README
¶
PGP Signing
===========
.. sectnum::
.. contents:: Table of Contents
This signer implements the Pretty Good Privacy signature format. It accepts data
on the `/sign/data` interface and returns armored detached signatures.
Example:
.. code:: bash
# request a signature using the autograph client
$ go run client.go -d $(base64 /tmp/pgpinput.txt) -k randompgp \
-o /tmp/testsig.pgp -ko /tmp/testkey.asc
# import the public key returned by autograph into a temp keyring
$ gpg --no-default-keyring --keyring /tmp/testkeyring.pgp \
--secret-keyring /tmp/testsecring.gpg --import /tmp/testkey.asc
# verify the signature using the temp keyring
$ gpg --no-default-keyring --keyring /tmp/testkeyring.pgp \
--secret-keyring /tmp/testsecring.gpg \
--verify /tmp/testsig.pgp /tmp/pgpinput.txt
Configuration
-------------
Place a PGP Private Key in `autograph.yaml`:
.. code:: yaml
signers:
- id: some-pgp-key
type: pgp
privatekey: |
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQOYBFuW9xABCACzCLYHwgGba7hi+lwhD/Hr5qqpg+UuN+88NclYgLWyl1nPpx2D
...
HQASoA7mirON
=vJUu
-----END PGP PRIVATE KEY BLOCK-----
Signature request
-----------------
This signer only supports the `/sign/data/` endpoint.
.. code:: json
[
{
"input": "Y2FyaWJvdW1hdXJpY2UK",
"keyid": "some-pgp-key"
}
]
Signature response
------------------
The response to a data signing request contains a PGP armored detached
signature in its raw form with newlines preserved but wrapped on a single line
due to JSON marshalling. You can write it out to a file to recover the standard
armored signature that gnupg expects.
.. code:: json
[
{
"ref": "7khgpu4gcfdv30w8joqxjy1cc",
"type": "pgp",
"signer_id": "some-pgp-key",
"public_key":"-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nxsBNBFuW9xABCACzCLYHwg...",
"signature":"-----BEGIN PGP SIGNATURE-----\n\nwsBcBAABCAAQBQJbt3KqCRDdCl2Z...."
}
]
Documentation
¶
Index ¶
Constants ¶
View Source
const ( // Type of this signer is "pgp", which represents a signer // that uses the native golang.org/x/crypto/openpgp to sign // data Type = "pgp" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type PGPSigner ¶
type PGPSigner struct {
signer.Configuration
// contains filtered or unexported fields
}
PGPSigner holds the configuration of the signer
func New ¶
func New(conf signer.Configuration) (s *PGPSigner, err error)
New initializes a pgp signer using a configuration
func (*PGPSigner) Config ¶
func (s *PGPSigner) Config() signer.Configuration
Config returns the configuration of the current signer
func (*PGPSigner) GetDefaultOptions ¶
func (s *PGPSigner) GetDefaultOptions() interface{}
GetDefaultOptions returns default options of the signer
Source Files
Click to show internal directories.
Click to hide internal directories.