pub fn merge_openpgp_certificates(
old_certificate: SignedPublicKey,
new_certificate: SignedPublicKey,
) -> Result<SignedPublicKey>Expand description
Merges and minimizes OpenPGP certificates.
Keeps at most one direct key signature and at most one User ID with exactly one signature.
See https://openpgp.dev/book/adv/certificates.html#merging and https://openpgp.dev/book/adv/certificates.html#certificate-minimization.
new_certificate does not necessarily contain newer data.
It may come not directly from the key owner,
e.g. via protected Autocrypt header or protected attachment
in a signed message, but from Autocrypt-Gossip header or a vCard.
Gossiped key may be older than the one we have
or even have some packets maliciously dropped
(for example, all encryption subkeys dropped)
or restored from some older version of the certificate.