azure-keyvault-pgp

command module

v0.0.0-...-e5dbab7 Latest Latest Go to latest Published: Mar 27, 2022 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jepio/azure-keyvault-pgp

Links

Open Source Insights

README ¶

Azure Keyvault PGP

This project lets you create PGP-compatible signatures using Azure Keyvault asymmetric keys. It should be considered experimental.

The code comes from https://github.com/heptiolabs/google-kms-pgp, who figured all of this out. I just rewrote it to use Azure Keyvault. This is not an official Microsoft project.

Installing

$ go get -u -v github.com/jepio/azure-keyvault-pgp
[...]
$ azure-keyvault-pgp

usage: azure-keyvault-pgp --export|--sign|--clearsign
  -a, --armor               output in ascii armor
      --clearsign           sign a message in clear text
      --comment string      comment associated with the key
  -b, --detach-sign         make a detached signature
      --email string        email associated with the key
      --export              export public key
  -u, --local-user string   name of key to sign with
      --name string         name associated with the key
  -o, --output string       write output to file (use - for stdout)
  -s, --sign                sign a message

This binary has two modes of execution:

--export: generates and exports a PGP-compatible public key from a Azure Keyvault key.
--sign|--clearsign: signs input using the Azure Keyvault key, producing a PGP signature.

Usage: Generating a Key

$ az login
$ export AZURE_KEYVAULT_URL=https://<keyvault-name>.vault.azure.net

$ azure-keyvault-pgp --export \
								 --name "My User" \
								 --comment "A comment about my key" \
								 --email "myuser@example.com" \
								 --armor \
								 --output my-public-key.asc \
								 my-key

$ gpg --import my-public-key.asc
gpg: key 6014DEDCDEC1EF5F: "My User (A comment about my key) <myuser@example.com>" 1 new user ID
gpg: key 6014DEDCDEC1EF5F: "My User (A comment about my key) <myuser@example.com>" 1 new signature
gpg: Total number processed: 1
gpg:           new user IDs: 1
gpg:         new signatures: 1

You can import this key into GPG using gpg --import my-public-key.asc and optionally mark it trusted using gpg --edit-key 6014DEDCDEC1EF5F

Usage: Signing

$ az login
$ export AZURE_KEYVAULT_URL=https://<keyvault-name>.vault.azure.net

$ azure-keyvault-pgp --sign \
								 --detach-sign \
								 --armor \
								 --local-user my-key \
								 hello.txt

$ gpg --verify hello.txt.asc hello.txt
gpg: Signature made Fri Aug 31 11:48:35 2018 CDT
gpg:                using RSA key 6014DEDCDEC1EF5F
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   5  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   5  signed:   5  trust: 5-, 0q, 0n, 0m, 0f, 0u
gpg: Good signature from "My User (A comment about my key) <myuser@example.com>" [ultimate]

Documentation ¶

Overview ¶

Package main implements a PGP-compatible signing interface backed by Google KMS.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
kmssigner Package kmssigner implements a crypto.Signer backed by Google Cloud KMS.	Package kmssigner implements a crypto.Signer backed by Google Cloud KMS.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL