parameters:

  • input (Input)

    the input to read the plaintext

  • output (Output) (defaults to: nil)

    the output to write the encrypted data. If nil, the result will be returned directly as a String.

  • recipients (Key, Array<Key>)

    list of recipients keys

  • armored (Boolean) (defaults to: nil)

    true if the output should be ASCII-armored, false otherwise.

  • compression (Hash<Symbol>) (defaults to: nil)
  • cipher (String) (defaults to: nil)

    the cipher algorithm name


352
353
354
355
356
357
358
359
360
361
362
363
364
365
# File 'lib/rnp/rnp.rb', line 352

def encrypt(input:, output: nil, recipients:,
            armored: nil,
            compression: nil,
            cipher: nil)
  Output.default(output) do |output_|
    enc = start_encrypt(input: input, output: output_)
    enc.options = {
      armored: armored,
      compression: compression,
      cipher: cipher
    }
    simple_encrypt(enc, recipients: recipients)
  end
end

#encrypt_and_sign(input:, output: nil, recipients:, signers:, armored: nil, compression: nil, cipher: nil, hash: nil, creation_time: nil, expiration_time: nil) ⇒ Object

Encrypt and sign data with a public key.

Parameters:

  • signers (Key, Array<Key>)

    list of keys to sign with

  • input (Input)

    the input to read the plaintext

  • output (Output) (defaults to: nil)

    the output to write the encrypted data. If nil, the result will be returned directly as a String.

  • recipients (Key, Array<Key>)

    list of recipients keys

  • armored (Boolean) (defaults to: nil)

    true if the output should be ASCII-armored, false otherwise.

  • compression (Hash<Symbol>) (defaults to: nil)
  • cipher (String) (defaults to: nil)

    the cipher algorithm name

  • hash (String) (defaults to: nil)

    the hash algorithm name

  • creation_time (Time, Integer) (defaults to: nil)

    the creation time to use for all signatures. As an integer, this is the number of seconds since the unix epoch.

  • expiration_time (Integer) (defaults to: nil)

    the lifetime of the signatures, as the number of seconds. The actual expiration date/time is the creation time plus this value. A value of 0 will create signatures that do not expire.


379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
# File 'lib/rnp/rnp.rb', line 379

def encrypt_and_sign(input:, output: nil, recipients:, signers:,
                     armored: nil,
                     compression: nil,
                     cipher: nil,
                     hash: nil,
                     creation_time: nil,
                     expiration_time: nil)
  Output.default(output) do |output_|
    enc = start_encrypt(input: input, output: output_)
    enc.options = {
      armored: armored,
      compression: compression,
      cipher: cipher,
      hash: hash,
      creation_time: creation_time,
      expiration_time: expiration_time
    }
    simple_encrypt(enc, recipients: recipients, signers: signers)
  end
end

#find_key(criteria) ⇒ Key?

Find a key.

Parameters:

  • criteria (Hash)

    the search criteria. Some examples would be:

    • {keyid: '2FCADF05FFA501BB'}

    • {'userid': 'user0'}

    • {fingerprint: 'BE1C4AB951F4C2F6B604'}

    Only one criteria can be specified.

Returns:

Raises:


165
166
167
168
169
170
171
172
173
# File 'lib/rnp/rnp.rb', line 165

def find_key(criteria)
  raise Rnp::Error, 'Invalid search criteria' if !criteria.is_a?(::Hash) ||
                                                 criteria.size != 1
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_locate_key, @ptr, criteria.keys[0].to_s,
               criteria.values[0], pptr)
  pkey = pptr.read_pointer
  Rnp::Key.new(pkey) unless pkey.null?
end

#fingerprintsArray<String>

Get a list of all fingerprints.

Returns:

  • (Array<String>)

# File 'lib/rnp/rnp.rb', line 195

#generate_key(description) ⇒ Hash<Symbol, Key>

Note:

The generated key(s) will be unprotected and unlocked. The application should protect and lock the keys with Rnp::Key#protect and Rnp::Key#lock.

Generate a new key or pair of keys.

Examples

examples/key_generation.rb

Parameters:

  • description (String, Hash)

Returns:

  • (Hash<Symbol, Key>)

    a hash containing the generated key(s)


112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# File 'lib/rnp/rnp.rb', line 112

def generate_key(description)
  description = JSON.generate(description) unless description.is_a?(String)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_generate_key_json, @ptr, description, pptr)
  begin
    presults = pptr.read_pointer
    return nil if presults.null?
    results = JSON.parse(presults.read_string)
    generated = {}
    results.each do |k, v|
      key = find_key(v.keys[0].to_sym => v.values[0])
      generated[k.to_sym] = key
    end
    generated
  ensure
    LibRnp.rnp_buffer_destroy(presults)
  end
end

#gripsArray<String>

Get a list of all grips.

Returns:

  • (Array<String>)

# File 'lib/rnp/rnp.rb', line 205

#inspectObject


40
41
42
# File 'lib/rnp/rnp.rb', line 40

def inspect
  Rnp.inspect_ptr(self)
end

#key_provider=(provider) ⇒ Object

Set a key provider.

The key provider is useful if, for example, you have a database of keys and you do not want to load all of them, and you don't know which will be needed for a given operation.

The key provider will be called to request that a key be loaded, and the key provider is responsible for loading the appropriate key (if available) using #load_keys.

The provider may be called multiple times for the same key, but with different identifiers. For example, it may first be called with a fingerprint, then (if the key was not loaded), it may be called with a keyid.

Examples

examples/key_provider.rb

Parameters:

  • provider (Proc, #call)

    a callable object


73
74
75
76
77
# File 'lib/rnp/rnp.rb', line 73

def key_provider=(provider)
  @key_provider = provider
  @key_provider = KEY_PROVIDER.curry[provider] if provider
  Rnp.call_ffi(:rnp_ffi_set_key_provider, @ptr, @key_provider, nil)
end

#keyidsArray<String>

Get a list of all keyids.

Returns:

  • (Array<String>)

# File 'lib/rnp/rnp.rb', line 185

#load_keys(input:, format:, public_keys: true, secret_keys: true) ⇒ void

This method returns an undefined value.

Load keys.

Parameters:

  • format (String)

    the format of the keys to load (GPG, KBX, G10).

  • input (Input)

    the input to read the keys from

  • public_keys (Boolean) (defaults to: true)

    whether to load public keys

  • secret_keys (Boolean) (defaults to: true)

    whether to load secret keys

Raises:

  • (ArgumentError)

138
139
140
141
142
# File 'lib/rnp/rnp.rb', line 138

def load_keys(input:, format:, public_keys: true, secret_keys: true)
  raise ArgumentError, 'At least one of public_keys or secret_keys must be true' if !public_keys && !secret_keys
  flags = load_save_flags(public_keys: public_keys, secret_keys: secret_keys)
  Rnp.call_ffi(:rnp_load_keys, @ptr, format, input.ptr, flags)
end

#log=(fd) ⇒ Object

Set a logging destination.

Parameters:

  • fd (Integer, IO)

    the file descriptor to log to. This will be closed when this object is destroyed.


48
49
50
51
# File 'lib/rnp/rnp.rb', line 48

def log=(fd)
  fd = fd.to_i if fd.is_a(::IO)
  Rnp.call_ffi(:rnp_ffi_set_log_fd, @ptr, fd)
end

#password_provider=(provider) ⇒ Object

Set a password provider.

The password provider is used for retrieving passwords for various operations, including:

  • Signing data

  • Decrypting data (public-key or symmetric)

  • Adding a userid to a key

  • Unlocking a key

  • Unprotecting a key

Examples

examples/password_provider.rb

Parameters:

  • provider (Proc, #call, String)

    a callable object, or a password


94
95
96
97
98
# File 'lib/rnp/rnp.rb', line 94

def password_provider=(provider)
  @password_provider = provider
  @password_provider = PASS_PROVIDER.curry[provider] if provider
  Rnp.call_ffi(:rnp_ffi_set_pass_provider, @ptr, @password_provider, nil)
end

#public_key_countObject


225
226
227
228
229
# File 'lib/rnp/rnp.rb', line 225

def public_key_count
  pcount = FFI::MemoryPointer.new(:size_t)
  Rnp.call_ffi(:rnp_get_public_key_count, @ptr, pcount)
  pcount.read(:size_t)
end

#save_keys(output:, format:, public_keys: false, secret_keys: false) ⇒ void

This method returns an undefined value.

Save keys.

Parameters:

  • format (String)

    the format to save the keys in (GPG, KBX, G10).

  • output (Output)

    the output to write the keys to

  • public_keys (Boolean) (defaults to: false)

    whether to load public keys

  • secret_keys (Boolean) (defaults to: false)

    whether to load secret keys

Raises:

  • (ArgumentError)

151
152
153
154
155
# File 'lib/rnp/rnp.rb', line 151

def save_keys(output:, format:, public_keys: false, secret_keys: false)
  raise ArgumentError, 'At least one of public_keys or secret_keys must be true' if !public_keys && !secret_keys
  flags = load_save_flags(public_keys: public_keys, secret_keys: secret_keys)
  Rnp.call_ffi(:rnp_save_keys, @ptr, format, output.ptr, flags)
end

#secret_key_countObject


231
232
233
234
235
# File 'lib/rnp/rnp.rb', line 231

def secret_key_count
  pcount = FFI::MemoryPointer.new(:size_t)
  Rnp.call_ffi(:rnp_get_secret_key_count, @ptr, pcount)
  pcount.read(:size_t)
end

#sign(input:, output: nil, signers:, armored: nil, compression: nil, creation_time: nil, expiration_time: nil, hash: nil) ⇒ nil, String

Create a signature.

Parameters:

  • input (Input)

    the input to read the data to be signed

  • output (Output) (defaults to: nil)

    the output to write the signatures. If nil, the result will be returned directly as a String.

  • signers (Key, Array<Key>)

    the keys to sign with

  • armored (Boolean) (defaults to: nil)

    true if the output should be ASCII-armored, false otherwise.

  • compression (Hash<Symbol>) (defaults to: nil)
  • creation_time (Time, Integer) (defaults to: nil)

    the creation time to use for all signatures. As an integer, this is the number of seconds since the unix epoch.

  • expiration_time (Integer) (defaults to: nil)

    the lifetime of the signature(s), as the number of seconds. The actual expiration date/time is the creation time plus this value. A value of 0 will create signatures that do not expire.

  • hash (String) (defaults to: nil)

    the hash algorithm name

Returns:

  • (nil, String)

249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
# File 'lib/rnp/rnp.rb', line 249

def sign(input:, output: nil, signers:,
         armored: nil,
         compression: nil,
         creation_time: nil,
         expiration_time: nil,
         hash: nil)
  Output.default(output) do |output_|
    sign = start_sign(input: input, output: output_)
    sign.options = {
      armored: armored,
      compression: compression,
      creation_time: creation_time,
      expiration_time: expiration_time,
      hash: hash
    }
    simple_sign(sign, signers)
  end
end

#start_cleartext_sign(input:, output:) ⇒ Object

Create a cleartext Sign operation.

Parameters:

  • input (Input)

    the input to read the data to be signed

  • output (Output)

    the output to write the signatures


462
463
464
# File 'lib/rnp/rnp.rb', line 462

def start_cleartext_sign(input:, output:)
  _start_sign(:rnp_op_sign_cleartext_create, input, output)
end

#start_detached_sign(input:, output:) ⇒ Object

Create a detached Sign operation.

Parameters:

  • input (Input)

    the input to read the data to be signed

  • output (Output)

    the output to write the signatures


470
471
472
# File 'lib/rnp/rnp.rb', line 470

def start_detached_sign(input:, output:)
  _start_sign(:rnp_op_sign_detached_create, input, output)
end

#start_detached_verify(data:, signature:) ⇒ Object

Create a detached Verify operation.

Parameters:

  • data (Input)

    the input to read the signed data

  • signature (Input)

    the input to read the signatures


487
488
489
# File 'lib/rnp/rnp.rb', line 487

def start_detached_verify(data:, signature:)
  _start_verify(:rnp_op_verify_detached_create, data, signature)
end

#start_encrypt(input:, output:) ⇒ Object

Create an Encrypt operation.

Parameters:

  • input (Input)

    the input to read the plaintext

  • output (Output)

    the output to write the encrypted data


495
496
497
498
499
500
# File 'lib/rnp/rnp.rb', line 495

def start_encrypt(input:, output:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_op_encrypt_create, pptr, @ptr, input.ptr, output.ptr)
  pencrypt = pptr.read_pointer
  Encrypt.new(pencrypt) unless pencrypt.null?
end

#start_sign(input:, output:) ⇒ Object

Create a Sign operation.

Parameters:

  • input (Input)

    the input to read the data to be signed

  • output (Output)

    the output to write the signatures


454
455
456
# File 'lib/rnp/rnp.rb', line 454

def start_sign(input:, output:)
  _start_sign(:rnp_op_sign_create, input, output)
end

#start_verify(input:, output: nil) ⇒ Object

Create a Verify operation.

Parameters:

  • input (Input)

    the input to read the signatures

  • output (Output) (defaults to: nil)

    the output (if any) to write the verified data


478
479
480
481
# File 'lib/rnp/rnp.rb', line 478

def start_verify(input:, output: nil)
  output = Output.to_null unless output
  _start_verify(:rnp_op_verify_create, input, output)
end

#symmetric_encrypt(input:, output: nil, passwords:, armored: nil, compression: nil, cipher: nil, s2k_hash: nil, s2k_iterations: 0, s2k_cipher: nil) ⇒ void

This method returns an undefined value.

Encrypt with a password only.

Parameters:

  • passwords (String, Array<String>)

    list of passwords to encrypt with. Any (single) one of the passwords can be used to decrypt.

  • input (Input)

    the input to read the plaintext

  • output (Output) (defaults to: nil)

    the output to write the encrypted data. If nil, the result will be returned directly as a String.

  • armored (Boolean) (defaults to: nil)

    true if the output should be ASCII-armored, false otherwise.

  • compression (Hash<Symbol>) (defaults to: nil)
  • cipher (String) (defaults to: nil)

    the cipher algorithm name

  • s2k_hash (String) (defaults to: nil)

    the hash algorithm to use for the string-to-key key derivation.

  • s2k_iterations (Integer) (defaults to: 0)

    the number of iterations for the string-to-key key derivation. A value of 0 will choose a default.

  • s2k_cipher (String) (defaults to: nil)

    the cipher algorithm used to wrap the key.


413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
# File 'lib/rnp/rnp.rb', line 413

def symmetric_encrypt(input:, output: nil, passwords:,
                      armored: nil,
                      compression: nil,
                      cipher: nil,
                      s2k_hash: nil,
                      s2k_iterations: 0,
                      s2k_cipher: nil)
  Output.default(output) do |output_|
    enc = start_encrypt(input: input, output: output_)
    enc.options = {
      armored: armored,
      compression: compression,
      cipher: cipher
    }
    passwords = [passwords] if passwords.is_a?(String)
    passwords.each do |password|
      enc.add_password(password,
                       s2k_hash: s2k_hash,
                       s2k_iterations: s2k_iterations,
                       s2k_cipher: s2k_cipher)
    end
    enc.execute
  end
end

#useridsArray<String>

Get a list of all userids.

Returns:

  • (Array<String>)

# File 'lib/rnp/rnp.rb', line 175

#verify(input:, output: nil) ⇒ Object

Verify a signature.

Parameters:

  • input (Input)

    the input to read the signatures

  • output (Output) (defaults to: nil)

    the output (if any) to write the verified data


329
330
331
332
# File 'lib/rnp/rnp.rb', line 329

def verify(input:, output: nil)
  verify = start_verify(input: input, output: output)
  verify.execute
end