Make signer optional for encrypt

Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
wiktor-k · Mar 18, 2024 · cb4c097 · cb4c097
1 parent d485973
commit cb4c097
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 6 deletions.
diff --git a/NEXT.md b/NEXT.md
@@ -3,6 +3,9 @@
 v0.1.23
 
 New:
+  - `decrypt` accepts a function for supplying certificates for signature verification
+  - `encrypt` now does not require the `signer` argument
+  - the result of `decrypt` and `verify` exposes `valid_sigs` for retrieving a list of valid signatures
 
 Changed:
   - `verify` now accepts a callback for supplying signing certificates ([#20])

diff --git a/README.md b/README.md
@@ -130,7 +130,27 @@ print(f"Encrypted data: {encrypted}")
 
 ### decrypt
 
-Decrypts data:
+Decrypts plain data:
+
+```python
+from pysequoia import decrypt
+
+sender = Cert.from_file("no-passwd.pgp")
+receiver = Cert.from_file("passwd.pgp")
+
+content = "Red Green Blue"
+
+encrypted = encrypt(recipients = [receiver], bytes = content.encode("utf8"))
+
+decrypted = decrypt(decryptor = receiver.secrets.decryptor("hunter22"), bytes = encrypted)
+
+assert content == decrypted.bytes.decode("utf8");
+
+# this message did not contain any valid signatures
+assert len(decrypted.valid_sigs) == 0
+```
+
+Decrypt can also verify signatures while decrypting:
 
 ```python
 from pysequoia import decrypt
@@ -149,7 +169,7 @@ def get_certs(key_ids):
 decrypted = decrypt(decryptor = receiver.secrets.decryptor("hunter22"), bytes = encrypted, store = get_certs)
 
 assert content == decrypted.bytes.decode("utf8");
-print(decrypted.valid_sigs)
+
 # let's check the valid signature's certificate and signing subkey fingerprints
 assert decrypted.valid_sigs[0].certificate == sender.fingerprint
 assert decrypted.valid_sigs[0].signing_key == sender.fingerprint

diff --git a/src/encrypt.rs b/src/encrypt.rs
@@ -13,9 +13,9 @@ use crate::signer::PySigner;
 
 #[pyfunction]
 pub fn encrypt(
-    signer: PySigner,
     recipients: Vec<PyRef<Cert>>,
     bytes: &[u8],
+    signer: Option<PySigner>,
 ) -> PyResult<Cow<'static, [u8]>> {
     let mode = KeyFlags::empty()
         .set_storage_encryption()
@@ -66,7 +66,7 @@ pub fn encrypt(
 
     let message = Armorer::new(message).build()?;
 
-    let message = Encryptor::for_recipients(
+    let mut message = Encryptor::for_recipients(
         message,
         recipient_keys
             .iter()
@@ -75,8 +75,9 @@ pub fn encrypt(
     .build()
     .context("Failed to create encryptor")?;
 
-    let message = Signer::new(message, signer).build()?;
-
+    if let Some(signer) = signer {
+        message = Signer::new(message, signer).build()?;
+    }
     let mut message = LiteralWriter::new(message)
         .build()
         .context("Failed to create literal writer")?;