Documentation ¶
Overview ¶
Package openpgp is a high-level API for creating keys and signatures within a very narrow part of the OpenPGP standard. Only a small set of cryptographic primitives is supported, such as only Curve25519 and not RSA. It's primarily for producing OpenPGP output, not consuming arbitrary OpenPGP input.
Index ¶
- Constants
- Variables
- func Armor(buf []byte) []byte
- func Dearmor(buf []byte) ([]byte, error)
- type EncryptKey
- func (k *EncryptKey) Created() int64
- func (k *EncryptKey) EncPacket(passphrase []byte) []byte
- func (k *EncryptKey) Expires() int64
- func (k *EncryptKey) Load(packet Packet, passphrase []byte) (err error)
- func (k *EncryptKey) Packet() []byte
- func (k *EncryptKey) PubPacket() []byte
- func (k *EncryptKey) Pubkey() []byte
- func (k *EncryptKey) Seckey() []byte
- func (k *EncryptKey) Seed(seed []byte)
- func (k *EncryptKey) SetCreated(time int64)
- func (k *EncryptKey) SetExpires(time int64)
- type Packet
- type SignKey
- func (k *SignKey) Bind(subkey *EncryptKey, when int64) []byte
- func (k *SignKey) Certify(key, uid []byte, when int64) []byte
- func (k *SignKey) Clearsign(src io.Reader) io.ReadCloser
- func (k *SignKey) Created() int64
- func (k *SignKey) EncPacket(passphrase []byte) []byte
- func (k *SignKey) Expires() int64
- func (k *SignKey) KeyID() []byte
- func (k *SignKey) Load(packet Packet, passphrase []byte) (err error)
- func (k *SignKey) Packet() []byte
- func (k *SignKey) PubPacket() []byte
- func (k *SignKey) Pubkey() []byte
- func (k *SignKey) Seckey() []byte
- func (k *SignKey) Seed(seed []byte)
- func (k *SignKey) SelfSign(userid *UserID, when int64, flags int) []byte
- func (k *SignKey) SetCreated(time int64)
- func (k *SignKey) SetExpires(time int64)
- func (k *SignKey) Sign(src io.Reader) ([]byte, error)
- type UserID
Constants ¶
const ( // SignKeyPubLen is the size of the public part of an OpenPGP packet. SignKeyPubLen = 53 // FlagMDC indicates that the identity making a self-signature // prefers to recieve a Modification Detection Code (MDC). FlagMDC = iota )
const (
// EncryptKeyPubLen is the size of the public part of an OpenPGP packet.
EncryptKeyPubLen = 58
)
Variables ¶
var ( // ErrDecryptKey indicates the wrong key was given. ErrDecryptKey = errors.New("wrong encryption key") // ErrUnsupportedPacket indicates the packet uses unsupported // features. ErrUnsupportedPacket = errors.New("input packet unsupported") )
var ErrArmorCRC = errors.New("invalid armored checksum")
ErrArmorCRC indicates that the CRC checksum did not match.
var ErrInvalidArmor = errors.New("invalid armored data")
ErrInvalidArmor indicates that the input is invalid.
var ErrInvalidPacket = errors.New("invalid OpenPGP data")
ErrInvalidPacket means a packet is inconsistent or contains invalid data.
var ErrNoData = errors.New("no OpenPGP data found")
ErrNoData indicates the armor was valid, but no OpenPGP data was found.
Functions ¶
Types ¶
type EncryptKey ¶
type EncryptKey struct { Key []byte // contains filtered or unexported fields }
EncryptKey represents an X25519 Diffie-Hellman key (ECDH). Implements Bindable.
func (*EncryptKey) Created ¶
func (k *EncryptKey) Created() int64
Created returns the key's creation date in unix epoch seconds.
func (*EncryptKey) EncPacket ¶
func (k *EncryptKey) EncPacket(passphrase []byte) []byte
EncPacket returns a protected secret key packet.
func (*EncryptKey) Expires ¶
func (k *EncryptKey) Expires() int64
Expires returns the key's expiration time in unix epoch seconds. A value of zero means the key doesn't expire.
func (*EncryptKey) Load ¶
func (k *EncryptKey) Load(packet Packet, passphrase []byte) (err error)
Load key material from packet body. If the error is DecryptKeyErr, then either the passphrase was nil or the passphrase is wrong. To use an empty passphrase, pass an empty but non-nil passphrase.
func (*EncryptKey) Packet ¶
func (k *EncryptKey) Packet() []byte
Packet returns the OpenPGP packet encoding this key.
func (*EncryptKey) PubPacket ¶
func (k *EncryptKey) PubPacket() []byte
PubPacket returns an OpenPGP public key packet for this key.
func (*EncryptKey) Pubkey ¶
func (k *EncryptKey) Pubkey() []byte
Pubkey returns the public key portion of this key.
func (*EncryptKey) Seckey ¶
func (k *EncryptKey) Seckey() []byte
Seckey returns the secret key portion of this key.
func (*EncryptKey) Seed ¶
func (k *EncryptKey) Seed(seed []byte)
Seed sets the 32-byte seed for a sign key.
func (*EncryptKey) SetCreated ¶
func (k *EncryptKey) SetCreated(time int64)
SetCreated sets the creation date in unix epoch seconds.
func (*EncryptKey) SetExpires ¶
func (k *EncryptKey) SetExpires(time int64)
SetExpires returns the key's expiration time in unix epoch seconds. A value of zero means the key doesn't expire.
type Packet ¶
Packet represents a packet container.
func ParsePacket ¶
ParsePacket returns the header of next packet in the buffer and the bytes following the packet.
type SignKey ¶
type SignKey struct { Key ed25519.PrivateKey // contains filtered or unexported fields }
SignKey represents an Ed25519 sign key (EdDSA).
func (*SignKey) Bind ¶
func (k *SignKey) Bind(subkey *EncryptKey, when int64) []byte
Bind a subkey to this signing key, returning the signature packet.
func (*SignKey) Certify ¶
Certify a pairing of public key and user ID packet, returning the signature packet. This accept byte slices so that arbitrary packets can be certified, not just formats understood by this package.
func (*SignKey) Clearsign ¶
func (k *SignKey) Clearsign(src io.Reader) io.ReadCloser
Clearsign returns a new cleartext stream signer. Data from the given reader will be cleartext-signed and wrtten into the returned reader. The returned reader must either be read completely or closed.
func (*SignKey) Expires ¶
Expires returns the key's expiration time in unix epoch seconds. A value of zero means the key doesn't expire.
func (*SignKey) Load ¶
Load key material from packet body. If the error is DecryptKeyErr, then either the passphrase was nil or the passphrase is wrong. To use an empty passphrase, pass an empty but non-nil passphrase.
func (*SignKey) SetCreated ¶
SetCreated sets the creation date in unix epoch seconds.
func (*SignKey) SetExpires ¶
SetExpires returns the key's expiration time in unix epoch seconds. A value of zero means the key doesn't expire.