sigdown

package module
v0.0.0-...-192831e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2017 License: MIT Imports: 8 Imported by: 0

README

HTTP with PGP check Build Status Go Report Card

In case you have some content to download from a remote server, which also provides PGP signature download, than you can use this go package to verify signature before using the content from remote server

Example


import (
	"context"
	"fmt"
	"log"

	"github.com/antontsv/sigdown"
)

func main() {
	url := "https://git.io/all.files"
	sigurl := url + ".asc"

    // Value of testKey for this example is here:
    // https://github.com/antontsv/sigdown/blob/master/example_test.go#L33
	downloader, err := sigdown.New(testKey) 
	if err != nil {
		log.Fatalf("unexpected error while creating downloader: %v", err)
	}

	download, err := downloader.Download(context.Background(), url, sigurl)
	if err != nil {
		log.Fatalf("failed to download %s with signature verification, error: %v", url, err)
	}

	fmt.Println(download.Content)
}

More

GoDoc

Documentation

Overview

Package sigdown uses net/HTTP and add PGP signature verification

Example

Example downloads content that has a PGP signature available for verification using testKey listed below 

package main

import (
	"context"
	"fmt"
	"log"

	"github.com/antontsv/sigdown"
)

// Example downloads content that has a
// PGP signature available for verification using testKey listed below
func main() {
	url := "https://git.io/all.files"
	sigurl := url + ".asc"

	downloader, err := sigdown.New(testKey)
	if err != nil {
		log.Fatalf("unexpected error creating downloader: %v", err)
	}

	download, err := downloader.Download(context.Background(), sigdown.Request{URL: url, SigURL: sigurl})
	if err != nil {
		log.Fatalf("failed to download %s with signature verification, error: %v", url, err)
	}

	for _, name := range download.Signers {
		fmt.Printf("Signed by: %s", name)
	}
}

var testKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: antontsv

mQINBFcfGqQBEACofvmZPzZqzWFQ6BDbcisPnl4fANIzDqPJ7UAd6lk3lVBbvfra
0vxhhyi7eXLDYp8nHDHQnR15DMotdfp8xsMsq88yw11uQlRDlLJB/xPfwTBD7kd0
u8EuT8J0gkrelqbxNinJOeafXIIej3ybTcFoJAH4YyG84A0NbasPn2jJ8Mt+L9PQ
+qNgaMe0tE1v8wU/RKzTTGI0FLxqc/94fsO2fWrXHw9yH94n//su6rC1n5+I5bXW
iNE/HeWMfIW+0kwegEj82Pai6XSMRxhZrCotpDcH6ARuNmXRQuoOMV6YXyAveb+u
aZjLIzoyUXSZxXqdoX6+Ze+xOQsBpsaMNqqkhx780Ycb8Zq/Q+A+WxiN7JA4F0x6
OK2WWII1QbFwr5AY/OKvNXQ0dB4sYVXCiKIarmBcDCfqwQTM8RKLK1oJsQU2G0nN
xjAYufH2zy7whq/eDHk3IFk33M++sIPeGqcDoMLOl36lXkmcfr+QmYtLR3dq/pcC
cTSOzCDhFjMWmXG4JxrWtLWpZZBn9cG6pxuSeDtL+VY98d3G/SdC80RV0kdlTItY
9raBJJVXujV4jU6WVvG9Sbm/B3v8mO/VIdWCRuFEeZ+oCS1QA7b5nSeB61+7JOTc
JF3FsX72zMgM29bNrPBQ/6ctT3eOl2ORsX15LHbXJIACxEFM51MAw1N6fQARAQAB
tCdBbnRvbiBUc3ZpYXRrb3UgPGEudHN2aWF0a291QGdtYWlsLmNvbT6JAj0EEwEK
ACcFAlcfGqQCGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQlf/F
6+79u7UBTg//UGrRlnugA3nk/n5uukkNfGsN+3qPlujMMOk+HIJPdJ1O7k9XzoEs
CKQrt7YHXyVV18kYO7eZjMq3LPB2HOEm2cSlJzWfgRFqm89N/1iLZETdv9Y9Ppg+
giUOmQIf0SQX2kA4pUn/gMTT9splQZlg7NPExzosxdcrchWo2ePcZfq737eJvIhl
fk0lJs3vCmShVHI6SopszAz8klBPrQNsCRofBF1N6tElJ7iPXqQD/fegi3sxfNXb
fWhy+dUEskuu/KEtOSm+QPzVIDijCJktJoDCI9EFyZBGK4Zokd3czYYpOIt1fWAn
13VLXQHJLD6k4Ufvexig8AU6E1h50/yqIFTP4Vl1/XBrgkS/gbOEiVND+aIZNO+4
rfQOodDT1DeizwUMe3oVUBLvodKK9tgNlLe8we+FcbGayeJ4hBnrCFnzYFGqq4Oj
YkCyK7Ol9bB1zKb2OeFtHsFcfUBL4C4NMj5P3DARQEuiEbPTH3yu3qRWFYOA5SIU
WnXPWvTzqMfUd7NNnlYKUckjakrVkCJ7xbbXz+8BJJJieddci1CEW0wjxdBzCylT
FFqI6+46WXWJYjZ9Q7QTZ4Cstp6PqdERA9qEY86TTp0MvEdoBHSUXaDF3f60utF4
oYAiX7f68qUwFuS4xvm2g2BblpISmPKOvZU3nh/XspljFqHedFow1c25Ag0EVx8a
pAEQALCJosRaGAGNU32LawoVO6VYlkOfOxp75wtttpgoUcVAolC7iTi+zHTPWovU
hpJKTQ+OtPqBvuNKOwCceIKrAkbSb0X8j4D1KstSimf/iKnSUseYJTfbN2Vo5BgM
E3OKn52uQ8eKOiXd36L0L4zx2dKJBd1MUj4KqXEppBMzqllToHRKxj+3yiekrirw
pJdLHKLNijSGVwh7Qo2l0ozvlQAaBSOa0PPsEL2lhMHExjBJ0tS+vEMdYRfTgFqn
X3J8Bm3vT1WoXosZtkvQEt1kNeqOfKAloYkMrHko8enOZIiR8d3B2ihBtWh204FU
nkJ6QvlWczkCxI1gz6sPs7SwpfK8259e6JDdfcHhcfE30Zql8wPaJ/Ujxyb4Mvgh
MGwZhSfxIm4hNnkcuc9eVaAIje+gBfxCegay+G1oy5Hb0HthowdxOeJgcW9EmcgK
DQDMWEMXRG92LR4/HKXvMKLiJdbRVmfteTnjHSImNqfe0I1CIIsHYrYjXNU8glij
HEzKgh//JcxkbhBc6XsKltPVTMgAjexh12GBpXli6RZ92B1ll7u3Tz6Gs2TEYqDs
8xIiNrQNLxRS/CUw46SvGhbE/fU5JQVRd/oLnwXq8LJjMj7y6Cn5N2aup11XGcAk
f5FUj0G/LmgaXFm9/W6k5QzWQCEzDaA9PfRVeyr3fTfayiMjABEBAAGJAiUEGAEK
AA8FAlcfGqQCGwwFCQeGH4AACgkQlf/F6+79u7WaAA//aIxwv4adaji4RwlgCIfA
BK8wds+1J0+SlvB6NsrE4vV8drvEmIvN4MyZx3ReiQI/HYk0+9UjxMhkT3GW/SiC
ycX0OGrM6i0TxUlgrIHrD5XTpAfJGGmnNNQixe2n6O2hUchMO1D1fUz+F7g4veVr
sBr/KsCd4q+hg9Bg6UzEu+JMSMCktK6mvsBdZfBe/DB+2lityMyBndAqQIxgTkPU
eNb23UxmgZ/c9Qj7vjjz7BC6zimYqI65Wm9UUF7jPeqpRhLeRPhAGwQcl2A4byaB
a9A1OCvFS4hEad5oBZFLvJ6z9riy+7O2DUwbUs1hTpRnccMtj0XkqoWCmQqaDm+u
Ue3sKF8+Ij67/94N4EVjIhCPIkoRYo49fBlfeOgvtN/cR7+mS8AW/9xoQWefom5s
cjCny4fhKzzg6c0jqy0s2YFv1csc/gml5zEpu2618W6w/uVDtnY9MygCQSsAsVWN
C/pulWaOmmDUcI5YaC3JnGvGsMImFSxQVbumCSOEXNyH0NUPe0VQhelueb2LE2eZ
UbkqIDlEGbsLrJIVJsDUsKOhXWXqaZn/q33KaggU9P0SY85DHOqAA+7xPXc21L0N
d3AqmCF7qF4VH1VBhm1svQhSlE9tSXJqB/OHGbbquvQuHqMdPS/ROBKjtceNPUy+
Q9yHDCiJn/+13NMTJE+kxJQ=
=oCRa
-----END PGP PUBLIC KEY BLOCK-----
`

Output:

Signed by: Anton Tsviatkou

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Downloader 

type Downloader interface {
	Download(ctx context.Context, req Request) (*SignedContent, error)
}

Downloader can perform an HTTP download with PGP signature verification

func New 

func New(pgpPubKey string) (Downloader, error)

New returns new downloader set to verify downloads provided PGP key

type Request 

type Request struct {
	// URL to download content from
	URL string
	// SigURL should serve detached PGP signature for the content served by URL
	SigURL string
	// MaxBytes spefifies max number of bytes content or signature file
	// can be downloaded from remote site.
	// We do not want remote service or Man-In-The-Middle try to overload
	// Downloader with large files, by having download size limited to appropriate
	// value we will fail fast
	//
	// Default is 1048576 [1MB]
	MaxBytes int
	// Timeout specifies a time limit a Download is allowed to run,
	// including getting content and signature data from remote server
	// and running all checks.
	// Default is 30 seconds
	Timeout time.Duration
}

Request has all necessary data to perform HTTP download PGP verification detached signature

type SignedContent 

type SignedContent struct {
	// Content that has been confirmed by its detashed signature
	Content []byte
	// Signers represents a list of names of people who signed Content.
	Signers []string
}

SignedContent returns signed context and names of signers

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.