refactor: make signing key non-optional for pk_encrypt

2026-05-07 08:56:30 +03:00 · 2025-11-30 05:25:39 +00:00
parent 1ec3f45dc1
commit 5fb118e5a3
4 changed files with 30 additions and 44 deletions
--- a/benches/decrypting.rs
+++ b/benches/decrypting.rs
@@ -108,7 +108,7 @@ fn criterion_benchmark(c: &mut Criterion) {
            pk_encrypt(
                plain.clone(),
                vec![black_box(key_pair.public.clone())],
-                Some(key_pair.secret.clone()),
+                key_pair.secret.clone(),
                true,
                true,
            )
--- a/src/e2ee.rs
+++ b/src/e2ee.rs
@@ -57,7 +57,7 @@ impl EncryptHelper {
        let ctext = pgp::pk_encrypt(
            raw_message,
            keyring,
-            Some(sign_key),
+            sign_key,
            compress,
            anonymous_recipients,
        )
--- a/src/pgp.rs
+++ b/src/pgp.rs
@@ -165,7 +165,7 @@ fn select_pk_for_encryption(key: &SignedPublicKey) -> Option<&SignedPublicSubKey
 pub async fn pk_encrypt(
    plain: Vec<u8>,
    public_keys_for_encryption: Vec<SignedPublicKey>,
-    private_key_for_signing: Option<SignedSecretKey>,
+    private_key_for_signing: SignedSecretKey,
    compress: bool,
    anonymous_recipients: bool,
 ) -> Result<String> {
@@ -187,11 +187,9 @@ pub async fn pk_encrypt(
                }
            }
-            if let Some(ref skey) = private_key_for_signing {
+            msg.sign(&*private_key_for_signing, Password::empty(), HASH_ALGORITHM);
-                msg.sign(&**skey, Password::empty(), HASH_ALGORITHM);
+            if compress {
-                if compress {
+                msg.compression(CompressionAlgorithm::ZLIB);
                    msg.compression(CompressionAlgorithm::ZLIB);
                }
            }
            let encoded_msg = msg.to_armored_string(&mut rng, Default::default())?;
@@ -534,7 +532,6 @@ mod tests {
    static KEYS: LazyLock<TestKeys> = LazyLock::new(TestKeys::new);
    static CTEXT_SIGNED: OnceCell<String> = OnceCell::const_new();
    static CTEXT_UNSIGNED: OnceCell<String> = OnceCell::const_new();
    /// A ciphertext encrypted to Alice & Bob, signed by Alice.
    async fn ctext_signed() -> &'static String {
@@ -547,28 +544,7 @@ mod tests {
                pk_encrypt(
                    CLEARTEXT.to_vec(),
                    keyring,
-                    Some(KEYS.alice_secret.clone()),
+                    KEYS.alice_secret.clone(),
                    compress,
                    anonymous_recipients,
                )
                .await
                .unwrap()
            })
            .await
    }
    /// A ciphertext encrypted to Alice & Bob, not signed.
    async fn ctext_unsigned() -> &'static String {
        let anonymous_recipients = true;
        CTEXT_UNSIGNED
            .get_or_init(|| async {
                let keyring = vec![KEYS.alice_public.clone(), KEYS.bob_public.clone()];
                let compress = true;
                pk_encrypt(
                    CLEARTEXT.to_vec(),
                    keyring,
                    None,
                    compress,
                    anonymous_recipients,
                )
@@ -588,16 +564,6 @@ mod tests {
        );
    }
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_encrypt_unsigned() {
        assert!(!ctext_unsigned().await.is_empty());
        assert!(
            ctext_unsigned()
                .await
                .starts_with("-----BEGIN PGP MESSAGE-----")
        );
    }
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_decrypt_singed() {
        // Check decrypting as Alice
@@ -652,9 +618,9 @@ mod tests {
    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
    async fn test_decrypt_unsigned() {
        let decrypt_keyring = vec![KEYS.bob_secret.clone()];
        let ctext_unsigned = include_bytes!("../test-data/message/ctext_unsigned.asc");
        let (_msg, valid_signatures, content) =
-            pk_decrypt_and_validate(ctext_unsigned().await.as_bytes(), &decrypt_keyring, &[])
+            pk_decrypt_and_validate(ctext_unsigned, &decrypt_keyring, &[]).unwrap();
                .unwrap();
        assert_eq!(content, CLEARTEXT);
        assert_eq!(valid_signatures.len(), 0);
    }
@@ -744,7 +710,14 @@ mod tests {
        let pk_for_encryption = load_self_public_key(alice).await?;
        // Encrypt a message, but only to self, not to Bob:
-        let ctext = pk_encrypt(plain, vec![pk_for_encryption], None, true, true).await?;
+        let ctext = pk_encrypt(
            plain,
            vec![pk_for_encryption],
            KEYS.alice_secret.clone(),
            true,
            true,
        )
        .await?;
        // Trying to decrypt it should fail with an OK error message:
        let bob_private_keyring = crate::key::load_self_secret_keyring(bob).await?;
--- a/test-data/message/ctext_unsigned.asc
+++ b/test-data/message/ctext_unsigned.asc
@@ -0,0 +1,13 @@
 -----BEGIN PGP MESSAGE-----
 wU4DAAAAAAAAAAASAQdA4GtzIk21tMpcktf+k47Gn8iSt8JMJgu/hEf7wJLUGgsg
 /dQ8eBSe4/PoEoNQ2mHnHWSdPH4zvS142R86iiyGe3jBwEwDAAAAAAAAAAABB/9l
 dteYjCvGpJxjgm8dGcb3lY9jVj76HLu72KWLZy2p/Ch/mxGW2GtgWNipFA2plCLQ
 Dzutak20lbYXkBL+zEnioHc5aAixruQQa2yZSRqePxPmkC/eTiedNeVJCOcrJBbj
 k8kQ+CPXLxx6mWS28s0tQkbpH9oJ2Esy0J6FNl0DMTWG50FWuo+Mh/gQ7Su3S1Il
 MYa7n58LhMjNGwD0ckp+Ig1XPNnnyauA+0kU/yDy7aA9NH4CtdqeobitEnn2aK4c
 sge0008GzZ/p1UWAyIVCqXuB1cNQY0UMVLohV3v343Xf9vS6ZQ8Bi8L+DiS+WpSt
 2fYGJ7Iqq6joatv6wPgS0j8BTbOcCygy/V1NvwzZpXnOawiGYJaCFU33vr2p1SrK
 YB5YCwFI4499aXUGhokyAW0xy6+N7o2Ps1qS4L3cqu0=
 =Ytf8
 -----END PGP MESSAGE-----