crypto

package
Version: v2.4.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 25, 2022 License: MIT Imports: 36 Imported by: 79

Documentation

Overview

Package crypto provides a high-level API for common OpenPGP functionality.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncryptSessionKeyWithPassword

func EncryptSessionKeyWithPassword(sk *SessionKey, password []byte) ([]byte, error)

EncryptSessionKeyWithPassword encrypts the session key with the password and returns a binary symmetrically encrypted session key packet.

func GetTime

func GetTime() time.Time

GetTime gets latest cached time.

func GetUnixTime

func GetUnixTime() int64

GetUnixTime gets latest cached time.

func IsPGPMessage

func IsPGPMessage(data string) bool

IsPGPMessage checks if data if has armored PGP message format.

func RandomToken

func RandomToken(size int) ([]byte, error)

RandomToken generates a random token with the specified key size.

func SetKeyGenerationOffset added in v2.1.2

func SetKeyGenerationOffset(offset int64)

SetKeyGenerationOffset updates the offset when generating keys.

func UpdateTime

func UpdateTime(newTime int64)

UpdateTime updates cached time.

Types

type AttachmentProcessor

type AttachmentProcessor struct {
	// contains filtered or unexported fields
}

AttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files).

func (*AttachmentProcessor) Finish

func (ap *AttachmentProcessor) Finish() (*PGPSplitMessage, error)

Finish closes the attachment and returns the encrypted data.

func (*AttachmentProcessor) Process

func (ap *AttachmentProcessor) Process(plainData []byte)

Process writes attachment data to be encrypted.

type ClearTextMessage

type ClearTextMessage struct {
	Data      []byte
	Signature []byte
}

A ClearTextMessage is a signed but not encrypted PGP message, i.e. the ones beginning with -----BEGIN PGP SIGNED MESSAGE-----.

func NewClearTextMessage

func NewClearTextMessage(data []byte, signature []byte) *ClearTextMessage

NewClearTextMessage generates a new ClearTextMessage from data and signature.

func NewClearTextMessageFromArmored

func NewClearTextMessageFromArmored(signedMessage string) (*ClearTextMessage, error)

NewClearTextMessageFromArmored returns the message body and unarmored signature from a clearsigned message.

func (*ClearTextMessage) GetArmored

func (msg *ClearTextMessage) GetArmored() (string, error)

GetArmored armors plaintext and signature with the PGP SIGNED MESSAGE armoring.

func (*ClearTextMessage) GetBinary

func (msg *ClearTextMessage) GetBinary() []byte

GetBinary returns the unarmored signed data as a []byte.

func (*ClearTextMessage) GetBinarySignature

func (msg *ClearTextMessage) GetBinarySignature() []byte

GetBinarySignature returns the unarmored binary signature as a []byte.

func (*ClearTextMessage) GetString

func (msg *ClearTextMessage) GetString() string

GetString returns the unarmored signed data as a string.

type EncryptSplitResult added in v2.2.0

type EncryptSplitResult struct {
	// contains filtered or unexported fields
}

EncryptSplitResult is used to wrap the encryption writecloser while storing the key packet.

func (*EncryptSplitResult) Close added in v2.2.0

func (res *EncryptSplitResult) Close() (err error)

func (*EncryptSplitResult) GetKeyPacket added in v2.2.0

func (res *EncryptSplitResult) GetKeyPacket() (keyPacket []byte, err error)

GetKeyPacket returns the Public-Key Encrypted Session Key Packets (https://datatracker.ietf.org/doc/html/rfc4880#section-5.1). This can be retrieved only after the message has been fully written and the writer is closed.

func (*EncryptSplitResult) Write added in v2.2.0

func (res *EncryptSplitResult) Write(b []byte) (n int, err error)

type GopenPGP

type GopenPGP struct {
	// contains filtered or unexported fields
}

GopenPGP is used as a "namespace" for many of the functions in this package. It is a struct that keeps track of time skew between server and client.

type Identity

type Identity struct {
	Name  string
	Email string
}

Identity contains the name and the email of a key holder.

type Key

type Key struct {
	// contains filtered or unexported fields
}

Key contains a single private or public key.

func GenerateKey

func GenerateKey(name, email string, keyType string, bits int) (*Key, error)

GenerateKey generates a key of the given keyType ("rsa" or "x25519"). If keyType is "rsa", bits is the RSA bitsize of the key. If keyType is "x25519" bits is unused.

func GenerateRSAKeyWithPrimes

func GenerateRSAKeyWithPrimes(
	name, email string,
	bits int,
	primeone, primetwo, primethree, primefour []byte,
) (*Key, error)

GenerateRSAKeyWithPrimes generates a RSA key using the given primes.

func NewKey

func NewKey(binKeys []byte) (key *Key, err error)

NewKey creates a new key from the first key in the unarmored binary data.

func NewKeyFromArmored

func NewKeyFromArmored(armored string) (key *Key, err error)

NewKeyFromArmored creates a new key from the first key in an armored string.

func NewKeyFromArmoredReader

func NewKeyFromArmoredReader(r io.Reader) (key *Key, err error)

NewKeyFromArmoredReader reads an armored data into a key.

func NewKeyFromEntity added in v2.2.2

func NewKeyFromEntity(entity *openpgp.Entity) (*Key, error)

func NewKeyFromReader

func NewKeyFromReader(r io.Reader) (key *Key, err error)

NewKeyFromReader reads binary data into a Key object.

func (*Key) Armor

func (key *Key) Armor() (string, error)

Armor returns the armored key as a string with default gopenpgp headers.

func (*Key) ArmorWithCustomHeaders added in v2.1.0

func (key *Key) ArmorWithCustomHeaders(comment, version string) (string, error)

ArmorWithCustomHeaders returns the armored key as a string, with the given headers. Empty parameters are omitted from the headers.

func (*Key) CanEncrypt added in v2.1.8

func (key *Key) CanEncrypt() bool

CanEncrypt returns true if any of the subkeys can be used for encryption.

func (*Key) CanVerify added in v2.1.8

func (key *Key) CanVerify() bool

CanVerify returns true if any of the subkeys can be used for verification.

func (*Key) Check

func (key *Key) Check() (bool, error)

Check verifies if the public keys match the private key parameters by signing and verifying. Deprecated: all keys are now checked on parsing.

func (*Key) ClearPrivateParams

func (key *Key) ClearPrivateParams() (ok bool)

func (*Key) Copy

func (key *Key) Copy() (*Key, error)

Copy creates a deep copy of the key.

func (*Key) GetArmoredPublicKey

func (key *Key) GetArmoredPublicKey() (s string, err error)

GetArmoredPublicKey returns the armored public keys from this keyring.

func (*Key) GetArmoredPublicKeyWithCustomHeaders added in v2.1.0

func (key *Key) GetArmoredPublicKeyWithCustomHeaders(comment, version string) (string, error)

GetArmoredPublicKeyWithCustomHeaders returns the armored public key as a string, with the given headers. Empty parameters are omitted from the headers.

func (*Key) GetEntity added in v2.1.0

func (key *Key) GetEntity() *openpgp.Entity

GetEntity gets x/crypto Entity object.

func (*Key) GetFingerprint

func (key *Key) GetFingerprint() string

GetFingerprint gets the fingerprint from the key.

func (*Key) GetHexKeyID

func (key *Key) GetHexKeyID() string

GetHexKeyID returns the key ID, hex encoded as a string.

func (*Key) GetKeyID

func (key *Key) GetKeyID() uint64

GetKeyID returns the key ID, encoded as 8-byte int.

func (*Key) GetPublicKey

func (key *Key) GetPublicKey() (b []byte, err error)

GetPublicKey returns the unarmored public keys from this keyring.

func (*Key) GetSHA256Fingerprints added in v2.0.1

func (key *Key) GetSHA256Fingerprints() (fingerprints []string)

GetSHA256Fingerprints computes the SHA256 fingerprints of the key and subkeys.

func (*Key) IsExpired

func (key *Key) IsExpired() bool

IsExpired checks whether the key is expired.

func (*Key) IsLocked

func (key *Key) IsLocked() (bool, error)

IsLocked checks if a private key is locked.

func (*Key) IsPrivate

func (key *Key) IsPrivate() bool

IsPrivate returns true if the key is private.

func (*Key) IsRevoked added in v2.3.0

func (key *Key) IsRevoked() bool

IsRevoked checks whether the key or the primary identity has a valid revocation signature.

func (*Key) IsUnlocked

func (key *Key) IsUnlocked() (bool, error)

IsUnlocked checks if a private key is unlocked.

func (*Key) Lock

func (key *Key) Lock(passphrase []byte) (*Key, error)

Lock locks a copy of the key.

func (*Key) PrintFingerprints

func (key *Key) PrintFingerprints()

PrintFingerprints is a debug helper function that prints the key and subkey fingerprints.

Example
keyringKey, _ := NewKeyFromArmored(readTestFile("keyring_publicKey", false))
keyringKey.PrintFingerprints()
Output:

SubKey:37e4bcf09b36e34012d10c0247dc67b5cb8267f6
PrimaryKey:6e8ba229b0cccaf6962f97953eb6259edf21df24

func (*Key) Serialize

func (key *Key) Serialize() ([]byte, error)

func (*Key) ToPublic added in v2.1.0

func (key *Key) ToPublic() (publicKey *Key, err error)

ToPublic returns the corresponding public key of the given private key.

func (*Key) Unlock

func (key *Key) Unlock(passphrase []byte) (*Key, error)

Unlock unlocks a copy of the key.

type KeyRing

type KeyRing struct {

	// FirstKeyID as obtained from API to match salt
	FirstKeyID string
	// contains filtered or unexported fields
}

KeyRing contains multiple private and public keys.

func FilterExpiredKeys

func FilterExpiredKeys(contactKeys []*KeyRing) (filteredKeys []*KeyRing, err error)

FilterExpiredKeys takes a given KeyRing list and it returns only those KeyRings which contain at least, one unexpired Key. It returns only unexpired parts of these KeyRings.

func NewKeyRing

func NewKeyRing(key *Key) (*KeyRing, error)

NewKeyRing creates a new KeyRing, empty if key is nil.

func (*KeyRing) AddKey

func (keyRing *KeyRing) AddKey(key *Key) error

AddKey adds the given key to the keyring.

func (*KeyRing) CanEncrypt added in v2.1.8

func (keyRing *KeyRing) CanEncrypt() bool

CanEncrypt returns true if any of the keys in the keyring can be used for encryption.

func (*KeyRing) CanVerify added in v2.1.8

func (keyRing *KeyRing) CanVerify() bool

CanVerify returns true if any of the keys in the keyring can be used for verification.

func (*KeyRing) ClearPrivateParams

func (keyRing *KeyRing) ClearPrivateParams()

func (*KeyRing) Copy

func (keyRing *KeyRing) Copy() (*KeyRing, error)

Copy creates a deep copy of the keyring.

func (*KeyRing) CountDecryptionEntities

func (keyRing *KeyRing) CountDecryptionEntities() int

CountDecryptionEntities returns the number of entities in the keyring.

func (*KeyRing) CountEntities

func (keyRing *KeyRing) CountEntities() int

CountEntities returns the number of entities in the keyring.

func (*KeyRing) Decrypt

func (keyRing *KeyRing) Decrypt(
	message *PGPMessage, verifyKey *KeyRing, verifyTime int64,
) (*PlainMessage, error)

Decrypt decrypts encrypted string using pgp keys, returning a PlainMessage * message : The encrypted input as a PGPMessage * verifyKey : Public key for signature verification (optional) * verifyTime : Time at verification (necessary only if verifyKey is not nil)

When verifyKey is not provided, then verifyTime should be zero, and signature verification will be ignored.

func (*KeyRing) DecryptAttachment

func (keyRing *KeyRing) DecryptAttachment(message *PGPSplitMessage) (*PlainMessage, error)

DecryptAttachment takes a PGPSplitMessage, containing a session key packet and symmetrically encrypted data and returns a decrypted PlainMessage Specifically designed for attachments rather than text messages.

func (*KeyRing) DecryptMIMEMessage

func (keyRing *KeyRing) DecryptMIMEMessage(
	message *PGPMessage, verifyKey *KeyRing, callbacks MIMECallbacks, verifyTime int64,
)

DecryptMIMEMessage decrypts a MIME message.

func (*KeyRing) DecryptSessionKey

func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)

DecryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.

func (*KeyRing) DecryptSplitStream added in v2.2.0

func (keyRing *KeyRing) DecryptSplitStream(
	keypacket []byte,
	dataPacketReader Reader,
	verifyKeyRing *KeyRing, verifyTime int64,
) (plainMessage *PlainMessageReader, err error)

DecryptSplitStream is used to decrypt a split pgp message as a Reader. It takes a key packet and a reader for the data packet and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.

func (*KeyRing) DecryptStream added in v2.2.0

func (keyRing *KeyRing) DecryptStream(
	message Reader,
	verifyKeyRing *KeyRing,
	verifyTime int64,
) (plainMessage *PlainMessageReader, err error)

DecryptStream is used to decrypt a pgp message as a Reader. It takes a reader for the message data and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.

func (*KeyRing) Encrypt

func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)

Encrypt encrypts a PlainMessage, outputs a PGPMessage. If an unlocked private key is also provided it will also sign the message. * message : The plaintext input as a PlainMessage. * privateKey : (optional) an unlocked private keyring to include signature in the message.

func (*KeyRing) EncryptAttachment

func (keyRing *KeyRing) EncryptAttachment(message *PlainMessage, filename string) (*PGPSplitMessage, error)

EncryptAttachment encrypts a file given a PlainMessage and a filename. If given a filename it will override the information in the PlainMessage object. Returns a PGPSplitMessage containing a session key packet and symmetrically encrypted data. Specifically designed for attachments rather than text messages.

func (*KeyRing) EncryptSessionKey

func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error)

EncryptSessionKey encrypts the session key with the unarmored publicKey and returns a binary public-key encrypted session key packet.

func (*KeyRing) EncryptSplitStream added in v2.2.0

func (keyRing *KeyRing) EncryptSplitStream(
	dataPacketWriter Writer,
	plainMessageMetadata *PlainMessageMetadata,
	signKeyRing *KeyRing,
) (*EncryptSplitResult, error)

EncryptSplitStream is used to encrypt data as a stream. It takes a writer for the Symmetrically Encrypted Data Packet (https://datatracker.ietf.org/doc/html/rfc4880#section-5.7) and returns a writer for the plaintext data and the key packet. If signKeyRing is not nil, it is used to do an embedded signature.

func (*KeyRing) EncryptStream added in v2.2.0

func (keyRing *KeyRing) EncryptStream(
	pgpMessageWriter Writer,
	plainMessageMetadata *PlainMessageMetadata,
	signKeyRing *KeyRing,
) (plainMessageWriter WriteCloser, err error)

EncryptStream is used to encrypt data as a Writer. It takes a writer for the encrypted data and returns a WriteCloser for the plaintext data If signKeyRing is not nil, it is used to do an embedded signature.

func (*KeyRing) EncryptWithCompression added in v2.1.0

func (keyRing *KeyRing) EncryptWithCompression(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)

EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage using public/private keys. * message : The plain data as a PlainMessage. * privateKey : (optional) an unlocked private keyring to include signature in the message. * output : The encrypted data as PGPMessage.

func (*KeyRing) FirstKey

func (keyRing *KeyRing) FirstKey() (*KeyRing, error)

FirstKey returns a KeyRing with only the first key of the original one.

func (*KeyRing) GetIdentities

func (keyRing *KeyRing) GetIdentities() []*Identity

GetIdentities returns the list of identities associated with this key ring.

func (*KeyRing) GetKey

func (keyRing *KeyRing) GetKey(n int) (*Key, error)

GetKey returns the n-th openpgp key contained in this KeyRing.

func (*KeyRing) GetKeyIDs

func (keyRing *KeyRing) GetKeyIDs() []uint64

GetKeyIDs returns array of IDs of keys in this KeyRing.

func (*KeyRing) GetKeys

func (keyRing *KeyRing) GetKeys() []*Key

GetKeys returns openpgp keys contained in this KeyRing.

func (*KeyRing) GetVerifiedSignatureTimestamp added in v2.4.0

func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, signature *PGPSignature, verifyTime int64) (int64, error)

GetVerifiedSignatureTimestamp verifies a PlainMessage with a detached PGPSignature returns the creation time of the signature if it succeeds and returns a SignatureVerificationError if fails.

func (*KeyRing) NewLowMemoryAttachmentProcessor

func (keyRing *KeyRing) NewLowMemoryAttachmentProcessor(
	estimatedSize int, filename string,
) (*AttachmentProcessor, error)

NewLowMemoryAttachmentProcessor creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and filename as hints about the file. It is optimized for low-memory environments and collects garbage every megabyte.

func (*KeyRing) NewManualAttachmentProcessor added in v2.1.7

func (keyRing *KeyRing) NewManualAttachmentProcessor(
	estimatedSize int, filename string, dataBuffer []byte,
) (*ManualAttachmentProcessor, error)

NewManualAttachmentProcessor creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and filename as hints about the file and a buffer to hold the DataPacket. It is optimized for low-memory environments and collects garbage every megabyte. The buffer for the data packet must be manually allocated by the caller. Make sure that the dataBuffer is large enough to hold the whole data packet otherwise Finish() will return an error.

func (*KeyRing) SignDetached

func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error)

SignDetached generates and returns a PGPSignature for a given PlainMessage.

func (*KeyRing) SignDetachedEncrypted added in v2.1.4

func (keyRing *KeyRing) SignDetachedEncrypted(message *PlainMessage, encryptionKeyRing *KeyRing) (encryptedSignature *PGPMessage, err error)

SignDetachedEncrypted generates and returns a PGPMessage containing an encrypted detached signature for a given PlainMessage.

func (*KeyRing) SignDetachedEncryptedStream added in v2.2.0

func (keyRing *KeyRing) SignDetachedEncryptedStream(
	message Reader,
	encryptionKeyRing *KeyRing,
) (encryptedSignature *PGPMessage, err error)

SignDetachedEncryptedStream generates and returns a PGPMessage containing an encrypted detached signature for a given message Reader.

func (*KeyRing) SignDetachedStream added in v2.2.0

func (keyRing *KeyRing) SignDetachedStream(message Reader) (*PGPSignature, error)

SignDetachedStream generates and returns a PGPSignature for a given message Reader.

func (*KeyRing) VerifyDetached

func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error

VerifyDetached verifies a PlainMessage with a detached PGPSignature and returns a SignatureVerificationError if fails.

func (*KeyRing) VerifyDetachedEncrypted added in v2.1.4

func (keyRing *KeyRing) VerifyDetachedEncrypted(message *PlainMessage, encryptedSignature *PGPMessage, decryptionKeyRing *KeyRing, verifyTime int64) error

VerifyDetachedEncrypted verifies a PlainMessage with a PGPMessage containing an encrypted detached signature and returns a SignatureVerificationError if fails.

func (*KeyRing) VerifyDetachedEncryptedStream added in v2.2.0

func (keyRing *KeyRing) VerifyDetachedEncryptedStream(
	message Reader,
	encryptedSignature *PGPMessage,
	decryptionKeyRing *KeyRing,
	verifyTime int64,
) error

VerifyDetachedEncryptedStream verifies a PlainMessage with a PGPMessage containing an encrypted detached signature and returns a SignatureVerificationError if fails.

func (*KeyRing) VerifyDetachedStream added in v2.2.0

func (keyRing *KeyRing) VerifyDetachedStream(
	message Reader,
	signature *PGPSignature,
	verifyTime int64,
) error

VerifyDetachedStream verifies a message reader with a detached PGPSignature and returns a SignatureVerificationError if fails.

type MIMECallbacks

type MIMECallbacks interface {
	OnBody(body string, mimetype string)
	OnAttachment(headers string, data []byte)
	// Encrypted headers can be in an attachment and thus be placed at the end of the mime structure.
	OnEncryptedHeaders(headers string)
	OnVerified(verified int)
	OnError(err error)
}

MIMECallbacks defines callback methods to process a MIME message.

type ManualAttachmentProcessor added in v2.1.7

type ManualAttachmentProcessor struct {
	// contains filtered or unexported fields
}

ManualAttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files). With this processor, the caller has to first allocate a buffer large enough to hold the whole data packet.

func (*ManualAttachmentProcessor) Finish added in v2.1.7

func (ap *ManualAttachmentProcessor) Finish() error

Finish tells the processor to finalize encryption.

func (*ManualAttachmentProcessor) GetDataLength added in v2.1.7

func (ap *ManualAttachmentProcessor) GetDataLength() int

GetDataLength returns the number of bytes in the DataPacket. This should be called only after Finish() has been called.

func (*ManualAttachmentProcessor) GetKeyPacket added in v2.1.7

func (ap *ManualAttachmentProcessor) GetKeyPacket() []byte

GetKeyPacket returns the key packet for the attachment. This should be called only after Finish() has been called.

func (*ManualAttachmentProcessor) Process added in v2.1.7

func (ap *ManualAttachmentProcessor) Process(plainData []byte) error

Process writes attachment data to be encrypted.

type PGPMessage

type PGPMessage struct {
	// The content of the message
	Data []byte
}

PGPMessage stores a PGP-encrypted message.

func EncryptMessageWithPassword

func EncryptMessageWithPassword(message *PlainMessage, password []byte) (*PGPMessage, error)

EncryptMessageWithPassword encrypts a PlainMessage to PGPMessage with a SymmetricKey. * message : The plain data as a PlainMessage. * password: A password that will be derived into an encryption key. * output : The encrypted data as PGPMessage.

func NewPGPMessage

func NewPGPMessage(data []byte) *PGPMessage

NewPGPMessage generates a new PGPMessage from the unarmored binary data.

func NewPGPMessageFromArmored

func NewPGPMessageFromArmored(armored string) (*PGPMessage, error)

NewPGPMessageFromArmored generates a new PGPMessage from an armored string ready for decryption.

func (*PGPMessage) GetArmored

func (msg *PGPMessage) GetArmored() (string, error)

GetArmored returns the armored message as a string.

func (*PGPMessage) GetArmoredWithCustomHeaders added in v2.1.0

func (msg *PGPMessage) GetArmoredWithCustomHeaders(comment, version string) (string, error)

GetArmoredWithCustomHeaders returns the armored message as a string, with the given headers. Empty parameters are omitted from the headers.

func (*PGPMessage) GetBinary

func (msg *PGPMessage) GetBinary() []byte

GetBinary returns the unarmored binary content of the message as a []byte.

func (*PGPMessage) GetEncryptionKeyIDs added in v2.1.0

func (msg *PGPMessage) GetEncryptionKeyIDs() ([]uint64, bool)

GetEncryptionKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPMessage) GetHexEncryptionKeyIDs added in v2.1.0

func (msg *PGPMessage) GetHexEncryptionKeyIDs() ([]string, bool)

GetHexEncryptionKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPMessage) GetHexSignatureKeyIDs added in v2.1.0

func (msg *PGPMessage) GetHexSignatureKeyIDs() ([]string, bool)

GetHexSignatureKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPMessage) GetSignatureKeyIDs added in v2.1.0

func (msg *PGPMessage) GetSignatureKeyIDs() ([]uint64, bool)

GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.

func (*PGPMessage) NewReader

func (msg *PGPMessage) NewReader() io.Reader

NewReader returns a New io.Reader for the unarmored binary data of the message.

func (*PGPMessage) SeparateKeyAndData

func (msg *PGPMessage) SeparateKeyAndData(_ int, _ int) (*PGPSplitMessage, error)

SeparateKeyAndData splits the message into key and data packet(s). Parameters are for backwards compatibility and are unused. Deprecated: use SplitMessage().

func (*PGPMessage) SplitMessage added in v2.4.5

func (msg *PGPMessage) SplitMessage() (*PGPSplitMessage, error)

SplitMessage splits the message into key and data packet(s). Parameters are for backwards compatibility and are unused.

type PGPSignature

type PGPSignature struct {
	// The content of the signature
	Data []byte
}

PGPSignature stores a PGP-encoded detached signature.

func NewPGPSignature

func NewPGPSignature(data []byte) *PGPSignature

NewPGPSignature generates a new PGPSignature from the unarmored binary data.

func NewPGPSignatureFromArmored

func NewPGPSignatureFromArmored(armored string) (*PGPSignature, error)

NewPGPSignatureFromArmored generates a new PGPSignature from the armored string ready for verification.

func (*PGPSignature) GetArmored

func (sig *PGPSignature) GetArmored() (string, error)

GetArmored returns the armored signature as a string.

func (*PGPSignature) GetBinary

func (sig *PGPSignature) GetBinary() []byte

GetBinary returns the unarmored binary content of the signature as a []byte.

func (*PGPSignature) GetHexSignatureKeyIDs added in v2.1.0

func (sig *PGPSignature) GetHexSignatureKeyIDs() ([]string, bool)

GetHexSignatureKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPSignature) GetSignatureKeyIDs added in v2.1.0

func (sig *PGPSignature) GetSignatureKeyIDs() ([]uint64, bool)

GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.

type PGPSplitMessage

type PGPSplitMessage struct {
	DataPacket []byte
	KeyPacket  []byte
}

PGPSplitMessage contains a separate session key packet and symmetrically encrypted data packet.

func NewPGPSplitMessage

func NewPGPSplitMessage(keyPacket []byte, dataPacket []byte) *PGPSplitMessage

NewPGPSplitMessage generates a new PGPSplitMessage from the binary unarmored keypacket, datapacket, and encryption algorithm.

func NewPGPSplitMessageFromArmored

func NewPGPSplitMessageFromArmored(encrypted string) (*PGPSplitMessage, error)

NewPGPSplitMessageFromArmored generates a new PGPSplitMessage by splitting an armored message into its session key packet and symmetrically encrypted data packet.

func (*PGPSplitMessage) GetArmored

func (msg *PGPSplitMessage) GetArmored() (string, error)

GetArmored returns the armored message as a string, with joined data and key packets.

func (*PGPSplitMessage) GetBinary

func (msg *PGPSplitMessage) GetBinary() []byte

GetBinary returns the unarmored binary joined packets as a []byte.

func (*PGPSplitMessage) GetBinaryDataPacket

func (msg *PGPSplitMessage) GetBinaryDataPacket() []byte

GetBinaryDataPacket returns the unarmored binary datapacket as a []byte.

func (*PGPSplitMessage) GetBinaryKeyPacket

func (msg *PGPSplitMessage) GetBinaryKeyPacket() []byte

GetBinaryKeyPacket returns the unarmored binary keypacket as a []byte.

func (*PGPSplitMessage) GetPGPMessage

func (msg *PGPSplitMessage) GetPGPMessage() *PGPMessage

GetPGPMessage joins asymmetric session key packet with the symmetric data packet to obtain a PGP message.

type PlainMessage

type PlainMessage struct {
	// The content of the message
	Data []byte
	// If the content is text or binary
	TextType bool
	// The file's latest modification time
	Time uint32
	// The encrypted message's filename
	Filename string
}

PlainMessage stores a plain text / unencrypted message.

func DecryptMessageWithPassword

func DecryptMessageWithPassword(message *PGPMessage, password []byte) (*PlainMessage, error)

DecryptMessageWithPassword decrypts password protected pgp binary messages. * encrypted: The encrypted data as PGPMessage. * password: A password that will be derived into an encryption key. * output: The decrypted data as PlainMessage.

func NewPlainMessage

func NewPlainMessage(data []byte) *PlainMessage

NewPlainMessage generates a new binary PlainMessage ready for encryption, signature, or verification from the unencrypted binary data. This will encrypt the message with the binary flag and preserve the file as is.

func NewPlainMessageFromFile added in v2.1.0

func NewPlainMessageFromFile(data []byte, filename string, time uint32) *PlainMessage

NewPlainMessageFromFile generates a new binary PlainMessage ready for encryption, signature, or verification from the unencrypted binary data. This will encrypt the message with the binary flag and preserve the file as is. It assigns a filename and a modification time.

func NewPlainMessageFromString

func NewPlainMessageFromString(text string) *PlainMessage

NewPlainMessageFromString generates a new text PlainMessage, ready for encryption, signature, or verification from an unencrypted string. This will encrypt the message with the text flag, canonicalize the line endings (i.e. set all of them to \r\n) and strip the trailing spaces for each line. This allows seamless conversion to clear text signed messages (see RFC 4880 5.2.1 and 7.1).

func (*PlainMessage) GetBase64

func (msg *PlainMessage) GetBase64() string

GetBase64 returns the base-64 encoded binary content of the message as a string.

func (*PlainMessage) GetBinary

func (msg *PlainMessage) GetBinary() []byte

GetBinary returns the binary content of the message as a []byte.

func (*PlainMessage) GetFilename added in v2.1.0

func (msg *PlainMessage) GetFilename() string

GetFilename returns the file name of the message as a string.

func (*PlainMessage) GetString

func (msg *PlainMessage) GetString() string

GetString returns the content of the message as a string.

func (*PlainMessage) GetTime added in v2.1.0

func (msg *PlainMessage) GetTime() uint32

GetTime returns the modification time of a file (if provided in the ciphertext).

func (*PlainMessage) IsBinary

func (msg *PlainMessage) IsBinary() bool

IsBinary returns whether the message is a binary message.

func (*PlainMessage) IsText

func (msg *PlainMessage) IsText() bool

IsText returns whether the message is a text message.

func (*PlainMessage) NewReader

func (msg *PlainMessage) NewReader() io.Reader

NewReader returns a New io.Reader for the binary data of the message.

type PlainMessageMetadata added in v2.2.0

type PlainMessageMetadata struct {
	IsBinary bool
	Filename string
	ModTime  int64
}

func NewPlainMessageMetadata added in v2.2.0

func NewPlainMessageMetadata(isBinary bool, filename string, modTime int64) *PlainMessageMetadata

type PlainMessageReader added in v2.2.0

type PlainMessageReader struct {
	// contains filtered or unexported fields
}

PlainMessageReader is used to wrap the data of the decrypted plain message. It can be used to read the decrypted data and verify the embedded signature.

func (*PlainMessageReader) GetMetadata added in v2.2.0

func (msg *PlainMessageReader) GetMetadata() *PlainMessageMetadata

GetMetadata returns the metadata of the decrypted message.

func (*PlainMessageReader) Read added in v2.2.0

func (msg *PlainMessageReader) Read(b []byte) (n int, err error)

Read is used to access the message decrypted data. Makes PlainMessageReader implement the Reader interface.

func (*PlainMessageReader) VerifySignature added in v2.2.0

func (msg *PlainMessageReader) VerifySignature() (err error)

VerifySignature is used to verify that the signature is valid. This method needs to be called once all the data has been read. It will return an error if the signature is invalid or if the message hasn't been read entirely.

type Reader added in v2.2.0

type Reader interface {
	Read(b []byte) (n int, err error)
}

type SessionKey

type SessionKey struct {
	// The decrypted binary session key.
	Key []byte
	// The symmetric encryption algorithm used with this key.
	Algo string
}

SessionKey stores a decrypted session key.

func DecryptSessionKeyWithPassword

func DecryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, error)

DecryptSessionKeyWithPassword decrypts the binary symmetrically encrypted session key packet and returns the session key.

func GenerateSessionKey

func GenerateSessionKey() (*SessionKey, error)

GenerateSessionKey generates a random key for the default cipher.

func GenerateSessionKeyAlgo

func GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error)

GenerateSessionKeyAlgo generates a random key of the correct length for the specified algorithm.

func NewSessionKeyFromToken

func NewSessionKeyFromToken(token []byte, algo string) *SessionKey

func (*SessionKey) Clear

func (sk *SessionKey) Clear() (ok bool)

func (*SessionKey) Decrypt

func (sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error)

Decrypt decrypts pgp data packets using directly a session key. * encrypted: PGPMessage. * output: PlainMessage.

func (*SessionKey) DecryptAndVerify added in v2.1.8

func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64) (*PlainMessage, error)

DecryptAndVerify decrypts pgp data packets using directly a session key and verifies embedded signatures. * encrypted: PGPMessage. * verifyKeyRing: KeyRing with verification public keys * verifyTime: when should the signature be valid, as timestamp. If 0 time verification is disabled. * output: PlainMessage.

func (*SessionKey) DecryptStream added in v2.2.0

func (sk *SessionKey) DecryptStream(
	dataPacketReader Reader,
	verifyKeyRing *KeyRing,
	verifyTime int64,
) (plainMessage *PlainMessageReader, err error)

DecryptStream is used to decrypt a data packet as a Reader. It takes a reader for the data packet and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.

func (*SessionKey) Encrypt

func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error)

Encrypt encrypts a PlainMessage to PGPMessage with a SessionKey. * message : The plain data as a PlainMessage. * output : The encrypted data as PGPMessage.

func (*SessionKey) EncryptAndSign added in v2.1.8

func (sk *SessionKey) EncryptAndSign(message *PlainMessage, signKeyRing *KeyRing) ([]byte, error)

EncryptAndSign encrypts a PlainMessage to PGPMessage with a SessionKey and signs it with a Private key. * message : The plain data as a PlainMessage. * signKeyRing: The KeyRing to sign the message * output : The encrypted data as PGPMessage.

func (*SessionKey) EncryptStream added in v2.2.0

func (sk *SessionKey) EncryptStream(
	dataPacketWriter Writer,
	plainMessageMetadata *PlainMessageMetadata,
	signKeyRing *KeyRing,
) (plainMessageWriter WriteCloser, err error)

EncryptStream is used to encrypt data as a Writer. It takes a writer for the encrypted data packet and returns a writer for the plaintext data. If signKeyRing is not nil, it is used to do an embedded signature.

func (*SessionKey) EncryptWithCompression added in v2.1.0

func (sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error)

EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage with a SessionKey. * message : The plain data as a PlainMessage. * output : The encrypted data as PGPMessage.

func (*SessionKey) GetBase64Key

func (sk *SessionKey) GetBase64Key() string

GetBase64Key returns the session key as base64 encoded string.

func (*SessionKey) GetCipherFunc

func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error)

GetCipherFunc returns the cipher function corresponding to the algorithm used with this SessionKey.

type SignatureCollector

type SignatureCollector struct {
	// contains filtered or unexported fields
}

SignatureCollector structure.

func (*SignatureCollector) Accept

func (sc *SignatureCollector) Accept(
	part io.Reader, header textproto.MIMEHeader,
	hasPlainSibling, isFirst, isLast bool,
) (err error)

Accept collects the signature.

func (SignatureCollector) GetSignature

func (sc SignatureCollector) GetSignature() string

GetSignature collected by Accept.

type SignatureVerificationError

type SignatureVerificationError struct {
	Status  int
	Message string
}

SignatureVerificationError is returned from Decrypt and VerifyDetached functions when signature verification fails.

func (SignatureVerificationError) Error

Error is the base method for all errors.

type WriteCloser added in v2.2.0

type WriteCloser interface {
	Write(b []byte) (n int, err error)
	Close() (err error)
}

type Writer added in v2.2.0

type Writer interface {
	Write(b []byte) (n int, err error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL