pgp

package
v3.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2023 License: MPL-2.0 Imports: 17 Imported by: 5

Documentation

Overview

Package pgp contains an implementation of the github.com/getsops/sops/v3.MasterKey interface that encrypts and decrypts the data key by first trying with the github.com/ProtonMail/go-crypto/openpgp package and if that fails, by calling the "gpg" binary.

Index

Constants

View Source 
const (
	// SopsGpgExecEnv can be set as an environment variable to overwrite the
	// GnuPG binary used.
	SopsGpgExecEnv = "SOPS_GPG_EXEC"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type DisableOpenPGP 

type DisableOpenPGP struct{}

DisableOpenPGP disables encrypt and decrypt operations using OpenPGP.

func (DisableOpenPGP) ApplyToMasterKey 

func (d DisableOpenPGP) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the provided key to not use OpenPGP.

type GnuPGHome 

type GnuPGHome string

GnuPGHome is the absolute path to a GnuPG home directory. A new keyring can be constructed by combining the use of NewGnuPGHome() and Import() or ImportFile().

func NewGnuPGHome 

func NewGnuPGHome() (GnuPGHome, error)

NewGnuPGHome initializes a new GnuPGHome in a temporary directory. The caller is expected to handle the garbage collection of the created directory.

func (GnuPGHome) ApplyToMasterKey 

func (d GnuPGHome) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the GnuPGHome on the provided key if it passes Validate.

func (GnuPGHome) Cleanup 

func (d GnuPGHome) Cleanup() error

Cleanup deletes the GnuPGHome if it passes Validate. It returns an error if the GnuPGHome does not pass Validate, or if the removal failed.

func (GnuPGHome) Import 

func (d GnuPGHome) Import(armoredKey []byte) error

Import attempts to import the armored key bytes into the GnuPGHome keyring. It returns an error if the GnuPGHome does not pass Validate, or if the import failed.

func (GnuPGHome) ImportFile 

func (d GnuPGHome) ImportFile(path string) error

ImportFile attempts to import the armored key file into the GnuPGHome keyring. It returns an error if the GnuPGHome does not pass Validate, or if the import failed.

func (GnuPGHome) String 

func (d GnuPGHome) String() string

String returns the GnuPGHome as a string. It does not Validate.

func (GnuPGHome) Validate 

func (d GnuPGHome) Validate() error

Validate ensures the GnuPGHome is a valid GnuPG home directory path. When validation fails, it returns a descriptive reason as error.

type MasterKey 

type MasterKey struct {
	// Fingerprint contains the fingerprint of the PGP key used to Encrypt
	// or Decrypt the data key with.
	Fingerprint string
	// EncryptedKey contains the SOPS data key encrypted with PGP.
	EncryptedKey string
	// CreationDate of the MasterKey, used to determine if the EncryptedKey
	// needs rotation.
	CreationDate time.Time
	// contains filtered or unexported fields
}

MasterKey is a PGP key used to securely store SOPS' data key by encrypting it and decrypting it.

func MasterKeysFromFingerprintString 

func MasterKeysFromFingerprintString(fingerprint string) []*MasterKey

MasterKeysFromFingerprintString takes a comma separated list of PGP fingerprints and returns a slice of new MasterKeys with those fingerprints.

func NewMasterKeyFromFingerprint 

func NewMasterKeyFromFingerprint(fingerprint string) *MasterKey

NewMasterKeyFromFingerprint takes a PGP fingerprint and returns a new MasterKey with that fingerprint.

func (*MasterKey) Decrypt 

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt first attempts to obtain the data key from the EncryptedKey stored in the MasterKey using OpenPGP, before falling back to GnuPG. When both attempts fail, an error is returned.

func (*MasterKey) Encrypt 

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt encrypts the data key with the PGP key with the same fingerprint as the MasterKey.

func (*MasterKey) EncryptIfNeeded 

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the data key with PGP only if it's needed, that is, if it hasn't been encrypted already.

func (*MasterKey) EncryptedDataKey 

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds.

func (*MasterKey) NeedsRotation 

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey 

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key.

func (MasterKey) ToMap 

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey into a map for serialization purposes.

func (*MasterKey) ToString 

func (key *MasterKey) ToString() string

ToString returns the string representation of the key, i.e. its fingerprint.

type PubRing 

type PubRing string

PubRing can be used to configure the absolute path to a public keyring used by OpenPGP.

func (PubRing) ApplyToMasterKey 

func (r PubRing) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the provided key to not use the GnuPG agent.

type SecRing 

type SecRing string

SecRing can be used to configure the absolute path to a sec keyring used by OpenPGP.

func (SecRing) ApplyToMasterKey 

func (r SecRing) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the provided key to not use the GnuPG agent.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.