rnp 0.2.0 → 1.0.0

data/bin/console

@@ -1,14 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/setup"
-require "rnp"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "irb"
-IRB.start(__FILE__)

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/example-usage.rb

@@ -1,766 +0,0 @@
-# Example usage of Rnp Ruby binding
-
-module Rnp
-
-  # https://tools.ietf.org/html/rfc4880#section-4.1
-  # An OpenPGP message is constructed from a number of records that are
-  # traditionally called packets.
-  #
-  # https://tools.ietf.org/html/rfc4880#section-11
-  # OpenPGP packets are assembled into sequences in order to create
-  # messages and to transfer keys.  Not all possible packet sequences are
-  # meaningful and correct.
-  class Message; end
-
-  # RFC 4880 11.1. Transferable Public Keys
-  # OpenPGP users may transfer public keys.  The essential elements of a
-  # transferable public key are as follows:
-  #  - One Public-Key packet
-  #  - Zero or more revocation signatures
-  #  - One or more User ID packets
-  #  - After each User ID packet, zero or more Signature packets (certifications)
-  #  - Zero or more User Attribute packets
-  #  - After each User Attribute packet, zero or more Signature packets (certifications)
-  #  - Zero or more Subkey packets
-  #  - After each Subkey packet, one Signature packet, plus optionally a revocation
-  class PublicKeyMessage; end
-  # message.public_key_packet => PublicKeyPacketV(3 or 4)
-  # message.revocation_signatures => [] of Signatures
-
-  # RFC 4880 11.2.  Transferable Secret Keys
-  # OpenPGP users may transfer secret keys.  The format of a transferable
-  # secret key is the same as a transferable public key except that secret-key
-  # and secret-subkey packets are used instead of the public key and
-  # public-subkey packets.  Implementations SHOULD include self- signatures on
-  # any user IDs and subkeys, as this allows for a complete public key to be
-  # automatically extracted from the transferable secret key.  Implementations
-  # MAY choose to omit the self-signatures, especially if a transferable public
-  # key accompanies the transferable secret key.
-  class SecretKeyMessage; end
-
-  # RFC 4880 11.3.  OpenPGP Messages
-  # An OpenPGP message is a packet or sequence of packets that corresponds to the
-  # following grammatical rules (comma represents sequential composition, and
-  # vertical bar separates alternatives):
-  #
-  # OpenPGP Message :- Encrypted Message | Signed Message | Compressed Message | Literal Message.
-  # Compressed Message :- Compressed Data Packet.
-  # Literal Message :- Literal Data Packet.
-  # ESK :- Public-Key Encrypted Session Key Packet | Symmetric-Key Encrypted Session Key Packet.
-  # ESK Sequence :- ESK | ESK Sequence, ESK.
-  # Encrypted Data :- Symmetrically Encrypted Data Packet | Symmetrically Encrypted Integrity Protected Data Packet
-  # Encrypted Message :- Encrypted Data | ESK Sequence, Encrypted Data.
-  # One-Pass Signed Message :- One-Pass Signature Packet, OpenPGP Message, Corresponding Signature Packet.
-  # Signed Message :- Signature Packet, OpenPGP Message | One-Pass Signed Message.
-  class OpenPgpMessage < Message; end
-
-  # The user only needs to know about these
-  class LiteralMessage < OpenPgpMessage; end
-  class CompressedMessage < OpenPgpMessage; end
-  class EncryptedMessage < OpenPgpMessage; end
-  class SignedMessage < OpenPgpMessage; end
-
-  class OnePassSignedMessage < OpenPgpMessage; end
-  class EncryptedData; end
-  class EncryptedSessionKeySequence; end
-  class EncryptedSessionKey; end
-
-  # RFC 4880 11.4. Detached Signatures
-  # Some OpenPGP applications use so-called "detached signatures".  For
-  # example, a program bundle may contain a file, and with it a second file
-  # that is a detached signature of the first file.  These detached signatures
-  # are simply a Signature packet stored separately from the data for which
-  # they are a signature.
-  class Signature < Packet; end # a "Signature Packet"
-
-  # https://tools.ietf.org/html/rfc4880#section-4.1
-  # RFC 4880 Section 4-5
-  # A packet is a chunk of data that has a tag specifying its meaning.  An
-  # OpenPGP message, keyring, certificate, and so forth consists of a number of
-  # packets.  Some of those packets may contain other OpenPGP packets (for
-  # example, a compressed data packet, when uncompressed, contains OpenPGP
-  # packets).
-  class Packet; end
-  packet.type # RFC 4880 section 5
-  packet.version # version 3 or 4
-  packet.subpackets # sub-packets in Rnp::Packet format
-  packet.certify(key) # adds a certification signature after the packet
-  packet.parent # The parent packet if it is a subpacket
-
-  # 5.1. Public-Key Encrypted Session Key Packets (Tag 1)
-  class PublicKeyEncryptedSessionKeyPacket; end
-  # - A one-octet number giving the version number of the packet type.  The
-  #   currently defined value for packet version is 3.
-  packet.version # => 3 only
-
-  # - An eight-octet number that gives the Key ID of the public key to
-  #   which the session key is encrypted.  If the session key is
-  #   encrypted to a subkey, then the Key ID of this subkey is used
-  #   here instead of the Key ID of the primary key.
-  packet.public_key_id # => String Key ID
-
-  # - A one-octet number giving the public-key algorithm used.
-  packet.public_key_algorithm # => PublicKeyAlgorithm
-
-  # - A string of octets that is the encrypted session key.  This string takes
-  #   up the remainder of the packet, and its contents are dependent on the
-  #   public-key algorithm used.
-  packet.encrypted_session_key # => String ciphertext
-  packet.decrypted_session_key # => String plaintext
-
-  # - Algorithm specific fields
-  # If RSA:
-  # - Multiprecision integer (MPI) of RSA encrypted value m**e mod n.
-  # { mpi: m**e mod n }
-  # If Elgamal:
-  # - MPI of Elgamal (Diffie-Hellman) value g**k mod p.
-  # - MPI of Elgamal (Diffie-Hellman) value m * y**k mod p.
-  # { first: g**k mod p, second: m* y**k mod p }
-  packet.algorithm_specific_fields
-
-  # 5.2. Signature Packet (Tag 2)
-  SignaturePacket = Signature # as defined above
-  # RFC 4880 5.2.2 (3 or 4)
-  signature.version
-  # RFC 4880 5.2.1 Signature Type
-  signature.type = [ # one of
-    SignatureType::GenericCertification,
-    SignatureType::PersonaCertification,
-    SignatureType::CasualCertification,
-    SignatureType::PositiveCertification,
-    SignatureType::SubkeyBinding,
-    SignatureType::PrimaryKeyBinding,
-    SignatureType::DirectKey,
-    SignatureType::KeyRevocation,
-    SignatureType::SubkeyRevocation,
-    SignatureType::CertificationRevocation,
-    SignatureType::Timestamp,
-    SignatureType::ThirdPartyConfirmation
-  ]
-  signature.public_key_algorithm # PublicKeyAlgorithm
-  signature.hash_algorithm # HashAlgorithm
-  signature.to_s # ASCII armored signature
-
-  # SIGNATURE ATTRIBUTES (Subpackets of the Signature Packet)
-  # 5.2.3 Returns array of Subpackets
-  signature.hashed_subpackets
-  signature.unhashed_subpackets
-  # 5.2.3.4. Signature Creation Time
-  # DateTime
-  signature.creation_time
-  # 5.2.3.5. Issuer: The OpenPGP Key ID of the key issuing the signature.
-  signature.issuer
-  # 5.2.3.6. Key Expiration Time
-  # DateTime
-  signature.key_expiration_time
-  # 5.2.3.7. Preferred Symmetric Algorithms
-  # Ordered [] of preferred symmetric algorithms
-  signature.preferred_symmetric_algorithms
-  # 5.2.3.8. Preferred Hash Algorithms
-  # Ordered [] of preferred hash algorithms
-  signature.preferred_hash_algorithms
-  # 5.2.3.9. Preferred Compression Algorithms
-  # Ordered [] of preferred compression algorithms, :zip by default
-  signature.preferred_compression_algorithms
-  # 5.2.3.10. Signature Expiration Time
-  # DateTime
-  signature.signature_expiration_time
-  # 5.2.3.11. Exportable Certification
-  # Boolean
-  signature.exportable_certification
-  # 5.2.3.12. Revocable
-  # Boolean
-  signature.revocable
-  # 5.2.3.13. Trust Signature
-  # Integer 0-255
-  signature.trust_signature
-  # 5.2.3.14. Regular Expression
-  # RegExp
-  signature.regex
-  # 5.2.3.15. Revocation Key
-  signature.revocation_key # String of Key ID
-  signature.revocation_key_sensitive # Boolean
-  signature.revocation_key_algorithm # Key Algorithm
-  # 5.2.3.16. Notation Data
-  class NotationData; end
-  # Each NotationData has a :name (email address), :value (UTF8 string), a flag
-  # :human_readable
-  signature.notation_data.first.human_readable # Boolean, "human-readable"
-  # [] of NotationData, each is a { name (email) => value (UTF8 string) }
-  signature.notation_data
-  # 5.2.3.17. Key Server Preferences
-  signature.key_server_preferences_no_modify # Boolean
-  # 5.2.3.18. Preferred Key Server
-  signature.preferred_key_server # a URI String
-  # 5.2.3.19. Primary User ID
-  signature.primary_userid # Boolean
-  # 5.2.3.20. Policy URI
-  signature.policy_uri # a URI String
-  # 5.2.3.21. Key Flags
-  # The "split key" (0x10) and "group key" (0x80) flags are placed on a
-  # self-signature only; they are meaningless on a certification signature.  They
-  # SHOULD be placed only on a direct-key signature (type 0x1F) or a subkey
-  # signature (type 0x18), one that refers to the key the flag applies to.
-  signature.key_flags # Can be combination of the following, :cert is always required.
-   [
-     :cert, # First octet 0x01, This key may be used to certify other keys.
-     :sign, # First octet 0x02, This key may be used to sign data.
-     :encrypt_comm, # First octet 0x04, This key may be used to encrypt communications.
-     :encrypt_data, # First octet 0x08, This key may be used to encrypt storage.
-     :auth, # First octet 0x20, This key may be used for authentication.
-     :split, # 0x10 - The private component of this key may have been split by a secret-sharing mechanism
-     :group, # 0x80 - The private component of this key may be in the possession of more than one person.
-  ]
-  # 5.2.3.22. Signer's User ID
-  signature.userid # Userid object
-  # 5.2.3.23. Reason for Revocation
-  signature.revocation_code # one of :no_reason, :superseded, :compromised, :retired, :invalid
-  signature.revocation_reason # String
-  # 5.2.3.24. Features
-  signature.features # Not needed now
-  # 5.2.3.25. Signature Target
-  signature.target_public_key_algorithm # PublicKeyAlgorithm
-  signature.target_hash_algorithm # HashAlgorithm
-  signature.target_hash # String
-  # 5.2.3.26. Embedded Signature
-  signature.embedded_signature # => SignaturePacket
-
-
-  # 5.3. Symmetric-Key Encrypted Session Key Packets (Tag 3)
-  class SymmetricKeyEncryptedSessionKeyPacket; end
-  p.version # => 4
-  p.symmetric_algorithm # => SymmetricKeyAlgorithm
-  p.string_to_key # (S2K)
-  p.session_key
-
-  # 5.4. One-Pass Signature Packets (Tag 4)
-  class OnePassSignaturePacket; end
-  p.version # => 4
-  p.signature_type # => SignatureType
-  p.hash_algorithm # => HashAlgorithm
-  p.public_key_algorithm # => PublicKeyAlgorithm
-  p.key_id # => String
-  p.nested # => Boolean
-
-  # 5.5. Key Material Packet
-  # 5.5.1. Key Packet Variants
-  #   5.5.1.1. Public-Key Packet (Tag 6)
-  #   5.5.1.2. Public-Subkey Packet (Tag 14)
-  #   5.5.1.3. Secret-Key Packet (Tag 5)
-  #   5.5.1.4. Secret-Subkey Packet (Tag 7)
-  class KeyMaterialPacket; end
-
-  # 5.5.2. Public-Key Packet Formats
-  class PublicKeyPacketV3 < KeyMaterialPacket; end
-  class PublicSubkeyPacketV3 < PublicKeyPacketV3; end
-  # Methods
-  packet.version # => 3
-  packet.creation_time # => DateTime
-  packet.expiration_time # => Integer in days
-  packet.public_key_algorithm # => PublicKeyAlgorithm
-  packet.mpi # =>
-  # {
-  #  n: "RSA MPI modulus n",
-  #  e: "RSA MPI encryption exponent e"
-  # }
-
-  class PublicKeyPacketV4 < KeyMaterialPacket; end
-  class PublicSubkeyPacketV4 < PublicKeyPacketV4; end
-  # Methods
-  packet.version # => 4
-  packet.creation_time # => DateTime
-  packet.expiration_time # => Integer in days
-  packet.public_key_algorithm # => PublicKeyAlgorithm
-  # If RSA:
-  packet.mpi # => {
-  #   n: RSA MPI modulus n
-  #   e: RSA MPI encryption exponent e
-  # }
-  # If DSA:
-  packet.mpi # => {
-  #   p: DSA prime p
-  #   q: DSA group order q
-  #   g: DSA group generator g
-  #   y: DSA public key value y
-  # }
-  # If Elgamal:
-  packet.mpi # => {
-  #   p: Elgamal prime p
-  #   g: Elgamal group generator g
-  #   y: Elgamal public key value y
-  # }
-
-  # 5.5.3. Secret-Key Packet Formats
-  class SecretKeyPacketV3 < PublicKeyPacketV3; end
-  class SecretSubkeyPacketV3 < SecretKeyPacketV3; end
-  class SecretKeyPacketV4 < PublicKeyPacketV4; end
-  class SecretSubkeyPacketV4 < SecretKeyPacketV4; end
-  # Methods (in addition to PublicKey methods above)
-  packet.public_key_packet # => PublicKeyPacketV3 || PublicSubkeyPacketV3
-  packet.string_to_key_usage # => 0-255
-  packet.symmetric_key_algorithm # (optional if usage is 255 or 254)
-  packet.string_to_key_specifier # (optional if usage is 255 or 254)
-  packet.iv # (optional, if secret key is encrypted)
-  packet.secret_key_data # => String
-
-  # If the string-to-key usage octet is zero or 255, then a two-octet checksum
-  # of the plaintext of the algorithm-specific portion (sum of all octets, mod
-  # 65536).  If the string-to-key usage octet was 254, then a 20-octet SHA-1
-  # hash of the plaintext of the algorithm-specific portion.  This checksum or
-  # hash is encrypted together with the algorithm-specific fields (if
-  # string-to-key usage octet is not zero).  Note that for all other values, a
-  # two-octet checksum is required.
-  packet.checksum # => String
-
-  # If RSA secret key:
-  # {
-  #   d: multiprecision integer (MPI) of RSA secret exponent d.
-  #   p: MPI of RSA secret prime value p.
-  #   q: MPI of RSA secret prime value q (p < q).
-  #   u: MPI of u, the multiplicative inverse of p, mod q.
-  # }
-  # If DSA secret key:
-  # { x: MPI of DSA secret exponent x. }
-  # If Elgamal secret key:
-  # { x: MPI of Elgamal secret exponent x. }
-  packet.algorithm_specific_fields # => Hash
-
-  # 5.6. Compressed Data Packet (Tag 8)
-  class CompressedDataPacket; end
-  packet.algorithm # => CompressionAlgorithm
-  packet.data # => a valid decompressed Rnp::OpenPgpMessage
-  packet.to_s # => an armored compressed data packet
-
-  # 5.7. Symmetrically Encrypted Data Packet (Tag 9)
-  class SymmetricallyEncryptedDataPacket; end
-  packet.data # => [] of valid Rnp::Packet(s)
-
-  # 5.8. Marker Packet (Obsolete Literal Packet) (Tag 10)
-  class MarkerPacket; end
-  # The body of this packet consists of:
-  # - The three octets 0x50, 0x47, 0x50 (which spell "PGP" in UTF-8).
-  # Such a packet MUST be ignored when received.
-  packet.text # => "PGP"
-
-  # 5.9. Literal Data Packet (Tag 11)
-  class LiteralDataPacket; end
-  # A Literal Data packet contains the body of a message; data that is not to
-  # be further interpreted.
-  #  - A one-octet field that describes how the data is formatted.
-  packet.format # => one of "b" (Binary), "t" (Text), "u" (UTF-8 text), "l" or
-                #    "1" (Local) is deprecated.
-  packet.binary?
-  packet.text?
-  packet.utf8?
-
-  # - File name as a string (one-octet length, followed by a file name).
-  packet.filename # => String. Name of encrypted file or "_CONSOLE" (for your eyes only)
-
-  # - A four-octet number that indicates a date associated with the literal
-  # data.
-  packet.date # => DateTime, modification date of a file or the time packet was
-              #    created, or 0 for no time
-
-  # - The remainder of the packet is literal data.
-  packet.data # => IO stream
-  packet.text # => If packet.text? then return text data with normalized <CR><LF> to local
-
-  # 5.10. Trust Packet (Tag 12)
-  class TrustPacket; end
-  # Only used in Keyrings
-
-  # 5.11. User ID Packet (Tag 13)
-  class UserIdPacket; end
-  # A RFC 2822 mail-addr.
-  # Same as class Rnp::Userid
-
-  # 5.12. User Attribute Packet (Tag 17)
-  class UserAttributePacket < UserIdPacket; end
-  packet.subpackets # => [] of Subpackets
-
-  class UserAttributeSubpacket; end
-  subpacket.type # => Only "1" is allowed as ImageAttributeSubpacket
-  subpacket.body # => Body of subpacket
-
-  # 5.12.1. The Image Attribute Subpacket
-  class ImageAttributeSubpacket < UserAttributeSubpacket; end
-  imagesubpacket.version # => 1 (only 1 allowed)
-  imagesubpacket.encoding # => 1 (only 1 allowed, means "JPEG")
-  imagesubpacket.body # => JPEG file IO
-
-  # 5.13. Sym. Encrypted Integrity Protected Data Packet (Tag 18) ..49
-  class SymmetricallyEncryptedIntegrityProtectedDataPacket < SymmetricallyEncryptedDataPacket; end
-  # - A one-octet version number.  The only currently defined value is 1.
-  packet.version # => 1 (only 1 allowed)
-
-  # - Encrypted data, the output of the selected symmetric-key cipher operating
-  # in Cipher Feedback mode with shift amount equal to the block size of the
-  # cipher (CFB-n where n is the block size).
-  packet.data # => [decrypted Packet(s) (last one must be a ModificationDetectionCodePacket)]
-  packet.plaintext_data # => [decrypted Packet(s) without the last one (the ModificationDetectionCodePacket)]
-
-  # The symmetric cipher used MUST be specified in a Public-Key or
-  # Symmetric-Key Encrypted Session Key packet that precedes the Symmetrically
-  # Encrypted Data packet.
-  packet.cipher_packet # => a preceding PublicKeyEncryptedSessionKeyPacket or
-                       #    SymmetricKeyEncryptedSessionKeyPacket
-
-  # packet.mdc_packet => the ModificationDetectionCodePacket at the end of its packet.data
-
-  # 5.14. Modification Detection Code Packet (Tag 19)
-  class ModificationDetectionCodePacket; end
-  # - A 20-octet SHA-1 hash of the preceding plaintext data of the
-  # Symmetrically Encrypted Integrity Protected Data packet, including prefix
-  # data, the tag octet, and length octet of the Modification Detection Code
-  # packet.
-  #
-  packet.hash # => SHA1 hash
-  packet.hash_algorithm # => SHA1 allowed only
-
-  # These provide easier user access to the Packet(s)
-  Userid = UserIdPacket;
-  PublicKey = PublicKeyMessage
-  SecretKey = SecretKeyMessage
-
-  # These are the algorithms, for user read-only
-  class PublicKeyAlgorithm; end
-  class SymmetricKeyAlgorithm; end
-  class HashAlgorithm; end
-  class CompressionAlgorithm; end
-  # Not required yet
-  # class Keyring; end
-end
-
-# READING AN EXISTING SECRET KEY
-key = Rnp::SecretKey.import(File.read("privatekey.key"))
-key.passphrase = "xxx" # => non-interactive method of providing passphrase
-key.to_s # => ASCII armored PGP secret key
-key.public_key # => Rnp::PublicKey object
-
-# GENERATING A NEW KEY
-key = Rnp::SecretKey.new
-key.generate(
-  key_length: Integer,
-  public_key_algorithm: PublicKeyAlgorithm::RSA,
-  algorithm_params: { e: Integer }, # content is public_key_algorithm specific
-  userid: String || Userid,
-  hash_algorithm: HashAlgorithm,
-  symmetric_key_algorithm: SymmetricKeyAlgorithm
-)
-# => calls Rnp's
-# pgp_rsa_new_selfsign_key(
-#    const int numbits,
-#    const unsigned long e,
-#    uint8_t *userid,
-#    const char *hashalg,
-#    const char *cipher
-# )
-#
-# Generates the following structure for the SecretKeyMessage:
-# (Note: a User ID certification signature packet is called a self-signature in
-# RFC 4880)
-# [
-#    (a Secret-Key packet) SecretKeyPacketV4 (contains a PublicKeyPacketV4),
-#    (a User ID packet) UserIdPacket with primary_userid set to true,
-#    (a User ID certification signature) SignaturePacket(subpackets: [
-#      type = PositiveCertification
-#      primary_userid = true
-#    ])
-# ]
-#
-# RFC 4880 5.5.2
-# OpenPGP implementations MUST create keys with version 4 format.  V3 keys are
-# deprecated; an implementation MUST NOT generate a V3 key, but MAY accept it.
-key.version # must be 4
-key.secret_key_packet # => its Secret-Key packet
-key.userids # => [] with its User ID packets
-key.userid_signatures # => [] of Signature Packets of its User ID packets
-key.passphrase # sets the passphrase if non-blank
-key.key_id # => key id of key
-key.fingerprint # => fingerprint of key
-
-key.key_length # length of key
-# :rsa
-# https://tools.ietf.org/html/rfc4880#section-13.5
-# An implementation SHOULD NOT implement RSA keys of size less than 1024 bits.
-#
-# :dsa
-# https://tools.ietf.org/html/rfc4880#section-13.6
-# An implementation SHOULD NOT implement DSA keys of size less than 1024 bits.
-# It MUST NOT implement a DSA key with a q size of less than 160 bits.  DSA
-# keys MUST also be a multiple of 64 bits, and the q size MUST be a multiple of
-# 8 bits.  The Digital Signature Standard (DSS) [FIPS186] specifies that DSA be
-# used in one of the following ways:
-#  * 1024-bit key, 160-bit q, SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512 hash
-#  * 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384, or SHA-512 hash
-#  * 2048-bit key, 256-bit q, SHA-256, SHA-384, or SHA-512 hash
-#  * 3072-bit key, 256-bit q, SHA-256, SHA-384, or SHA-512 hash
-#
-# :elgamal # Unsupported in Rnp
-# https://tools.ietf.org/html/rfc4880#section-13.7
-# An implementation SHOULD NOT implement Elgamal keys of size less than 1024
-# bits.
-
-# The "self-signatures": adding requrirements to the key
-userid = key.userids.first
-self_sig = key.userid_signature(userid) # retrieve SignaturePacket for a given Userid
-self_sig.key_flags = [:sign, :cert] # adds to a self-signature packet
-self_sig.preferred_symmetric_algorithms = [
-  SymmetricKeyAlgorithm::Aes256,
-  SymmetricKeyAlgorithm::Aes192,
-  SymmetricKeyAlgorithm::Aes,
-  SymmetricKeyAlgorithm::Cast5
-]
-self_sig.preferred_hash_algorithms = [
-  HashAlgorithm::Sha512,
-  HashAlgorithm::Sha384,
-  HashAlgorithm::Sha256,
-  HashAlgorithm::Sha224
-]
-self_sig.preferred_compression_algorithms = [
-  CompressionAlgorithm::Zlib,
-  CompressionAlgorithm::Bzip2,
-  CompressionAlgorithm::Zip,
-  CompressionAlgorithm::Uncompressed
-]
-
-
-# Adding a subkey
-#
-
-subkey = SecretSubkeyPacketV4.new
-subkey.generate(
-  key_length: Integer,
-  public_key_algorithm: PublicKeyAlgorithm,
-  algorithm_params: { e: Integer }, # content is public_key_algorithm specific
-  userid: String || Userid,
-  hash_algorithm: HashAlgorithm,
-  symmetric_key_algorithm: SymmetricKeyAlgorithm
-)
-subkey_self_sig = Signature.new
-subkey_self_sig.type = SignatureType::SubkeyBinding
-subkey_self_sig.userid = userid
-subkey_self_sig.key_flags = [:encrypt_data, :encrypt_comm, :cert]
-subkey_self_sig.key_expiration_time = DateTime
-subkey_self_sig.creation_time = DateTime
-
-# Adds subkey to key
-key.add_subkey(subkey)
-
-key.subkeys # => [] of SecretSubkeyPacketV4
-key.subkey_signature(subkey) # => SignaturePacket of subkey
-
-# Delegate to self-signature
-key.expiration_time # => time in seconds after key creation time
-key.creation_time # => key generation date in DateTime of key
-key.flags # => [] of key flags
-
-# key is now:
-# [
-#    (a Secret-Key packet) SecretKeyPacketV4 (contains a PublicKeyPacketV4),
-#    (a User ID packet) UserIdPacket with primary_userid set to true,
-#    (a User ID certification signature) SignaturePacket(subpackets: [
-#      type = PositiveCertification
-#      primary_userid = true
-#      key_flags = [:sign, :cert]
-#      preferred_symmetric_algorithms = [
-#        SymmetricKeyAlgorithm::Aes256,
-#        SymmetricKeyAlgorithm::Aes192,
-#        SymmetricKeyAlgorithm::Aes,
-#        SymmetricKeyAlgorithm::Cast5
-#      ]
-#      preferred_hash_algorithms = [
-#        HashAlgorithm::Sha512,
-#        HashAlgorithm::Sha384,
-#        HashAlgorithm::Sha256,
-#        HashAlgorithm::Sha224
-#      ]
-#      preferred_compression_algorithms = [
-#        CompressionAlgorithm::Zlib,
-#        CompressionAlgorithm::Bzip2,
-#        CompressionAlgorithm::Zip,
-#        CompressionAlgorithm::Uncompressed
-#      ]
-#    ])
-#    (a Subkey packet) SecretSubkeyPacketV4 (contains a PublicSubkeyPacketV4),
-#    (a subkey binding signature) SignaturePacket(subpackets: [
-#      type = SubkeyBindingSignature
-#      userid = userid
-#      key_flags = [:encrypt_data, :encrypt_comm, :cert]
-#      key_expiration_time = DateTime
-#      creation_time = DateTime
-#    ]),
-# ]
-
-# Public Key Algorithms
-# https://tools.ietf.org/html/rfc4880#section-9.1
-# https://tools.ietf.org/html/rfc6637#section-5
-# NOTE: Rnp only supports generation of RSA keys (see rsa_generate_keypair()
-# in openssl_crypto.c)
-PublicKeyAlgorithms = [
-  PublicKeyAlgorithm::Rsa, # RFC4880, ID 1, RSA Encrypt or Sign [HAC]
-  PublicKeyAlgorithm::RsaEncryptOnly, # RFC4880, ID 2, RSA Encrypt-Only [HAC]
-  PublicKeyAlgorithm::RsaSignOnly, # RFC4880, ID 3, RSA Sign-Only [HAC]
-  PublicKeyAlgorithm::Elgamal, # RFC4880, ID 16, Elgamal (Encrypt-Only) [ELGAMAL] [HAC]
-  PublicKeyAlgorithm::Dsa, # RFC4880, ID 17, DSA (Digital Signature Algorithm) [FIPS186] [HAC]
-  PublicKeyAlgorithm::Ecdh, # RFC6637, ID 18, ECDH public key algorithm
-  PublicKeyAlgorithm::Ecdsa # RFC6637, ID 19, ECDSA public key algorithm
-]
-# https://tools.ietf.org/html/rfc4880#section-13.5
-# There are algorithm types for RSA Sign-Only, and RSA Encrypt-Only keys.
-# These types are deprecated.  The "key flags" subpacket in a signature is a
-# much better way to express the same idea, and generalizes it to all
-# algorithms.  An implementation SHOULD NOT create such a key, but MAY
-# interpret it.
-# => Do not allow generation of :rsa_e or :rsa_s keys
-
-# Symmetric Key Algorithms
-# https://tools.ietf.org/html/rfc4880#section-9.2
-# https://tools.ietf.org/html/rfc5581#section-3
-# NOTE: Rnp only supports:
-#	{	"cast5",		PGP_SA_CAST5		},
-#	{	"idea",			PGP_SA_IDEA		},
-#	{	"aes128",		PGP_SA_AES_128		},
-#	{	"aes256",		PGP_SA_AES_256		},
-#	{	"camellia128",		PGP_SA_CAMELLIA_128	},
-#	{	"camellia256",		PGP_SA_CAMELLIA_256	},
-#	{	"tripledes",		PGP_SA_TRIPLEDES	},
-#	{	NULL,			0			}
-SymmetricKeyAlgorithms = [
-  SymmetricKeyAlgorithm::None, #RFC4880, ID 0, Plaintext or unencrypted data
-  SymmetricKeyAlgorithm::Idea, #RFC4880, ID 1, IDEA [IDEA]
-  SymmetricKeyAlgorithm::Tripledes, #RFC4880, ID 2, TripleDES (DES-EDE, [SCHNEIER] [HAC], 168 bit key derived from 192)
-  SymmetricKeyAlgorithm::Cast5, #RFC4880, ID 3, CAST5 (128 bit key, as per [RFC2144])
-  SymmetricKeyAlgorithm::Blowfish, #RFC4880, ID 4, Blowfish (128 bit key, 16 rounds) [BLOWFISH]
-  SymmetricKeyAlgorithm::Aes128, #RFC4880, ID 7, AES with 128-bit key [AES]
-  SymmetricKeyAlgorithm::Aes192, #RFC4880, ID 8, AES with 192-bit key
-  SymmetricKeyAlgorithm::Aes256, #RFC4880, ID 9, AES with 256-bit key
-  SymmetricKeyAlgorithm::Blowfish256, #RFC4880, ID 10, Twofish with 256-bit key [TWOFISH]
-  SymmetricKeyAlgorithm::Camellia128, #RFC4880, ID 11, Camellia with 128-bit key
-  SymmetricKeyAlgorithm::Camellia192, #RFC4880, ID 12, Camellia with 192-bit key
-  SymmetricKeyAlgorithm::Camellia256 #RFC4880, ID 13, Camellia with 256-bit key
-]
-
-# Hash Algorithms
-# https://tools.ietf.org/html/rfc4880#section-9
-# NOTE: Rnp only supports
-# case PGP_HASH_MD5:
-# case PGP_HASH_SHA1:
-# case PGP_HASH_SHA256:
-# case PGP_HASH_SHA384:
-# case PGP_HASH_SHA512:
-# case PGP_HASH_SHA224:
-HashAlgorithms = [
-  HashAlgorithms::Md5, # RFC4880, ID 1, MD5 [HAC] Text: "MD5",
-  HashAlgorithms::Sha1, # RFC4880, ID 2, SHA-1 [FIPS180] Text: "SHA1"
-  HashAlgorithms::Ripemd160, # RFC4880, ID 3, RIPE-MD/160 [HAC] Text: "RIPEMD160"
-  HashAlgorithms::Sha256, # RFC4880, ID 8, SHA256 [FIPS180] Text: "SHA256"
-  HashAlgorithms::Sha384, # RFC4880, ID 9, SHA384 [FIPS180] Text: "SHA384"
-  HashAlgorithms::Sha512, # RFC4880, ID 10, SHA512 [FIPS180] Text: "SHA512"
-  HashAlgorithms::Sha224 # RFC4880, ID 11, SHA224 [FIPS180] Text: "SHA224"
-]
-
-# Compression Algorithms
-# https://tools.ietf.org/html/rfc4880#section-9.3
-# NOTE: Rnp supports all three
-# case PGP_C_ZIP:
-# case PGP_C_ZLIB:
-# case PGP_C_BZIP2:
-CompressionAlgorithms = [
-  CompressionAlgorithm::Uncompressed || :nil, # RFC4880, ID 0, Uncompressed
-  CompressionAlgorithm::Zip, # RFC4880, ID 1, ZIP [RFC1951]
-  CompressionAlgorithm::Zlib, # RFC4880, ID 2, ZLIB [RFC1950]
-  CompressionAlgorithm::Bzip2 # RFC4880, ID 3, BZip2 [BZ2]
-]
-
-
-# Verifying a PGP message
-public_key.verify(message.signature, message.content)
-secret_key.verify(message.signature, message.content)
-
-# USER ID methods
-# A User ID is the 'name-addr' specified in RFC 2822 3.4
-# https://tools.ietf.org/html/rfc2822#section-3.4
-userid = key.userids.first
-# Note: Rnp pgp_get_userid
-userid = Rnp::Userid.new(address: "joshuac@mail.net", name: "Josiah Carberry")
-userid.address # => address of user id
-userid.name # => name of user id
-userid.to_s # => "Josiah Carberry <joshuac@mail.net>"
-userid.primary_userid # => RFC 4880 5.2.3.19 is this the Primary User ID of a key? Only when userid is associated with key.
-
-key.userids << userid # adds Rnp::Userid packet to a Message
-# Note: Rnp pgp_add_userid
-
-# SIGNATURE METHODS
-signature = Rnp::Signature.import("detached_ascii_pgp_signature")
-signature.verify(key, data)
-
-# MESSAGE METHODS
-message = Rnp::OpenPgpMessage.new
-# Importing from ASCII armored PGP message
-message.import_ascii(File.read("ascii_armored_pgp_message.txt"))
-# Importing unarmored content
-message.import_raw(File.read("base64_portion_of_multipart_email.eml"))
-message.packets # => [] of Rnp::Packet objects
-message.signature # => signature of message in Rnp::Signature
-message.signer_userid # => signer in Rnp::Userid
-message.signed? # => is message signed?
-message.encrypted? # => is message encrypted?
-message.decrypt(key) # => decrypt content of message
-message.content # => decrypted content of message
-
-# Plaintext OpenPGP message
-plaintext_data = File.read("plaintext.txt")
-literal_message = LiteralMessage.new(plaintext_data) # automatically creates a LiteralDataPacket inside
-
-# Signed OpenPGP message
-message = SignedMessage.new(literal_message)
-message.content = literal_message # alternative to above
-message.key = SecretKey
-message.sign # => SignedMessage [SignaturePacket, LiteralMessage]
-
-# Or
-message = OnePassSignedMessage.new(
-  signature_type: PositiveCertification,
-  hash_algorithm: HashAlgorithm,
-  public_key_algorithm: PublicKeyAlgorithm,
-  key: SecretKey || PublicKey,
-  content: literal_message
-) # => OnePassSignedMessage is an OpenPgpMessage
-message.to_s # ASCII armored message
-
-# Or
-message = SignedMessage.new
-# Automatically creates a LiteralMessage, which contains a Literal Data Packet
-message.content = plaintext_data
-message.key = SecretKey
-message.signature_type = PositiveCertification
-message.hash_algorithm = HashAlgorithm
-message.public_key_algorithm = PublicKeyAlgorithm
-
-# Encrypted OpenPGP message
-message = EncryptedMessage.new
-message.key = YourPublicKey
-message.public_key_algorithm = PublicKeyAlgorithm
-# Automatically creates this:
-# EncryptedMessage (
-#   EncryptedSessionKeySequence (
-#     EncryptedSessionKey (
-#       PublicKeyEncryptedSessionKeyPacket
-#     ),
-#     EncryptedData (
-#       SymmetricallyEncryptedIntegrityProtectedDataPacket (
-#         LiteralPacket(plaintext_data)
-#       )
-#     )
-#   )
-# )
-message.content = plaintext_data
-
-
-# ALGORITHM METHODS
-algo = message.public_key_algorithm # => public key algorithm in Rnp::PublicKeyAlgorithm format
-algo.name # => name of algo, e.g., RSA
-algo.parameters # => parameters of algo used, e.g., RSA parameters (RFC 4880 Algorithm Specific Fields)
-