plugin

package

v1.1.1 Latest Latest Go to latest Published: Jan 13, 2026 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/arouene/age-plugin-keystore

Links

Open Source Insights

Documentation ¶

Overview ¶

Package plugin implements the age plugin identity and recipient types for the keystore plugin.

Index ¶

Constants
func GenerateIdentity() (*Identity, *Recipient, error)
type Identity
type Recipient
- func NewRecipientFromPublicKey(keyID string, publicKey *age.X25519Recipient) *Recipient
- func ParseRecipient(s string) (*Recipient, error)

Constants ¶

View Source

const (
	// PluginName is the name of this plugin.
	PluginName = "keystore"
	// RecipientHRP is the human-readable part for keystore recipients.
	RecipientHRP = "age1keystore"
	// IdentityHRP is the human-readable part for keystore identities.
	IdentityHRP = "age-plugin-keystore-"
	// KeystoreStanzaType is the stanza type for keystore recipients.
	KeystoreStanzaType = "keystore"
)

Variables ¶

This section is empty.

Functions ¶

func GenerateIdentity ¶

func GenerateIdentity() (*Identity, *Recipient, error)

GenerateIdentity generates a new X25519 key pair and stores it in the keystore. Returns the identity and recipient.

Types ¶

type Identity ¶

type Identity struct {
	// contains filtered or unexported fields
}

Identity represents a keystore identity that retrieves the private key from the GNOME Keyring.

func GenerateSeparateIdentity ¶ added in v1.1.0

func GenerateSeparateIdentity() (*Identity, string, error)

GenerateSeparateIdentity generates a new X25519 key pair and stores it in the keystore. Unlike GenerateIdentity, this returns a standard age public key (age1...) instead of a keystore recipient (age1keystore1...). This allows the public key to be used independently of the plugin for encryption.

func NewIdentity ¶

func NewIdentity(keyID string) (*Identity, error)

NewIdentity creates a new keystore identity from a key ID.

func ParseIdentity ¶

func ParseIdentity(s string) (*Identity, error)

ParseIdentity parses a keystore identity string.

func (*Identity) KeyID ¶

func (i *Identity) KeyID() string

KeyID returns the key ID for this identity.

func (*Identity) Recipient ¶

func (i *Identity) Recipient() (*Recipient, error)

Recipient returns the recipient for this identity.

func (*Identity) String ¶

func (i *Identity) String() string

String returns the bech32-encoded identity string. Panics if encoding fails (should never happen with valid keyID).

func (*Identity) Unwrap ¶

func (i *Identity) Unwrap(stanzas []*age.Stanza) ([]byte, error)

Unwrap implements the age.Identity interface. It first tries to unwrap keystore-specific stanzas (which contain the key ID), then falls back to standard X25519 stanzas for compatibility with separate identity mode.

type Recipient ¶

type Recipient struct {
	// contains filtered or unexported fields
}

Recipient represents a keystore recipient.

func NewRecipientFromPublicKey ¶

func NewRecipientFromPublicKey(keyID string, publicKey *age.X25519Recipient) *Recipient

NewRecipientFromPublicKey creates a new recipient from a keyID and public key.

func ParseRecipient ¶

func ParseRecipient(s string) (*Recipient, error)

ParseRecipient parses a keystore recipient string.

func (*Recipient) KeyID ¶

func (r *Recipient) KeyID() string

KeyID returns the key ID for this recipient.

func (*Recipient) String ¶

func (r *Recipient) String() string

String returns the string representation of the recipient. Panics if encoding fails (should never happen with valid data).

func (*Recipient) Wrap ¶

func (r *Recipient) Wrap(fileKey []byte) ([]*age.Stanza, error)

Wrap implements the age.Recipient interface. It creates a keystore-specific stanza that includes the key ID.

Source Files ¶

View all Source files

plugin.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL