Documentation

Overview

    Package pgp contains an implementation of the go.mozilla.org/sops.MasterKey interface that encrypts and decrypts the data key by first trying with the golang.org/x/crypto/openpgp package and if that fails, by calling the "gpg" binary.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    This section is empty.

    Types

    type MasterKey

    type MasterKey struct {
    	Fingerprint  string
    	EncryptedKey string
    	CreationDate time.Time
    }

      MasterKey is a PGP key used to securely store sops' data key by encrypting it and decrypting it

      func MasterKeysFromFingerprintString

      func MasterKeysFromFingerprintString(fingerprint string) []*MasterKey

        MasterKeysFromFingerprintString takes a comma separated list of PGP fingerprints and returns a slice of new MasterKeys with those fingerprints

        func NewMasterKeyFromFingerprint

        func NewMasterKeyFromFingerprint(fingerprint string) *MasterKey

          NewMasterKeyFromFingerprint takes a PGP fingerprint and returns a new MasterKey with that fingerprint

          func (*MasterKey) Decrypt

          func (key *MasterKey) Decrypt() ([]byte, error)

            Decrypt uses PGP to obtain the data key from the EncryptedKey store in the MasterKey and returns it

            func (*MasterKey) Encrypt

            func (key *MasterKey) Encrypt(dataKey []byte) error

              Encrypt encrypts the data key with the PGP key with the same fingerprint as the MasterKey. It looks for PGP public keys in $PGPHOME/pubring.gpg.

              func (*MasterKey) EncryptIfNeeded

              func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

                EncryptIfNeeded encrypts the data key with PGP only if it's needed, that is, if it hasn't been encrypted already

                func (*MasterKey) EncryptedDataKey

                func (key *MasterKey) EncryptedDataKey() []byte

                  EncryptedDataKey returns the encrypted data key this master key holds

                  func (*MasterKey) NeedsRotation

                  func (key *MasterKey) NeedsRotation() bool

                    NeedsRotation returns whether the data key needs to be rotated or not

                    func (*MasterKey) SetEncryptedDataKey

                    func (key *MasterKey) SetEncryptedDataKey(enc []byte)

                      SetEncryptedDataKey sets the encrypted data key for this master key

                      func (MasterKey) ToMap

                      func (key MasterKey) ToMap() map[string]interface{}

                        ToMap converts the MasterKey into a map for serialization purposes

                        func (*MasterKey) ToString

                        func (key *MasterKey) ToString() string

                          ToString returns the string representation of the key, i.e. its fingerprint

                          Source Files