v3: go.mozilla.org/sops/v3/pgp Index | Files

package pgp

import "go.mozilla.org/sops/v3/pgp"

Package pgp contains an implementation of the go.mozilla.org/sops/v3.MasterKey interface that encrypts and decrypts the data key by first trying with the golang.org/x/crypto/openpgp package and if that fails, by calling the "gpg" binary.


Package Files


type MasterKey Uses

type MasterKey struct {
    Fingerprint  string
    EncryptedKey string
    CreationDate time.Time

MasterKey is a PGP key used to securely store sops' data key by encrypting it and decrypting it

func MasterKeysFromFingerprintString Uses

func MasterKeysFromFingerprintString(fingerprint string) []*MasterKey

MasterKeysFromFingerprintString takes a comma separated list of PGP fingerprints and returns a slice of new MasterKeys with those fingerprints

func NewMasterKeyFromFingerprint Uses

func NewMasterKeyFromFingerprint(fingerprint string) *MasterKey

NewMasterKeyFromFingerprint takes a PGP fingerprint and returns a new MasterKey with that fingerprint

func (*MasterKey) Decrypt Uses

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt uses PGP to obtain the data key from the EncryptedKey store in the MasterKey and returns it

func (*MasterKey) Encrypt Uses

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt encrypts the data key with the PGP key with the same fingerprint as the MasterKey. It looks for PGP public keys in $PGPHOME/pubring.gpg.

func (*MasterKey) EncryptIfNeeded Uses

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the data key with PGP only if it's needed, that is, if it hasn't been encrypted already

func (*MasterKey) EncryptedDataKey Uses

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds

func (*MasterKey) NeedsRotation Uses

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not

func (*MasterKey) SetEncryptedDataKey Uses

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key

func (MasterKey) ToMap Uses

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey into a map for serialization purposes

func (*MasterKey) ToString Uses

func (key *MasterKey) ToString() string

ToString returns the string representation of the key, i.e. its fingerprint

Package pgp imports 17 packages (graph) and is imported by 4 packages. Updated 2020-10-09. Refresh now. Tools for package owners.