Class: Rnp

Inherits:

Object

• Object
• Rnp

Defined in:

lib/rnp/rnp.rb,
lib/rnp/key.rb,
lib/rnp/misc.rb,
lib/rnp/error.rb,
lib/rnp/input.rb,
lib/rnp/utils.rb,
lib/rnp/output.rb,
lib/rnp/userid.rb,
lib/rnp/op/sign.rb,
lib/rnp/version.rb,
lib/rnp/op/verify.rb,
lib/rnp/signature.rb,
lib/rnp/op/encrypt.rb,
lib/rnp/op/generate.rb

Overview

© 2018-2023 Ribose Inc.

Defined Under Namespace

Classes: BadFormatError, BadPasswordError, Encrypt, Error, FeatureNotAvailableError, Generate, Input, InvalidSignatureError, Key, NoSuitableKeyError, Output, Sign, Signature, UserID, Verify

Constant Summary

VERSION =

"1.0.5"

Class Method Summary

• .commit_time ⇒ Integer

  Retrieve the commit time of the latest commit.

• .dearmor(input:, output: nil) ⇒ nil, String

  Remove ASCII Armor from data.

• .default_homedir ⇒ String

  Get the default homedir for RNP.

• .disable_debug ⇒ void

  Disable previously-enabled debugging.

• .enable_debug(file = nil) ⇒ void

  Enable debugging.

• .enarmor(input:, output: nil, type: nil) ⇒ nil, String

  Add ASCII Armor to data.

• .guess_contents(input) ⇒ String

  Guess the contents of an input.

• .has?(feature) ⇒ Boolean
• .homedir_info(homedir) ⇒ Hash<Symbol>

  Attempt to detect information about a homedir.

• .key_format(key_data) ⇒ String

  Attempt to detect the format of a key.

• .parse(input:, mpi: false, raw: false, grip: false) ⇒ Array

  Parse OpenPGP data to JSON.

• .s2k_iterations(hash:, msec:) ⇒ Integer

  Calculate s2k iterations.

• .supported_features(type) ⇒ Array

  Get a list of supported features (by type).

• .supports?(type, name) ⇒ Boolean

  Check if a specific feature is supported.

• .version(str = nil) ⇒ Integer

  Get the version stamp of the rnp library as an unsigned 32-bit integer.

• .version_for(major, minor, patch) ⇒ Integer

  Encode the given major, minor, and patch numbers into a version stamp.

• .version_major(version) ⇒ Integer

  Extract the major version component from the given version stamp.

• .version_minor(version) ⇒ Integer

  Extract the minor version component from the given version stamp.

• .version_patch(version) ⇒ Integer

  Extract the patch version component from the given version stamp.

• .version_string ⇒ String

  Get the version of the rnp library as a string.

• .version_string_full ⇒ String

  Get the detailed version of the rnp library as a string.

Instance Method Summary

• #cleartext_sign(input:, output: nil, signers:, compression: nil, creation_time: nil, expiration_time: nil, hash: nil) ⇒ nil, String

  Create a cleartext signature.

• #decrypt(input:, output: nil) ⇒ nil, String

  Decrypt encrypted data.

• #detached_sign(input:, output: nil, signers:, armored: nil, compression: nil, creation_time: nil, expiration_time: nil, hash: nil) ⇒ nil, String

  Create a detached signature.

• #detached_verify(data:, signature:) ⇒ Object

  Verify a detached signature.

• #each_fingerprint(&block) ⇒ self, Enumerator

  Enumerate all fingerprints.

• #each_grip(&block) ⇒ self, Enumerator

  Enumerate all grips.

• #each_keyid(&block) ⇒ self, Enumerator

  Enumerate all keyids.

• #each_userid(&block) ⇒ self, Enumerator

  Enumerate all userids.

• #encrypt(input:, output: nil, recipients:, armored: nil, compression: nil, cipher: nil, aead: nil) ⇒ Object

  Encrypt data with a public key.

• #encrypt_and_sign(input:, output: nil, recipients:, signers:, armored: nil, compression: nil, cipher: nil, aead: nil, hash: nil, creation_time: nil, expiration_time: nil) ⇒ Object

  Encrypt and sign data with a public key.

• #find_key(criteria) ⇒ Key^?

  Find a key.

• #fingerprints ⇒ Array<String>

  Get a list of all fingerprints.

• #generate(type:, userid:, bits:, curve: nil, password:, subtype: nil, subbits: 0, subcurve: nil) ⇒ Object

  Generate a key and optional subkey.

• #generate_dsa_elgamal(userid:, bits:, subbits: 0, password:) ⇒ Object

  Generate a DSA (w/optional ElGamal subkey) key.

• #generate_ecdsa_ecdh(userid:, curve:, password:) ⇒ Object

  Generate an ECDSA+ECDH key pair.

• #generate_eddsa_25519(userid:, password:) ⇒ Object

  Generate an EdDSA+x25519 key pair.

• #generate_key(description) ⇒ Hash<Symbol, Key>

  Generate a new key or pair of keys.

• #generate_rsa(userid:, bits:, subbits: 0, password:) ⇒ Object

  Generate an RSA key (w/optional subkey).

• #generate_sm2(userid:, password:) ⇒ Object

  Generate an SM2 key pair.

• #grips ⇒ Array<String>

  Get a list of all grips.

• #import_keys(input:, public_keys: true, secret_keys: true) ⇒ Hash

  Import keys.

• #import_signatures(input:) ⇒ Hash

  Import signatures.

• #initialize(pubfmt = 'GPG', secfmt = 'GPG') ⇒ Rnp constructor

  Create a new interface to RNP.

• #inspect ⇒ Object
• #key_provider=(provider) ⇒ Object

  Set a key provider.

• #keyids ⇒ Array<String>

  Get a list of all keyids.

• #load_keys(input:, format:, public_keys: true, secret_keys: true) ⇒ void

  Load keys.

• #log=(fd) ⇒ Object

  Set a logging destination.

• #password_provider=(provider) ⇒ Object

  Set a password provider.

• #public_key_count ⇒ Object
• #save_keys(output:, format:, public_keys: false, secret_keys: false) ⇒ void

  Save keys.

• #secret_key_count ⇒ Object
• #sign(input:, output: nil, signers:, armored: nil, compression: nil, creation_time: nil, expiration_time: nil, hash: nil) ⇒ nil, String

  Create a signature.

• #start_cleartext_sign(input:, output:) ⇒ Object

  Create a cleartext Sign operation.

• #start_detached_sign(input:, output:) ⇒ Object

  Create a detached Sign operation.

• #start_detached_verify(data:, signature:) ⇒ Object

  Create a detached Verify operation.

• #start_encrypt(input:, output:) ⇒ Object

  Create an Encrypt operation.

• #start_generate(type:) ⇒ Generate

  Start a Generate operation.

• #start_generate_subkey(primary:, type:) ⇒ Generate

  Start a Generate operation.

• #start_sign(input:, output:) ⇒ Object

  Create a Sign operation.

• #start_verify(input:, output: nil) ⇒ Object

  Create a Verify operation.

• #symmetric_encrypt(input:, output: nil, passwords:, armored: nil, compression: nil, cipher: nil, aead: nil, s2k_hash: nil, s2k_iterations: 0, s2k_cipher: nil) ⇒ void

  Encrypt with a password only.

• #unload_keys(public_keys: true, secret_keys: true) ⇒ Object
• #userids ⇒ Array<String>

  Get a list of all userids.

• #verify(input:, output: nil) ⇒ Object

  Verify a signature.

Constructor Details

#initialize(pubfmt = 'GPG', secfmt = 'GPG') ⇒ Rnp

Create a new interface to RNP.

Parameters:

• pubfmt (String) (defaults to: 'GPG') —

  the public keyring format

• secfmt (String) (defaults to: 'GPG') —

  the secret keyring format

# File 'lib/rnp/rnp.rb', line 28

def initialize(pubfmt = 'GPG', secfmt = 'GPG')
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_ffi_create, pptr, pubfmt, secfmt)
  @ptr = FFI::AutoPointer.new(pptr.read_pointer, self.class.method(:destroy))
  @key_provider = nil
  @password_provider = nil
end

Class Method Details

.commit_time ⇒ Integer

Retrieve the commit time of the latest commit.

This will return 0 for release/non-master builds.

Returns:

• (Integer)

# File 'lib/rnp/misc.rb', line 165

def self.commit_time
  LibRnp.rnp_version_commit_timestamp
end

.dearmor(input:, output: nil) ⇒ nil, String

Remove ASCII Armor from data.

Parameters:

• input (Input) —

  the input to read the ASCII-Armored data from

• output (Output) (defaults to: nil) —

  the output to write the dearmored data to. If nil, the result will be returned directly as a String.

Returns:

• (nil, String)

# File 'lib/rnp/misc.rb', line 98

def self.dearmor(input:, output: nil)
  Output.default(output) do |output_|
    Rnp.call_ffi(:rnp_dearmor, input.ptr, output_.ptr)
  end
end

.default_homedir ⇒ String

Get the default homedir for RNP.

Returns:

• (String)

# File 'lib/rnp/misc.rb', line 15

def self.default_homedir
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_get_default_homedir, pptr)
  begin
    phomedir = pptr.read_pointer
    phomedir.read_string unless phomedir.null?
  ensure
    LibRnp.rnp_buffer_destroy(phomedir)
  end
end

.disable_debug ⇒ void

This method returns an undefined value.

Disable previously-enabled debugging

# File 'lib/rnp/misc.rb', line 213

def self.disable_debug
  Rnp.call_ffi(:rnp_disable_debug)
end

.enable_debug(file = nil) ⇒ void

This method returns an undefined value.

Enable debugging

Parameters:

• file (String) (defaults to: nil) —

  the file to enable debugging for (or nil for all)

# File 'lib/rnp/misc.rb', line 206

def self.enable_debug(file = nil)
  Rnp.call_ffi(:rnp_enable_debug, file)
end

.enarmor(input:, output: nil, type: nil) ⇒ nil, String

Add ASCII Armor to data.

Parameters:

• input (Input) —

  the input to read data from

• output (Output) (defaults to: nil) —

  the output to write the armored data to. If nil, the result will be returned directly as a String.

• type (String) (defaults to: nil) —

  the armor type. Valid values include:

  • message

  • public key

  • secret key

  • signature

  • cleartext

  • nil (try to guess the type)

Returns:

• (nil, String)

# File 'lib/rnp/misc.rb', line 86

def self.enarmor(input:, output: nil, type: nil)
  Output.default(output) do |output_|
    Rnp.call_ffi(:rnp_enarmor, input.ptr, output_.ptr, type)
  end
end

.guess_contents(input) ⇒ String

Guess the contents of an input

Parameters:

• input (Input)

Returns:

• (String) —

  the guessed content type (or ‘unknown’), which may be used with enarmor

# File 'lib/rnp/misc.rb', line 222

def self.guess_contents(input)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_guess_contents, input.ptr, pptr)
  begin
    presult = pptr.read_pointer
    presult.read_string unless presult.null?
  ensure
    LibRnp.rnp_buffer_destroy(presult)
  end
end

.has?(feature) ⇒ Boolean

Returns:

• (Boolean)

Raises:

• (ArgumentError)

# File 'lib/rnp/misc.rb', line 293

def self.has?(feature)
  raise ArgumentError unless FEATURES.include?(feature)
  FEATURES[feature]
end

.homedir_info(homedir) ⇒ Hash<Symbol>

Attempt to detect information about a homedir.

Parameters:

• homedir (String) —

  the homedir

Returns:

• (Hash<Symbol>) —

  • :public [Hash<Symbol>]

    • :format [String]

    • :path [String]

  • :secret [Hash<Symbol>]

    • :format [String]

    • :path [String]

# File 'lib/rnp/misc.rb', line 36

def self.homedir_info(homedir)
  pptrs = FFI::MemoryPointer.new(:pointer, 4)
  Rnp.call_ffi(:rnp_detect_homedir_info, homedir, pptrs[0], pptrs[1],
               pptrs[2], pptrs[3])
  ptrs = (0..3).collect { |i| pptrs[i] }.map(&:read_pointer)
  return if ptrs.all?(&:null?)
  {
    public: {
      format: ptrs[0].read_string,
      path: ptrs[1].read_string
    },
    secret: {
      format: ptrs[2].read_string,
      path: ptrs[3].read_string
    }
  }
ensure
  ptrs&.each { |ptr| LibRnp.rnp_buffer_destroy(ptr) }
end

.key_format(key_data) ⇒ String

Attempt to detect the format of a key.

Parameters:

• key_data (String) —

  the key data

Returns:

• (String)

# File 'lib/rnp/misc.rb', line 60

def self.key_format(key_data)
  pptr = FFI::MemoryPointer.new(:pointer)
  data = FFI::MemoryPointer.from_data(key_data)
  Rnp.call_ffi(:rnp_detect_key_format, data, data.size, pptr)
  begin
    pformat = pptr.read_pointer
    pformat.read_string unless pformat.null?
  ensure
    LibRnp.rnp_buffer_destroy(pformat)
  end
end

.parse(input:, mpi: false, raw: false, grip: false) ⇒ Array

Parse OpenPGP data to JSON.

Parameters:

• input (Input) —

  the input to read the data

• mpi (Boolean) (defaults to: false) —

  if true then MPIs will be included

• raw (Boolean) (defaults to: false) —

  if true then raw bytes will be included

• grip (Boolean) (defaults to: false) —

  if true then grips will be included

Returns:

• (Array)

# File 'lib/rnp/misc.rb', line 176

def self.parse(input:, mpi: false, raw: false, grip: false)
  flags = 0
  flags |= LibRnp::RNP_JSON_DUMP_MPI if mpi
  flags |= LibRnp::RNP_JSON_DUMP_RAW if raw
  flags |= LibRnp::RNP_JSON_DUMP_GRIP if grip
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_dump_packets_to_json, input.ptr, flags, pptr)
  begin
    pjson = pptr.read_pointer
    JSON.parse(pjson.read_string) unless pjson.null?
  ensure
    LibRnp.rnp_buffer_destroy(pjson)
  end
end

.s2k_iterations(hash:, msec:) ⇒ Integer

Calculate s2k iterations

Parameters:

• hash (String) —

  the hash algorithm to use

• msec (Integer) —

  the desired number of milliseconds

Returns:

• (Integer)

# File 'lib/rnp/misc.rb', line 196

def self.s2k_iterations(hash:, msec:)
  piters = FFI::MemoryPointer.new(:size_t)
  Rnp.call_ffi(:rnp_calculate_iterations, hash, msec, piters)
  piters.read(:size_t)
end

.supported_features(type) ⇒ Array

Get a list of supported features (by type)

Parameters:

• type (String) —

  the type of feature (‘symmetric algorithm’, …)

Returns:

• (Array)

# File 'lib/rnp/misc.rb', line 248

def self.supported_features(type)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_supported_features, type, pptr)
  begin
    presult = pptr.read_pointer
    JSON.parse(presult.read_string) unless presult.null?
  ensure
    LibRnp.rnp_buffer_destroy(presult)
  end
end

.supports?(type, name) ⇒ Boolean

Check if a specific feature is supported

Parameters:

• type (String) —

  the type of feature (‘symmetric algorithm’, …)

• name (String) —

  the specific feature (‘CAST5’, …)

Returns:

• (Boolean)

# File 'lib/rnp/misc.rb', line 238

def self.supports?(type, name)
  presult = FFI::MemoryPointer.new(:bool)
  Rnp.call_ffi(:rnp_supports_feature, type, name, presult)
  presult.read(:bool)
end

.version(str = nil) ⇒ Integer

Get the version stamp of the rnp library as an unsigned 32-bit integer. This number can be compared against other stamps generated with version_for.

Returns:

• (Integer)

# File 'lib/rnp/misc.rb', line 123

def self.version(str = nil)
  if str.nil?
    LibRnp.rnp_version
  else
    LibRnp.rnp_version_for(*str.split('.').map(&:to_i))
  end
end

.version_for(major, minor, patch) ⇒ Integer

Encode the given major, minor, and patch numbers into a version stamp.

Returns:

• (Integer)

# File 'lib/rnp/misc.rb', line 135

def self.version_for(major, minor, patch)
  LibRnp.rnp_version_for(major, minor, patch)
end

.version_major(version) ⇒ Integer

Extract the major version component from the given version stamp.

Returns:

• (Integer)

# File 'lib/rnp/misc.rb', line 142

def self.version_major(version)
  LibRnp.rnp_version_major(version)
end

.version_minor(version) ⇒ Integer

Extract the minor version component from the given version stamp.

Returns:

• (Integer)

# File 'lib/rnp/misc.rb', line 149

def self.version_minor(version)
  LibRnp.rnp_version_minor(version)
end

.version_patch(version) ⇒ Integer

Extract the patch version component from the given version stamp.

Returns:

• (Integer)

# File 'lib/rnp/misc.rb', line 156

def self.version_patch(version)
  LibRnp.rnp_version_patch(version)
end

.version_string ⇒ String

Get the version of the rnp library as a string.

Returns:

• (String)

# File 'lib/rnp/misc.rb', line 107

def self.version_string
  LibRnp.rnp_version_string
end

.version_string_full ⇒ String

Get the detailed version of the rnp library as a string.

Returns:

• (String)

# File 'lib/rnp/misc.rb', line 114

def self.version_string_full
  LibRnp.rnp_version_string_full
end

Instance Method Details

#cleartext_sign(input:, output: nil, signers:, compression: nil, creation_time: nil, expiration_time: nil, hash: nil) ⇒ nil, String

Create a cleartext signature.

Parameters:

• signers (Key, Array<Key>) —

  the keys to sign with

• input (Input) —

  the input to read the data to be signed

• output (Output) (defaults to: nil) —

  the output to write the signatures. If nil, the result will be returned directly as a String.

• compression (Hash<Symbol>) (defaults to: nil)
• creation_time (Time, Integer) (defaults to: nil) —

  the creation time to use for all signatures. As an integer, this is the number of seconds since the unix epoch.

• expiration_time (Integer) (defaults to: nil) —

  the lifetime of the signature(s), as the number of seconds. The actual expiration date/time is the creation time plus this value. A value of 0 will create signatures that do not expire.

• hash (String) (defaults to: nil) —

  the hash algorithm name

Returns:

• (nil, String)

# File 'lib/rnp/rnp.rb', line 369

def cleartext_sign(input:, output: nil, signers:,
                   compression: nil,
                   creation_time: nil,
                   expiration_time: nil,
                   hash: nil)
  Output.default(output) do |output_|
    sign = start_cleartext_sign(input: input, output: output_)
    sign.options = {
      compression: compression,
      creation_time: creation_time,
      expiration_time: expiration_time,
      hash: hash
    }
    simple_sign(sign, signers)
  end
end

#decrypt(input:, output: nil) ⇒ nil, String

Decrypt encrypted data.

Parameters:

• input (Input) —

  the input to read the encrypted data

• output (Output) (defaults to: nil) —

  the output to write the decrypted data. If nil, the result will be returned directly as a String.

Returns:

• (nil, String)

# File 'lib/rnp/rnp.rb', line 544

def decrypt(input:, output: nil)
  Output.default(output) do |output_|
    Rnp.call_ffi(:rnp_decrypt, @ptr, input.ptr, output_.ptr)
  end
end

#detached_sign(input:, output: nil, signers:, armored: nil, compression: nil, creation_time: nil, expiration_time: nil, hash: nil) ⇒ nil, String

Create a detached signature.

Parameters:

• signers (Key, Array<Key>) —

  the keys to sign with

• input (Input) —

  the input to read the data to be signed

• output (Output) (defaults to: nil) —

  the output to write the signatures. If nil, the result will be returned directly as a String.

• armored (Boolean) (defaults to: nil) —

  true if the output should be ASCII-armored, false otherwise.

• compression (Hash<Symbol>) (defaults to: nil)
• creation_time (Time, Integer) (defaults to: nil) —

  the creation time to use for all signatures. As an integer, this is the number of seconds since the unix epoch.

• expiration_time (Integer) (defaults to: nil) —

  the lifetime of the signature(s), as the number of seconds. The actual expiration date/time is the creation time plus this value. A value of 0 will create signatures that do not expire.

• hash (String) (defaults to: nil) —

  the hash algorithm name

Returns:

• (nil, String)

# File 'lib/rnp/rnp.rb', line 397

def detached_sign(input:, output: nil, signers:,
                  armored: nil,
                  compression: nil,
                  creation_time: nil,
                  expiration_time: nil,
                  hash: nil)
  Output.default(output) do |output_|
    sign = start_detached_sign(input: input, output: output_)
    sign.options = {
      armored: armored,
      compression: compression,
      creation_time: creation_time,
      expiration_time: expiration_time,
      hash: hash
    }
    simple_sign(sign, signers)
  end
end

#detached_verify(data:, signature:) ⇒ Object

Verify a detached signature.

Parameters:

• data (Input) —

  the input to read the data

• signature (Input) —

  the input to read the signatures

# File 'lib/rnp/rnp.rb', line 429

def detached_verify(data:, signature:)
  verify = start_detached_verify(data: data, signature: signature)
  verify.execute
end

#each_fingerprint(&block) ⇒ self, Enumerator

Enumerate all fingerprints.

Returns:

• (self, Enumerator)

# File 'lib/rnp/rnp.rb', line 291

#each_grip(&block) ⇒ self, Enumerator

Enumerate all grips.

Returns:

• (self, Enumerator)

# File 'lib/rnp/rnp.rb', line 306

%w[userid keyid fingerprint grip].each do |identifier_type|
  define_method("each_#{identifier_type}".to_sym) do |&block|
    each_identifier(identifier_type, &block)
  end

  define_method("#{identifier_type}s".to_sym) do
    each_identifier(identifier_type).to_a
  end
end

#each_keyid(&block) ⇒ self, Enumerator

Enumerate all keyids.

Returns:

• (self, Enumerator)

# File 'lib/rnp/rnp.rb', line 281

#each_userid(&block) ⇒ self, Enumerator

Enumerate all userids.

Returns:

• (self, Enumerator)

# File 'lib/rnp/rnp.rb', line 271

#encrypt(input:, output: nil, recipients:, armored: nil, compression: nil, cipher: nil, aead: nil) ⇒ Object

Encrypt data with a public key.

Parameters:

• input (Input) —

  the input to read the plaintext

• output (Output) (defaults to: nil) —

  the output to write the encrypted data. If nil, the result will be returned directly as a String.

• recipients (Key, Array<Key>) —

  list of recipients keys

• armored (Boolean) (defaults to: nil) —

  true if the output should be ASCII-armored, false otherwise.

• compression (Hash<Symbol>) (defaults to: nil)
• cipher (String) (defaults to: nil) —

  the cipher algorithm name

# File 'lib/rnp/rnp.rb', line 444

def encrypt(input:, output: nil, recipients:,
            armored: nil,
            compression: nil,
            cipher: nil,
            aead: nil)
  Output.default(output) do |output_|
    enc = start_encrypt(input: input, output: output_)
    enc.options = {
      armored: armored,
      compression: compression,
      cipher: cipher,
      aead: aead,
    }
    simple_encrypt(enc, recipients: recipients)
  end
end

#encrypt_and_sign(input:, output: nil, recipients:, signers:, armored: nil, compression: nil, cipher: nil, aead: nil, hash: nil, creation_time: nil, expiration_time: nil) ⇒ Object

Encrypt and sign data with a public key.

Parameters:

• signers (Key, Array<Key>) —

  list of keys to sign with

• input (Input) —

  the input to read the plaintext

• output (Output) (defaults to: nil) —

  the output to write the encrypted data. If nil, the result will be returned directly as a String.

• recipients (Key, Array<Key>) —

  list of recipients keys

• armored (Boolean) (defaults to: nil) —

  true if the output should be ASCII-armored, false otherwise.

• compression (Hash<Symbol>) (defaults to: nil)
• cipher (String) (defaults to: nil) —

  the cipher algorithm name

• hash (String) (defaults to: nil) —

  the hash algorithm name

• creation_time (Time, Integer) (defaults to: nil) —

  the creation time to use for all signatures. As an integer, this is the number of seconds since the unix epoch.

• expiration_time (Integer) (defaults to: nil) —

  the lifetime of the signatures, as the number of seconds. The actual expiration date/time is the creation time plus this value. A value of 0 will create signatures that do not expire.

# File 'lib/rnp/rnp.rb', line 474

def encrypt_and_sign(input:, output: nil, recipients:, signers:,
                     armored: nil,
                     compression: nil,
                     cipher: nil,
                     aead: nil,
                     hash: nil,
                     creation_time: nil,
                     expiration_time: nil)
  Output.default(output) do |output_|
    enc = start_encrypt(input: input, output: output_)
    enc.options = {
      armored: armored,
      compression: compression,
      cipher: cipher,
      aead: aead,
      hash: hash,
      creation_time: creation_time,
      expiration_time: expiration_time
    }
    simple_encrypt(enc, recipients: recipients, signers: signers)
  end
end

#find_key(criteria) ⇒ Key^?

Find a key.

Parameters:

• criteria (Hash) —

  the search criteria. Some examples would be:

  • {keyid: ‘2FCADF05FFA501BB’}

  • {‘userid’: ‘user0’}

  • {fingerprint: ‘BE1C4AB951F4C2F6B604’}

  Only one criteria can be specified.

Returns:

• (Key, nil)

Raises:

• (Rnp::Error)

# File 'lib/rnp/rnp.rb', line 256

def find_key(criteria)
  raise Rnp::Error, 'Invalid search criteria' if !criteria.is_a?(::Hash) ||
                                                 criteria.size != 1
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_locate_key, @ptr, criteria.keys[0].to_s,
               criteria.values[0], pptr)
  pkey = pptr.read_pointer
  Rnp::Key.new(pkey) unless pkey.null?
end

#fingerprints ⇒ Array<String>

Get a list of all fingerprints.

Returns:

• (Array<String>)

# File 'lib/rnp/rnp.rb', line 286

#generate(type:, userid:, bits:, curve: nil, password:, subtype: nil, subbits: 0, subcurve: nil) ⇒ Object

Generate a key and optional subkey.

Parameters:

• userid (String) —

  the userid for the key

• password (String) —

  the password to protect the key(s) (nil for no protection)

# File 'lib/rnp/rnp.rb', line 206

def generate(type:, userid:, bits:, curve: nil, password:,
             subtype: nil, subbits: 0, subcurve: nil)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_generate_key_ex, @ptr, type, subtype, bits, subbits,
               curve, subcurve, userid, password, pptr)
  pkey = pptr.read_pointer
  Key.new(pkey) unless pkey.null?
end

#generate_dsa_elgamal(userid:, bits:, subbits: 0, password:) ⇒ Object

Generate a DSA (w/optional ElGamal subkey) key.

Parameters:

• userid (String) —

  the userid for the key

• bits (Integer) —

  the bit length for the primary key

• subbits (Integer) (defaults to: 0) —

  the bit length for the subkey (0 if no subkey should be generated)

• password (String) —

  the password to protect the key(s) (nil for no protection)

# File 'lib/rnp/rnp.rb', line 156

def generate_dsa_elgamal(userid:, bits:, subbits: 0, password:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_generate_key_dsa_eg, @ptr, bits, subbits, userid,
               password, pptr)
  pkey = pptr.read_pointer
  Key.new(pkey) unless pkey.null?
end

#generate_ecdsa_ecdh(userid:, curve:, password:) ⇒ Object

Generate an ECDSA+ECDH key pair.

Parameters:

• userid (String) —

  the userid for the key

• curve (String) —

  the name of the curve

• password (String) —

  the password to protect the key(s) (nil for no protection)

# File 'lib/rnp/rnp.rb', line 170

def generate_ecdsa_ecdh(userid:, curve:, password:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_generate_key_ec, @ptr, curve, userid, password, pptr)
  pkey = pptr.read_pointer
  Key.new(pkey) unless pkey.null?
end

#generate_eddsa_25519(userid:, password:) ⇒ Object

Generate an EdDSA+x25519 key pair.

Parameters:

• userid (String) —

  the userid for the key

• password (String) —

  the password to protect the key(s) (nil for no protection)

# File 'lib/rnp/rnp.rb', line 182

def generate_eddsa_25519(userid:, password:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_generate_key_25519, @ptr, userid, password, pptr)
  pkey = pptr.read_pointer
  Key.new(pkey) unless pkey.null?
end

#generate_key(description) ⇒ Hash<Symbol, Key>

Note:

The generated key(s) will be unprotected and unlocked. The application should protect and lock the keys with Rnp::Key#protect and Rnp::Key#lock.

Generate a new key or pair of keys.

Examples

examples/key_generation.rb

Parameters:

• description (String, Hash)

Returns:

• (Hash<Symbol, Key>) —

  a hash containing the generated key(s)

# File 'lib/rnp/rnp.rb', line 113

def generate_key(description)
  description = JSON.generate(description) unless description.is_a?(String)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_generate_key_json, @ptr, description, pptr)
  begin
    presults = pptr.read_pointer
    return nil if presults.null?
    results = JSON.parse(presults.read_string)
    generated = {}
    results.each do |k, v|
      key = find_key(v.keys[0].to_sym => v.values[0])
      generated[k.to_sym] = key
    end
    generated
  ensure
    LibRnp.rnp_buffer_destroy(presults)
  end
end

#generate_rsa(userid:, bits:, subbits: 0, password:) ⇒ Object

Generate an RSA key (w/optional subkey).

Parameters:

• userid (String) —

  the userid for the key

• bits (Integer) —

  the bit length for the primary key

• subbits (Integer) (defaults to: 0) —

  the bit length for the subkey (0 if no subkey should be generated)

• password (String) —

  the password to protect the key(s) (nil for no protection)

# File 'lib/rnp/rnp.rb', line 140

def generate_rsa(userid:, bits:, subbits: 0, password:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_generate_key_rsa, @ptr, bits, subbits, userid, password,
               pptr)
  pkey = pptr.read_pointer
  Key.new(pkey) unless pkey.null?
end

#generate_sm2(userid:, password:) ⇒ Object

Generate an SM2 key pair.

Parameters:

• userid (String) —

  the userid for the key

• password (String) —

  the password to protect the key(s) (nil for no protection)

# File 'lib/rnp/rnp.rb', line 194

def generate_sm2(userid:, password:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_generate_key_sm2, @ptr, userid, password, pptr)
  pkey = pptr.read_pointer
  Key.new(pkey) unless pkey.null?
end

#grips ⇒ Array<String>

Get a list of all grips.

Returns:

• (Array<String>)

# File 'lib/rnp/rnp.rb', line 296

#import_keys(input:, public_keys: true, secret_keys: true) ⇒ Hash

Import keys

Parameters:

• input (Input) —

  the input to read the (OpenPGP-format) keys from

• public_keys (Boolean) (defaults to: true) —

  whether to load public keys

• secret_keys (Boolean) (defaults to: true) —

  whether to load secret keys

Returns:

• (Hash) —

  information on the imported keys

# File 'lib/rnp/rnp.rb', line 632

def import_keys(input:, public_keys: true, secret_keys: true)
  flags = 0
  flags |= LibRnp::RNP_LOAD_SAVE_PUBLIC_KEYS if public_keys
  flags |= LibRnp::RNP_LOAD_SAVE_SECRET_KEYS if secret_keys
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_import_keys, @ptr, input.ptr, flags, pptr)
  begin
    presults = pptr.read_pointer
    JSON.parse(presults.read_string) unless pptr.null?
  ensure
    LibRnp.rnp_buffer_destroy(presults)
  end
end

#import_signatures(input:) ⇒ Hash

Import signatures

Parameters:

• input (Input) —

  the input to read the (OpenPGP-format) keys from

Returns:

• (Hash) —

  information on the imported keys

# File 'lib/rnp/rnp.rb', line 650

def import_signatures(input:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_import_signatures, @ptr, input.ptr, 0, pptr)
  begin
    presults = pptr.read_pointer
    JSON.parse(presults.read_string) unless pptr.null?
  ensure
    LibRnp.rnp_buffer_destroy(presults)
  end
end

#inspect ⇒ Object

# File 'lib/rnp/rnp.rb', line 41

def inspect
  Rnp.inspect_ptr(self)
end

#key_provider=(provider) ⇒ Object

Set a key provider.

The key provider is useful if, for example, you have a database of keys and you do not want to load all of them, and you don’t know which will be needed for a given operation.

The key provider will be called to request that a key be loaded, and the key provider is responsible for loading the appropriate key (if available) using #load_keys.

The provider may be called multiple times for the same key, but with different identifiers. For example, it may first be called with a fingerprint, then (if the key was not loaded), it may be called with a keyid.

Examples

examples/key_provider.rb

Parameters:

• provider (Proc, #call) —

  a callable object

# File 'lib/rnp/rnp.rb', line 74

def key_provider=(provider)
  @key_provider = provider
  @key_provider = KEY_PROVIDER.curry[provider] if provider
  Rnp.call_ffi(:rnp_ffi_set_key_provider, @ptr, @key_provider, nil)
end

#keyids ⇒ Array<String>

Get a list of all keyids.

Returns:

• (Array<String>)

# File 'lib/rnp/rnp.rb', line 276

#load_keys(input:, format:, public_keys: true, secret_keys: true) ⇒ void

This method returns an undefined value.

Load keys.

Parameters:

• format (String) —

  the format of the keys to load (GPG, KBX, G10).

• input (Input) —

  the input to read the keys from

• public_keys (Boolean) (defaults to: true) —

  whether to load public keys

• secret_keys (Boolean) (defaults to: true) —

  whether to load secret keys

Raises:

• (ArgumentError)

# File 'lib/rnp/rnp.rb', line 222

def load_keys(input:, format:, public_keys: true, secret_keys: true)
  raise ArgumentError, 'At least one of public_keys or secret_keys must be true' if !public_keys && !secret_keys
  flags = load_save_flags(public_keys: public_keys, secret_keys: secret_keys)
  Rnp.call_ffi(:rnp_load_keys, @ptr, format, input.ptr, flags)
end

#log=(fd) ⇒ Object

Set a logging destination.

Parameters:

• fd (Integer, IO) —

  the file descriptor to log to. This will be closed when this object is destroyed.

# File 'lib/rnp/rnp.rb', line 49

def log=(fd)
  fd = fd.to_i if fd.is_a(::IO)
  Rnp.call_ffi(:rnp_ffi_set_log_fd, @ptr, fd)
end

#password_provider=(provider) ⇒ Object

Set a password provider.

The password provider is used for retrieving passwords for various operations, including:

• Signing data

• Decrypting data (public-key or symmetric)

• Adding a userid to a key

• Unlocking a key

• Unprotecting a key

Examples

examples/password_provider.rb

Parameters:

• provider (Proc, #call, String) —

  a callable object, or a password

# File 'lib/rnp/rnp.rb', line 95

def password_provider=(provider)
  @password_provider = provider
  @password_provider = PASS_PROVIDER.curry[provider] if provider
  Rnp.call_ffi(:rnp_ffi_set_pass_provider, @ptr, @password_provider, nil)
end

#public_key_count ⇒ Object

# File 'lib/rnp/rnp.rb', line 316

def public_key_count
  pcount = FFI::MemoryPointer.new(:size_t)
  Rnp.call_ffi(:rnp_get_public_key_count, @ptr, pcount)
  pcount.read(:size_t)
end

#save_keys(output:, format:, public_keys: false, secret_keys: false) ⇒ void

This method returns an undefined value.

Save keys.

Parameters:

• format (String) —

  the format to save the keys in (GPG, KBX, G10).

• output (Output) —

  the output to write the keys to

• public_keys (Boolean) (defaults to: false) —

  whether to load public keys

• secret_keys (Boolean) (defaults to: false) —

  whether to load secret keys

Raises:

• (ArgumentError)

# File 'lib/rnp/rnp.rb', line 242

def save_keys(output:, format:, public_keys: false, secret_keys: false)
  raise ArgumentError, 'At least one of public_keys or secret_keys must be true' if !public_keys && !secret_keys
  flags = load_save_flags(public_keys: public_keys, secret_keys: secret_keys)
  Rnp.call_ffi(:rnp_save_keys, @ptr, format, output.ptr, flags)
end

#secret_key_count ⇒ Object

# File 'lib/rnp/rnp.rb', line 322

def secret_key_count
  pcount = FFI::MemoryPointer.new(:size_t)
  Rnp.call_ffi(:rnp_get_secret_key_count, @ptr, pcount)
  pcount.read(:size_t)
end

#sign(input:, output: nil, signers:, armored: nil, compression: nil, creation_time: nil, expiration_time: nil, hash: nil) ⇒ nil, String

Create a signature.

Parameters:

• input (Input) —

  the input to read the data to be signed

• output (Output) (defaults to: nil) —

  the output to write the signatures. If nil, the result will be returned directly as a String.

• signers (Key, Array<Key>) —

  the keys to sign with

• armored (Boolean) (defaults to: nil) —

  true if the output should be ASCII-armored, false otherwise.

• compression (Hash<Symbol>) (defaults to: nil)
• creation_time (Time, Integer) (defaults to: nil) —

  the creation time to use for all signatures. As an integer, this is the number of seconds since the unix epoch.

• expiration_time (Integer) (defaults to: nil) —

  the lifetime of the signature(s), as the number of seconds. The actual expiration date/time is the creation time plus this value. A value of 0 will create signatures that do not expire.

• hash (String) (defaults to: nil) —

  the hash algorithm name

Returns:

• (nil, String)

# File 'lib/rnp/rnp.rb', line 340

def sign(input:, output: nil, signers:,
         armored: nil,
         compression: nil,
         creation_time: nil,
         expiration_time: nil,
         hash: nil)
  Output.default(output) do |output_|
    sign = start_sign(input: input, output: output_)
    sign.options = {
      armored: armored,
      compression: compression,
      creation_time: creation_time,
      expiration_time: expiration_time,
      hash: hash
    }
    simple_sign(sign, signers)
  end
end

#start_cleartext_sign(input:, output:) ⇒ Object

Create a cleartext Sign operation.

Parameters:

• input (Input) —

  the input to read the data to be signed

• output (Output) —

  the output to write the signatures

# File 'lib/rnp/rnp.rb', line 586

def start_cleartext_sign(input:, output:)
  _start_sign(:rnp_op_sign_cleartext_create, input, output)
end

#start_detached_sign(input:, output:) ⇒ Object

Create a detached Sign operation.

Parameters:

• input (Input) —

  the input to read the data to be signed

• output (Output) —

  the output to write the signatures

# File 'lib/rnp/rnp.rb', line 594

def start_detached_sign(input:, output:)
  _start_sign(:rnp_op_sign_detached_create, input, output)
end

#start_detached_verify(data:, signature:) ⇒ Object

Create a detached Verify operation.

Parameters:

• data (Input) —

  the input to read the signed data

• signature (Input) —

  the input to read the signatures

# File 'lib/rnp/rnp.rb', line 611

def start_detached_verify(data:, signature:)
  _start_verify(:rnp_op_verify_detached_create, data, signature)
end

#start_encrypt(input:, output:) ⇒ Object

Create an Encrypt operation.

Parameters:

• input (Input) —

  the input to read the plaintext

• output (Output) —

  the output to write the encrypted data

# File 'lib/rnp/rnp.rb', line 619

def start_encrypt(input:, output:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_op_encrypt_create, pptr, @ptr, input.ptr, output.ptr)
  pencrypt = pptr.read_pointer
  Encrypt.new(pencrypt) unless pencrypt.null?
end

#start_generate(type:) ⇒ Generate

Start a Generate operation.

Parameters:

• type (String, Symbol) —

  the key type to generate (RSA, DSA, etc)

Returns:

• (Generate)

# File 'lib/rnp/rnp.rb', line 554

def start_generate(type:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_op_generate_create, pptr, @ptr, type.to_s)
  pgen = pptr.read_pointer
  Generate.new(pgen) unless pgen.null?
end

#start_generate_subkey(primary:, type:) ⇒ Generate

Start a Generate operation.

Parameters:

• primary (Key) —

  the primary key for which to generate a subkey

• type (String, Symbol) —

  the key type to generate (RSA, DSA, etc)

Returns:

• (Generate)

# File 'lib/rnp/rnp.rb', line 566

def start_generate_subkey(primary:, type:)
  pptr = FFI::MemoryPointer.new(:pointer)
  Rnp.call_ffi(:rnp_op_generate_subkey_create, pptr, @ptr, primary.ptr,
               type.to_s)
  pgen = pptr.read_pointer
  Generate.new(pgen) unless pgen.null?
end

#start_sign(input:, output:) ⇒ Object

Create a Sign operation.

Parameters:

• input (Input) —

  the input to read the data to be signed

• output (Output) —

  the output to write the signatures

# File 'lib/rnp/rnp.rb', line 578

def start_sign(input:, output:)
  _start_sign(:rnp_op_sign_create, input, output)
end

#start_verify(input:, output: nil) ⇒ Object

Create a Verify operation.

Parameters:

• input (Input) —

  the input to read the signatures

• output (Output) (defaults to: nil) —

  the output (if any) to write the verified data

# File 'lib/rnp/rnp.rb', line 602

def start_verify(input:, output: nil)
  output = Output.to_null unless output
  _start_verify(:rnp_op_verify_create, input, output)
end

#symmetric_encrypt(input:, output: nil, passwords:, armored: nil, compression: nil, cipher: nil, aead: nil, s2k_hash: nil, s2k_iterations: 0, s2k_cipher: nil) ⇒ void

This method returns an undefined value.

Encrypt with a password only.

Parameters:

• passwords (String, Array<String>) —

  list of passwords to encrypt with. Any (single) one of the passwords can be used to decrypt.

• input (Input) —

  the input to read the plaintext

• output (Output) (defaults to: nil) —

  the output to write the encrypted data. If nil, the result will be returned directly as a String.

• armored (Boolean) (defaults to: nil) —

  true if the output should be ASCII-armored, false otherwise.

• compression (Hash<Symbol>) (defaults to: nil)
• cipher (String) (defaults to: nil) —

  the cipher algorithm name

• s2k_hash (String) (defaults to: nil) —

  the hash algorithm to use for the string-to-key key derivation.

• s2k_iterations (Integer) (defaults to: 0) —

  the number of iterations for the string-to-key key derivation. A value of 0 will choose a default.

• s2k_cipher (String) (defaults to: nil) —

  the cipher algorithm used to wrap the key.

# File 'lib/rnp/rnp.rb', line 511

def symmetric_encrypt(input:, output: nil, passwords:,
                      armored: nil,
                      compression: nil,
                      cipher: nil,
                      aead: nil,
                      s2k_hash: nil,
                      s2k_iterations: 0,
                      s2k_cipher: nil)
  Output.default(output) do |output_|
    enc = start_encrypt(input: input, output: output_)
    enc.options = {
      armored: armored,
      compression: compression,
      cipher: cipher,
      aead: aead,
    }
    passwords = [passwords] if passwords.is_a?(String)
    passwords.each do |password|
      enc.add_password(password,
                       s2k_hash: s2k_hash,
                       s2k_iterations: s2k_iterations,
                       s2k_cipher: s2k_cipher)
    end
    enc.execute
  end
end

#unload_keys(public_keys: true, secret_keys: true) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/rnp/rnp.rb', line 228

def unload_keys(public_keys: true, secret_keys: true)
  raise ArgumentError, "At least one of public_keys or secret_keys must be true" \
    if !public_keys && !secret_keys
  flags = unload_keys_flags(public_keys: public_keys, secret_keys: secret_keys)
  Rnp.call_ffi(:rnp_unload_keys, @ptr, flags)
end

#userids ⇒ Array<String>

Get a list of all userids.

Returns:

• (Array<String>)

# File 'lib/rnp/rnp.rb', line 266

#verify(input:, output: nil) ⇒ Object

Verify a signature.

Parameters:

• input (Input) —

  the input to read the signatures

• output (Output) (defaults to: nil) —

  the output (if any) to write the verified data

# File 'lib/rnp/rnp.rb', line 420

def verify(input:, output: nil)
  verify = start_verify(input: input, output: output)
  verify.execute
end