crypto

package
v2.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2021 License: MIT Imports: 36 Imported by: 0

Documentation

Overview

Package crypto provides a high-level API for common OpenPGP functionality.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncryptSessionKeyWithPassword 

func EncryptSessionKeyWithPassword(sk *SessionKey, password []byte) ([]byte, error)

EncryptSessionKeyWithPassword encrypts the session key with the password and returns a binary symmetrically encrypted session key packet.

func GetTime 

func GetTime() time.Time

GetTime gets latest cached time.

func GetUnixTime 

func GetUnixTime() int64

GetUnixTime gets latest cached time.

func IsPGPMessage 

func IsPGPMessage(data string) bool

IsPGPMessage checks if data if has armored PGP message format.

func RandomToken 

func RandomToken(size int) ([]byte, error)

RandomToken generates a random token with the specified key size.

func SetKeyGenerationOffset 

func SetKeyGenerationOffset(offset int64)

SetKeyGenerationOffset updates the offset when generating keys.

func UpdateTime 

func UpdateTime(newTime int64)

UpdateTime updates cached time.

Types

type AttachmentProcessor 

type AttachmentProcessor struct {
	// contains filtered or unexported fields
}

AttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files).

func (*AttachmentProcessor) Finish 

func (ap *AttachmentProcessor) Finish() (*PGPSplitMessage, error)

Finish closes the attachment and returns the encrypted data.

func (*AttachmentProcessor) Process 

func (ap *AttachmentProcessor) Process(plainData []byte)

Process writes attachment data to be encrypted.

type ClearTextMessage 

type ClearTextMessage struct {
	Data      []byte
	Signature []byte
}

A ClearTextMessage is a signed but not encrypted PGP message, i.e. the ones beginning with -----BEGIN PGP SIGNED MESSAGE-----.

func NewClearTextMessage 

func NewClearTextMessage(data []byte, signature []byte) *ClearTextMessage

NewClearTextMessage generates a new ClearTextMessage from data and signature.

func NewClearTextMessageFromArmored 

func NewClearTextMessageFromArmored(signedMessage string) (*ClearTextMessage, error)

NewClearTextMessageFromArmored returns the message body and unarmored signature from a clearsigned message.

func (*ClearTextMessage) GetArmored 

func (msg *ClearTextMessage) GetArmored() (string, error)

GetArmored armors plaintext and signature with the PGP SIGNED MESSAGE armoring.

func (*ClearTextMessage) GetBinary 

func (msg *ClearTextMessage) GetBinary() []byte

GetBinary returns the unarmored signed data as a []byte.

func (*ClearTextMessage) GetBinarySignature 

func (msg *ClearTextMessage) GetBinarySignature() []byte

GetBinarySignature returns the unarmored binary signature as a []byte.

func (*ClearTextMessage) GetString 

func (msg *ClearTextMessage) GetString() string

GetString returns the unarmored signed data as a string.

type EncryptSplitResult 

type EncryptSplitResult struct {
	// contains filtered or unexported fields
}

EncryptSplitResult is used to wrap the encryption writecloser while storing the key packet.

func (*EncryptSplitResult) Close 

func (res *EncryptSplitResult) Close() (err error)

func (*EncryptSplitResult) GetKeyPacket 

func (res *EncryptSplitResult) GetKeyPacket() (keyPacket []byte, err error)

GetKeyPacket returns the Public-Key Encrypted Session Key Packets (https://datatracker.ietf.org/doc/html/rfc4880#section-5.1). This can be retrieved only after the message has been fully written and the writer is closed.

func (*EncryptSplitResult) Write 

func (res *EncryptSplitResult) Write(b []byte) (n int, err error)

type GopenPGP 

type GopenPGP struct {
	// contains filtered or unexported fields
}

GopenPGP is used as a "namespace" for many of the functions in this package. It is a struct that keeps track of time skew between server and client.

type Identity 

type Identity struct {
	Name  string
	Email string
}

Identity contains the name and the email of a key holder.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key contains a single private or public key.

func GenerateKey 

func GenerateKey(name, email string, keyType string, bits int) (*Key, error)

GenerateKey generates a key of the given keyType ("rsa" or "x25519"). If keyType is "rsa", bits is the RSA bitsize of the key. If keyType is "x25519" bits is unused.

func GenerateRSAKeyWithPrimes 

func GenerateRSAKeyWithPrimes(
	name, email string,
	bits int,
	primeone, primetwo, primethree, primefour []byte,
) (*Key, error)

GenerateRSAKeyWithPrimes generates a RSA key using the given primes.

func NewKey 

func NewKey(binKeys []byte) (key *Key, err error)

NewKey creates a new key from the first key in the unarmored binary data.

func NewKeyFromArmored 

func NewKeyFromArmored(armored string) (key *Key, err error)

NewKeyFromArmored creates a new key from the first key in an armored string.

func NewKeyFromArmoredReader 

func NewKeyFromArmoredReader(r io.Reader) (key *Key, err error)

NewKeyFromArmoredReader reads an armored data into a key.

func NewKeyFromEntity 

func NewKeyFromEntity(entity *openpgp.Entity) (*Key, error)

func NewKeyFromReader 

func NewKeyFromReader(r io.Reader) (key *Key, err error)

NewKeyFromReader reads binary data into a Key object.

func (*Key) Armor 

func (key *Key) Armor() (string, error)

Armor returns the armored key as a string with default gopenpgp headers.

func (*Key) ArmorWithCustomHeaders 

func (key *Key) ArmorWithCustomHeaders(comment, version string) (string, error)

ArmorWithCustomHeaders returns the armored key as a string, with the given headers. Empty parameters are omitted from the headers.

func (*Key) CanEncrypt 

func (key *Key) CanEncrypt() bool

CanEncrypt returns true if any of the subkeys can be used for encryption.

func (*Key) CanVerify 

func (key *Key) CanVerify() bool

CanVerify returns true if any of the subkeys can be used for verification.

func (*Key) Check 

func (key *Key) Check() (bool, error)

Check verifies if the public keys match the private key parameters by signing and verifying. Deprecated: all keys are now checked on parsing.

func (*Key) ClearPrivateParams 

func (key *Key) ClearPrivateParams() (ok bool)

func (*Key) Copy 

func (key *Key) Copy() (*Key, error)

Copy creates a deep copy of the key.

func (*Key) GetArmoredPublicKey 

func (key *Key) GetArmoredPublicKey() (s string, err error)

GetArmoredPublicKey returns the armored public keys from this keyring.

func (*Key) GetArmoredPublicKeyWithCustomHeaders 

func (key *Key) GetArmoredPublicKeyWithCustomHeaders(comment, version string) (string, error)

GetArmoredPublicKeyWithCustomHeaders returns the armored public key as a string, with the given headers. Empty parameters are omitted from the headers.

func (*Key) GetEntity 

func (key *Key) GetEntity() *openpgp.Entity

GetEntity gets x/crypto Entity object.

func (*Key) GetFingerprint 

func (key *Key) GetFingerprint() string

GetFingerprint gets the fingerprint from the key.

func (*Key) GetHexKeyID 

func (key *Key) GetHexKeyID() string

GetHexKeyID returns the key ID, hex encoded as a string.

func (*Key) GetKeyID 

func (key *Key) GetKeyID() uint64

GetKeyID returns the key ID, encoded as 8-byte int.

func (*Key) GetPublicKey 

func (key *Key) GetPublicKey() (b []byte, err error)

GetPublicKey returns the unarmored public keys from this keyring.

func (*Key) GetSHA256Fingerprints 

func (key *Key) GetSHA256Fingerprints() (fingerprints []string)

GetSHA256Fingerprints computes the SHA256 fingerprints of the key and subkeys.

func (*Key) IsExpired 

func (key *Key) IsExpired() bool

IsExpired checks whether the key is expired.

func (*Key) IsLocked 

func (key *Key) IsLocked() (bool, error)

IsLocked checks if a private key is locked.

func (*Key) IsPrivate 

func (key *Key) IsPrivate() bool

IsPrivate returns true if the key is private.

func (*Key) IsUnlocked 

func (key *Key) IsUnlocked() (bool, error)

IsUnlocked checks if a private key is unlocked.

func (*Key) Lock 

func (key *Key) Lock(passphrase []byte) (*Key, error)

Lock locks a copy of the key.

func (*Key) PrintFingerprints 

func (key *Key) PrintFingerprints()

PrintFingerprints is a debug helper function that prints the key and subkey fingerprints.

Example 
keyringKey, _ := NewKeyFromArmored(readTestFile("keyring_publicKey", false))
keyringKey.PrintFingerprints()

Output:

SubKey:37e4bcf09b36e34012d10c0247dc67b5cb8267f6
PrimaryKey:6e8ba229b0cccaf6962f97953eb6259edf21df24

func (*Key) Serialize 

func (key *Key) Serialize() ([]byte, error)

func (*Key) ToPublic 

func (key *Key) ToPublic() (publicKey *Key, err error)

ToPublic returns the corresponding public key of the given private key.

func (*Key) Unlock 

func (key *Key) Unlock(passphrase []byte) (*Key, error)

Unlock unlocks a copy of the key.

type KeyRing 

type KeyRing struct {

	// FirstKeyID as obtained from API to match salt
	FirstKeyID string
	// contains filtered or unexported fields
}

KeyRing contains multiple private and public keys.

func FilterExpiredKeys 

func FilterExpiredKeys(contactKeys []*KeyRing) (filteredKeys []*KeyRing, err error)

FilterExpiredKeys takes a given KeyRing list and it returns only those KeyRings which contain at least, one unexpired Key. It returns only unexpired parts of these KeyRings.

func NewKeyRing 

func NewKeyRing(key *Key) (*KeyRing, error)

NewKeyRing creates a new KeyRing, empty if key is nil.

func (*KeyRing) AddKey 

func (keyRing *KeyRing) AddKey(key *Key) error

AddKey adds the given key to the keyring.

func (*KeyRing) CanEncrypt 

func (keyRing *KeyRing) CanEncrypt() bool

CanEncrypt returns true if any of the keys in the keyring can be used for encryption.

func (*KeyRing) CanVerify 

func (keyRing *KeyRing) CanVerify() bool

CanVerify returns true if any of the keys in the keyring can be used for verification.

func (*KeyRing) ClearPrivateParams 

func (keyRing *KeyRing) ClearPrivateParams()

func (*KeyRing) Copy 

func (keyRing *KeyRing) Copy() (*KeyRing, error)

Copy creates a deep copy of the keyring.

func (*KeyRing) CountDecryptionEntities 

func (keyRing *KeyRing) CountDecryptionEntities() int

CountDecryptionEntities returns the number of entities in the keyring.

func (*KeyRing) CountEntities 

func (keyRing *KeyRing) CountEntities() int

CountEntities returns the number of entities in the keyring.

func (*KeyRing) Decrypt 

func (keyRing *KeyRing) Decrypt(
	message *PGPMessage, verifyKey *KeyRing, verifyTime int64,
) (*PlainMessage, error)

Decrypt decrypts encrypted string using pgp keys, returning a PlainMessage * message : The encrypted input as a PGPMessage * verifyKey : Public key for signature verification (optional) * verifyTime : Time at verification (necessary only if verifyKey is not nil)

When verifyKey is not provided, then verifyTime should be zero, and signature verification will be ignored.

func (*KeyRing) DecryptAttachment 

func (keyRing *KeyRing) DecryptAttachment(message *PGPSplitMessage) (*PlainMessage, error)

DecryptAttachment takes a PGPSplitMessage, containing a session key packet and symmetrically encrypted data and returns a decrypted PlainMessage Specifically designed for attachments rather than text messages.

func (*KeyRing) DecryptMIMEMessage 

func (keyRing *KeyRing) DecryptMIMEMessage(
	message *PGPMessage, verifyKey *KeyRing, callbacks MIMECallbacks, verifyTime int64,
)

DecryptMIMEMessage decrypts a MIME message.

func (*KeyRing) DecryptSessionKey 

func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)

DecryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.

func (*KeyRing) DecryptSplitStream 

func (keyRing *KeyRing) DecryptSplitStream(
	keypacket []byte,
	dataPacketReader Reader,
	verifyKeyRing *KeyRing, verifyTime int64,
) (plainMessage *PlainMessageReader, err error)

DecryptSplitStream is used to decrypt a split pgp message as a Reader. It takes a key packet and a reader for the data packet and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.

func (*KeyRing) DecryptStream 

func (keyRing *KeyRing) DecryptStream(
	message Reader,
	verifyKeyRing *KeyRing,
	verifyTime int64,
) (plainMessage *PlainMessageReader, err error)

DecryptStream is used to decrypt a pgp message as a Reader. It takes a reader for the message data and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.

func (*KeyRing) Encrypt 

func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)

Encrypt encrypts a PlainMessage, outputs a PGPMessage. If an unlocked private key is also provided it will also sign the message. * message : The plaintext input as a PlainMessage. * privateKey : (optional) an unlocked private keyring to include signature in the message.

func (*KeyRing) EncryptAttachment 

func (keyRing *KeyRing) EncryptAttachment(message *PlainMessage, filename string) (*PGPSplitMessage, error)

EncryptAttachment encrypts a file given a PlainMessage and a filename. If given a filename it will override the information in the PlainMessage object. Returns a PGPSplitMessage containing a session key packet and symmetrically encrypted data. Specifically designed for attachments rather than text messages.

func (*KeyRing) EncryptSessionKey 

func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error)

EncryptSessionKey encrypts the session key with the unarmored publicKey and returns a binary public-key encrypted session key packet.

func (*KeyRing) EncryptSplitStream 

func (keyRing *KeyRing) EncryptSplitStream(
	dataPacketWriter Writer,
	plainMessageMetadata *PlainMessageMetadata,
	signKeyRing *KeyRing,
) (*EncryptSplitResult, error)

EncryptSplitStream is used to encrypt data as a stream. It takes a writer for the Symmetrically Encrypted Data Packet (https://datatracker.ietf.org/doc/html/rfc4880#section-5.7) and returns a writer for the plaintext data and the key packet. If signKeyRing is not nil, it is used to do an embedded signature.

func (*KeyRing) EncryptStream 

func (keyRing *KeyRing) EncryptStream(
	pgpMessageWriter Writer,
	plainMessageMetadata *PlainMessageMetadata,
	signKeyRing *KeyRing,
) (plainMessageWriter WriteCloser, err error)

EncryptStream is used to encrypt data as a Writer. It takes a writer for the encrypted data and returns a WriteCloser for the plaintext data If signKeyRing is not nil, it is used to do an embedded signature.

func (*KeyRing) EncryptWithCompression 

func (keyRing *KeyRing) EncryptWithCompression(message *PlainMessage,
	privateKey *KeyRing,
	cipherFunction packet.CipherFunction,
	compressionAlgo packet.CompressionAlgo) (*PGPMessage, error)

EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage using public/private keys. * message : The plain data as a PlainMessage. * privateKey : (optional) an unlocked private keyring to include signature in the message. * output : The encrypted data as PGPMessage. * cipherFunction : The type of cipher * compressionAlgo : algo used for compression.

func (*KeyRing) FirstKey 

func (keyRing *KeyRing) FirstKey() (*KeyRing, error)

FirstKey returns a KeyRing with only the first key of the original one.

func (*KeyRing) GetIdentities 

func (keyRing *KeyRing) GetIdentities() []*Identity

GetIdentities returns the list of identities associated with this key ring.

func (*KeyRing) GetKey 

func (keyRing *KeyRing) GetKey(n int) (*Key, error)

GetKey returns the n-th openpgp key contained in this KeyRing.

func (*KeyRing) GetKeyIDs 

func (keyRing *KeyRing) GetKeyIDs() []uint64

GetKeyIDs returns array of IDs of keys in this KeyRing.

func (*KeyRing) GetKeys 

func (keyRing *KeyRing) GetKeys() []*Key

GetKeys returns openpgp keys contained in this KeyRing.

func (*KeyRing) NewLowMemoryAttachmentProcessor 

func (keyRing *KeyRing) NewLowMemoryAttachmentProcessor(
	estimatedSize int, filename string,
) (*AttachmentProcessor, error)

NewLowMemoryAttachmentProcessor creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and filename as hints about the file. It is optimized for low-memory environments and collects garbage every megabyte.

func (*KeyRing) NewManualAttachmentProcessor 

func (keyRing *KeyRing) NewManualAttachmentProcessor(
	estimatedSize int, filename string, dataBuffer []byte,
) (*ManualAttachmentProcessor, error)

NewManualAttachmentProcessor creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and filename as hints about the file and a buffer to hold the DataPacket. It is optimized for low-memory environments and collects garbage every megabyte. The buffer for the data packet must be manually allocated by the caller. Make sure that the dataBuffer is large enough to hold the whole data packet otherwise Finish() will return an error.

func (*KeyRing) SignDetached 

func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error)

SignDetached generates and returns a PGPSignature for a given PlainMessage.

func (*KeyRing) SignDetachedEncrypted 

func (keyRing *KeyRing) SignDetachedEncrypted(message *PlainMessage, encryptionKeyRing *KeyRing) (encryptedSignature *PGPMessage, err error)

SignDetachedEncrypted generates and returns a PGPMessage containing an encrypted detached signature for a given PlainMessage.

func (*KeyRing) SignDetachedEncryptedStream 

func (keyRing *KeyRing) SignDetachedEncryptedStream(
	message Reader,
	encryptionKeyRing *KeyRing,
) (encryptedSignature *PGPMessage, err error)

SignDetachedEncryptedStream generates and returns a PGPMessage containing an encrypted detached signature for a given message Reader.

func (*KeyRing) SignDetachedStream 

func (keyRing *KeyRing) SignDetachedStream(message Reader) (*PGPSignature, error)

SignDetachedStream generates and returns a PGPSignature for a given message Reader.

func (*KeyRing) VerifyDetached 

func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error

VerifyDetached verifies a PlainMessage with a detached PGPSignature and returns a SignatureVerificationError if fails.

func (*KeyRing) VerifyDetachedEncrypted 

func (keyRing *KeyRing) VerifyDetachedEncrypted(message *PlainMessage, encryptedSignature *PGPMessage, decryptionKeyRing *KeyRing, verifyTime int64) error

VerifyDetachedEncrypted verifies a PlainMessage with a PGPMessage containing an encrypted detached signature and returns a SignatureVerificationError if fails.

func (*KeyRing) VerifyDetachedEncryptedStream 

func (keyRing *KeyRing) VerifyDetachedEncryptedStream(
	message Reader,
	encryptedSignature *PGPMessage,
	decryptionKeyRing *KeyRing,
	verifyTime int64,
) error

VerifyDetachedEncryptedStream verifies a PlainMessage with a PGPMessage containing an encrypted detached signature and returns a SignatureVerificationError if fails.

func (*KeyRing) VerifyDetachedStream 

func (keyRing *KeyRing) VerifyDetachedStream(
	message Reader,
	signature *PGPSignature,
	verifyTime int64,
) error

VerifyDetachedStream verifies a message reader with a detached PGPSignature and returns a SignatureVerificationError if fails.

type MIMECallbacks 

type MIMECallbacks interface {
	OnBody(body string, mimetype string)
	OnAttachment(headers string, data []byte)
	// Encrypted headers can be in an attachment and thus be placed at the end of the mime structure.
	OnEncryptedHeaders(headers string)
	OnVerified(verified int)
	OnError(err error)
}

MIMECallbacks defines callback methods to process a MIME message.

type ManualAttachmentProcessor 

type ManualAttachmentProcessor struct {
	// contains filtered or unexported fields
}

ManualAttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files). With this processor, the caller has to first allocate a buffer large enough to hold the whole data packet.

func (*ManualAttachmentProcessor) Finish 

func (ap *ManualAttachmentProcessor) Finish() error

Finish tells the processor to finalize encryption.

func (*ManualAttachmentProcessor) GetDataLength 

func (ap *ManualAttachmentProcessor) GetDataLength() int

GetDataLength returns the number of bytes in the DataPacket. This should be called only after Finish() has been called.

func (*ManualAttachmentProcessor) GetKeyPacket 

func (ap *ManualAttachmentProcessor) GetKeyPacket() []byte

GetKeyPacket returns the key packet for the attachment. This should be called only after Finish() has been called.

func (*ManualAttachmentProcessor) Process 

func (ap *ManualAttachmentProcessor) Process(plainData []byte) error

Process writes attachment data to be encrypted.

type PGPMessage 

type PGPMessage struct {
	// The content of the message
	Data []byte
}

PGPMessage stores a PGP-encrypted message.

func EncryptMessageWithPassword 

func EncryptMessageWithPassword(message *PlainMessage, password []byte) (*PGPMessage, error)

EncryptMessageWithPassword encrypts a PlainMessage to PGPMessage with a SymmetricKey. * message : The plain data as a PlainMessage. * password: A password that will be derived into an encryption key. * output : The encrypted data as PGPMessage.

func NewPGPMessage 

func NewPGPMessage(data []byte) *PGPMessage

NewPGPMessage generates a new PGPMessage from the unarmored binary data.

func NewPGPMessageFromArmored 

func NewPGPMessageFromArmored(armored string) (*PGPMessage, error)

NewPGPMessageFromArmored generates a new PGPMessage from an armored string ready for decryption.

func (*PGPMessage) GetArmored 

func (msg *PGPMessage) GetArmored() (string, error)

GetArmored returns the armored message as a string.

func (*PGPMessage) GetArmoredWithCustomHeaders 

func (msg *PGPMessage) GetArmoredWithCustomHeaders(comment, version string) (string, error)

GetArmoredWithCustomHeaders returns the armored message as a string, with the given headers. Empty parameters are omitted from the headers.

func (*PGPMessage) GetBinary 

func (msg *PGPMessage) GetBinary() []byte

GetBinary returns the unarmored binary content of the message as a []byte.

func (*PGPMessage) GetEncryptionKeyIDs 

func (msg *PGPMessage) GetEncryptionKeyIDs() ([]uint64, bool)

GetEncryptionKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPMessage) GetHexEncryptionKeyIDs 

func (msg *PGPMessage) GetHexEncryptionKeyIDs() ([]string, bool)

GetHexEncryptionKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPMessage) GetHexSignatureKeyIDs 

func (msg *PGPMessage) GetHexSignatureKeyIDs() ([]string, bool)

GetHexSignatureKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPMessage) GetSignatureKeyIDs 

func (msg *PGPMessage) GetSignatureKeyIDs() ([]uint64, bool)

GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.

func (*PGPMessage) NewReader 

func (msg *PGPMessage) NewReader() io.Reader

NewReader returns a New io.Reader for the unarmored binary data of the message.

func (*PGPMessage) SeparateKeyAndData 

func (msg *PGPMessage) SeparateKeyAndData(estimatedLength, garbageCollector int) (outSplit *PGPSplitMessage, err error)

SeparateKeyAndData returns the first keypacket and the (hopefully unique) dataPacket (not verified). * estimatedLength is the estimate length of the message. * garbageCollector > 0 activates the garbage collector.

type PGPSignature 

type PGPSignature struct {
	// The content of the signature
	Data []byte
}

PGPSignature stores a PGP-encoded detached signature.

func NewPGPSignature 

func NewPGPSignature(data []byte) *PGPSignature

NewPGPSignature generates a new PGPSignature from the unarmored binary data.

func NewPGPSignatureFromArmored 

func NewPGPSignatureFromArmored(armored string) (*PGPSignature, error)

NewPGPSignatureFromArmored generates a new PGPSignature from the armored string ready for verification.

func (*PGPSignature) GetArmored 

func (msg *PGPSignature) GetArmored() (string, error)

GetArmored returns the armored signature as a string.

func (*PGPSignature) GetBinary 

func (msg *PGPSignature) GetBinary() []byte

GetBinary returns the unarmored binary content of the signature as a []byte.

func (*PGPSignature) GetHexSignatureKeyIDs 

func (msg *PGPSignature) GetHexSignatureKeyIDs() ([]string, bool)

GetHexSignatureKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPSignature) GetSignatureKeyIDs 

func (msg *PGPSignature) GetSignatureKeyIDs() ([]uint64, bool)

GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.

type PGPSplitMessage 

type PGPSplitMessage struct {
	DataPacket []byte
	KeyPacket  []byte
}

PGPSplitMessage contains a separate session key packet and symmetrically encrypted data packet.

func NewPGPSplitMessage 

func NewPGPSplitMessage(keyPacket []byte, dataPacket []byte) *PGPSplitMessage

NewPGPSplitMessage generates a new PGPSplitMessage from the binary unarmored keypacket, datapacket, and encryption algorithm.

func NewPGPSplitMessageFromArmored 

func NewPGPSplitMessageFromArmored(encrypted string) (*PGPSplitMessage, error)

NewPGPSplitMessageFromArmored generates a new PGPSplitMessage by splitting an armored message into its session key packet and symmetrically encrypted data packet.

func (*PGPSplitMessage) GetArmored 

func (msg *PGPSplitMessage) GetArmored() (string, error)

GetArmored returns the armored message as a string, with joined data and key packets.

func (*PGPSplitMessage) GetBinary 

func (msg *PGPSplitMessage) GetBinary() []byte

GetBinary returns the unarmored binary joined packets as a []byte.

func (*PGPSplitMessage) GetBinaryDataPacket 

func (msg *PGPSplitMessage) GetBinaryDataPacket() []byte

GetBinaryDataPacket returns the unarmored binary datapacket as a []byte.

func (*PGPSplitMessage) GetBinaryKeyPacket 

func (msg *PGPSplitMessage) GetBinaryKeyPacket() []byte

GetBinaryKeyPacket returns the unarmored binary keypacket as a []byte.

func (*PGPSplitMessage) GetPGPMessage 

func (msg *PGPSplitMessage) GetPGPMessage() *PGPMessage

GetPGPMessage joins asymmetric session key packet with the symmetric data packet to obtain a PGP message.

type PlainMessage 

type PlainMessage struct {
	// The content of the message
	Data []byte
	// If the content is text or binary
	TextType bool
	// The file's latest modification time
	Time uint32
	// The encrypted message's filename
	Filename string
}

PlainMessage stores a plain text / unencrypted message.

func DecryptMessageWithPassword 

func DecryptMessageWithPassword(message *PGPMessage, password []byte) (*PlainMessage, error)

DecryptMessageWithPassword decrypts password protected pgp binary messages. * encrypted: The encrypted data as PGPMessage. * password: A password that will be derived into an encryption key. * output: The decrypted data as PlainMessage.

func NewPlainMessage 

func NewPlainMessage(data []byte) *PlainMessage

NewPlainMessage generates a new binary PlainMessage ready for encryption, signature, or verification from the unencrypted binary data. This will encrypt the message with the binary flag and preserve the file as is.

func NewPlainMessageFromFile 

func NewPlainMessageFromFile(data []byte, filename string, time uint32) *PlainMessage

NewPlainMessageFromFile generates a new binary PlainMessage ready for encryption, signature, or verification from the unencrypted binary data. This will encrypt the message with the binary flag and preserve the file as is. It assigns a filename and a modification time.

func NewPlainMessageFromString 

func NewPlainMessageFromString(text string) *PlainMessage

NewPlainMessageFromString generates a new text PlainMessage, ready for encryption, signature, or verification from an unencrypted string. This will encrypt the message with the text flag, canonicalize the line endings (i.e. set all of them to \r\n) and strip the trailing spaces for each line. This allows seamless conversion to clear text signed messages (see RFC 4880 5.2.1 and 7.1).

func (*PlainMessage) GetBase64 

func (msg *PlainMessage) GetBase64() string

GetBase64 returns the base-64 encoded binary content of the message as a string.

func (*PlainMessage) GetBinary 

func (msg *PlainMessage) GetBinary() []byte

GetBinary returns the binary content of the message as a []byte.

func (*PlainMessage) GetFilename 

func (msg *PlainMessage) GetFilename() string

GetFilename returns the file name of the message as a string.

func (*PlainMessage) GetString 

func (msg *PlainMessage) GetString() string

GetString returns the content of the message as a string.

func (*PlainMessage) GetTime 

func (msg *PlainMessage) GetTime() uint32

GetTime returns the modification time of a file (if provided in the ciphertext).

func (*PlainMessage) IsBinary 

func (msg *PlainMessage) IsBinary() bool

IsBinary returns whether the message is a binary message.

func (*PlainMessage) IsText 

func (msg *PlainMessage) IsText() bool

IsText returns whether the message is a text message.

func (*PlainMessage) NewReader 

func (msg *PlainMessage) NewReader() io.Reader

NewReader returns a New io.Reader for the binary data of the message.

type PlainMessageMetadata 

type PlainMessageMetadata struct {
	IsBinary bool
	Filename string
	ModTime  int64
}

func NewPlainMessageMetadata 

func NewPlainMessageMetadata(isBinary bool, filename string, modTime int64) *PlainMessageMetadata

type PlainMessageReader 

type PlainMessageReader struct {
	// contains filtered or unexported fields
}

PlainMessageReader is used to wrap the data of the decrypted plain message. It can be used to read the decrypted data and verify the embedded signature.

func (*PlainMessageReader) GetMetadata 

func (msg *PlainMessageReader) GetMetadata() *PlainMessageMetadata

GetMetadata returns the metadata of the decrypted message.

func (*PlainMessageReader) Read 

func (msg *PlainMessageReader) Read(b []byte) (n int, err error)

Read is used to access the message decrypted data. Makes PlainMessageReader implement the Reader interface.

func (*PlainMessageReader) VerifySignature 

func (msg *PlainMessageReader) VerifySignature() (err error)

VerifySignature is used to verify that the signature is valid. This method needs to be called once all the data has been read. It will return an error if the signature is invalid or if the message hasn't been read entirely.

type Reader 

type Reader interface {
	Read(b []byte) (n int, err error)
}

type SessionKey 

type SessionKey struct {
	// The decrypted binary session key.
	Key []byte
	// The symmetric encryption algorithm used with this key.
	Algo string
}

SessionKey stores a decrypted session key.

func DecryptSessionKeyWithPassword 

func DecryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, error)

DecryptSessionKeyWithPassword decrypts the binary symmetrically encrypted session key packet and returns the session key.

func GenerateSessionKey 

func GenerateSessionKey() (*SessionKey, error)

GenerateSessionKey generates a random key for the default cipher.

func GenerateSessionKeyAlgo 

func GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error)

GenerateSessionKeyAlgo generates a random key of the correct length for the specified algorithm.

func NewSessionKeyFromToken 

func NewSessionKeyFromToken(token []byte, algo string) *SessionKey

func (*SessionKey) Clear 

func (sk *SessionKey) Clear() (ok bool)

func (*SessionKey) Decrypt 

func (sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error)

Decrypt decrypts pgp data packets using directly a session key. * encrypted: PGPMessage. * output: PlainMessage.

func (*SessionKey) DecryptAndVerify 

func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64) (*PlainMessage, error)

DecryptAndVerify decrypts pgp data packets using directly a session key and verifies embedded signatures. * encrypted: PGPMessage. * verifyKeyRing: KeyRing with verification public keys * verifyTime: when should the signature be valid, as timestamp. If 0 time verification is disabled. * output: PlainMessage.

func (*SessionKey) DecryptStream 

func (sk *SessionKey) DecryptStream(
	dataPacketReader Reader,
	verifyKeyRing *KeyRing,
	verifyTime int64,
) (plainMessage *PlainMessageReader, err error)

DecryptStream is used to decrypt a data packet as a Reader. It takes a reader for the data packet and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.

func (*SessionKey) Encrypt 

func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error)

Encrypt encrypts a PlainMessage to PGPMessage with a SessionKey. * message : The plain data as a PlainMessage. * output : The encrypted data as PGPMessage.

func (*SessionKey) EncryptAndSign 

func (sk *SessionKey) EncryptAndSign(message *PlainMessage, signKeyRing *KeyRing) ([]byte, error)

EncryptAndSign encrypts a PlainMessage to PGPMessage with a SessionKey and signs it with a Private key. * message : The plain data as a PlainMessage. * signKeyRing: The KeyRing to sign the message * output : The encrypted data as PGPMessage.

func (*SessionKey) EncryptStream 

func (sk *SessionKey) EncryptStream(
	dataPacketWriter Writer,
	plainMessageMetadata *PlainMessageMetadata,
	signKeyRing *KeyRing,
) (plainMessageWriter WriteCloser, err error)

EncryptStream is used to encrypt data as a Writer. It takes a writer for the encrypted data packet and returns a writer for the plaintext data. If signKeyRing is not nil, it is used to do an embedded signature.

func (*SessionKey) EncryptWithCompression 

func (sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error)

EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage with a SessionKey. * message : The plain data as a PlainMessage. * output : The encrypted data as PGPMessage.

func (*SessionKey) GetBase64Key 

func (sk *SessionKey) GetBase64Key() string

GetBase64Key returns the session key as base64 encoded string.

func (*SessionKey) GetCipherFunc 

func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error)

GetCipherFunc returns the cipher function corresponding to the algorithm used with this SessionKey.

type SignatureCollector 

type SignatureCollector struct {
	// contains filtered or unexported fields
}

SignatureCollector structure.

func (*SignatureCollector) Accept 

func (sc *SignatureCollector) Accept(
	part io.Reader, header textproto.MIMEHeader,
	hasPlainSibling, isFirst, isLast bool,
) (err error)

Accept collects the signature.

func (SignatureCollector) GetSignature 

func (sc SignatureCollector) GetSignature() string

GetSignature collected by Accept.

type SignatureVerificationError 

type SignatureVerificationError struct {
	Status  int
	Message string
}

SignatureVerificationError is returned from Decrypt and VerifyDetached functions when signature verification fails.

func (SignatureVerificationError) Error 

func (e SignatureVerificationError) Error() string

Error is the base method for all errors.

type WriteCloser 

type WriteCloser interface {
	Write(b []byte) (n int, err error)
	Close() (err error)
}

type Writer 

type Writer interface {
	Write(b []byte) (n int, err error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.