fn add_system_wide_openpgp_certificates(
nethsm: &NetHsm,
admin_credentials: &AdminCredentials,
users: &[UserMapping],
) -> Result<(), Error>Expand description
Adds OpenPGP certificates for system-wide keys that are used for OpenPGP signing.
§Note
It is assumed that the default
R-Administrator, all system-wide keys and all
system-wide non-administrative users are already set up, before calling this function
(see add_system_wide_admins, add_system_wide_keys and add_non_administrative_users,
respectively).
This function uses the nethsm with the default
R-Administrator, but may switch to a
system-wide, non-administrative user for individual operations.
If this function succeeds, the nethsm is guaranteed to use the default
R-Administrator again.
If this function fails, the nethsm may still use a system-wide, non-administrative user.
This function does not overwrite or alter existing OpenPGP certificates, as this would introduce inconsistencies between signatures created with a previous version of a certificate and those created with a new version of the certificate, which is hard to debug.
§Errors
Returns an error if
- using the default R-Administrator fails,
- retrieving the names of all system-wide users fails,
- retrieving the names of all system-wide keys fails,
- a user used for OpenPGP signing does not exist,
- the tags assigned to a user cannot be retrieved from the
nethsm, - a user used for OpenPGP signing does not have a required tag,
- a key used for OpenPGP signing does not exist,
- the tags assigned to a key cannot be retrieved from the
nethsm, - a key used for OpenPGP signing does not have a required tag,
- the key setup for a key used for OpenPGP signing does not have at least one User ID,
- the user assigned the same tag as the key that is used for OpenPGP signing cannot be used to create an OpenPGP certificate for the key,
- or the default R-Administrator cannot be used to import the generated OpenPGP certificate for the key.