package pgp

import "go.mozilla.org/sops/v3/pgp"

Package pgp contains an implementation of the go.mozilla.org/sops/v3.MasterKey interface that encrypts and decrypts the data key by first trying with the golang.org/x/crypto/openpgp package and if that fails, by calling the "gpg" binary.

Index ¶

• type MasterKey
• func MasterKeysFromFingerprintString(fingerprint string) []*MasterKey
• func NewMasterKeyFromFingerprint(fingerprint string) *MasterKey
• func (key *MasterKey) Decrypt() ([]byte, error)
• func (key *MasterKey) Encrypt(dataKey []byte) error
• func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error
• func (key *MasterKey) EncryptedDataKey() []byte
• func (key *MasterKey) NeedsRotation() bool
• func (key *MasterKey) SetEncryptedDataKey(enc []byte)
• func (key MasterKey) ToMap() map[string]interface{}
• func (key *MasterKey) ToString() string

Package Files ¶

keysource.go

type MasterKey ¶ Uses

type MasterKey struct {
    Fingerprint  string
    EncryptedKey string
    CreationDate time.Time
}

MasterKey is a PGP key used to securely store sops' data key by encrypting it and decrypting it

func MasterKeysFromFingerprintString ¶ Uses

func MasterKeysFromFingerprintString(fingerprint string) []*MasterKey

MasterKeysFromFingerprintString takes a comma separated list of PGP fingerprints and returns a slice of new MasterKeys with those fingerprints

func NewMasterKeyFromFingerprint ¶ Uses

func NewMasterKeyFromFingerprint(fingerprint string) *MasterKey

NewMasterKeyFromFingerprint takes a PGP fingerprint and returns a new MasterKey with that fingerprint

func (*MasterKey) Decrypt ¶ Uses

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt uses PGP to obtain the data key from the EncryptedKey store in the MasterKey and returns it

func (*MasterKey) Encrypt ¶ Uses

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt encrypts the data key with the PGP key with the same fingerprint as the MasterKey. It looks for PGP public keys in $PGPHOME/pubring.gpg.

func (*MasterKey) EncryptIfNeeded ¶ Uses

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the data key with PGP only if it's needed, that is, if it hasn't been encrypted already

func (*MasterKey) EncryptedDataKey ¶ Uses

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds

func (*MasterKey) NeedsRotation ¶ Uses

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not

func (*MasterKey) SetEncryptedDataKey ¶ Uses

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key

func (MasterKey) ToMap ¶ Uses

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey into a map for serialization purposes

func (*MasterKey) ToString ¶ Uses

func (key *MasterKey) ToString() string

ToString returns the string representation of the key, i.e. its fingerprint