README
¶
openpgp
This package has been moved into https://github.com/hockeypuck/hockeypuck. Further contributions should be made there, this project has been archived.
Package openpgp provides OpenPGP packet processing for keyservers. It is
intended to support verification of signed key material and certifications.
Purpose
Public keyservers are intended to be beneficial directory service, but in the OpenPGP cryptosystem, they are not intended to be securely reliable authorities on the authenticity of keys. Rather, they are tasked with propagating key material -- good, bad or ugly -- for OpenPGP agents like GnuPG to determine authenticity and acceptable content.
This package supports the unique concerns of a keyserver, which is not (and probably should not be) addressed in a typical OpenPGP implementation oriented toward user agents.
Features
- Merging packets among two keyrings.
- De-duplication or preservation of redundant packets in a public keyring.
- Resolve revocations, expirations and certifying self-signatures for non-authoritative purposes.
- Tolerance and classification of experimental, new, and outdated key material for interoperability.
- Keyring digest calculation method compatible with SKS.
- Hierarchical entity modeling of keyring packets.
- Unique scoped identifiers for all packets.
- Reversed-hex key IDs support prefix matching, optimal for many database indexes.
Usage
This package is newly API versioned by gopkg.in. Expect a v1 branch once it stabilizes.
import "github.com/hockeypuck/openpgp.v0"
License
AGPLv3. Copyright (c) 2015 Casey Marshall.
Documentation
¶
Index ¶
- Variables
- func AlgorithmName(code int) string
- func CollectDuplicates(key *PrimaryKey) error
- func DropDuplicates(key *PrimaryKey) error
- func Merge(dst, src *PrimaryKey) error
- func Reverse(s string) string
- func SksDigest(key *PrimaryKey, h hash.Hash) (string, error)
- func Sort(pubkey *PrimaryKey)
- func WriteArmoredPackets(w io.Writer, roots []*PrimaryKey) error
- func WritePackets(w io.Writer, key *PrimaryKey) error
- type CheckSig
- type OpaqueKeyring
- type OpaqueKeyringChan
- type Packet
- type PrimaryKey
- type PrimaryKeyChan
- type PublicKey
- type ReadKeyResult
- type SelfSigs
- type Signature
- type SubKey
- type UserAttribute
- type UserID
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidPacketType error = errors.New("Invalid packet type")
var ErrMissingSignature = fmt.Errorf("Key material missing an expected signature")
var ErrPacketRecordState error = errors.New("Packet record state has not been properly initialized")
Functions ¶
func AlgorithmName ¶
func CollectDuplicates ¶
func CollectDuplicates(key *PrimaryKey) error
func DropDuplicates ¶
func DropDuplicates(key *PrimaryKey) error
func Merge ¶
func Merge(dst, src *PrimaryKey) error
func SksDigest ¶
func SksDigest(key *PrimaryKey, h hash.Hash) (string, error)
SksDigest calculates a cumulative message digest on all OpenPGP packets for a given primary public key, using the same ordering as SKS, the Synchronizing Key Server. Use MD5 for matching digest values with SKS.
func WriteArmoredPackets ¶
func WriteArmoredPackets(w io.Writer, roots []*PrimaryKey) error
func WritePackets ¶
func WritePackets(w io.Writer, key *PrimaryKey) error
Types ¶
type CheckSig ¶
type CheckSig struct {
PrimaryKey *PrimaryKey
Signature *Signature
Error error
}
CheckSig represents the result of checking a self-signature.
type OpaqueKeyring ¶
type OpaqueKeyring struct {
Packets []*packet.OpaquePacket
RFingerprint string
Md5 string
Sha256 string
Error error
Position int64
}
func (*OpaqueKeyring) Parse ¶
func (ok *OpaqueKeyring) Parse() (*PrimaryKey, error)
type OpaqueKeyringChan ¶
type OpaqueKeyringChan chan *OpaqueKeyring
func ReadOpaqueKeyrings ¶
func ReadOpaqueKeyrings(r io.Reader) OpaqueKeyringChan
type Packet ¶
type Packet struct {
// UUID is a universally unique identifier string for this packet. Not
// necessarily a standard UUID format though.
UUID string
// Tag indicates the OpenPGP package tag type.
Tag uint8
// Parsed indicates whether Hockeypuck is able to parse the contents of
// this packet or if it is unsupported/malformed key material. Unparsed
// content has not been signature verified, and so Hockeypuck may not have
// been able to filter out invalid content.
Parsed bool
// Count indicates the number of times this packet occurs in the keyring.
Count int
// Packet contains the raw packet bytes.
Packet []byte
}
func ParseOther ¶
func ParseOther(op *packet.OpaquePacket, parentID string) (*Packet, error)
type PrimaryKey ¶
type PrimaryKey struct {
PublicKey
MD5 string
SHA256 string
SubKeys []*SubKey
UserIDs []*UserID
UserAttributes []*UserAttribute
}
func ParsePrimaryKey ¶
func ParsePrimaryKey(op *packet.OpaquePacket) (*PrimaryKey, error)
func (*PrimaryKey) SelfSigs ¶
func (pubkey *PrimaryKey) SelfSigs() *SelfSigs
type PrimaryKeyChan ¶
type PrimaryKeyChan chan *ReadKeyResult
func MustReadArmorKeys ¶
func MustReadArmorKeys(r io.Reader) PrimaryKeyChan
func ReadArmorKeys ¶
func ReadArmorKeys(r io.Reader) (PrimaryKeyChan, error)
func ReadKeys ¶
func ReadKeys(r io.Reader) PrimaryKeyChan
ReadKeys reads public key material from input and sends them on a channel. Caller must receive all keys until the channel is closed.
func (PrimaryKeyChan) MustParse ¶
func (c PrimaryKeyChan) MustParse() []*PrimaryKey
type PublicKey ¶
type PublicKey struct {
Packet
RFingerprint string
RKeyID string
RShortID string
// Creation stores the timestamp when the public key was created.
Creation time.Time
// Expiration stores the timestamp when the public key expires.
Expiration time.Time
// Algorithm stores the algorithm type of the public key.
Algorithm int
// BitLen stores the bit length of the public key.
BitLen int
Signatures []*Signature
Others []*Packet
}
func (*PublicKey) Fingerprint ¶
func (*PublicKey) QualifiedFingerprint ¶
type ReadKeyResult ¶
type ReadKeyResult struct {
*PrimaryKey
Error error
}
type SelfSigs ¶
type SelfSigs struct {
Revocations []*CheckSig
Certifications []*CheckSig
Expirations []*CheckSig
Primaries []*CheckSig
Errors []*CheckSig
// contains filtered or unexported fields
}
SelfSigs holds self-signatures on OpenPGP targets, which may be keys, user IDs, or user attributes.
type Signature ¶
type Signature struct {
Packet
SigType int
RIssuerKeyID string
Creation time.Time
Expiration time.Time
Primary bool
}
func ParseSignature ¶
func ParseSignature(op *packet.OpaquePacket, pubkeyUUID, scopedUUID string) (*Signature, error)
func (*Signature) IssuerKeyID ¶
type SubKey ¶
type SubKey struct {
PublicKey
}
func ParseSubKey ¶
func ParseSubKey(op *packet.OpaquePacket) (*SubKey, error)
func (*SubKey) SelfSigs ¶
func (subkey *SubKey) SelfSigs(pubkey *PrimaryKey) *SelfSigs
type UserAttribute ¶
func ParseUserAttribute ¶
func ParseUserAttribute(op *packet.OpaquePacket, parentID string) (*UserAttribute, error)
func (*UserAttribute) SelfSigs ¶
func (uat *UserAttribute) SelfSigs(pubkey *PrimaryKey) *SelfSigs
Source Files
Directories