I'm pleased to announce the release of version 0.6.0 of the Sequoia Web of Trust crate, sequoia-wot.
I have published sequoia-wot on crates.io:
You can also fetch version 0.6.0 using the v0.6.0 tag:
which I signed:
$ git verify-tag v0.6.0 gpg: Signature made Thu Mar 09 14:39:29 2023 +01:00 gpg: using RSA key C03FA6411B03AE12576461187223B56678E02528 gpg: Good signature from "Neal H. Walfield email@example.com" [ultimate] gpg: "Neal H. Walfield firstname.lastname@example.org" gpg: "Neal H. Walfield email@example.com" gpg: "Neal H. Walfield firstname.lastname@example.org" gpg: "Neal H. Walfield email@example.com"
The most noticeable change in this release is that we switched from providing our own certificate store abstraction to using the one provided by sequoia-cert-store. More information about sequoia-cert-store is available here:
We also added a wrapper struct so that it is easy to work with a `CertStore`, which is provided by the Certificate Store library, or any other data structure implementing the Store trait. The following code snippet illustrates the idea:
use sequoia_openpgp as openpgp; use openpgp::cert::CertBuilder; use openpgp::packet::UserID; use openpgp::policy::StandardPolicy;
use sequoia_cert_store as cert_store; use cert_store::Store; use cert_store::StoreUpdate;
use sequoia_wot as wot; use wot::Network; use wot::Query; use wot::Roots;
const P: &StandardPolicy = &StandardPolicy::new();
let mut cert_store = cert_store::CertStore::empty(); cert_store.update(Cow::Owned(alice.clone().into()))?; cert_store.update(Cow::Owned(bob.clone().into()))?;
// Build a WoT network. let trust_roots = Roots::from(&[ (alice.fingerprint().into(), wot::FULLY_TRUSTED), ]); let wot_data = wot::store::CertStore::from_backend(&cert_store, P, None); let network = Network::new(&wot_data)?; let q = Query::new(&network, trust_roots.clone());
// Try and authenticate Bob. let paths = q.authenticate( UserID::from("firstname.lastname@example.org"), bob.fingerprint(), wot::FULLY_TRUSTED); // Alice, our sole trust root, did not certify Bob so this will fail. assert_eq!(paths.amount(), 0);
Since we depend on sequoia-cert-store, we can also remove redundant code, like the keyserver implementation, which sequoia-cert-store also implements.
Neal on behalf of the whole Sequoia PGP team