Documentation ¶
Overview ¶
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
Index ¶
- Constants
- Variables
- func BoolPointer(value bool) *bool
- func DecryptPrivateKeys(keys []*PrivateKey, passphrase []byte) error
- func EncryptPrivateKeys(keys []*PrivateKey, passphrase []byte, config *Config) error
- func NewErrMalformedMessage(from State, input InputSymbol, stackSymbol StackSymbol) errors.ErrMalformedMessage
- func NewOCFBDecrypter(block cipher.Block, prefix []byte, resync OCFBResyncOption) cipher.Stream
- func NewOCFBEncrypter(block cipher.Block, randData []byte, resync OCFBResyncOption) (cipher.Stream, []byte)
- func SaltLengthForHash(hash crypto.Hash) (int, error)
- func SerializeCompressed(w io.WriteCloser, algo CompressionAlgo, cc *CompressionConfig) (literaldata io.WriteCloser, err error)
- func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, ...) error
- func SerializeEncryptedKeyAEAD(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, aeadSupported bool, ...) error
- func SerializeEncryptedKeyAEADwithHiddenOption(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, aeadSupported bool, ...) error
- func SerializeEncryptedKeyWithHiddenOption(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, ...) error
- func SerializeLiteral(w io.WriteCloser, isBinary bool, fileName string, time uint32) (plaintext io.WriteCloser, err error)
- func SerializeMarker(writer io.Writer) error
- func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error)
- func SerializeSymmetricKeyEncryptedAEADReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, aeadSupported bool, ...) (err error)
- func SerializeSymmetricKeyEncryptedReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, config *Config) (err error)
- func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, aeadSupported bool, cipherSuite CipherSuite, ...) (Contents io.WriteCloser, err error)
- func SignatureSaltForHash(hash crypto.Hash, randReader io.Reader) ([]byte, error)
- func VerifyHashTag(signed hash.Hash, sig *Signature) (err error)
- type AEADConfig
- type AEADEncrypted
- type AEADMode
- type CheckReader
- type CipherFunction
- type CipherSuite
- type Compressed
- type CompressionAlgo
- type CompressionConfig
- type Config
- func (c *Config) AEAD() *AEADConfig
- func (c *Config) AllowDecryptionWithSigningKeys() bool
- func (c *Config) AllowUnauthenticatedMessages() bool
- func (c *Config) Cipher() CipherFunction
- func (c *Config) Compression() CompressionAlgo
- func (c *Config) CurveName() Curve
- func (c *Config) Hash() crypto.Hash
- func (c *Config) IntendedRecipients() bool
- func (c *Config) KeyLifetime() uint32
- func (c *Config) KnownNotation(notationName string) bool
- func (c *Config) MinimumRSABits() uint16
- func (c *Config) Notations() []*Notation
- func (c *Config) Now() time.Time
- func (c *Config) PasswordHashIterations() intdeprecated
- func (c *Config) PublicKeyAlgorithm() PublicKeyAlgorithm
- func (c *Config) RSAModulusBits() int
- func (c *Config) Random() io.Reader
- func (c *Config) RandomizeSignaturesViaNotation() bool
- func (c *Config) RejectCurve(curve Curve) bool
- func (c *Config) RejectHashAlgorithm(hash crypto.Hash) bool
- func (c *Config) RejectMessageHashAlgorithm(hash crypto.Hash) bool
- func (c *Config) RejectPublicKeyAlgorithm(alg PublicKeyAlgorithm) bool
- func (c *Config) RetrieveSessionKey() bool
- func (c *Config) S2K() *s2k.Config
- func (c *Config) SigLifetime() uint32
- func (c *Config) SigningKey() uint64
- func (c *Config) SigningUserId() string
- func (c *Config) StrictPacketSequence() bool
- func (c *Config) V6() bool
- type Curve
- type EncryptedDataPacket
- type EncryptedKey
- type InputSymbol
- type LiteralData
- type Marker
- type Notation
- type OCFBResyncOption
- type OnePassSignature
- type OpaquePacket
- type OpaqueReader
- type OpaqueSubpacket
- type Packet
- type PacketReader
- type Padding
- type PrivateKey
- func NewDSAPrivateKey(creationTime time.Time, priv *dsa.PrivateKey) *PrivateKey
- func NewDecrypterPrivateKey(creationTime time.Time, decrypter interface{}) *PrivateKey
- func NewECDHPrivateKey(creationTime time.Time, priv *ecdh.PrivateKey) *PrivateKey
- func NewECDSAPrivateKey(creationTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey
- func NewEd25519PrivateKey(creationTime time.Time, priv *ed25519.PrivateKey) *PrivateKey
- func NewEd448PrivateKey(creationTime time.Time, priv *ed448.PrivateKey) *PrivateKey
- func NewEdDSAPrivateKey(creationTime time.Time, priv *eddsa.PrivateKey) *PrivateKey
- func NewElGamalPrivateKey(creationTime time.Time, priv *elgamal.PrivateKey) *PrivateKey
- func NewRSAPrivateKey(creationTime time.Time, priv *rsa.PrivateKey) *PrivateKey
- func NewSignerPrivateKey(creationTime time.Time, signer interface{}) *PrivateKey
- func NewX25519PrivateKey(creationTime time.Time, priv *x25519.PrivateKey) *PrivateKey
- func NewX448PrivateKey(creationTime time.Time, priv *x448.PrivateKey) *PrivateKey
- type PublicKey
- func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey
- func NewECDHPublicKey(creationTime time.Time, pub *ecdh.PublicKey) *PublicKey
- func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey
- func NewEd25519PublicKey(creationTime time.Time, pub *ed25519.PublicKey) *PublicKey
- func NewEd448PublicKey(creationTime time.Time, pub *ed448.PublicKey) *PublicKey
- func NewEdDSAPublicKey(creationTime time.Time, pub *eddsa.PublicKey) *PublicKey
- func NewElGamalPublicKey(creationTime time.Time, pub *elgamal.PublicKey) *PublicKey
- func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey
- func NewX25519PublicKey(creationTime time.Time, pub *x25519.PublicKey) *PublicKey
- func NewX448PublicKey(creationTime time.Time, pub *x448.PublicKey) *PublicKey
- func (pk *PublicKey) BitLength() (bitLength uint16, err error)
- func (pk *PublicKey) CanSign() bool
- func (pk *PublicKey) Curve() (curve Curve, err error)
- func (pk *PublicKey) KeyExpired(sig *Signature, currentTime time.Time) bool
- func (pk *PublicKey) KeyIdShortString() string
- func (pk *PublicKey) KeyIdString() string
- func (pk *PublicKey) Serialize(w io.Writer) (err error)
- func (pk *PublicKey) SerializeForHash(w io.Writer) error
- func (pk *PublicKey) SerializeSignaturePrefix(w io.Writer) error
- func (pk *PublicKey) UpgradeToV5()
- func (pk *PublicKey) UpgradeToV6() error
- func (pk *PublicKey) VerifyDirectKeySignature(sig *Signature) (err error)
- func (pk *PublicKey) VerifyKeyHashTag(signed *PublicKey, sig *Signature) error
- func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) error
- func (pk *PublicKey) VerifyRevocationHashTag(sig *Signature) (err error)
- func (pk *PublicKey) VerifyRevocationSignature(sig *Signature) (err error)
- func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err error)
- func (pk *PublicKey) VerifySubkeyRevocationSignature(sig *Signature, signed *PublicKey) (err error)
- func (pk *PublicKey) VerifyUserIdHashTag(id string, sig *Signature) (err error)
- func (pk *PublicKey) VerifyUserIdSignature(id string, pub *PublicKey, sig *Signature) (err error)
- type PublicKeyAlgorithm
- type Reader
- type ReasonForRevocation
- type Recipient
- type S2KType
- type SequenceVerifier
- type Signature
- func (sig *Signature) AddMetadataToHashSuffix()
- func (sig *Signature) CheckKeyIdOrFingerprint(pk *PublicKey) bool
- func (sig *Signature) CheckKeyIdOrFingerprintExplicit(fingerprint []byte, keyId uint64) bool
- func (sig *Signature) CrossSignKey(pub *PublicKey, hashKey *PublicKey, signingKey *PrivateKey, config *Config) error
- func (sig *Signature) PrepareSign(config *Config) (hash.Hash, error)
- func (sig *Signature) PrepareVerify() (hash.Hash, error)
- func (sig *Signature) RevokeKey(pub *PublicKey, priv *PrivateKey, config *Config) error
- func (sig *Signature) RevokeSubkey(pub *PublicKey, priv *PrivateKey, config *Config) error
- func (sig *Signature) Salt() []byte
- func (sig *Signature) Serialize(w io.Writer) (err error)
- func (sig *Signature) SetSalt(salt []byte) error
- func (sig *Signature) SigExpired(currentTime time.Time) bool
- func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err error)
- func (sig *Signature) SignDirectKeyBinding(pub *PublicKey, priv *PrivateKey, config *Config) error
- func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config) error
- func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, config *Config) error
- type SignatureType
- type StackSymbol
- type State
- type SymmetricKeyEncrypted
- type SymmetricallyEncrypted
- type TrustAmount
- type TrustLevel
- type UnsupportedPacket
- type UserAttribute
- type UserId
- type VerifiableSignature
Constants ¶
const ( NoCompression = flate.NoCompression BestSpeed = flate.BestSpeed BestCompression = flate.BestCompression DefaultCompression = flate.DefaultCompression )
const ( // First octet of key flags. // See RFC 9580, section 5.2.3.29 for details. KeyFlagCertify = 1 << iota KeyFlagSign KeyFlagEncryptCommunications KeyFlagEncryptStorage KeyFlagSplitKey KeyFlagAuthenticate KeyFlagGroupKey )
const (
KeyserverPrefNoModify
)
const SaltNotationName = "salt@notations.openpgpjs.org"
const UserAttrImageSubpacket = 1
Variables ¶
var V5Disabled = false
A global feature flag to indicate v5 support. Can be set via a build tag, e.g.: `go build -tags v5 ./...` If the build tag is missing config_v5.go will set it to true.
Disables parsing of v5 keys and v5 signatures. These are non-standard entities, which in the crypto-refresh have been superseded by v6 keys, v6 signatures and SEIPDv2 encrypted data, respectively.
Functions ¶
func BoolPointer ¶ added in v1.1.0
BoolPointer is a helper function to set a boolean pointer in the Config. e.g., config.CheckPacketSequence = BoolPointer(true)
func DecryptPrivateKeys ¶
func DecryptPrivateKeys(keys []*PrivateKey, passphrase []byte) error
DecryptPrivateKeys decrypts all encrypted keys with the given config and passphrase. Avoids recomputation of similar s2k key derivations.
func EncryptPrivateKeys ¶
func EncryptPrivateKeys(keys []*PrivateKey, passphrase []byte, config *Config) error
EncryptPrivateKeys encrypts all unencrypted keys with the given config and passphrase. Only derives one key from the passphrase, which is then used to encrypt each key.
func NewErrMalformedMessage ¶ added in v1.1.0
func NewErrMalformedMessage(from State, input InputSymbol, stackSymbol StackSymbol) errors.ErrMalformedMessage
func NewOCFBDecrypter ¶
NewOCFBDecrypter returns a cipher.Stream which decrypts data with OpenPGP's cipher feedback mode using the given cipher.Block. Prefix must be the first blockSize + 2 bytes of the ciphertext, where blockSize is the cipher.Block's block size. On successful exit, blockSize+2 bytes of decrypted data are written into prefix. Resync determines if the "resynchronization step" from RFC 4880, 13.9 step 7 is performed. Different parts of OpenPGP vary on this point.
func NewOCFBEncrypter ¶
func NewOCFBEncrypter(block cipher.Block, randData []byte, resync OCFBResyncOption) (cipher.Stream, []byte)
NewOCFBEncrypter returns a cipher.Stream which encrypts data with OpenPGP's cipher feedback mode using the given cipher.Block, and an initial amount of ciphertext. randData must be random bytes and be the same length as the cipher.Block's block size. Resync determines if the "resynchronization step" from RFC 4880, 13.9 step 7 is performed. Different parts of OpenPGP vary on this point.
func SaltLengthForHash ¶ added in v1.1.0
SaltLengthForHash selects the required salt length for the given hash algorithm, as per Table 23 (Hash algorithm registry) of the crypto refresh. See RFC 9580 Section 9.5.
func SerializeCompressed ¶
func SerializeCompressed(w io.WriteCloser, algo CompressionAlgo, cc *CompressionConfig) (literaldata io.WriteCloser, err error)
SerializeCompressed serializes a compressed data packet to w and returns a WriteCloser to which the literal data packets themselves can be written and which MUST be closed on completion. If cc is nil, sensible defaults will be used to configure the compression algorithm.
func SerializeEncryptedKey ¶
func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, config *Config) error
SerializeEncryptedKey serializes an encrypted key packet to w that contains key, encrypted to pub. PKESKv6 is used if config.AEAD() is not nil. If config is nil, sensible defaults will be used. Deprecated: Use SerializeEncryptedKeyAEAD instead.
func SerializeEncryptedKeyAEAD ¶ added in v1.1.0
func SerializeEncryptedKeyAEAD(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, aeadSupported bool, key []byte, config *Config) error
SerializeEncryptedKeyAEAD serializes an encrypted key packet to w that contains key, encrypted to pub. If aeadSupported is set, PKESK v6 is used, otherwise v3. Note: aeadSupported MUST match the value passed to SerializeSymmetricallyEncrypted. If config is nil, sensible defaults will be used.
func SerializeEncryptedKeyAEADwithHiddenOption ¶ added in v1.1.0
func SerializeEncryptedKeyAEADwithHiddenOption(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, aeadSupported bool, key []byte, hidden bool, config *Config) error
SerializeEncryptedKeyAEADwithHiddenOption serializes an encrypted key packet to w that contains key, encrypted to pub. Offers the hidden flag option to indicated if the PKESK packet should include a wildcard KeyID. If aeadSupported is set, PKESK v6 is used, otherwise v3. Note: aeadSupported MUST match the value passed to SerializeSymmetricallyEncrypted. If config is nil, sensible defaults will be used.
func SerializeEncryptedKeyWithHiddenOption ¶ added in v1.1.0
func SerializeEncryptedKeyWithHiddenOption(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, hidden bool, config *Config) error
SerializeEncryptedKeyWithHiddenOption serializes an encrypted key packet to w that contains key, encrypted to pub. PKESKv6 is used if config.AEAD() is not nil. The hidden option controls if the packet should be anonymous, i.e., omit key metadata. If config is nil, sensible defaults will be used. Deprecated: Use SerializeEncryptedKeyAEADwithHiddenOption instead.
func SerializeLiteral ¶
func SerializeLiteral(w io.WriteCloser, isBinary bool, fileName string, time uint32) (plaintext io.WriteCloser, err error)
SerializeLiteral serializes a literal data packet to w and returns a WriteCloser to which the data itself can be written and which MUST be closed on completion. The fileName is truncated to 255 bytes.
func SerializeMarker ¶ added in v1.1.0
SerializeMarker writes a marker packet to writer.
func SerializeSymmetricKeyEncrypted ¶
func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error)
SerializeSymmetricKeyEncrypted serializes a symmetric key packet to w. The packet contains a random session key, encrypted by a key derived from the given passphrase. The session key is returned and must be passed to SerializeSymmetricallyEncrypted. If config is nil, sensible defaults will be used.
func SerializeSymmetricKeyEncryptedAEADReuseKey ¶ added in v1.1.3
func SerializeSymmetricKeyEncryptedAEADReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, aeadSupported bool, config *Config) (err error)
SerializeSymmetricKeyEncryptedAEADReuseKey serializes a symmetric key packet to w. The packet contains the given session key, encrypted by a key derived from the given passphrase. The returned session key must be passed to SerializeSymmetricallyEncrypted. If aeadSupported is set, SKESK v6 is used, otherwise v4. Note: aeadSupported MUST match the value passed to SerializeSymmetricallyEncrypted. If config is nil, sensible defaults will be used.
func SerializeSymmetricKeyEncryptedReuseKey ¶
func SerializeSymmetricKeyEncryptedReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, config *Config) (err error)
SerializeSymmetricKeyEncryptedReuseKey serializes a symmetric key packet to w. The packet contains the given session key, encrypted by a key derived from the given passphrase. The returned session key must be passed to SerializeSymmetricallyEncrypted. If config is nil, sensible defaults will be used. Deprecated: Use SerializeSymmetricKeyEncryptedAEADReuseKey instead.
func SerializeSymmetricallyEncrypted ¶
func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, aeadSupported bool, cipherSuite CipherSuite, key []byte, config *Config) (Contents io.WriteCloser, err error)
SerializeSymmetricallyEncrypted serializes a symmetrically encrypted packet to w and returns a WriteCloser to which the to-be-encrypted packets can be written. If aeadSupported is set to true, SEIPDv2 is used with the indicated CipherSuite. Otherwise, SEIPDv1 is used with the indicated CipherFunction. Note: aeadSupported MUST match the value passed to SerializeEncryptedKeyAEAD and/or SerializeSymmetricKeyEncryptedAEADReuseKey. If config is nil, sensible defaults will be used.
func SignatureSaltForHash ¶ added in v1.1.0
SignatureSaltForHash generates a random signature salt with the length for the given hash algorithm. See RFC 9580 Section 9.5.
Types ¶
type AEADConfig ¶
type AEADConfig struct { // The AEAD mode of operation. DefaultMode AEADMode // Amount of octets in each chunk of data ChunkSize uint64 }
AEADConfig collects a number of AEAD parameters along with sensible defaults. A nil AEADConfig is valid and results in all default values.
func (*AEADConfig) ChunkSizeByte ¶
func (conf *AEADConfig) ChunkSizeByte() byte
ChunkSizeByte returns the byte indicating the chunk size. The effective chunk size is computed with the formula uint64(1) << (chunkSizeByte + 6) limit to 16 = 4 MiB https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
func (*AEADConfig) Mode ¶
func (conf *AEADConfig) Mode() AEADMode
Mode returns the AEAD mode of operation.
type AEADEncrypted ¶
type AEADEncrypted struct { Contents io.Reader // Encrypted chunks and tags // contains filtered or unexported fields }
AEADEncrypted represents an AEAD Encrypted Packet. See https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-00.html#name-aead-encrypted-data-packet-t
func (*AEADEncrypted) Decrypt ¶
func (ae *AEADEncrypted) Decrypt(ciph CipherFunction, key []byte) (io.ReadCloser, error)
Decrypt returns a io.ReadCloser from which decrypted bytes can be read, or an error.
type AEADMode ¶
AEADMode represents the different Authenticated Encryption with Associated Data specified for OpenPGP. See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.6
func (AEADMode) IsSupported ¶ added in v1.1.0
IsSupported returns true if the aead mode is supported from the library
type CheckReader ¶ added in v1.1.0
type CheckReader struct { Reader // contains filtered or unexported fields }
CheckReader is similar to Reader but additionally uses the pushdown automata to verify the read packet sequence.
func NewCheckReader ¶ added in v1.1.0
func NewCheckReader(r io.Reader) *CheckReader
func (*CheckReader) Next ¶ added in v1.1.0
func (r *CheckReader) Next() (p Packet, err error)
Next returns the most recently unread Packet, or reads another packet from the top-most io.Reader. Unknown packet types are skipped. If the read packet sequence does not conform to the packet composition rules in rfc4880, it returns an error.
type CipherFunction ¶
type CipherFunction algorithm.CipherFunction
CipherFunction represents the different block ciphers specified for OpenPGP. See http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13
const ( Cipher3DES CipherFunction = 2 CipherCAST5 CipherFunction = 3 CipherAES128 CipherFunction = 7 CipherAES192 CipherFunction = 8 CipherAES256 CipherFunction = 9 )
func (CipherFunction) IsSupported ¶
func (cipher CipherFunction) IsSupported() bool
IsSupported returns true if the cipher is supported from the library
func (CipherFunction) KeySize ¶
func (cipher CipherFunction) KeySize() int
KeySize returns the key size, in bytes, of cipher.
type CipherSuite ¶
type CipherSuite struct { // The cipher function Cipher CipherFunction // The AEAD mode of operation. Mode AEADMode }
CipherSuite contains a combination of Cipher and Mode
type Compressed ¶
Compressed represents a compressed OpenPGP packet. The decompressed contents will contain more OpenPGP packets. See RFC 4880, section 5.6.
type CompressionAlgo ¶
type CompressionAlgo uint8
CompressionAlgo Represents the different compression algorithms supported by OpenPGP (except for BZIP2, which is not currently supported). See Section 9.3 of RFC 4880.
const ( CompressionNone CompressionAlgo = 0 CompressionZIP CompressionAlgo = 1 CompressionZLIB CompressionAlgo = 2 )
type CompressionConfig ¶
type CompressionConfig struct { // Level is the compression level to use. It must be set to // between -1 and 9, with -1 causing the compressor to use the // default compression level, 0 causing the compressor to use // no compression and 1 to 9 representing increasing (better, // slower) compression levels. If Level is less than -1 or // more then 9, a non-nil error will be returned during // encryption. See the constants above for convenient common // settings for Level. Level int }
CompressionConfig contains compressor configuration settings.
type Config ¶
type Config struct { // Rand provides the source of entropy. // If nil, the crypto/rand Reader is used. Rand io.Reader // DefaultHash is the default hash function to be used. // If zero, SHA-256 is used. DefaultHash crypto.Hash // DefaultCipher is the cipher to be used. // If zero, AES-128 is used. DefaultCipher CipherFunction // Time returns the current time as the number of seconds since the // epoch. If Time is nil, time.Now is used. Time func() time.Time // DefaultCompressionAlgo is the compression algorithm to be // applied to the plaintext before encryption. If zero, no // compression is done. DefaultCompressionAlgo CompressionAlgo // CompressionConfig configures the compression settings. CompressionConfig *CompressionConfig // S2K (String to Key) config, used for key derivation in the context of secret key encryption // and password-encrypted data. // If nil, the default configuration is used S2KConfig *s2k.Config // Iteration count for Iterated S2K (String to Key). // Only used if sk2.Mode is nil. // This value is duplicated here from s2k.Config for backwards compatibility. // It determines the strength of the passphrase stretching when // the said passphrase is hashed to produce a key. S2KCount // should be between 65536 and 65011712, inclusive. If Config // is nil or S2KCount is 0, the value 16777216 used. Not all // values in the above range can be represented. S2KCount will // be rounded up to the next representable value if it cannot // be encoded exactly. When set, it is strongly encrouraged to // use a value that is at least 65536. See RFC 4880 Section // 3.7.1.3. // // Deprecated: SK2Count should be configured in S2KConfig instead. S2KCount int // RSABits is the number of bits in new RSA keys made with NewEntity. // If zero, then 2048 bit keys are created. RSABits int // The public key algorithm to use - will always create a signing primary // key and encryption subkey. Algorithm PublicKeyAlgorithm // Some known primes that are optionally prepopulated by the caller RSAPrimes []*big.Int // Curve configures the desired packet.Curve if the Algorithm is PubKeyAlgoECDSA, // PubKeyAlgoEdDSA, or PubKeyAlgoECDH. If empty Curve25519 is used. Curve Curve // AEADConfig configures the use of the new AEAD Encrypted Data Packet, // defined in the draft of the next version of the OpenPGP specification. // If a non-nil AEADConfig is passed, usage of this packet is enabled. By // default, it is disabled. See the documentation of AEADConfig for more // configuration options related to AEAD. // **Note: using this option may break compatibility with other OpenPGP // implementations, as well as future versions of this library.** AEADConfig *AEADConfig // V6Keys configures version 6 key generation. If false, this package still // supports version 6 keys, but produces version 4 keys. V6Keys bool // Minimum RSA key size allowed for key generation and message signing, verification and encryption. MinRSABits uint16 // Reject insecure algorithms, only works with v2 api RejectPublicKeyAlgorithms map[PublicKeyAlgorithm]bool RejectHashAlgorithms map[crypto.Hash]bool RejectMessageHashAlgorithms map[crypto.Hash]bool RejectCurves map[Curve]bool // "The validity period of the key. This is the number of seconds after // the key creation time that the key expires. If this is not present // or has a value of zero, the key never expires. This is found only on // a self-signature."" // https://tools.ietf.org/html/rfc4880#section-5.2.3.6 KeyLifetimeSecs uint32 // "The validity period of the signature. This is the number of seconds // after the signature creation time that the signature expires. If // this is not present or has a value of zero, it never expires." // https://tools.ietf.org/html/rfc4880#section-5.2.3.10 SigLifetimeSecs uint32 // SigningKeyId is used to specify the signing key to use (by Key ID). // By default, the signing key is selected automatically, preferring // signing subkeys if available. SigningKeyId uint64 // SigningIdentity is used to specify a user ID (packet Signer's User ID, type 28) // when producing a generic certification signature onto an existing user ID. // The identity must be present in the signer Entity. SigningIdentity string // InsecureAllowUnauthenticatedMessages controls, whether it is tolerated to read // encrypted messages without Modification Detection Code (MDC). // MDC is mandated by the IETF OpenPGP Crypto Refresh draft and has long been implemented // in most OpenPGP implementations. Messages without MDC are considered unnecessarily // insecure and should be prevented whenever possible. // In case one needs to deal with messages from very old OpenPGP implementations, there // might be no other way than to tolerate the missing MDC. Setting this flag, allows this // mode of operation. It should be considered a measure of last resort. InsecureAllowUnauthenticatedMessages bool // InsecureAllowDecryptionWithSigningKeys allows decryption with keys marked as signing keys in the v2 API. // This setting is potentially insecure, but it is needed as some libraries // ignored key flags when selecting a key for encryption. // Not relevant for the v1 API, as all keys were allowed in decryption. InsecureAllowDecryptionWithSigningKeys bool // KnownNotations is a map of Notation Data names to bools, which controls // the notation names that are allowed to be present in critical Notation Data // signature subpackets. KnownNotations map[string]bool // SignatureNotations is a list of Notations to be added to any signatures. SignatureNotations []*Notation // CheckIntendedRecipients controls, whether the OpenPGP Intended Recipient Fingerprint feature // should be enabled for encryption and decryption. // (See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-intended-recipient-fingerpr). // When the flag is set, encryption produces Intended Recipient Fingerprint signature sub-packets and decryption // checks whether the key it was encrypted to is one of the included fingerprints in the signature. // If the flag is disabled, no Intended Recipient Fingerprint sub-packets are created or checked. // The default behavior, when the config or flag is nil, is to enable the feature. CheckIntendedRecipients *bool // CacheSessionKey controls if decryption should return the session key used for decryption. // If the flag is set, the session key is cached in the message details struct. CacheSessionKey bool // CheckPacketSequence is a flag that controls if the pgp message reader should strictly check // that the packet sequence conforms with the grammar mandated by rfc4880. // The default behavior, when the config or flag is nil, is to check the packet sequence. CheckPacketSequence *bool // NonDeterministicSignaturesViaNotation is a flag to enable randomization of signatures. // If true, a salt notation is used to randomize signatures generated by v4 and v5 keys // (v6 signatures are always non-deterministic, by design). // This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur // during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of // weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks. // The default behavior, when the config or flag is nil, is to enable the feature. NonDeterministicSignaturesViaNotation *bool }
Config collects a number of parameters along with sensible defaults. A nil *Config is valid and results in all default values.
func (*Config) AEAD ¶
func (c *Config) AEAD() *AEADConfig
func (*Config) AllowDecryptionWithSigningKeys ¶ added in v1.1.3
func (*Config) AllowUnauthenticatedMessages ¶
func (*Config) Cipher ¶
func (c *Config) Cipher() CipherFunction
func (*Config) Compression ¶
func (c *Config) Compression() CompressionAlgo
func (*Config) IntendedRecipients ¶ added in v1.1.0
func (*Config) KeyLifetime ¶
KeyLifetime returns the validity period of the key.
func (*Config) KnownNotation ¶
func (*Config) MinimumRSABits ¶ added in v1.1.0
func (*Config) PasswordHashIterations
deprecated
func (*Config) PublicKeyAlgorithm ¶
func (c *Config) PublicKeyAlgorithm() PublicKeyAlgorithm
func (*Config) RSAModulusBits ¶
func (*Config) RandomizeSignaturesViaNotation ¶ added in v1.1.0
func (*Config) RejectCurve ¶ added in v1.1.0
func (*Config) RejectHashAlgorithm ¶ added in v1.1.0
func (*Config) RejectMessageHashAlgorithm ¶ added in v1.1.0
func (*Config) RejectPublicKeyAlgorithm ¶ added in v1.1.0
func (c *Config) RejectPublicKeyAlgorithm(alg PublicKeyAlgorithm) bool
func (*Config) RetrieveSessionKey ¶ added in v1.1.0
func (*Config) SigLifetime ¶
SigLifetime returns the validity period of the signature.
func (*Config) SigningKey ¶
func (*Config) SigningUserId ¶
func (*Config) StrictPacketSequence ¶ added in v1.1.0
type Curve ¶
type Curve string
Curve is a mapping to supported ECC curves for key generation. See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-06.html#name-curve-specific-wire-formats
const ( Curve25519 Curve = "Curve25519" Curve448 Curve = "Curve448" CurveNistP256 Curve = "P256" CurveNistP384 Curve = "P384" CurveNistP521 Curve = "P521" CurveSecP256k1 Curve = "SecP256k1" CurveBrainpoolP256 Curve = "BrainpoolP256" CurveBrainpoolP384 Curve = "BrainpoolP384" CurveBrainpoolP512 Curve = "BrainpoolP512" )
type EncryptedDataPacket ¶
type EncryptedDataPacket interface {
Decrypt(CipherFunction, []byte) (io.ReadCloser, error)
}
EncryptedDataPacket holds encrypted data. It is currently implemented by SymmetricallyEncrypted and AEADEncrypted.
type EncryptedKey ¶
type EncryptedKey struct { Version int KeyId uint64 KeyVersion int // v6 KeyFingerprint []byte // v6 Algo PublicKeyAlgorithm CipherFunc CipherFunction // only valid after a successful Decrypt for a v3 packet Key []byte // only valid after a successful Decrypt // contains filtered or unexported fields }
EncryptedKey represents a public-key encrypted session key. See RFC 4880, section 5.1.
func (*EncryptedKey) Decrypt ¶
func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error
Decrypt decrypts an encrypted session key with the given private key. The private key must have been decrypted first. If config is nil, sensible defaults will be used.
type InputSymbol ¶ added in v1.1.0
type InputSymbol uint8
InputSymbol defines the input alphabet of the PDA
const ( LDSymbol InputSymbol = iota SigSymbol OPSSymbol CompSymbol ESKSymbol EncSymbol EOSSymbol UnknownSymbol )
type LiteralData ¶
type LiteralData struct { Format uint8 IsBinary bool FileName string Time uint32 // Unix epoch time. Either creation time or modification time. 0 means undefined. Body io.Reader }
LiteralData represents an encrypted file. See RFC 4880, section 5.9.
func (*LiteralData) ForEyesOnly ¶
func (l *LiteralData) ForEyesOnly() bool
ForEyesOnly returns whether the contents of the LiteralData have been marked as especially sensitive.
type Notation ¶
Notation type represents a Notation Data subpacket see https://tools.ietf.org/html/rfc4880#section-5.2.3.16
type OCFBResyncOption ¶
type OCFBResyncOption bool
An OCFBResyncOption determines if the "resynchronization step" of OCFB is performed.
const ( OCFBResync OCFBResyncOption = true OCFBNoResync OCFBResyncOption = false )
type OnePassSignature ¶
type OnePassSignature struct { Version int SigType SignatureType Hash crypto.Hash PubKeyAlgo PublicKeyAlgorithm KeyId uint64 IsLast bool Salt []byte // v6 only KeyFingerprint []byte // v6 only }
OnePassSignature represents a one-pass signature packet. See RFC 4880, section 5.4.
type OpaquePacket ¶
type OpaquePacket struct { // Packet type Tag uint8 // Reason why the packet was parsed opaquely Reason error // Binary contents of the packet data Contents []byte }
OpaquePacket represents an OpenPGP packet as raw, unparsed data. This is useful for splitting and storing the original packet contents separately, handling unsupported packet types or accessing parts of the packet not yet implemented by this package.
func (*OpaquePacket) Parse ¶
func (op *OpaquePacket) Parse() (p Packet, err error)
Parse attempts to parse the opaque contents into a structure supported by this package. If the packet is not known then the result will be another OpaquePacket.
type OpaqueReader ¶
type OpaqueReader struct {
// contains filtered or unexported fields
}
OpaqueReader reads OpaquePackets from an io.Reader.
func NewOpaqueReader ¶
func NewOpaqueReader(r io.Reader) *OpaqueReader
func (*OpaqueReader) Next ¶
func (or *OpaqueReader) Next() (op *OpaquePacket, err error)
Read the next OpaquePacket.
type OpaqueSubpacket ¶
type OpaqueSubpacket struct { SubType uint8 EncodedLength []byte // Store the original encoded length for signature verifications. Contents []byte }
OpaqueSubpacket represents an unparsed OpenPGP subpacket, as found in signature and user attribute packets.
func OpaqueSubpackets ¶
func OpaqueSubpackets(contents []byte) (result []*OpaqueSubpacket, err error)
OpaqueSubpackets extracts opaque, unparsed OpenPGP subpackets from their byte representation.
type Packet ¶
type Packet interface {
// contains filtered or unexported methods
}
Packet represents an OpenPGP packet. Users are expected to try casting instances of this interface to specific packet types.
func Read ¶
Read reads a single OpenPGP packet from the given io.Reader. If there is an error parsing a packet, the whole packet is consumed from the input.
func ReadWithCheck ¶ added in v1.1.0
ReadWithCheck reads a single OpenPGP message packet from the given io.Reader. If there is an error parsing a packet, the whole packet is consumed from the input. ReadWithCheck additionally checks if the OpenPGP message packet sequence adheres to the packet composition rules in rfc4880, if not throws an error.
type PacketReader ¶ added in v1.1.0
type Padding ¶ added in v1.1.0
type Padding int
Padding type represents a Padding Packet (Tag 21). The padding type is represented by the length of its padding. see https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21
type PrivateKey ¶
type PrivateKey struct { PublicKey Encrypted bool // if true then the private key is unavailable until Decrypt has been called. // An *{rsa|dsa|elgamal|ecdh|ecdsa|ed25519|ed448}.PrivateKey or // crypto.Signer/crypto.Decrypter (Decryptor RSA only). PrivateKey interface{} // contains filtered or unexported fields }
PrivateKey represents a possibly encrypted private key. See RFC 4880, section 5.5.3.
func NewDSAPrivateKey ¶
func NewDSAPrivateKey(creationTime time.Time, priv *dsa.PrivateKey) *PrivateKey
func NewDecrypterPrivateKey ¶
func NewDecrypterPrivateKey(creationTime time.Time, decrypter interface{}) *PrivateKey
NewDecrypterPrivateKey creates a PrivateKey from a *{rsa|elgamal|ecdh|x25519|x448}.PrivateKey.
func NewECDHPrivateKey ¶
func NewECDHPrivateKey(creationTime time.Time, priv *ecdh.PrivateKey) *PrivateKey
func NewECDSAPrivateKey ¶
func NewECDSAPrivateKey(creationTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey
func NewEd25519PrivateKey ¶ added in v1.1.0
func NewEd25519PrivateKey(creationTime time.Time, priv *ed25519.PrivateKey) *PrivateKey
func NewEd448PrivateKey ¶ added in v1.1.0
func NewEd448PrivateKey(creationTime time.Time, priv *ed448.PrivateKey) *PrivateKey
func NewEdDSAPrivateKey ¶
func NewEdDSAPrivateKey(creationTime time.Time, priv *eddsa.PrivateKey) *PrivateKey
func NewElGamalPrivateKey ¶
func NewElGamalPrivateKey(creationTime time.Time, priv *elgamal.PrivateKey) *PrivateKey
func NewRSAPrivateKey ¶
func NewRSAPrivateKey(creationTime time.Time, priv *rsa.PrivateKey) *PrivateKey
func NewSignerPrivateKey ¶
func NewSignerPrivateKey(creationTime time.Time, signer interface{}) *PrivateKey
NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that implements RSA, ECDSA or EdDSA.
func NewX25519PrivateKey ¶ added in v1.1.0
func NewX25519PrivateKey(creationTime time.Time, priv *x25519.PrivateKey) *PrivateKey
func NewX448PrivateKey ¶ added in v1.1.0
func NewX448PrivateKey(creationTime time.Time, priv *x448.PrivateKey) *PrivateKey
func (*PrivateKey) Decrypt ¶
func (pk *PrivateKey) Decrypt(passphrase []byte) error
Decrypt decrypts an encrypted private key using a passphrase.
func (*PrivateKey) Dummy ¶
func (pk *PrivateKey) Dummy() bool
Dummy returns true if the private key is a dummy key. This is a GNU extension.
func (*PrivateKey) Encrypt ¶
func (pk *PrivateKey) Encrypt(passphrase []byte) error
Encrypt encrypts an unencrypted private key using a passphrase.
func (*PrivateKey) EncryptWithConfig ¶
func (pk *PrivateKey) EncryptWithConfig(passphrase []byte, config *Config) error
EncryptWithConfig encrypts an unencrypted private key using the passphrase and the config.
type PublicKey ¶
type PublicKey struct { Version int CreationTime time.Time PubKeyAlgo PublicKeyAlgorithm PublicKey interface{} // *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey or *eddsa.PublicKey, *x25519.PublicKey, *x448.PublicKey, *ed25519.PublicKey, *ed448.PublicKey Fingerprint []byte KeyId uint64 IsSubkey bool // contains filtered or unexported fields }
PublicKey represents an OpenPGP public key. See RFC 4880, section 5.5.2.
func NewDSAPublicKey ¶
NewDSAPublicKey returns a PublicKey that wraps the given dsa.PublicKey.
func NewECDHPublicKey ¶
func NewECDSAPublicKey ¶
func NewEd25519PublicKey ¶ added in v1.1.0
func NewEd448PublicKey ¶ added in v1.1.0
func NewEdDSAPublicKey ¶
func NewElGamalPublicKey ¶
NewElGamalPublicKey returns a PublicKey that wraps the given elgamal.PublicKey.
func NewRSAPublicKey ¶
NewRSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey.
func NewX25519PublicKey ¶ added in v1.1.0
func NewX448PublicKey ¶ added in v1.1.0
func (*PublicKey) Curve ¶ added in v1.1.0
Curve returns the used elliptic curve of this public key. Returns an error if no elliptic curve is used.
func (*PublicKey) KeyExpired ¶
KeyExpired returns whether sig is a self-signature of a key that has expired or is created in the future.
func (*PublicKey) KeyIdShortString ¶
KeyIdShortString returns the short form of public key's fingerprint in capital hex, as shown by gpg --list-keys (e.g. "621CC013").
func (*PublicKey) KeyIdString ¶
KeyIdString returns the public key's fingerprint in capital hex (e.g. "6C7EE1B8621CC013").
func (*PublicKey) SerializeForHash ¶
SerializeForHash serializes the PublicKey to w with the special packet header format needed for hashing.
func (*PublicKey) SerializeSignaturePrefix ¶
SerializeSignaturePrefix writes the prefix for this public key to the given Writer. The prefix is used when calculating a signature over this public key. See RFC 4880, section 5.2.4.
func (*PublicKey) UpgradeToV5 ¶
func (pk *PublicKey) UpgradeToV5()
UpgradeToV5 updates the version of the key to v5, and updates all necessary fields.
func (*PublicKey) UpgradeToV6 ¶ added in v1.1.0
UpgradeToV6 updates the version of the key to v6, and updates all necessary fields.
func (*PublicKey) VerifyDirectKeySignature ¶ added in v1.1.0
VerifyDirectKeySignature returns nil iff sig is a valid signature, made by this public key.
func (*PublicKey) VerifyKeyHashTag ¶ added in v1.1.0
VerifyKeyHashTag returns nil iff sig appears to be a plausible signature over this primary key and subkey, based solely on its HashTag.
func (*PublicKey) VerifyKeySignature ¶
VerifyKeySignature returns nil iff sig is a valid signature, made by this public key, of signed.
func (*PublicKey) VerifyRevocationHashTag ¶ added in v1.1.0
VerifyRevocationHashTag returns nil iff sig appears to be a plausible signature over this public key, based solely on its HashTag.
func (*PublicKey) VerifyRevocationSignature ¶
VerifyRevocationSignature returns nil iff sig is a valid signature, made by this public key.
func (*PublicKey) VerifySignature ¶
VerifySignature returns nil iff sig is a valid signature, made by this public key, of the data hashed into signed. signed is mutated by this call.
func (*PublicKey) VerifySubkeyRevocationSignature ¶
VerifySubkeyRevocationSignature returns nil iff sig is a valid subkey revocation signature, made by this public key, of signed.
func (*PublicKey) VerifyUserIdHashTag ¶ added in v1.1.0
VerifyUserIdHashTag returns nil iff sig appears to be a plausible signature over this public key and UserId, based solely on its HashTag
type PublicKeyAlgorithm ¶
type PublicKeyAlgorithm uint8
PublicKeyAlgorithm represents the different public key system specified for OpenPGP. See http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-12
const ( PubKeyAlgoRSA PublicKeyAlgorithm = 1 PubKeyAlgoElGamal PublicKeyAlgorithm = 16 PubKeyAlgoDSA PublicKeyAlgorithm = 17 // RFC 6637, Section 5. PubKeyAlgoECDH PublicKeyAlgorithm = 18 PubKeyAlgoECDSA PublicKeyAlgorithm = 19 // https://www.ietf.org/archive/id/draft-koch-eddsa-for-openpgp-04.txt PubKeyAlgoEdDSA PublicKeyAlgorithm = 22 // https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh PubKeyAlgoX25519 PublicKeyAlgorithm = 25 PubKeyAlgoX448 PublicKeyAlgorithm = 26 PubKeyAlgoEd25519 PublicKeyAlgorithm = 27 PubKeyAlgoEd448 PublicKeyAlgorithm = 28 // Deprecated in RFC 4880, Section 13.5. Use key flags instead. PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2 PubKeyAlgoRSASignOnly PublicKeyAlgorithm = 3 )
func (PublicKeyAlgorithm) CanEncrypt ¶
func (pka PublicKeyAlgorithm) CanEncrypt() bool
CanEncrypt returns true if it's possible to encrypt a message to a public key of the given type.
func (PublicKeyAlgorithm) CanSign ¶
func (pka PublicKeyAlgorithm) CanSign() bool
CanSign returns true if it's possible for a public key of the given type to sign a message.
type Reader ¶
type Reader struct {
// contains filtered or unexported fields
}
Reader reads packets from an io.Reader and allows packets to be 'unread' so that they result from the next call to Next.
func (*Reader) Next ¶
Next returns the most recently unread Packet, or reads another packet from the top-most io.Reader. Unknown/unsupported/Marker packet types are skipped.
func (*Reader) NextWithUnsupported ¶ added in v1.1.0
Next returns the most recently unread Packet, or reads another packet from the top-most io.Reader. Unknown/Marker packet types are skipped while unsupported packets are returned as UnsupportedPacket type.
func (*Reader) Push ¶
Push causes the Reader to start reading from a new io.Reader. When an EOF error is seen from the new io.Reader, it is popped and the Reader continues to read from the next most recent io.Reader. Push returns a StructuralError if pushing the reader would exceed the maximum recursion level, otherwise it returns nil.
type ReasonForRevocation ¶
type ReasonForRevocation uint8
ReasonForRevocation represents a revocation reason code as per RFC4880 section 5.2.3.23.
const ( NoReason ReasonForRevocation = 0 KeySuperseded ReasonForRevocation = 1 KeyCompromised ReasonForRevocation = 2 KeyRetired ReasonForRevocation = 3 UserIDNotValid ReasonForRevocation = 32 Unknown ReasonForRevocation = 200 )
func NewReasonForRevocation ¶ added in v1.1.0
func NewReasonForRevocation(value byte) ReasonForRevocation
type Recipient ¶ added in v1.1.0
Recipient type represents a Intended Recipient Fingerprint subpacket See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-intended-recipient-fingerpr
type SequenceVerifier ¶ added in v1.1.0
type SequenceVerifier struct {
// contains filtered or unexported fields
}
SequenceVerifier is a pushdown automata to verify PGP messages packet sequences according to rfc4880.
func NewSequenceVerifier ¶ added in v1.1.0
func NewSequenceVerifier() *SequenceVerifier
func (*SequenceVerifier) AssertValid ¶ added in v1.1.0
func (sv *SequenceVerifier) AssertValid() error
func (*SequenceVerifier) Next ¶ added in v1.1.0
func (sv *SequenceVerifier) Next(input InputSymbol) error
Next performs a state transition with the given input symbol. If the transition fails a ErrMalformedMessage is returned.
func (*SequenceVerifier) Valid ¶ added in v1.1.0
func (sv *SequenceVerifier) Valid() bool
Valid returns true if RDA is in a valid state.
type Signature ¶
type Signature struct { Version int SigType SignatureType PubKeyAlgo PublicKeyAlgorithm Hash crypto.Hash // HashSuffix is extra data that is hashed in after the signed data. HashSuffix []byte // HashTag contains the first two bytes of the hash for fast rejection // of bad signed data. HashTag [2]byte // Metadata includes format, filename and time, and is protected by v5 // signatures of type 0x00 or 0x01. This metadata is included into the hash // computation; if nil, six 0x00 bytes are used instead. See section 5.2.4. Metadata *LiteralData CreationTime time.Time RSASignature encoding.Field DSASigR, DSASigS encoding.Field ECDSASigR, ECDSASigS encoding.Field EdDSASigR, EdDSASigS encoding.Field EdSig []byte SigLifetimeSecs, KeyLifetimeSecs *uint32 PreferredSymmetric, PreferredHash, PreferredCompression []uint8 PreferredCipherSuites [][2]uint8 IssuerKeyId *uint64 IssuerFingerprint []byte SignerUserId *string IsPrimaryId *bool Notations []*Notation IntendedRecipients []*Recipient // TrustLevel and TrustAmount can be set by the signer to assert that // the key is not only valid but also trustworthy at the specified // level. // See RFC 9580, section 5.2.3.21 for details. TrustLevel TrustLevel TrustAmount TrustAmount // TrustRegularExpression can be used in conjunction with trust Signature // packets to limit the scope of the trust that is extended. // See RFC 9580, section 5.2.3.22 for details. TrustRegularExpression *string // KeyserverPrefsValid is set if any keyserver preferences were given. See RFC 9580, section // 5.2.3.25 for details. KeyserverPrefsValid bool KeyserverPrefNoModify bool // PreferredKeyserver can be set to a URI where the latest version of the // key that this signature is made over can be found. See RFC 9580, section // 5.2.3.26 for details. PreferredKeyserver string // PolicyURI can be set to the URI of a document that describes the // policy under which the signature was issued. See RFC 9580, section // 5.2.3.28 for details. PolicyURI string // FlagsValid is set if any flags were given. See RFC 9580, section // 5.2.3.29 for details. FlagsValid bool FlagCertify, FlagSign, FlagEncryptCommunications, FlagEncryptStorage, FlagSplitKey, FlagAuthenticate, FlagGroupKey bool // RevocationReason is set if this signature has been revoked. // See RFC 9580, section 5.2.3.31 for details. RevocationReason *ReasonForRevocation RevocationReasonText string // In a self-signature, these flags are set there is a features subpacket // indicating that the issuer implementation supports these features // see https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#features-subpacket SEIPDv1, SEIPDv2 bool // EmbeddedSignature, if non-nil, is a signature of the parent key, by // this key. This prevents an attacker from claiming another's signing // subkey as their own. EmbeddedSignature *Signature // contains filtered or unexported fields }
Signature represents a signature. See RFC 9580, section 5.2.
func (*Signature) AddMetadataToHashSuffix ¶
func (sig *Signature) AddMetadataToHashSuffix()
AddMetadataToHashSuffix modifies the current hash suffix to include metadata (format, filename, and time). Version 5 keys protect this data including it in the hash computation. See section 5.2.4.
func (*Signature) CheckKeyIdOrFingerprint ¶
func (*Signature) CheckKeyIdOrFingerprintExplicit ¶ added in v1.1.0
func (*Signature) CrossSignKey ¶
func (sig *Signature) CrossSignKey(pub *PublicKey, hashKey *PublicKey, signingKey *PrivateKey, config *Config) error
CrossSignKey computes a signature from signingKey on pub hashed using hashKey. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
func (*Signature) PrepareSign ¶ added in v1.1.0
PrepareSign must be called to create a hash object before Sign for v6 signatures. The created hash object initially hashes a randomly generated salt as required by v6 signatures. The generated salt is stored in sig. If the signature is not v6, the method returns an empty hash object. See RFC 9580 Section 5.2.4.
func (*Signature) PrepareVerify ¶ added in v1.1.0
PrepareVerify must be called to create a hash object before verifying v6 signatures. The created hash object initially hashes the internally stored salt. If the signature is not v6, the method returns an empty hash object. See RFC 9580 Section 5.2.4.
func (*Signature) RevokeKey ¶
func (sig *Signature) RevokeKey(pub *PublicKey, priv *PrivateKey, config *Config) error
RevokeKey computes a revocation signature of pub using priv. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
func (*Signature) RevokeSubkey ¶
func (sig *Signature) RevokeSubkey(pub *PublicKey, priv *PrivateKey, config *Config) error
RevokeSubkey computes a subkey revocation signature of pub using priv. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
func (*Signature) Serialize ¶
Serialize marshals sig to w. Sign, SignUserId or SignKey must have been called first.
func (*Signature) SetSalt ¶ added in v1.1.0
SetSalt sets the signature salt for v6 signatures. Assumes salt is generated correctly and checks if length matches. If the signature is not v6, the method ignores the salt. Use PrepareSign whenever possible instead of generating and hashing the salt externally. See RFC 9580 Section 5.2.4.
func (*Signature) SigExpired ¶
SigExpired returns whether sig is a signature that has expired or is created in the future.
func (*Signature) Sign ¶
Sign signs a message with a private key. The hash, h, must contain the hash of the message to be signed and will be mutated by this function. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
func (*Signature) SignDirectKeyBinding ¶ added in v1.1.0
func (sig *Signature) SignDirectKeyBinding(pub *PublicKey, priv *PrivateKey, config *Config) error
SignDirectKeyBinding computes a signature from priv On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
func (*Signature) SignKey ¶
func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config) error
SignKey computes a signature from priv, asserting that pub is a subkey. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
func (*Signature) SignUserId ¶
SignUserId computes a signature from priv, asserting that pub is a valid key for the identity id. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
type SignatureType ¶
type SignatureType uint8
SignatureType represents the different semantic meanings of an OpenPGP signature. See RFC 4880, section 5.2.1.
const ( SigTypeBinary SignatureType = 0x00 SigTypeText SignatureType = 0x01 SigTypeGenericCert SignatureType = 0x10 SigTypePersonaCert SignatureType = 0x11 SigTypeCasualCert SignatureType = 0x12 SigTypePositiveCert SignatureType = 0x13 SigTypeSubkeyBinding SignatureType = 0x18 SigTypePrimaryKeyBinding SignatureType = 0x19 SigTypeDirectSignature SignatureType = 0x1F SigTypeKeyRevocation SignatureType = 0x20 SigTypeSubkeyRevocation SignatureType = 0x28 SigTypeCertificationRevocation SignatureType = 0x30 )
type StackSymbol ¶ added in v1.1.0
type StackSymbol int8
StackSymbol defines the stack alphabet of the PDA
const ( MsgStackSymbol StackSymbol = iota OpsStackSymbol KeyStackSymbol EndStackSymbol EmptyStackSymbol )
type SymmetricKeyEncrypted ¶
type SymmetricKeyEncrypted struct { Version int CipherFunc CipherFunction Mode AEADMode // contains filtered or unexported fields }
SymmetricKeyEncrypted represents a passphrase protected session key. See RFC 4880, section 5.3.
func (*SymmetricKeyEncrypted) Decrypt ¶
func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunction, error)
Decrypt attempts to decrypt an encrypted session key and returns the key and the cipher to use when decrypting a subsequent Symmetrically Encrypted Data packet.
type SymmetricallyEncrypted ¶
type SymmetricallyEncrypted struct { Version int Contents io.Reader // contains tag for version 2 IntegrityProtected bool // If true it is type 18 (with MDC or AEAD). False is packet type 9 // Specific to version 2 Cipher CipherFunction Mode AEADMode ChunkSizeByte byte Salt [aeadSaltSize]byte // contains filtered or unexported fields }
SymmetricallyEncrypted represents a symmetrically encrypted byte string. The encrypted Contents will consist of more OpenPGP packets. See RFC 4880, sections 5.7 and 5.13.
func (*SymmetricallyEncrypted) Decrypt ¶
func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error)
Decrypt returns a ReadCloser, from which the decrypted Contents of the packet can be read. An incorrect key will only be detected after trying to decrypt the entire data.
type TrustAmount ¶
type TrustAmount uint8
TrustAmount represents a trust amount per RFC4880 5.2.3.13
type UnsupportedPacket ¶ added in v1.1.0
type UnsupportedPacket struct { IncompletePacket Packet Error errors.UnsupportedError }
UnsupportedPackage represents a OpenPGP packet with a known packet type but with unsupported content.
type UserAttribute ¶
type UserAttribute struct {
Contents []*OpaqueSubpacket
}
UserAttribute is capable of storing other types of data about a user beyond name, email and a text comment. In practice, user attributes are typically used to store a signed thumbnail photo JPEG image of the user. See RFC 4880, section 5.12.
func NewUserAttribute ¶
func NewUserAttribute(contents ...*OpaqueSubpacket) *UserAttribute
NewUserAttribute creates a new user attribute packet containing the given subpackets.
func NewUserAttributePhoto ¶
func NewUserAttributePhoto(photos ...image.Image) (uat *UserAttribute, err error)
NewUserAttributePhoto creates a user attribute packet containing the given images.
func (*UserAttribute) ImageData ¶
func (uat *UserAttribute) ImageData() (imageData [][]byte)
ImageData returns zero or more byte slices, each containing JPEG File Interchange Format (JFIF), for each photo in the user attribute packet.
type UserId ¶
type UserId struct { Id string // By convention, this takes the form "Full Name (Comment) <email@example.com>" which is split out in the fields below. Name, Comment, Email string }
UserId contains text that is intended to represent the name and email address of the key holder. See RFC 4880, section 5.11. By convention, this takes the form "Full Name (Comment) <email@example.com>"
type VerifiableSignature ¶ added in v1.1.0
type VerifiableSignature struct { Valid *bool // nil if it has not been verified yet Packet *Signature }
VerifiableSignature internally keeps state if the the signature has been verified before.
func NewVerifiableSig ¶ added in v1.1.0
func NewVerifiableSig(signature *Signature) *VerifiableSignature
NewVerifiableSig returns a struct of type VerifiableSignature referencing the input signature.
Source Files ¶
- aead_config.go
- aead_crypter.go
- aead_encrypted.go
- compressed.go
- config.go
- config_v5.go
- encrypted_key.go
- literal.go
- marker.go
- notation.go
- ocfb.go
- one_pass_signature.go
- opaque.go
- packet.go
- packet_sequence.go
- packet_unsupported.go
- padding.go
- private_key.go
- private_key_test_data.go
- public_key.go
- public_key_test_data.go
- reader.go
- recipient.go
- signature.go
- symmetric_key_encrypted.go
- symmetrically_encrypted.go
- symmetrically_encrypted_aead.go
- symmetrically_encrypted_mdc.go
- userattribute.go
- userid.go