rnp 1.0.4 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6e6b754a124b29c8d9d1295ec0266d0ae8d8e435ba7b5d4680b693ad510304eb
-  data.tar.gz: 8c78644be51833b9c033b6d53da65f4a462b5d659a0895428da5a018b50900cc
+  metadata.gz: ebe16f6b1b161add02098e6bdb70f5401026a0cb31c695c44943d3432b0a1e85
+  data.tar.gz: 10a352991a433807dcd8484931bfc3d6745c86202d23d22b1cc8aa09dd9e848a
 SHA512:
-  metadata.gz: d871d7dc55944ab5d0415b057ec02fbc3eadee97dd9d27f5c080e1eb675aa3b4fd82975b30ec9113c3267094b2c8db23a567434a538c2bcb2f700a4caea59558
-  data.tar.gz: 6cabf921b333256316531dcc98032cf2b8a878ef9fdaefdb678161e0faf1b68106669ce3e77c689c272ede779f847146db4f47d86fbe601f55f9e6174122f3e3
+  metadata.gz: f5bace27a94afc5fa1c39e25e4c52f020ff3256279f420bf9f0e56010799e10200202afaaebb4fec054e7c7f327e09eac0a10212c08ef4acf0c0251c589873db
+  data.tar.gz: 9cbdb7ec9bc7f6db9ee0ad237fc66b37aae56712aff023cee2c508b502ccec86027867e39dd8e6b134160a94178c56b0e244f9cfdfbae67434c7f075b15ad5cd

data/CHANGELOG.adoc

@@ -1,5 +1,9 @@
 == Changelog
 
+=== 1.0.5 [20-03-2023]
+* Rub GHA tests for Ruby 2.7, 3.0, 3.1, 3.2, head
+  and different rnp versions
+
 === 1.0.4 [09-16-2018]
 * Add support for rnp 0.11.0+. Tests will now only pass
   with this version.
@@ -17,4 +21,3 @@
 
 === 1.0.0 [05-01-2018]
 * Completely rewritten for RNP's new FFI.
-

data/README.adoc

@@ -1,12 +1,16 @@
 = Ruby RNP bindings
 
-image:https://img.shields.io/travis/riboseinc/ruby-rnp/master.svg["Build Status", link="https://travis-ci.org/riboseinc/ruby-rnp"]
-image:https://codecov.io/github/riboseinc/ruby-rnp/coverage.svg["Code Coverage", link="https://codecov.io/github/riboseinc/ruby-rnp?branch=master"]
+image:https://github.com/rnpgp/ruby-rnp/actions/workflows/tests.yml/badge.svg["Build Status", link="https://github.com/rnpgp/ruby-rnp/actions/workflows/tests.yml"]
+image:https://codecov.io/github/rnpgp/ruby-rnp/coverage.svg["Code Coverage", link="https://codecov.io/github/rnpgp/ruby-rnp?branch=master"]
 
 The `rnp` gem provides Ruby bindings to the
-https://github.com/riboseinc/rnp[librnp OpenPGP library].
+https://github.com/rnpgp/rnp[librnp OpenPGP library].
 
-Documentation is available on https://www.rubydoc.info/github/riboseinc/ruby-rnp/[RubyDoc].
+Documentation is available on https://www.rubydoc.info/github/rnpgp/ruby-rnp/master/[RubyDoc].
+
+== Requirements
+
+This gem currently requires https://github.com/rnpgp/rnp[librnp] 0.10.0 or newer.
 
 == Installation
 
@@ -28,4 +32,3 @@ Or install it yourself as:
 ----
 gem install rnp
 ----
-

data/lib/rnp/ffi/librnp.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# (c) 2018 Ribose Inc.
+# (c) 2018-2020 Ribose Inc.
 
 require 'ffi'
 
@@ -9,7 +9,156 @@ require 'rnp/error'
 # @api private
 module LibRnp
   extend FFI::Library
-  ffi_lib %w[rnp-0 rnp]
+
+  LOCAL_LIBRNP = File.join(File.dirname(__FILE__), FFI.map_library_name("rnp"))
+
+  ffi_lib [LOCAL_LIBRNP, "rnp-0", "rnp"]
+
+  # some newer APIs that may not be present
+  {
+    # key export
+    rnp_key_export: [%i[pointer pointer uint32], :uint32],
+    # enarmor/dearmor
+    rnp_enarmor: [%i[pointer pointer pointer], :uint32],
+    rnp_dearmor: [%i[pointer pointer], :uint32],
+    # versioning
+    rnp_version_string: [%i[], :string],
+    rnp_version_string_full: [%i[], :string],
+    rnp_version: [%i[], :uint32],
+    rnp_version_for: [%i[uint32 uint32 uint32], :uint32],
+    rnp_version_major: [%i[uint32], :uint32],
+    rnp_version_minor: [%i[uint32], :uint32],
+    rnp_version_patch: [%i[uint32], :uint32],
+    # unload keys
+    rnp_unload_keys: [%i[pointer uint32], :uint32],
+    # remove key
+    rnp_key_remove: [%i[pointer uint32], :uint32],
+    # key properties
+    rnp_key_get_subkey_count: [%i[pointer pointer], :uint32],
+    rnp_key_get_subkey_at: [%i[pointer int pointer], :uint32],
+    rnp_key_get_alg: [%i[pointer pointer], :uint32],
+    rnp_key_get_bits: [%i[pointer pointer], :uint32],
+    rnp_key_get_dsa_qbits: [%i[pointer pointer], :uint32],
+    rnp_key_get_curve: [%i[pointer pointer], :uint32],
+    rnp_key_allows_usage: [%i[pointer string pointer], :uint32],
+    # packet dumping
+    rnp_key_packets_to_json: [%i[pointer bool uint32 pointer], :uint32],
+    rnp_dump_packets_to_json: [%i[pointer uint32 pointer], :uint32],
+    # aead
+    rnp_op_encrypt_set_aead: [%i[pointer string], :uint32],
+    # key generation (op)
+    rnp_op_generate_create: [%i[pointer pointer string], :uint32],
+    rnp_op_generate_subkey_create: [%i[pointer pointer pointer string],
+                                    :uint32],
+    rnp_op_generate_set_bits: [%i[pointer uint32], :uint32],
+    rnp_op_generate_set_hash: [%i[pointer string], :uint32],
+    rnp_op_generate_set_dsa_qbits: [%i[pointer uint32], :uint32],
+    rnp_op_generate_set_curve: [%i[pointer string], :uint32],
+    rnp_op_generate_set_protection_password: [%i[pointer string], :uint32],
+    rnp_op_generate_set_protection_cipher: [%i[pointer string], :uint32],
+    rnp_op_generate_set_protection_hash: [%i[pointer string], :uint32],
+    rnp_op_generate_set_protection_mode: [%i[pointer string], :uint32],
+    rnp_op_generate_set_protection_iterations: [%i[pointer uint32], :uint32],
+    rnp_op_generate_add_usage: [%i[pointer string], :uint32],
+    rnp_op_generate_clear_usage: [%i[pointer], :uint32],
+    rnp_op_generate_set_userid: [%i[pointer string], :uint32],
+    rnp_op_generate_set_expiration: [%i[pointer uint32], :uint32],
+    rnp_op_generate_add_pref_hash: [%i[pointer string], :uint32],
+    rnp_op_generate_clear_pref_hashes: [%i[pointer], :uint32],
+    rnp_op_generate_add_pref_compression: [%i[pointer string], :uint32],
+    rnp_op_generate_clear_pref_compression: [%i[pointer], :uint32],
+    rnp_op_generate_add_pref_cipher: [%i[pointer string], :uint32],
+    rnp_op_generate_clear_pref_ciphers: [%i[pointer], :uint32],
+    rnp_op_generate_set_pref_keyserver: [%i[pointer pointer], :uint32],
+    rnp_op_generate_execute: [%i[pointer], :uint32],
+    rnp_op_generate_get_key: [%i[pointer pointer], :uint32],
+    rnp_op_generate_destroy: [%i[pointer], :uint32],
+    # key generation (shortcuts)
+    rnp_generate_key_rsa: [%i[pointer uint32 uint32 string string pointer],
+                           :uint32],
+    rnp_generate_key_dsa_eg: [%i[pointer uint32 uint32 string string pointer],
+                              :uint32],
+    rnp_generate_key_ec: [%i[pointer string string string pointer], :uint32],
+    rnp_generate_key_25519: [%i[pointer string string pointer], :uint32],
+    rnp_generate_key_sm2: [%i[pointer string string pointer], :uint32],
+    rnp_generate_key_ex: [%i[pointer string string uint32 uint32 string string
+                             string string pointer], :uint32],
+    rnp_calculate_iterations: [%i[string size_t pointer], :uint32],
+    # debugging
+    rnp_enable_debug: [%i[pointer], :uint32],
+    rnp_disable_debug: [%i[], :uint32],
+    # guess contents
+    rnp_guess_contents: [%i[pointer pointer], :uint32],
+    # features
+    rnp_supports_feature: [%i[string string pointer], :uint32],
+    rnp_supported_features: [%i[string pointer], :uint32],
+    # key revocation
+    rnp_key_is_revoked: [%i[pointer pointer], :uint32],
+    rnp_key_is_compromised: [%i[pointer pointer], :uint32],
+    rnp_key_is_retired: [%i[pointer pointer], :uint32],
+    rnp_key_is_superseded: [%i[pointer pointer], :uint32],
+    rnp_key_get_revocation_reason: [%i[pointer pointer], :uint32],
+    # signatures
+    rnp_key_get_signature_count: [%i[pointer pointer], :uint32],
+    rnp_key_get_signature_at: [%i[pointer size_t pointer], :uint32],
+    rnp_signature_get_alg: [%i[pointer pointer], :uint32],
+    rnp_signature_get_hash_alg: [%i[pointer pointer], :uint32],
+    rnp_signature_get_creation: [%i[pointer pointer], :uint32],
+    rnp_signature_get_keyid: [%i[pointer pointer], :uint32],
+    rnp_signature_get_signer: [%i[pointer pointer], :uint32],
+    rnp_signature_packet_to_json: [%i[pointer uint32 pointer], :uint32],
+    rnp_signature_handle_destroy: [%i[pointer], :uint32],
+    rnp_op_verify_signature_get_handle: [%i[pointer pointer], :uint32],
+    # key uids
+    rnp_key_get_uid_handle_at: [%i[pointer size_t pointer], :uint32],
+    rnp_uid_is_revoked: [%i[pointer pointer], :uint32],
+    rnp_uid_handle_destroy: [%i[pointer], :uint32],
+    rnp_uid_get_signature_count: [%i[pointer pointer], :uint32],
+    rnp_uid_get_signature_at: [%i[pointer size_t pointer], :uint32],
+    # key properties
+    rnp_key_get_creation: [%i[pointer pointer], :uint32],
+    rnp_key_get_expiration: [%i[pointer pointer], :uint32],
+    rnp_key_get_primary_grip: [%i[pointer pointer], :uint32],
+    # output
+    rnp_output_write: [%i[pointer pointer size_t pointer], :uint32],
+    # import
+    rnp_import_keys: [%i[pointer pointer uint32 pointer], :uint32],
+    rnp_import_signatures: [%i[pointer pointer uint32 pointer], :uint32],
+  }.each do |name, signature|
+    present = !ffi_libraries[0].find_function(name.to_s).nil?
+    if !present
+      class_eval do
+        define_singleton_method(name) do |*|
+          raise Rnp::FeatureNotAvailableError, name
+        end
+      end
+    else
+      attach_function name, signature[0], signature[1]
+    end
+    class_eval do
+      const_set("HAVE_#{name.upcase}", present)
+    end
+  end
+
+  if ffi_libraries[0].find_function('rnp_version_commit_timestamp')
+    attach_function :rnp_version_commit_timestamp, [], :uint64
+  else
+    def self.rnp_version_commit_timestamp
+      0
+    end
+  end
+
+  if HAVE_RNP_VERSION && (rnp_version >= rnp_version_for(0, 14, 0) ||
+                         rnp_version_commit_timestamp >= 1585833163)
+    callback        :rnp_input_reader_t,
+                    %i[pointer pointer size_t pointer],
+                    :bool
+  else
+    callback        :rnp_input_reader_t,
+                    %i[pointer pointer size_t],
+                    :ssize_t
+  end
+
 
   callback        :rnp_get_key_cb,
                   %i[pointer pointer string string bool],
@@ -17,9 +166,6 @@ module LibRnp
   callback        :rnp_password_cb,
                   %i[pointer pointer pointer string pointer size_t],
                   :bool
-  callback        :rnp_input_reader_t,
-                  %i[pointer pointer size_t],
-                  :ssize_t
   callback        :rnp_output_writer_t,
                   %i[pointer pointer size_t],
                   :bool
@@ -289,37 +435,6 @@ module LibRnp
                   %i[pointer],
                   :uint32
 
-  # some newer APIs that may not be present
-  {
-    # key export
-    rnp_key_export: [%i[pointer pointer uint32], :uint32],
-    # enarmor/dearmor
-    rnp_enarmor: [%i[pointer pointer pointer], :uint32],
-    rnp_dearmor: [%i[pointer pointer], :uint32],
-    # versioning
-    rnp_version_string: [%i[], :string],
-    rnp_version_string_full: [%i[], :string],
-    rnp_version: [%i[], :uint32],
-    rnp_version_for: [%i[uint32 uint32 uint32], :uint32],
-    rnp_version_major: [%i[uint32], :uint32],
-    rnp_version_minor: [%i[uint32], :uint32],
-    rnp_version_patch: [%i[uint32], :uint32]
-  }.each do |name, signature|
-    present = ffi_libraries[0].find_function(name.to_s)
-    if !present
-      class_eval do
-        define_singleton_method(name) do |*|
-          raise Rnp::FeatureNotAvailableError, name
-        end
-      end
-    else
-      attach_function name, signature[0], signature[1]
-    end
-    class_eval do
-      const_set("HAVE_#{name.upcase}", present)
-    end
-  end
-
   RNP_KEY_EXPORT_ARMORED = (1 << 0)
   RNP_KEY_EXPORT_PUBLIC =  (1 << 1)
   RNP_KEY_EXPORT_SECRET =  (1 << 2)
@@ -328,11 +443,21 @@ module LibRnp
   RNP_LOAD_SAVE_PUBLIC_KEYS = (1 << 0)
   RNP_LOAD_SAVE_SECRET_KEYS = (1 << 1)
 
+  RNP_KEY_UNLOAD_PUBLIC = (1 << 0)
+  RNP_KEY_UNLOAD_SECRET = (1 << 1)
+
+  RNP_KEY_REMOVE_PUBLIC = (1 << 0)
+  RNP_KEY_REMOVE_SECRET = (1 << 1)
+
   RNP_JSON_PUBLIC_MPIS = (1 << 0)
   RNP_JSON_SECRET_MPIS = (1 << 1)
   RNP_JSON_SIGNATURES = (1 << 2)
   RNP_JSON_SIGNATURE_MPIS = (1 << 3)
 
+  RNP_JSON_DUMP_MPI = (1 << 0)
+  RNP_JSON_DUMP_RAW = (1 << 1)
+  RNP_JSON_DUMP_GRIP = (1 << 2)
+
   RNP_SUCCESS = 0
   RNP_ERROR_BAD_FORMAT =        0x10000001
   RNP_ERROR_SIGNATURE_INVALID = 0x12000002

data/lib/rnp/input.rb

@@ -9,6 +9,7 @@ require 'ffi'
 require 'rnp/error'
 require 'rnp/ffi/librnp'
 require 'rnp/utils'
+require 'rnp/misc'
 
 class Rnp
   # Class used to feed data into RNP.
@@ -74,16 +75,35 @@ class Rnp
     end
 
     # @api private
-    READER = lambda do |reader, _ctx, buf, buf_len|
-      begin
-        data = reader.call(buf_len)
-        return 0 unless data
-        raise Rnp::Error, 'Read exceeded buffer size' if data.size > buf_len
-        buf.write_bytes(data)
-        return data.size
-      rescue
-        puts $ERROR_INFO
-        return -1
+    if Rnp.has?("input-reader-cb-no-ssize_t")
+      READER = lambda do |reader, _ctx, buf, buf_len, nread|
+        begin
+          data = reader.call(buf_len)
+          datasz = 0
+          if !data.nil?
+            datasz = data.size unless data.nil?
+            raise Rnp::Error, 'Read exceeded buffer size' if datasz > buf_len
+            buf.write_bytes(data) unless data.nil?
+          end
+          nread.write(:size_t, datasz)
+          return true
+        rescue
+          puts $ERROR_INFO
+          return false
+        end
+      end
+    else
+      READER = lambda do |reader, _ctx, buf, buf_len|
+        begin
+          data = reader.call(buf_len)
+          return 0 unless data
+          raise Rnp::Error, 'Read exceeded buffer size' if data.size > buf_len
+          buf.write_bytes(data)
+          return data.size
+        rescue
+          puts $ERROR_INFO
+          return -1
+        end
       end
     end
 

data/lib/rnp/key.rb

@@ -1,12 +1,13 @@
 # frozen_string_literal: true
 
-# (c) 2018 Ribose Inc.
+# (c) 2018-2020 Ribose Inc.
 
 require 'ffi'
 
 require 'rnp/error'
 require 'rnp/ffi/librnp'
 require 'rnp/utils'
+require 'rnp/userid'
 
 class Rnp
   # Class that represents a PGP key (potentially encompassing both the public
@@ -59,6 +60,13 @@ class Rnp
       string_property(:rnp_key_get_grip)
     end
 
+    # Get the primary grip of the key (for subkeys)
+    #
+    # @return [String]
+    def primary_grip
+      string_property(:rnp_key_get_primary_grip)
+    end
+
     # Get the primary userid of the key
     #
     # @return [String]
@@ -82,6 +90,38 @@ class Rnp
       each_userid.to_a
     end
 
+    # Enumerate each {UserID} for this key.
+    #
+    # @return [self, Enumerator]
+    def each_uid(&block)
+      block or return enum_for(:uid_iterator)
+      uid_iterator(&block)
+      self
+    end
+
+    # Get a list of {UserID}s for this key.
+    #
+    # @return [Array<UserID>]
+    def uids
+      each_uid.to_a
+    end
+
+    # Enumerate each {Signature} for this key.
+    #
+    # @return [self, Enumerator]
+    def each_signature(&block)
+      block or return enum_for(:signature_iterator)
+      signature_iterator(&block)
+      self
+    end
+
+    # Get a list of {Signature}s for this key.
+    #
+    # @return [Array<Signature>]
+    def signatures
+      each_signature.to_a
+    end
+
     # Add a userid to a key.
     #
     # @param userid [String] the userid to add
@@ -265,6 +305,134 @@ class Rnp
       end
     end
 
+    # Unload this key.
+    #
+    # @note When both the public and secret portions of this key have been
+    # unloaded, you should no longer interact with this object.
+    #
+    # @param unload_public [Boolean] if true then the public key will be
+    #   unloaded
+    # @param unload_secret [Boolean] if true then the secret  key will be
+    #   unloaded
+    # @return [void]
+    def unload(unload_public: true, unload_secret: true)
+      flags = 0
+      flags |= LibRnp::RNP_KEY_REMOVE_PUBLIC if unload_public
+      flags |= LibRnp::RNP_KEY_REMOVE_SECRET if unload_secret
+      Rnp.call_ffi(:rnp_key_remove, @ptr, flags)
+    end
+
+    # Enumerate each subkey for this key.
+    #
+    # @return [self, Enumerator]
+    def each_subkey(&block)
+      block or return enum_for(:subkey_iterator)
+      subkey_iterator(&block)
+      self
+    end
+
+    # Get a list of all subkeys for this key.
+    #
+    # @return [Array<Key>]
+    def subkeys
+      each_subkey.to_a
+    end
+
+    # Get the type of this key (RSA, etc).
+    #
+    # @return [String]
+    def type
+      string_property(:rnp_key_get_alg)
+    end
+
+    # Get the bit length for this key.
+    #
+    # @return [Integer]
+    def bits
+      pbits = FFI::MemoryPointer.new(:uint32)
+      Rnp.call_ffi(:rnp_key_get_bits, @ptr, pbits)
+      pbits.read(:uint32)
+    end
+
+    # Get the bit length for the q parameter of this DSA key.
+    #
+    # @return [Integer]
+    def qbits
+      pbits = FFI::MemoryPointer.new(:uint32)
+      Rnp.call_ffi(:rnp_key_get_dsa_qbits, @ptr, pbits)
+      pbits.read(:uint32)
+    end
+
+    # Get the curve of this EC key.
+    #
+    # @return [String]
+    def curve
+      string_property(:rnp_key_get_curve)
+    end
+
+    # Query whether this key can be used to perform a certain operation.
+    #
+    # @param op [String,Symbol] the operation to query (sign, etc)
+    # @return [Boolean]
+    def can?(op)
+      pvalue = FFI::MemoryPointer.new(:bool)
+      Rnp.call_ffi(:rnp_key_allows_usage, @ptr, op.to_s, pvalue)
+      pvalue.read(:bool)
+    end
+
+    # Check if this has been revoked.
+    #
+    # @return [Boolean]
+    def revoked?
+      bool_property(:rnp_key_is_revoked)
+    end
+
+    # Check if this revoked key's material was compromised.
+    #
+    # @return [Boolean]
+    def compromised?
+      bool_property(:rnp_key_is_compromised)
+    end
+
+    # Check if this revoked key was retired.
+    #
+    # @return [Boolean]
+    def retired?
+      bool_property(:rnp_key_is_retired)
+    end
+
+    # Check if this revoked key was superseded by another key.
+    #
+    # @return [Boolean]
+    def superseded?
+      bool_property(:rnp_key_is_superseded)
+    end
+
+    # Retrieve the reason for revoking this key, if any.
+    #
+    # @return [String]
+    def revocation_reason
+      string_property(:rnp_key_get_revocation_reason)
+    end
+
+    # Retrieve the creation time of the key
+    #
+    # @return [Time]
+    def creation_time
+      ptime = FFI::MemoryPointer.new(:uint32)
+      Rnp.call_ffi(:rnp_key_get_creation, @ptr, ptime)
+      Time.at(ptime.read(:uint32))
+    end
+
+    # Retrieve the expiration time of the key
+    #
+    # @return [Time]
+    def expiration_time
+      ptime = FFI::MemoryPointer.new(:uint32)
+      Rnp.call_ffi(:rnp_key_get_expiration, @ptr, ptime)
+      Time.at(ptime.read(:uint32))
+    end
+
     private
 
     def string_property(func)
@@ -313,6 +481,40 @@ class Rnp
       end
     end
 
+    def uid_iterator
+      pcount = FFI::MemoryPointer.new(:size_t)
+      Rnp.call_ffi(:rnp_key_get_uid_count, @ptr, pcount)
+      count = pcount.read(:size_t)
+      pptr = FFI::MemoryPointer.new(:pointer)
+      (0...count).each do |i|
+        Rnp.call_ffi(:rnp_key_get_uid_handle_at, @ptr, i, pptr)
+        begin
+          phandle = pptr.read_pointer
+          puserid = nil
+          next if phandle.nil?
+          Rnp.call_ffi(:rnp_key_get_uid_at, @ptr, i, pptr)
+          puserid = pptr.read_pointer
+          yield UserID.new(phandle, puserid.read_string) unless puserid.null?
+          phandle = nil
+        ensure
+          LibRnp.rnp_uid_handle_destroy(phandle)
+          LibRnp.rnp_buffer_destroy(puserid)
+        end
+      end
+    end
+
+    def signature_iterator
+      pcount = FFI::MemoryPointer.new(:size_t)
+      Rnp.call_ffi(:rnp_key_get_signature_count, @ptr, pcount)
+      count = pcount.read(:size_t)
+      pptr = FFI::MemoryPointer.new(:pointer)
+      (0...count).each do |i|
+        Rnp.call_ffi(:rnp_key_get_signature_at, @ptr, i, pptr)
+        psig = pptr.read_pointer
+        yield Signature.new(psig) unless psig.null?
+      end
+    end
+
     def export(public_key: false, secret_key: false, with_subkeys: false, armored: true, output: nil)
       flags = 0
       flags |= LibRnp::RNP_KEY_EXPORT_ARMORED if armored
@@ -321,6 +523,20 @@ class Rnp
       flags |= LibRnp::RNP_KEY_EXPORT_SUBKEYS if with_subkeys
       Rnp.call_ffi(:rnp_key_export, @ptr, output.ptr, flags)
     end
+
+    def subkey_iterator
+      pcount = FFI::MemoryPointer.new(:size_t)
+      Rnp.call_ffi(:rnp_key_get_subkey_count, @ptr, pcount)
+      count = pcount.read(:size_t)
+      pptr = FFI::MemoryPointer.new(:pointer)
+      (0...count).each do |i|
+        Rnp.call_ffi(:rnp_key_get_subkey_at, @ptr, i, pptr)
+        begin
+          psubkey = pptr.read_pointer
+          yield Rnp::Key.new(psubkey) unless psubkey.null?
+        end
+      end
+    end
   end # class
 end # class