refactor: rename incorrectly named variables in create_keypair

Encryption subkey is incorrectly referred to as public key in variable names. This is incorrect because generated encryption key is secret too just as the signing primary key. Generated OpenPGP secret key consists of primary signing key and encryption subkey. Then OpenPGP public key consisting of the primary signing public key and encryption public key is generated. Keypair consists of the secret OpenPGP key and public OpenPGP key, each of them has a primary key and subkey inside.
deltachat · Feb 17, 2024 · 660cfd4 · 660cfd4
1 parent 7a1270f
commit 660cfd4
Showing 1 changed file with 18 additions and 14 deletions.
diff --git a/src/pgp.rs b/src/pgp.rs
@@ -138,16 +138,19 @@ pub struct KeyPair {
 }
 
 /// Create a new key pair.
+///
+/// Both secret and public key consist of signing primary key and encryption subkey
+/// as [described in the Autocrypt standard](https://autocrypt.org/level1.html#openpgp-based-key-data).
 pub(crate) fn create_keypair(addr: EmailAddress, keygen_type: KeyGenType) -> Result<KeyPair> {
-    let (secret_key_type, public_key_type) = match keygen_type {
+    let (signing_key_type, encryption_key_type) = match keygen_type {
         KeyGenType::Rsa2048 => (PgpKeyType::Rsa(2048), PgpKeyType::Rsa(2048)),
         KeyGenType::Rsa4096 => (PgpKeyType::Rsa(4096), PgpKeyType::Rsa(4096)),
         KeyGenType::Ed25519 | KeyGenType::Default => (PgpKeyType::EdDSA, PgpKeyType::ECDH),
     };
 
     let user_id = format!("<{addr}>");
     let key_params = SecretKeyParamsBuilder::default()
-        .key_type(secret_key_type)
+        .key_type(signing_key_type)
         .can_create_certificates(true)
         .can_sign(true)
         .primary_user_id(user_id)
@@ -170,35 +173,36 @@ pub(crate) fn create_keypair(addr: EmailAddress, keygen_type: KeyGenType) -> Res
         ])
         .subkey(
             SubkeyParamsBuilder::default()
-                .key_type(public_key_type)
+                .key_type(encryption_key_type)
                 .can_encrypt(true)
                 .passphrase(None)
                 .build()
                 .context("failed to build subkey parameters")?,
         )
         .build()
-        .context("invalid key params")?;
-    let key = key_params.generate().context("invalid params")?;
-    let private_key = key
+        .context("failed to build key parameters")?;
+
+    let secret_key = key_params
+        .generate()
+        .context("failed to generate the key")?
         .sign(|| "".into())
         .context("failed to sign secret key")?;
+    secret_key
+        .verify()
+        .context("invalid secret key generated")?;
 
-    let public_key = private_key.public_key();
-    let public_key = public_key
-        .sign(&private_key, || "".into())
+    let public_key = secret_key
+        .public_key()
+        .sign(&secret_key, || "".into())
         .context("failed to sign public key")?;
-
-    private_key
-        .verify()
-        .context("invalid private key generated")?;
     public_key
         .verify()
         .context("invalid public key generated")?;
 
     Ok(KeyPair {
         addr,
         public: public_key,
-        secret: private_key,
+        secret: secret_key,
     })
 }