openpgp

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2023 License: Unlicense Imports: 18 Imported by: 0

Documentation

Overview

Package openpgp is a high-level API for creating keys and signatures within a very narrow part of the OpenPGP standard. Only a small set of cryptographic primitives is supported, such as only Curve25519 and not RSA. It's primarily for producing OpenPGP output, not consuming arbitrary OpenPGP input.

Index

Constants

View Source 
const (
	// SignKeyPubLen is the size of the public part of an OpenPGP packet.
	SignKeyPubLen = 53

	// FlagMDC indicates that the identity making a self-signature
	// prefers to recieve a Modification Detection Code (MDC).
	FlagMDC = iota
)
View Source 
const (
	// EncryptKeyPubLen is the size of the public part of an OpenPGP packet.
	EncryptKeyPubLen = 58
)

Variables

View Source 
var (
	// ErrDecryptKey indicates the wrong key was given.
	ErrDecryptKey = errors.New("wrong encryption key")

	// ErrUnsupportedPacket indicates the packet uses unsupported
	// features.
	ErrUnsupportedPacket = errors.New("input packet unsupported")
)
View Source 
var ErrArmorCRC = errors.New("invalid armored checksum")

ErrArmorCRC indicates that the CRC checksum did not match.

View Source 
var ErrInvalidArmor = errors.New("invalid armored data")

ErrInvalidArmor indicates that the input is invalid.

View Source 
var ErrInvalidPacket = errors.New("invalid OpenPGP data")

ErrInvalidPacket means a packet is inconsistent or contains invalid data.

View Source 
var ErrNoData = errors.New("no OpenPGP data found")

ErrNoData indicates the armor was valid, but no OpenPGP data was found.

Functions

func Armor 

func Armor(buf []byte) []byte

Armor returns the ASCII armored version of its input packet. It autodetects what kind of armor should be used based on the packet header.

func Dearmor 

func Dearmor(buf []byte) ([]byte, error)

Dearmor returns the decoded, raw binary data from armored input.

Types

type EncryptKey 

type EncryptKey struct {
	Key []byte
	// contains filtered or unexported fields
}

EncryptKey represents an X25519 Diffie-Hellman key (ECDH). Implements Bindable.

func (*EncryptKey) Created 

func (k *EncryptKey) Created() int64

Created returns the key's creation date in unix epoch seconds.

func (*EncryptKey) EncPacket 

func (k *EncryptKey) EncPacket(passphrase []byte) []byte

EncPacket returns a protected secret key packet.

func (*EncryptKey) Expires 

func (k *EncryptKey) Expires() int64

Expires returns the key's expiration time in unix epoch seconds. A value of zero means the key doesn't expire.

func (*EncryptKey) Load 

func (k *EncryptKey) Load(packet Packet, passphrase []byte) (err error)

Load key material from packet body. If the error is DecryptKeyErr, then either the passphrase was nil or the passphrase is wrong. To use an empty passphrase, pass an empty but non-nil passphrase.

func (*EncryptKey) Packet 

func (k *EncryptKey) Packet() []byte

Packet returns the OpenPGP packet encoding this key.

func (*EncryptKey) PubPacket 

func (k *EncryptKey) PubPacket() []byte

PubPacket returns an OpenPGP public key packet for this key.

func (*EncryptKey) Pubkey 

func (k *EncryptKey) Pubkey() []byte

Pubkey returns the public key portion of this key.

func (*EncryptKey) Seckey 

func (k *EncryptKey) Seckey() []byte

Seckey returns the secret key portion of this key.

func (*EncryptKey) Seed 

func (k *EncryptKey) Seed(seed []byte)

Seed sets the 32-byte seed for a sign key.

func (*EncryptKey) SetCreated 

func (k *EncryptKey) SetCreated(time int64)

SetCreated sets the creation date in unix epoch seconds.

func (*EncryptKey) SetExpires 

func (k *EncryptKey) SetExpires(time int64)

SetExpires returns the key's expiration time in unix epoch seconds. A value of zero means the key doesn't expire.

type Packet 

type Packet struct {
	Tag    byte
	HdrLen int
	Body   []byte
}

Packet represents a packet container.

func ParsePacket 

func ParsePacket(buf []byte) (Packet, []byte, error)

ParsePacket returns the header of next packet in the buffer and the bytes following the packet.

func (*Packet) Encode 

func (p *Packet) Encode() []byte

Encode returns an encoded version of this packet.

type SignKey 

type SignKey struct {
	Key ed25519.PrivateKey
	// contains filtered or unexported fields
}

SignKey represents an Ed25519 sign key (EdDSA).

func (*SignKey) Bind 

func (k *SignKey) Bind(subkey *EncryptKey, when int64) []byte

Bind a subkey to this signing key, returning the signature packet.

func (*SignKey) Certify 

func (k *SignKey) Certify(key, uid []byte, when int64) []byte

Certify a pairing of public key and user ID packet, returning the signature packet. This accept byte slices so that arbitrary packets can be certified, not just formats understood by this package.

func (*SignKey) Clearsign 

func (k *SignKey) Clearsign(src io.Reader) io.ReadCloser

Clearsign returns a new cleartext stream signer. Data from the given reader will be cleartext-signed and wrtten into the returned reader. The returned reader must either be read completely or closed.

func (*SignKey) Created 

func (k *SignKey) Created() int64

Created returns the key's creation date in unix epoch seconds.

func (*SignKey) EncPacket 

func (k *SignKey) EncPacket(passphrase []byte) []byte

EncPacket returns a protected secret key packet.

func (*SignKey) Expires 

func (k *SignKey) Expires() int64

Expires returns the key's expiration time in unix epoch seconds. A value of zero means the key doesn't expire.

func (*SignKey) KeyID 

func (k *SignKey) KeyID() []byte

KeyID returns the Key ID for a sign key.

func (*SignKey) Load 

func (k *SignKey) Load(packet Packet, passphrase []byte) (err error)

Load key material from packet body. If the error is DecryptKeyErr, then either the passphrase was nil or the passphrase is wrong. To use an empty passphrase, pass an empty but non-nil passphrase.

func (*SignKey) Packet 

func (k *SignKey) Packet() []byte

Packet returns an OpenPGP packet for a sign key.

func (*SignKey) PubPacket 

func (k *SignKey) PubPacket() []byte

PubPacket returns a public key packet for this key.

func (*SignKey) Pubkey 

func (k *SignKey) Pubkey() []byte

Pubkey returns the public key part of a sign key.

func (*SignKey) Seckey 

func (k *SignKey) Seckey() []byte

Seckey returns the public key part of a sign key.

func (*SignKey) Seed 

func (k *SignKey) Seed(seed []byte)

Seed sets the 32-byte seed for a sign key.

func (*SignKey) SelfSign 

func (k *SignKey) SelfSign(userid *UserID, when int64, flags int) []byte

SelfSign returns a self-signature packer over a user ID.

func (*SignKey) SetCreated 

func (k *SignKey) SetCreated(time int64)

SetCreated sets the creation date in unix epoch seconds.

func (*SignKey) SetExpires 

func (k *SignKey) SetExpires(time int64)

SetExpires returns the key's expiration time in unix epoch seconds. A value of zero means the key doesn't expire.

func (*SignKey) Sign 

func (k *SignKey) Sign(src io.Reader) ([]byte, error)

Sign binary data with this key using an OpenPGP signature packet.

type UserID 

type UserID struct {
	ID []byte
}

UserID represents a user identity. Implements Bindable.

func (*UserID) Load 

func (u *UserID) Load(packet Packet) (err error)

Load from packet.

func (*UserID) Packet 

func (u *UserID) Packet() []byte

Packet returns an OpenPGP packet encoding this identity.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.