Documentation

Overview

    Package openpgp implements high level operations on OpenPGP messages.

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var PrivateKeyType = "PGP PRIVATE KEY BLOCK"

      PrivateKeyType is the armor type for a PGP private key.

      View Source
      var PublicKeyType = "PGP PUBLIC KEY BLOCK"

        PublicKeyType is the armor type for a PGP public key.

        View Source
        var SignatureType = "PGP SIGNATURE"

          SignatureType is the armor type for a PGP signature.

          Functions

          func ArmoredDetachSign

          func ArmoredDetachSign(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) (err error)

            ArmoredDetachSign signs message with the private key from signer (which must already have been decrypted) and writes an armored signature to w. If config is nil, sensible defaults will be used.

            func ArmoredDetachSignText

            func ArmoredDetachSignText(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) error

              ArmoredDetachSignText signs message (after canonicalising the line endings) with the private key from signer (which must already have been decrypted) and writes an armored signature to w. If config is nil, sensible defaults will be used.

              func DetachSign

              func DetachSign(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) error

                DetachSign signs message with the private key from signer (which must already have been decrypted) and writes the signature to w. If config is nil, sensible defaults will be used.

                func DetachSignText

                func DetachSignText(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) error

                  DetachSignText signs message (after canonicalising the line endings) with the private key from signer (which must already have been decrypted) and writes the signature to w. If config is nil, sensible defaults will be used.

                  func Encrypt

                  func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error)

                    Encrypt encrypts a message to a number of recipients and, optionally, signs it. hints contains optional information, that is also encrypted, that aids the recipients in processing the message. The resulting WriteCloser must be closed after the contents of the file have been written. If config is nil, sensible defaults will be used.

                    func NewCanonicalTextHash

                    func NewCanonicalTextHash(h hash.Hash) hash.Hash

                      NewCanonicalTextHash reformats text written to it into the canonical form and then applies the hash h. See RFC 4880, section 5.2.1.

                      func Sign

                      func Sign(output io.Writer, signed *Entity, hints *FileHints, config *packet.Config) (input io.WriteCloser, err error)

                        Sign signs a message. The resulting WriteCloser must be closed after the contents of the file have been written. hints contains optional information that aids the recipients in processing the message. If config is nil, sensible defaults will be used.

                        func SymmetricallyEncrypt

                        func SymmetricallyEncrypt(ciphertext io.Writer, passphrase []byte, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error)

                          SymmetricallyEncrypt acts like gpg -c: it encrypts a file with a passphrase. The resulting WriteCloser must be closed after the contents of the file have been written. If config is nil, sensible defaults will be used.

                          Types

                          type Entity

                          type Entity struct {
                          	PrimaryKey  *packet.PublicKey
                          	PrivateKey  *packet.PrivateKey
                          	Identities  map[string]*Identity // indexed by Identity.Name
                          	Revocations []*packet.Signature
                          	Subkeys     []Subkey
                          }

                            An Entity represents the components of an OpenPGP key: a primary public key (which must be a signing key), one or more identities claimed by that key, and zero or more subkeys, which may be encryption keys.

                            func CheckArmoredDetachedSignature

                            func CheckArmoredDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error)

                              CheckArmoredDetachedSignature performs the same actions as CheckDetachedSignature but expects the signature to be armored.

                              func CheckDetachedSignature

                              func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error)

                                CheckDetachedSignature takes a signed file and a detached signature and returns the signer if the signature is valid. If the signer isn't known, ErrUnknownIssuer is returned.

                                func NewEntity

                                func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error)

                                  NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a single identity composed of the given full name, comment and email, any of which may be empty but must not contain any of "()<>\x00". If config is nil, sensible defaults will be used.

                                  func ReadEntity

                                  func ReadEntity(packets *packet.Reader) (*Entity, error)

                                    ReadEntity reads an entity (public key, identities, subkeys etc) from the given Reader.

                                    func (*Entity) Serialize

                                    func (e *Entity) Serialize(w io.Writer) error

                                      Serialize writes the public part of the given Entity to w, including signatures from other entities. No private key material will be output.

                                      func (*Entity) SerializePrivate

                                      func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error)

                                        SerializePrivate serializes an Entity, including private key material, but excluding signatures from other entities, to the given Writer. Identities and subkeys are re-signed in case they changed since NewEntry. If config is nil, sensible defaults will be used.

                                        func (*Entity) SignIdentity

                                        func (e *Entity) SignIdentity(identity string, signer *Entity, config *packet.Config) error

                                          SignIdentity adds a signature to e, from signer, attesting that identity is associated with e. The provided identity must already be an element of e.Identities and the private key of signer must have been decrypted if necessary. If config is nil, sensible defaults will be used.

                                          type EntityList

                                          type EntityList []*Entity

                                            An EntityList contains one or more Entities.

                                            func ReadArmoredKeyRing

                                            func ReadArmoredKeyRing(r io.Reader) (EntityList, error)

                                              ReadArmoredKeyRing reads one or more public/private keys from an armor keyring file.

                                              func ReadKeyRing

                                              func ReadKeyRing(r io.Reader) (el EntityList, err error)

                                                ReadKeyRing reads one or more public/private keys. Unsupported keys are ignored as long as at least a single valid key is found.

                                                func (EntityList) DecryptionKeys

                                                func (el EntityList) DecryptionKeys() (keys []Key)

                                                  DecryptionKeys returns all private keys that are valid for decryption.

                                                  func (EntityList) KeysById

                                                  func (el EntityList) KeysById(id uint64) (keys []Key)

                                                    KeysById returns the set of keys that have the given key id.

                                                    func (EntityList) KeysByIdUsage

                                                    func (el EntityList) KeysByIdUsage(id uint64, requiredUsage byte) (keys []Key)

                                                      KeysByIdAndUsage returns the set of keys with the given id that also meet the key usage given by requiredUsage. The requiredUsage is expressed as the bitwise-OR of packet.KeyFlag* values.

                                                      type FileHints

                                                      type FileHints struct {
                                                      	// IsBinary can be set to hint that the contents are binary data.
                                                      	IsBinary bool
                                                      	// FileName hints at the name of the file that should be written. It's
                                                      	// truncated to 255 bytes if longer. It may be empty to suggest that the
                                                      	// file should not be written to disk. It may be equal to "_CONSOLE" to
                                                      	// suggest the data should not be written to disk.
                                                      	FileName string
                                                      	// ModTime contains the modification time of the file, or the zero time if not applicable.
                                                      	ModTime time.Time
                                                      }

                                                        FileHints contains metadata about encrypted files. This metadata is, itself, encrypted.

                                                        type Identity

                                                        type Identity struct {
                                                        	Name          string // by convention, has the form "Full Name (comment) <email@example.com>"
                                                        	UserId        *packet.UserId
                                                        	SelfSignature *packet.Signature
                                                        	Signatures    []*packet.Signature
                                                        }

                                                          An Identity represents an identity claimed by an Entity and zero or more assertions by other entities about that claim.

                                                          type Key

                                                          type Key struct {
                                                          	Entity        *Entity
                                                          	PublicKey     *packet.PublicKey
                                                          	PrivateKey    *packet.PrivateKey
                                                          	SelfSignature *packet.Signature
                                                          }

                                                            A Key identifies a specific public key in an Entity. This is either the Entity's primary key or a subkey.

                                                            type KeyRing

                                                            type KeyRing interface {
                                                            	// KeysById returns the set of keys that have the given key id.
                                                            	KeysById(id uint64) []Key
                                                            	// KeysByIdAndUsage returns the set of keys with the given id
                                                            	// that also meet the key usage given by requiredUsage.
                                                            	// The requiredUsage is expressed as the bitwise-OR of
                                                            	// packet.KeyFlag* values.
                                                            	KeysByIdUsage(id uint64, requiredUsage byte) []Key
                                                            	// DecryptionKeys returns all private keys that are valid for
                                                            	// decryption.
                                                            	DecryptionKeys() []Key
                                                            }

                                                              A KeyRing provides access to public and private keys.

                                                              type MessageDetails

                                                              type MessageDetails struct {
                                                              	IsEncrypted              bool                // true if the message was encrypted.
                                                              	EncryptedToKeyIds        []uint64            // the list of recipient key ids.
                                                              	IsSymmetricallyEncrypted bool                // true if a passphrase could have decrypted the message.
                                                              	DecryptedWith            Key                 // the private key used to decrypt the message, if any.
                                                              	IsSigned                 bool                // true if the message is signed.
                                                              	SignedByKeyId            uint64              // the key id of the signer, if any.
                                                              	SignedBy                 *Key                // the key of the signer, if available.
                                                              	LiteralData              *packet.LiteralData // the metadata of the contents
                                                              	UnverifiedBody           io.Reader           // the contents of the message.
                                                              
                                                              	// If IsSigned is true and SignedBy is non-zero then the signature will
                                                              	// be verified as UnverifiedBody is read. The signature cannot be
                                                              	// checked until the whole of UnverifiedBody is read so UnverifiedBody
                                                              	// must be consumed until EOF before the data can be trusted. Even if a
                                                              	// message isn't signed (or the signer is unknown) the data may contain
                                                              	// an authentication code that is only checked once UnverifiedBody has
                                                              	// been consumed. Once EOF has been seen, the following fields are
                                                              	// valid. (An authentication code failure is reported as a
                                                              	// SignatureError error when reading from UnverifiedBody.)
                                                              	SignatureError error               // nil if the signature is good.
                                                              	Signature      *packet.Signature   // the signature packet itself, if v4 (default)
                                                              	SignatureV3    *packet.SignatureV3 // the signature packet if it is a v2 or v3 signature
                                                              	// contains filtered or unexported fields
                                                              }

                                                                MessageDetails contains the result of parsing an OpenPGP encrypted and/or signed message.

                                                                func ReadMessage

                                                                func ReadMessage(r io.Reader, keyring KeyRing, prompt PromptFunction, config *packet.Config) (md *MessageDetails, err error)

                                                                  ReadMessage parses an OpenPGP message that may be signed and/or encrypted. The given KeyRing should contain both public keys (for signature verification) and, possibly encrypted, private keys for decrypting. If config is nil, sensible defaults will be used.

                                                                  type PromptFunction

                                                                  type PromptFunction func(keys []Key, symmetric bool) ([]byte, error)

                                                                    A PromptFunction is used as a callback by functions that may need to decrypt a private key, or prompt for a passphrase. It is called with a list of acceptable, encrypted private keys and a boolean that indicates whether a passphrase is usable. It should either decrypt a private key or return a passphrase to try. If the decrypted private key or given passphrase isn't correct, the function will be called again, forever. Any error returned will be passed up.

                                                                    type Subkey

                                                                    type Subkey struct {
                                                                    	PublicKey  *packet.PublicKey
                                                                    	PrivateKey *packet.PrivateKey
                                                                    	Sig        *packet.Signature
                                                                    }

                                                                      A Subkey is an additional public key in an Entity. Subkeys can be used for encryption.

                                                                      Directories

                                                                      Path Synopsis
                                                                      Package armor implements OpenPGP ASCII Armor, see RFC 4880.
                                                                      Package armor implements OpenPGP ASCII Armor, see RFC 4880.
                                                                      Package clearsign generates and processes OpenPGP, clear-signed data.
                                                                      Package clearsign generates and processes OpenPGP, clear-signed data.
                                                                      Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
                                                                      Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
                                                                      Package errors contains common error types for the OpenPGP packages.
                                                                      Package errors contains common error types for the OpenPGP packages.
                                                                      Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
                                                                      Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
                                                                      Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.
                                                                      Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.