crypto

package
v3.1.0-proton.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2024 License: MIT Imports: 34 Imported by: 16

Documentation

Overview

Package crypto provides a high-level API for common OpenPGP functionality. The package provides abstract interfaces for encryption (PGPEncryption), decryption (PGPDecryption), signing (PGPSign), and verifying (PGPVerify).

Usage

To get a concrete instantiation of the interfaces use the top level PGPHandle by calling PGP() or PGPWithProfile(...). An example to instantiate a handle that implements PGPEncryption: 

pgp := PGP()
encryptionHandle, _ :=pgp.Encryption().Password(...).New()

Index

Examples

Constants

View Source 
const (
	Armor int8 = 0
	Bytes int8 = 1 // Default for other int8 values.
	Auto  int8 = 2
)

PGPEncoding determines the message encoding. The type is int8 for compatibility with gomobile.

View Source 
const (
	// KeyGenerationRSA4096 allows to override the output key algorithm in key generation to rsa 4096.
	KeyGenerationRSA4096 int = 1
	// KeyGenerationCurve25519Legacy allows to override the output key algorithm in key generation to curve25519 legacy (as defined in RFC4880bis).
	KeyGenerationCurve25519Legacy int = 2
	// KeyGenerationCurve25519 allows to override the output key algorithm in key generation to curve25519 (as defined in RFC9580).
	KeyGenerationCurve25519 int = 3
	// KeyGenerationCurve448 allows to override the output key algorithm in key generation to curve448 (as defined in RFC9580).
	KeyGenerationCurve448 int = 4
)

Integer enum for go-mobile compatibility.

Variables

This section is empty.

Functions

func IsPGPMessage 

func IsPGPMessage(data string) bool

IsPGPMessage checks if data if has armored PGP message format.

func NewPGPSplitReader 

func NewPGPSplitReader(pgpMessage Reader, pgpEncryptedSignature Reader) *pgpSplitReader

func RandomToken 

func RandomToken(size int) ([]byte, error)

RandomToken generates a random token with the specified key size.

func SignatureHexKeyIDs 

func SignatureHexKeyIDs(signature []byte) ([]string, bool)

SignatureHexKeyIDs returns the key identifiers of the keys that were used to create the signatures in hexadecimal form.

func SignatureKeyIDs 

func SignatureKeyIDs(signature []byte) ([]uint64, bool)

SignatureKeyIDs returns the key identifiers of the keys that were used to create the signatures.

Types

type Clock 

type Clock func() time.Time

Clock is a function that returns a timestamp.

func NewConstantClock 

func NewConstantClock(unixTime int64) Clock

NewConstantClock returns a Clock, which always returns unixTime.

func ZeroClock 

func ZeroClock() Clock

ZeroClock returns a Clock, which always returns the zero time.Time.

type DecryptionHandleBuilder 

type DecryptionHandleBuilder struct {
	// contains filtered or unexported fields
}

DecryptionHandleBuilder allows to configure a decryption handle to decrypt a pgp message.

func (*DecryptionHandleBuilder) DecryptionKey 

func (dpb *DecryptionHandleBuilder) DecryptionKey(decryptionKey *Key) *DecryptionHandleBuilder

func (*DecryptionHandleBuilder) DecryptionKeys 

func (dpb *DecryptionHandleBuilder) DecryptionKeys(decryptionKeyRing *KeyRing) *DecryptionHandleBuilder

DecryptionKeys sets the secret keys for decrypting the pgp message. Assumes that the message was encrypted towards one of the secret keys. Triggers the hybrid decryption mode. If not set, set another field for the type of decryption: SessionKey or Password.

func (*DecryptionHandleBuilder) DisableAutomaticTextSanitize 

func (dpb *DecryptionHandleBuilder) DisableAutomaticTextSanitize() *DecryptionHandleBuilder

DisableAutomaticTextSanitize indicates that automatic text sanitization should be disabled. If not disabled, the output will be sanitized if a text signature is present.

func (*DecryptionHandleBuilder) DisableIntendedRecipients 

func (dpb *DecryptionHandleBuilder) DisableIntendedRecipients() *DecryptionHandleBuilder

DisableIntendedRecipients indicates if the signature verification should not check if the decryption key matches the intended recipients of the message. If disabled, the decryption methods throw no error in a non-matching case.

func (*DecryptionHandleBuilder) DisableStrictMessageParsing 

func (dpb *DecryptionHandleBuilder) DisableStrictMessageParsing() *DecryptionHandleBuilder

DisableStrictMessageParsing disables the check that decryption inputs conform to the OpenPGP Message grammar. If set, the decryption methods return no error if the message does not conform to the OpenPGP message grammar.

func (*DecryptionHandleBuilder) DisableVerifyTimeCheck 

func (dpb *DecryptionHandleBuilder) DisableVerifyTimeCheck() *DecryptionHandleBuilder

DisableVerifyTimeCheck disables the check for comparing the signature creation time against the verification time.

func (*DecryptionHandleBuilder) Error 

func (dpb *DecryptionHandleBuilder) Error() error

func (*DecryptionHandleBuilder) InsecureAllowDecryptionWithSigningKeys added in v3.1.0 

func (dpb *DecryptionHandleBuilder) InsecureAllowDecryptionWithSigningKeys() *DecryptionHandleBuilder

InsecureAllowDecryptionWithSigningKeys enables decryption of messages using keys that are designated solely as signing keys. While using the same key for both encryption and signing is discouraged due to reduced security, this flag is useful for decrypting legacy messages. This is because some older libraries did not respect key flags when selecting a key for encryption. SECURITY HAZARD: Use with care.

func (*DecryptionHandleBuilder) InsecureDisableUnauthenticatedMessagesCheck added in v3.1.0 

func (dpb *DecryptionHandleBuilder) InsecureDisableUnauthenticatedMessagesCheck() *DecryptionHandleBuilder

InsecureDisableUnauthenticatedMessagesCheck enables to read encrypted messages without Modification Detection Code (MDC). MDC is mandated by the latest standard and has long been implemented in most OpenPGP implementations. Messages without MDC are considered unnecessarily insecure and should be prevented whenever possible. In case one needs to deal with messages from very old OpenPGP implementations, there might be no other way than to tolerate the missing MDC. Setting this flag, allows this mode of operation. It should be considered a measure of last resort. SECURITY HAZARD: Use with care.

func (*DecryptionHandleBuilder) New 

func (dpb *DecryptionHandleBuilder) New() (PGPDecryption, error)

New creates a DecryptionHandle and checks that the given combination of parameters is valid. If one of the parameters are invalid the latest error is returned.

func (*DecryptionHandleBuilder) Password 

func (dpb *DecryptionHandleBuilder) Password(password []byte) *DecryptionHandleBuilder

Password sets a password that is used to derive a key to decrypt the pgp message. Assumes that the message was encrypted with a key derived from the password. Triggers the password decryption mode. If not set, set another field for the type of decryption: DecryptionKeys or SessionKey.

func (*DecryptionHandleBuilder) Passwords 

func (dpb *DecryptionHandleBuilder) Passwords(passwords [][]byte) *DecryptionHandleBuilder

Passwords sets passwords that are used to derive keys to decrypt the pgp message. Assumes that the message was encrypted with one of the keys derived from the passwords. Triggers the password decryption mode. If not set, set another field for the type of decryption: DecryptionKeys or SessionKey. Not supported on go-mobile clients.

func (*DecryptionHandleBuilder) PlainDetachedSignature 

func (dpb *DecryptionHandleBuilder) PlainDetachedSignature() *DecryptionHandleBuilder

PlainDetachedSignature indicates that the detached signature to verify is not decrypted and can be verified as is.

func (*DecryptionHandleBuilder) RetrieveSessionKey 

func (dpb *DecryptionHandleBuilder) RetrieveSessionKey() *DecryptionHandleBuilder

RetrieveSessionKey sets the flag to indicate if the session key used for decryption should be returned to the caller of the decryption function.

func (*DecryptionHandleBuilder) SessionKey 

func (dpb *DecryptionHandleBuilder) SessionKey(sessionKey *SessionKey) *DecryptionHandleBuilder

SessionKey sets a session key for decrypting the pgp message. Assumes that the message was encrypted with session key provided. Triggers the session key decryption mode. If not set, set another field for the type of decryption: DecryptionKeys or Password.

func (*DecryptionHandleBuilder) SessionKeys 

func (dpb *DecryptionHandleBuilder) SessionKeys(sessionKeys []*SessionKey) *DecryptionHandleBuilder

SessionKeys sets multiple session keys for decrypting the pgp message. Assumes that the message was encrypted with one of the session keys provided. Triggers the session key decryption mode. If not set, set another field for the type of decryption: DecryptionKeys or Password. Not supported on go-mobile clients.

func (*DecryptionHandleBuilder) Utf8 

func (dpb *DecryptionHandleBuilder) Utf8() *DecryptionHandleBuilder

Utf8 indicates if the output plaintext is Utf8 and should be sanitized from canonicalised line endings.

func (*DecryptionHandleBuilder) VerificationContext 

func (dpb *DecryptionHandleBuilder) VerificationContext(verifyContext *VerificationContext) *DecryptionHandleBuilder

VerificationContext sets a verification context for signatures of the pgp message, if any. Only considered if VerifyKeys are set.

func (*DecryptionHandleBuilder) VerificationKey 

func (dpb *DecryptionHandleBuilder) VerificationKey(key *Key) *DecryptionHandleBuilder

VerificationKey sets the public key for verifying the signatures of the pgp message, if any. If not set, the signatures cannot be verified.

func (*DecryptionHandleBuilder) VerificationKeys 

func (dpb *DecryptionHandleBuilder) VerificationKeys(keys *KeyRing) *DecryptionHandleBuilder

VerificationKeys sets the public keys for verifying the signatures of the pgp message, if any. If not set, the signatures cannot be verified.

func (*DecryptionHandleBuilder) VerifyTime 

func (dpb *DecryptionHandleBuilder) VerifyTime(unixTime int64) *DecryptionHandleBuilder

VerifyTime sets the verification time to the provided timestamp. If not set, the systems current time is used for signature verification.

type EncryptionHandleBuilder 

type EncryptionHandleBuilder struct {
	// contains filtered or unexported fields
}

EncryptionHandleBuilder allows to configure a decryption handle to decrypt an OpenPGP message.

func (*EncryptionHandleBuilder) Compress 

func (ehb *EncryptionHandleBuilder) Compress() *EncryptionHandleBuilder

Compress indicates if the plaintext should be compressed before encryption. Compression affects security and opens the door for side-channel attacks, which might allow to extract the plaintext data without a decryption key. RFC9580 recommends to not use compression.

func (*EncryptionHandleBuilder) CompressWith 

func (ehb *EncryptionHandleBuilder) CompressWith(config int8) *EncryptionHandleBuilder

CompressWith indicates if the plaintext should be compressed before encryption. Compression affects security and opens the door for side-channel attacks, which might allow to extract the plaintext data without a decryption key. RFC9580 recommends to not use compression. Allowed config options: constants.NoCompression: none, constants.DefaultCompression: profile default constants.ZIPCompression: zip, constants.ZLIBCompression: zlib.

func (*EncryptionHandleBuilder) DetachedSignature 

func (ehb *EncryptionHandleBuilder) DetachedSignature() *EncryptionHandleBuilder

DetachedSignature indicates that the message should be signed, but the signature should not be included in the same pgp message as the input data. Instead the detached signature is encrypted in a separate pgp message.

func (*EncryptionHandleBuilder) EncryptionTime 

func (ehb *EncryptionHandleBuilder) EncryptionTime(unixTime int64) *EncryptionHandleBuilder

EncryptionTime allows to specify a separate time for selecting encryption keys instead of the internal clock (also used for signing). Note that the internal clock can be changed with SignTime. If the input unixTime is 0 no expiration checks are performed on the encryption keys.

func (*EncryptionHandleBuilder) Error 

func (ehb *EncryptionHandleBuilder) Error() error

Error returns an errors that occurred within the builder.

func (*EncryptionHandleBuilder) HiddenRecipient 

func (ehb *EncryptionHandleBuilder) HiddenRecipient(key *Key) *EncryptionHandleBuilder

HiddenRecipient sets a public key to which the message should be encrypted to. Triggers hybrid encryption with public keys of the recipients and hidden recipients. The hidden recipients are NOT included in the intended recipient fingerprint list of the signature, if a signature is present. If not set, set another type of encryption: Recipients, SessionKey, or Password.

func (*EncryptionHandleBuilder) HiddenRecipients 

func (ehb *EncryptionHandleBuilder) HiddenRecipients(hiddenRecipients *KeyRing) *EncryptionHandleBuilder

HiddenRecipients sets the public keys to which the message should be encrypted to. Triggers hybrid encryption with public keys of the recipients and hidden recipients. The hidden recipients are NOT included in the intended recipient fingerprint list of the signature, if a signature is present. If not set, set another type of encryption: Recipients, SessionKey, or Password.

func (*EncryptionHandleBuilder) IncludeExternalSignature 

func (ehb *EncryptionHandleBuilder) IncludeExternalSignature(signature []byte) *EncryptionHandleBuilder

IncludeExternalSignature indicates that the provided signature should be included in the produced encrypted message. Special feature: should not be used in normal use-cases, can lead to broken or invalid PGP messages.

func (*EncryptionHandleBuilder) New 

func (ehb *EncryptionHandleBuilder) New() (PGPEncryption, error)

New creates an EncryptionHandle and checks that the given combination of parameters is valid. If the parameters are invalid an error is returned.

func (*EncryptionHandleBuilder) Password 

func (ehb *EncryptionHandleBuilder) Password(password []byte) *EncryptionHandleBuilder

Password sets a password the message should be encrypted with. Triggers password based encryption with a key derived from the password. If not set, set another the type of encryption: Recipients, HiddenRecipients, or SessionKey.

func (*EncryptionHandleBuilder) PlainDetachedSignature 

func (ehb *EncryptionHandleBuilder) PlainDetachedSignature() *EncryptionHandleBuilder

PlainDetachedSignature indicates that the message should be signed, but the signature should not be included in the same pgp message as the input data. Instead the detached signature is a separate signature pgp message. If DetachedSignature signature is set (i.e., the detached signature is encrypted), this option is ignored. NOTE: A plaintext detached signature might reveal information about the encrypted plaintext. Thus, use with care.

func (*EncryptionHandleBuilder) Recipient 

func (ehb *EncryptionHandleBuilder) Recipient(key *Key) *EncryptionHandleBuilder

Recipient sets the public key to which the message should be encrypted to. Triggers hybrid encryption with public keys of the recipients and hidden recipients. The recipients are included in the intended recipient fingerprint list of the signature, if a signature is present. If not set, set another type of encryption: HiddenRecipients, SessionKey, or Password.

func (*EncryptionHandleBuilder) Recipients 

func (ehb *EncryptionHandleBuilder) Recipients(recipients *KeyRing) *EncryptionHandleBuilder

Recipients sets the public keys to which the message should be encrypted to. Triggers hybrid encryption with public keys of the recipients and hidden recipients. The recipients are included in the intended recipient fingerprint list of the signature, if a signature is present. If not set, set another type of encryption: HiddenRecipients, SessionKey, or Password.

func (*EncryptionHandleBuilder) SessionKey 

func (ehb *EncryptionHandleBuilder) SessionKey(sessionKey *SessionKey) *EncryptionHandleBuilder

SessionKey sets the session key the message should be encrypted with. Triggers session key encryption with the included session key. If not set, set another the type of encryption: Recipients, HiddenRecipients, or Password.

func (*EncryptionHandleBuilder) SignTime 

func (ehb *EncryptionHandleBuilder) SignTime(unixTime int64) *EncryptionHandleBuilder

SignTime sets the internal clock to always return the supplied unix time for signing instead of the system time.

func (*EncryptionHandleBuilder) SigningContext 

func (ehb *EncryptionHandleBuilder) SigningContext(siningContext *SigningContext) *EncryptionHandleBuilder

SigningContext provides a signing context for the signature in the message. Triggers that each signature includes the sining context. SigningKeys have to be set if a SigningContext is provided.

func (*EncryptionHandleBuilder) SigningKey 

func (ehb *EncryptionHandleBuilder) SigningKey(key *Key) *EncryptionHandleBuilder

SigningKey sets the signing key that are used to create signature of the message. Triggers that signatures are created for each signing key. If not set, no signature is included.

func (*EncryptionHandleBuilder) SigningKeys 

func (ehb *EncryptionHandleBuilder) SigningKeys(signingKeys *KeyRing) *EncryptionHandleBuilder

SigningKeys sets the signing keys that are used to create signature of the message. Triggers that signatures are created for each signing key. If not set, no signature is included.

func (*EncryptionHandleBuilder) Utf8 

func (ehb *EncryptionHandleBuilder) Utf8() *EncryptionHandleBuilder

Utf8 indicates if the plaintext should be signed with a text type signature. If set, the plaintext is signed after canonicalising the line endings.

type EncryptionProfile 

type EncryptionProfile interface {
	EncryptionConfig() *packet.Config
	CompressionConfig() *packet.Config
}

type Identity 

type Identity struct {
	Name  string `json:"name"`
	Email string `json:"email"`
}

Identity contains the name and the email of a key holder.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key contains a single private or public key.

func NewKey 

func NewKey(binKeys []byte) (key *Key, err error)

NewKey creates a new key from the first key in the unarmored or armored binary data. Clones the binKeys data for go-mobile compatibility.

func NewKeyFromArmored 

func NewKeyFromArmored(armored string) (key *Key, err error)

NewKeyFromArmored creates a new key from the first key in an armored string.

func NewKeyFromEntity 

func NewKeyFromEntity(entity *openpgp.Entity) (*Key, error)

NewKeyFromEntity creates a key from the provided go-crypto/openpgp entity.

func NewKeyFromReader 

func NewKeyFromReader(r io.Reader) (key *Key, err error)

NewKeyFromReader reads binary or armored data into a Key object.

func NewKeyFromReaderExplicit 

func NewKeyFromReaderExplicit(r io.Reader, encoding int8) (key *Key, err error)

NewKeyFromReaderExplicit reads binary or armored data into a Key object. Allows to set the encoding explicitly to avoid the armor check.

func NewKeyWithCloneFlag 

func NewKeyWithCloneFlag(binKeys []byte, clone bool) (key *Key, err error)

NewKeyWithCloneFlag creates a new key from the first key in the unarmored or armored binary data.

func NewPrivateKeyFromArmored 

func NewPrivateKeyFromArmored(armored string, password []byte) (key *Key, err error)

NewPrivateKeyFromArmored creates a new secret key from the first key in an armored string and unlocks it with the password.

func (*Key) Armor 

func (key *Key) Armor() (string, error)

Armor returns the armored key as a string with default gopenpgp headers.

func (*Key) ArmorWithCustomHeaders 

func (key *Key) ArmorWithCustomHeaders(comment, version string) (string, error)

ArmorWithCustomHeaders returns the armored key as a string, with the given headers. Empty parameters are omitted from the headers.

func (*Key) CanEncrypt 

func (key *Key) CanEncrypt(unixTime int64) bool

CanEncrypt returns true if any of the subkeys can be used for encryption.

func (*Key) CanVerify 

func (key *Key) CanVerify(unixTime int64) bool

CanVerify returns true if any of the subkeys can be used for verification.

func (*Key) Check 

func (key *Key) Check() (bool, error)

Check verifies if the public keys match the private key parameters by signing and verifying. Deprecated: all keys are now checked on parsing.

func (*Key) ClearPrivateParams 

func (key *Key) ClearPrivateParams() (ok bool)

ClearPrivateParams zeroes the sensitive data in the key.

func (*Key) Copy 

func (key *Key) Copy() (*Key, error)

Copy creates a deep copy of the key.

func (*Key) GetArmoredPublicKey 

func (key *Key) GetArmoredPublicKey() (s string, err error)

GetArmoredPublicKey returns the armored public keys from this keyring.

func (*Key) GetArmoredPublicKeyWithCustomHeaders 

func (key *Key) GetArmoredPublicKeyWithCustomHeaders(comment, version string) (string, error)

GetArmoredPublicKeyWithCustomHeaders returns the armored public key as a string, with the given headers. Empty parameters are omitted from the headers.

func (*Key) GetEntity 

func (key *Key) GetEntity() *openpgp.Entity

GetEntity gets x/crypto Entity object. Not supported on go-mobile clients.

func (*Key) GetFingerprint 

func (key *Key) GetFingerprint() string

GetFingerprint gets the fingerprint from the key.

func (*Key) GetFingerprintBytes 

func (key *Key) GetFingerprintBytes() []byte

GetFingerprintBytes gets the fingerprint from the key as a byte slice.

func (*Key) GetHexKeyID 

func (key *Key) GetHexKeyID() string

GetHexKeyID returns the key ID, hex encoded as a string.

func (*Key) GetJsonSHA256Fingerprints 

func (key *Key) GetJsonSHA256Fingerprints() ([]byte, error)

GetJsonSHA256Fingerprints returns the SHA256 fingerprints of key and subkeys encoded in JSON, for gomobile clients that cannot handle arrays.

func (*Key) GetKeyID 

func (key *Key) GetKeyID() uint64

GetKeyID returns the key ID, encoded as 8-byte int. Does not work for go-mobile clients, use GetHexKeyID instead.

func (*Key) GetPublicKey 

func (key *Key) GetPublicKey() (b []byte, err error)

GetPublicKey returns the unarmored public keys from this keyring.

func (*Key) GetSHA256Fingerprint 

func (key *Key) GetSHA256Fingerprint() (fingerprint string)

GetSHA256Fingerprint computes the SHA256 fingerprint of the primary key.

func (*Key) GetSHA256Fingerprints 

func (key *Key) GetSHA256Fingerprints() (fingerprints []string)

GetSHA256Fingerprints computes the SHA256 fingerprints of the key and subkeys.

func (*Key) GetVersion 

func (key *Key) GetVersion() int

GetVersion returns the OpenPGP key packet version of this key.

func (*Key) IsExpired 

func (key *Key) IsExpired(unixTime int64) bool

IsExpired checks whether the key is expired.

func (*Key) IsLocked 

func (key *Key) IsLocked() (bool, error)

IsLocked checks if a private key is locked.

func (*Key) IsPrivate 

func (key *Key) IsPrivate() bool

IsPrivate returns true if the key is private.

func (*Key) IsRevoked 

func (key *Key) IsRevoked(unixTime int64) bool

IsRevoked checks whether the key or the primary identity has a valid revocation signature.

func (*Key) IsUnlocked 

func (key *Key) IsUnlocked() (bool, error)

IsUnlocked checks if a private key is unlocked.

func (*Key) PrintFingerprints 

func (key *Key) PrintFingerprints()

PrintFingerprints is a debug helper function that prints the key and subkey fingerprints.

Example 
keyringKey, _ := NewKeyFromArmored(readTestFile("keyring_publicKey", false))
keyringKey.PrintFingerprints()

Output:

SubKey:37e4bcf09b36e34012d10c0247dc67b5cb8267f6
PrimaryKey:6e8ba229b0cccaf6962f97953eb6259edf21df24

func (*Key) Serialize 

func (key *Key) Serialize() ([]byte, error)

func (*Key) ToPublic 

func (key *Key) ToPublic() (publicKey *Key, err error)

ToPublic returns the corresponding public key of the given private key.

func (*Key) Unlock 

func (key *Key) Unlock(passphrase []byte) (*Key, error)

Unlock unlocks a copy of the key.

type KeyEncryptionProfile 

type KeyEncryptionProfile interface {
	KeyEncryptionConfig() *packet.Config
}

type KeyGenerationBuilder 

type KeyGenerationBuilder struct {
	// contains filtered or unexported fields
}

KeyGenerationBuilder allows to configure a key generation handle to generate OpenPGP keys.

func (*KeyGenerationBuilder) AddUserId 

func (kgb *KeyGenerationBuilder) AddUserId(name, email string) *KeyGenerationBuilder

AddUserId adds the provided user identity to any generated key.

func (*KeyGenerationBuilder) GenerationTime 

func (kgb *KeyGenerationBuilder) GenerationTime(unixTime int64) *KeyGenerationBuilder

GenerationTime sets the key generation time to the given unixTime.

func (*KeyGenerationBuilder) Lifetime 

func (kgb *KeyGenerationBuilder) Lifetime(seconds int32) *KeyGenerationBuilder

Lifetime sets the key lifetime to the given value in seconds. The lifetime defaults to zero i.e., infinite lifetime.

func (*KeyGenerationBuilder) New 

func (kgb *KeyGenerationBuilder) New() PGPKeyGeneration

New creates a new key generation handle from the internal configuration that allows to generate pgp keys.

func (*KeyGenerationBuilder) OverrideProfileAlgorithm 

func (kgb *KeyGenerationBuilder) OverrideProfileAlgorithm(algorithm int) *KeyGenerationBuilder

OverrideProfileAlgorithm allows to override the algorithm of the output key instead of using the profile's algorithm with the respective security level.

Allowed inputs (integer enum for go-mobile compatibility): crypto.KeyGenerationRSA4096, crypto.KeyGenerationC25519, crypto.KeyGenerationC25519Refresh crypto.KeyGenerationC448, crypto.KeyGenerationC448Refresh.

type KeyGenerationProfile 

type KeyGenerationProfile interface {
	KeyGenerationConfig(securityLevel int8) *packet.Config
}

type KeyRing 

type KeyRing struct {

	// FirstKeyID as obtained from API to match salt
	FirstKeyID string
	// contains filtered or unexported fields
}

KeyRing contains multiple private and public keys.

func FilterExpiredKeys 

func FilterExpiredKeys(contactKeys []*KeyRing) (filteredKeys []*KeyRing, err error)

FilterExpiredKeys takes a given KeyRing list and it returns only those KeyRings which contain at least, one unexpired Key. It returns only unexpired parts of these KeyRings.

func NewKeyRing 

func NewKeyRing(key *Key) (*KeyRing, error)

NewKeyRing creates a new KeyRing, empty if key is nil.

func NewKeyRingFromBinary 

func NewKeyRingFromBinary(binKeys []byte) (*KeyRing, error)

NewKeyRingFromBinary creates a new keyring with all the keys contained in the unarmored binary data. Note that it accepts only unlocked or public keys, as KeyRing cannot contain locked keys.

func (*KeyRing) AddKey 

func (keyRing *KeyRing) AddKey(key *Key) error

AddKey adds the given key to the keyring.

func (*KeyRing) CanEncrypt 

func (keyRing *KeyRing) CanEncrypt(unixTime int64) bool

CanEncrypt returns true if any of the keys in the keyring can be used for encryption.

func (*KeyRing) CanVerify 

func (keyRing *KeyRing) CanVerify(unixTime int64) bool

CanVerify returns true if any of the keys in the keyring can be used for verification.

func (*KeyRing) ClearPrivateParams 

func (keyRing *KeyRing) ClearPrivateParams()

func (*KeyRing) Copy 

func (keyRing *KeyRing) Copy() (*KeyRing, error)

Copy creates a deep copy of the keyring.

func (*KeyRing) CountDecryptionEntities 

func (keyRing *KeyRing) CountDecryptionEntities(unixTime int64) int

CountDecryptionEntities returns the number of entities in the keyring. Takes the current time for checking the keys in unix time format. If the unix time is zero, time checks are ignored.

func (*KeyRing) CountEntities 

func (keyRing *KeyRing) CountEntities() int

CountEntities returns the number of entities in the keyring.

func (*KeyRing) FirstKey 

func (keyRing *KeyRing) FirstKey() (*KeyRing, error)

FirstKey returns a KeyRing with only the first key of the original one.

func (*KeyRing) GetHexKeyIDsJson 

func (keyRing *KeyRing) GetHexKeyIDsJson() []byte

GetHexKeyIDsJson returns an IDs of keys in this KeyRing as a json array. Key ids are encoded as hexadecimal and nil is returned if an error occurs. Helper function for go-mobile clients.

func (*KeyRing) GetIdentities 

func (keyRing *KeyRing) GetIdentities() []*Identity

GetIdentities returns the list of identities associated with this key ring. Not supported on go-mobile clients use keyRing.GetIdentitiesJson() instead.

func (*KeyRing) GetIdentitiesJson 

func (keyRing *KeyRing) GetIdentitiesJson() []byte

GetIdentitiesJson returns the list of identities associated with this key ring encoded as json. Returns nil if an encoding error occurs. Helper function for go-mobile clients.

func (*KeyRing) GetKey 

func (keyRing *KeyRing) GetKey(n int) (*Key, error)

GetKey returns the n-th openpgp key contained in this KeyRing.

func (*KeyRing) GetKeyIDs 

func (keyRing *KeyRing) GetKeyIDs() []uint64

GetKeyIDs returns array of IDs of keys in this KeyRing. Not supported on go-mobile clients.

func (*KeyRing) GetKeys 

func (keyRing *KeyRing) GetKeys() []*Key

GetKeys returns openpgp keys contained in this KeyRing. Not supported on go mobile clients.

func (*KeyRing) Serialize 

func (keyRing *KeyRing) Serialize() ([]byte, error)

Serialize serializes a KeyRing to binary data.

type LiteralMetadata 

type LiteralMetadata struct {

	// The file's latest modification time
	ModTime int64
	// contains filtered or unexported fields
}

func NewFileMetadata 

func NewFileMetadata(isUTF8 bool, filename string, modTime int64) *LiteralMetadata

NewFileMetadata creates literal metadata.

func NewMetadata 

func NewMetadata(isUTF8 bool) *LiteralMetadata

NewMetadata creates new default literal metadata with utf-8 set to isUTF8.

func (*LiteralMetadata) Filename 

func (msg *LiteralMetadata) Filename() string

Filename returns the filename of the literal metadata.

func (*LiteralMetadata) IsUtf8 

func (msg *LiteralMetadata) IsUtf8() bool

IsUtf8 returns whether the literal metadata is annotated with utf-8.

func (*LiteralMetadata) Time 

func (msg *LiteralMetadata) Time() int64

type PGPDecryption 

type PGPDecryption interface {
	// DecryptingReader returns a wrapper around underlying encryptedMessage Reader,
	// such that any read-operation via the wrapper results in a read from the decrypted pgp message.
	// The returned VerifyDataReader has to be fully read before any potential signatures can be verified.
	// Either read the message fully end then call VerifySignature or use the helper method ReadAllAndVerifySignature.
	// The encoding indicates if the input message should be unarmored or not, i.e., Bytes/Armor/Auto
	// where Auto tries to detect automatically.
	// If encryptedMessage is of type PGPSplitReader, the method tries to verify an encrypted detached signature
	// that is read from the separate reader.
	DecryptingReader(encryptedMessage Reader, encoding int8) (*VerifyDataReader, error)
	// Decrypt decrypts an encrypted pgp message.
	// Returns a VerifiedDataResult, which can be queried for potential signature verification errors,
	// and the plaintext data. Note that on a signature error, the method does not return an error.
	// Instead, the signature error is stored within the VerifiedDataResult.
	// The encoding indicates if the input message should be unarmored or not, i.e., Bytes/Armor/Auto
	// where Auto tries to detect automatically.
	Decrypt(pgpMessage []byte, encoding int8) (*VerifiedDataResult, error)
	// DecryptDetached provides the same functionality as Decrypt but allows
	// to supply an encrypted detached signature that should be decrypted and verified
	// against the data in the pgp message. If encDetachedSignature is nil, the behavior is similar
	// to Decrypt. The encoding indicates if the input message should be unarmored or not,
	// i.e., Bytes/Armor/Auto where Auto tries to detect automatically.
	DecryptDetached(pgpMessage []byte, encDetachedSignature []byte, encoding int8) (*VerifiedDataResult, error)
	// DecryptSessionKey decrypts an encrypted session key.
	// To decrypt a session key, the decryption handle must contain either a decryption key or a password.
	DecryptSessionKey(keyPackets []byte) (*SessionKey, error)
	// ClearPrivateParams clears all private key material contained in EncryptionHandle from memory.
	ClearPrivateParams()
}

PGPDecryption is an interface for decrypting pgp messages with GopenPGP. Use the DecryptionHandleBuilder to create a handle that implements PGPDecryption.

type PGPEncoding 

type PGPEncoding int8

type PGPEncryption 

type PGPEncryption interface {
	// EncryptingWriter returns a wrapper around underlying output Writer,
	// such that any write-operation via the wrapper results in a write to an encrypted pgp message.
	// If the output Writer is of type PGPSplitWriter, the output can be split to multiple writers
	// for different parts of the message. For example to write key packets and encrypted data packets
	// to different writers or to write a detached signature separately.
	// The encoding argument defines the output encoding, i.e., Bytes or Armored
	// The returned pgp message WriteCloser must be closed after the plaintext has been written.
	EncryptingWriter(output Writer, encoding int8) (WriteCloser, error)
	// Encrypt encrypts a plaintext message.
	Encrypt(message []byte) (*PGPMessage, error)
	// EncryptSessionKey encrypts a session key with the encryption handle.
	// To encrypt a session key, the handle must contain either recipients or a password.
	EncryptSessionKey(sessionKey *SessionKey) ([]byte, error)
	// ClearPrivateParams clears all private key material contained in EncryptionHandle from memory.
	ClearPrivateParams()
}

PGPEncryption is an interface for encrypting messages with GopenPGP. Use an EncryptionHandleBuilder to create a PGPEncryption handle.

type PGPHandle 

type PGPHandle struct {
	// contains filtered or unexported fields
}

func PGP 

func PGP() *PGPHandle

PGP creates a PGPHandle to interact with the API. Uses the default profile for configuration.

func PGPWithProfile 

func PGPWithProfile(profile *profile.Custom) *PGPHandle

PGPWithProfile creates a PGPHandle to interact with the API. Uses the provided profile for configuration.

func (*PGPHandle) Decryption 

func (p *PGPHandle) Decryption() *DecryptionHandleBuilder

Decryption returns a builder to create a DecryptionHandle for decrypting pgp messages.

Example (Asymmetric) 
// Decrypt armored encrypted message using
// the private key and obtain the plaintext
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	fmt.Println(err)
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
decHandle, err := pgp.
	Decryption().
	DecryptionKey(privateKey).
	New()
if err != nil {
	fmt.Println(err)
	return
}
decrypted, err := decHandle.Decrypt([]byte(exampleEncryptedMessagePub), Armor)
if err != nil {
	fmt.Println(err)
	return
}
fmt.Println(decrypted.String())

Output:

my message
Example (Detached) 
// Decrypt armored encrypted message and verify an encrypted
// detached signature.
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	return
}
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
decHandle, err := pgp.
	Decryption().
	DecryptionKey(privateKey).
	VerificationKey(publicKey).
	New()
if err != nil {
	fmt.Println(err)
	return
}
ciphertextReader := NewPGPSplitReader(
	strings.NewReader(exampleEncryptedDetachedMessage),
	strings.NewReader(exampleEncryptedDetachedSignatureMessage),
)
ptReader, err := decHandle.DecryptingReader(ciphertextReader, Armor)
if err != nil {
	fmt.Println(err)
	return
}
decrypted, err := ptReader.ReadAllAndVerifySignature()
if err != nil {
	fmt.Println(err)
	return
}
if sigErr := decrypted.SignatureError(); sigErr != nil {
	fmt.Println(sigErr)
	return
} else {
	fmt.Println("OK")
}
fmt.Println(decrypted.String())

Output:

OK
my message
Example (Password) 
// Decrypt data with a password
pgp := PGP()
decHandle, err := pgp.
	Decryption().
	Password([]byte("hunter2")).
	New()
if err != nil {
	fmt.Println(err)
	return
}
decrypted, err := decHandle.Decrypt([]byte(exampleEncryptedMessagePw), Armor)
if err != nil {
	fmt.Println(err)
	return
}
fmt.Println(string(decrypted.Bytes()))

Output:

my message
Example (Signcrypt) 
// Decrypt armored encrypted message using
// the private key and obtain the plaintext
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	fmt.Println(err)
	return
}
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	fmt.Println(err)
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
decHandle, err := pgp.
	Decryption().
	DecryptionKey(privateKey).
	VerificationKey(publicKey).
	New()
if err != nil {
	fmt.Println(err)
	return
}
decrypted, err := decHandle.Decrypt([]byte(exampleEncryptedAndSigned), Armor)
if err != nil {
	return
}
if sigErr := decrypted.SignatureError(); sigErr != nil {
	fmt.Println(sigErr)
	return
} else {
	fmt.Println("OK")
}
fmt.Println(decrypted.String())

Output:

OK
my message
Example (Split) 
// Decrypt key and data packet
// separately.
data := strings.Split(exampleSplitMessage, "\n")
keyPacket, _ := hex.DecodeString(data[0])
dataPacket, _ := hex.DecodeString(data[1])
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	fmt.Println(err)
	return
}
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	fmt.Println(err)
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
decHandle, err := pgp.
	Decryption().
	DecryptionKey(privateKey).
	New()
if err != nil {
	fmt.Println(err)
	return
}
sessionKey, err := decHandle.DecryptSessionKey(keyPacket)
if err != nil {
	fmt.Println(err)
	return
}
decHandle, err = pgp.
	Decryption().
	SessionKey(sessionKey).
	VerificationKey(publicKey).
	DisableIntendedRecipients().
	New()
if err != nil {
	fmt.Println(err)
	return
}
decrypted, err := decHandle.Decrypt(dataPacket, Bytes)
if err != nil {
	fmt.Println(err)
	return
}
if sigErr := decrypted.SignatureError(); sigErr != nil {
	fmt.Println(sigErr)
	return
} else {
	fmt.Println("OK")
}
fmt.Println(decrypted.String())

Output:

OK
my message
Example (Stream) 
// Decrypt armored encrypted message using
// the private key and obtain the plaintext with streaming
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	return
}
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
decHandle, err := pgp.
	Decryption().
	DecryptionKey(privateKey).
	VerificationKey(publicKey).
	New()
if err != nil {
	fmt.Println(err)
	return
}
ciphertextReader := strings.NewReader(exampleEncryptedAndSigned)
ptReader, err := decHandle.DecryptingReader(ciphertextReader, Armor)
if err != nil {
	fmt.Println(err)
	return
}
decrypted, err := ptReader.ReadAllAndVerifySignature()
if err != nil {
	fmt.Println(err)
	return
}
if sigErr := decrypted.SignatureError(); sigErr != nil {
	fmt.Println(sigErr)
	return
} else {
	fmt.Println("OK")
}
fmt.Println(decrypted.String())

Output:

OK
my message

func (*PGPHandle) Encryption 

func (p *PGPHandle) Encryption() *EncryptionHandleBuilder

Encryption returns a builder to create an EncryptionHandle for encrypting messages.

Example (Asymmetric) 
// Encrypt data with a public key
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	return
}
pgp := PGP()
encHandle, err := pgp.Encryption().
	Recipient(publicKey).
	New()
if err != nil {
	return
}
pgpMessage, err := encHandle.Encrypt([]byte("my message"))
if err != nil {
	return
}
armored, err := pgpMessage.Armor()
if err != nil {
	return
}
fmt.Println(armored)

Output:
Example (Detached) 
// Produce encrypted detached signatures instead of
// embedded signatures:
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	return
}
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
encHandle, err := pgp.Encryption().
	Recipient(publicKey).
	SigningKey(privateKey).
	DetachedSignature().
	New()
if err != nil {
	return
}
var pgpMessage bytes.Buffer
var pgpSignatureMessage bytes.Buffer
splitWriter := NewPGPSplitWriterDetachedSignature(&pgpMessage, &pgpSignatureMessage)
ptWriter, err := encHandle.EncryptingWriter(splitWriter, Armor)
if err != nil {
	return
}
if _, err = io.Copy(ptWriter, strings.NewReader("my message")); err != nil {
	return
}
if err = ptWriter.Close(); err != nil {
	return
}
fmt.Println(pgpMessage.String())
fmt.Println(pgpSignatureMessage.String())

Output:
Example (Password) 
// Encrypt data with a password
password := []byte("hunter2")
pgp := PGP()
encHandle, err := pgp.Encryption().
	Password(password).
	New()
if err != nil {
	return
}
pgpMessage, err := encHandle.Encrypt([]byte("my message"))
if err != nil {
	return
}
armored, err := pgpMessage.Armor()
if err != nil {
	return
}
fmt.Println(armored)

Output:
Example (Signcrypt) 
// Encrypt data with a public key
// and sign with private key
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	return
}
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
encHandle, err := pgp.Encryption().
	Recipient(publicKey).
	SigningKey(privateKey).
	New()
if err != nil {
	return
}
pgpMessage, err := encHandle.Encrypt([]byte("my message"))
if err != nil {
	return
}
armored, err := pgpMessage.Armor()
if err != nil {
	return
}
fmt.Println(armored)

Output:
Example (Split) 
// Split encrypted message into key packets and data packets.
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	return
}
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
encHandle, err := pgp.Encryption().
	Recipient(publicKey).
	SigningKey(privateKey).
	New()
if err != nil {
	return
}
var keyPackets bytes.Buffer
var dataPackets bytes.Buffer
splitWriter := NewPGPSplitWriterKeyAndData(&keyPackets, &dataPackets)
ptWriter, err := encHandle.EncryptingWriter(splitWriter, Bytes)
if err != nil {
	return
}
if _, err = io.Copy(ptWriter, strings.NewReader("my message")); err != nil {
	return
}
if err = ptWriter.Close(); err != nil {
	return
}
fmt.Printf("%x\n", keyPackets.Bytes())
fmt.Printf("%x\n", dataPackets.Bytes())

Output:
Example (Stream) 
// Encrypt data with a public key
// and sign with private key streaming
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	return
}
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
encHandle, err := pgp.Encryption().
	Recipient(publicKey).
	SigningKey(privateKey).
	New()
if err != nil {
	return
}
messageReader := strings.NewReader("my message")
var ciphertextWriter bytes.Buffer
ptWriter, err := encHandle.EncryptingWriter(&ciphertextWriter, Armor)
if err != nil {
	fmt.Println(err)
	return
}
if _, err = io.Copy(ptWriter, messageReader); err != nil {
	return
}
if err = ptWriter.Close(); err != nil {
	return
}
fmt.Println(ciphertextWriter.String())

Output:

func (*PGPHandle) GenerateSessionKey 

func (p *PGPHandle) GenerateSessionKey() (*SessionKey, error)

GenerateSessionKey generates a random session key for the profile.

func (*PGPHandle) KeyGeneration 

func (p *PGPHandle) KeyGeneration() *KeyGenerationBuilder

KeyGeneration returns a builder to create a KeyGeneration handle.

Example (Basic) 
pgp := PGP()
// Generate a PGP key
genHandle := pgp.KeyGeneration().
	AddUserId("Max Mustermann", "max.mustermann@example.com").
	New()
key, err := genHandle.GenerateKey()
if err != nil {
	return
}
fmt.Println(key.Armor())

Output:
Example (Level) 
// Generate a PGP key with the crypto-refresh profile
// higher security level (Curve448)
pgp := PGPWithProfile(profile.RFC9580())
genHandle := pgp.KeyGeneration().
	AddUserId("Max Mustermann", "max.mustermann@example.com").
	New()
key, err := genHandle.GenerateKeyWithSecurity(constants.HighSecurity)
if err != nil {
	return
}
fmt.Println(key.Armor())

Output:
Example (Profile) 
// Generate a PGP key with the crypto-refresh profile
pgp := PGPWithProfile(profile.RFC9580())
genHandle := pgp.KeyGeneration().
	AddUserId("Max Mustermann", "max.mustermann@example.com").
	New()
key, err := genHandle.GenerateKey()
if err != nil {
	return
}
fmt.Println(key.Armor())

Output:

func (*PGPHandle) LockKey 

func (p *PGPHandle) LockKey(key *Key, passphrase []byte) (*Key, error)

LockKey encrypts the private parts of a copy of the input key with the given passphrase.

Example 
// Encrypt secret material in a private key with a passphrase.
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	fmt.Println(err)
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
lockedKey, err := pgp.LockKey(privateKey, []byte("password"))
if err != nil {
	fmt.Println(err)
	return
}
locked, _ := lockedKey.IsLocked()
fmt.Println(locked)

Output:

true

func (*PGPHandle) Sign 

func (p *PGPHandle) Sign() *SignHandleBuilder

Sign returns a builder to create a SignHandle for signing messages.

Example (Cleartext) 
// Sign a plaintext with a private key
// using the cleartext signature framework.
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
signingMessage := []byte("message to sign")
signer, _ := pgp.Sign().
	SigningKey(privateKey).
	New()
signatureMessage, err := signer.SignCleartext(signingMessage)
if err != nil {
	return
}
fmt.Println(string(signatureMessage))

Output:
Example (Detached) 
// Sign a plaintext with a private key
// using a detached signatures.
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
signingMessage := []byte("message to sign")
signer, _ := pgp.Sign().
	SigningKey(privateKey).
	Detached().
	New()
signature, err := signer.Sign(signingMessage, Armor)
if err != nil {
	return
}
fmt.Println(string(signature))

Output:
Example (Inline) 
// Sign a plaintext with a private key
// using a inline signature.
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
signingMessage := []byte("message to sign")
signer, _ := pgp.Sign().
	SigningKey(privateKey).
	New()
signatureMessage, err := signer.Sign(signingMessage, Armor)
if err != nil {
	return
}
fmt.Println(string(signatureMessage))

Output:
Example (Stream) 
// Sign a plaintext with a private key
// using a inline signature with streaming.
privateKey, err := NewKeyFromArmored(examplePrivKey)
if err != nil {
	return
}
defer privateKey.ClearPrivateParams()
pgp := PGP()
signer, _ := pgp.Sign().
	SigningKey(privateKey).
	New()
var signedMessage bytes.Buffer
messageWriter, err := signer.SigningWriter(&signedMessage, Armor)
if err != nil {
	return
}
if _, err = io.Copy(messageWriter, strings.NewReader("message to sign")); err != nil {
	return
}
if err = messageWriter.Close(); err != nil {
	return
}
fmt.Println(signedMessage.String())

Output:

func (*PGPHandle) Verify 

func (p *PGPHandle) Verify() *VerifyHandleBuilder

Verify returns a builder to create an VerifyHandle for verifying signatures.

Example (Cleartext) 
// Verify a cleartext signed message with a public key.
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	fmt.Println(err)
	return
}
pgp := PGP()
verifier, _ := pgp.Verify().
	VerificationKey(publicKey).
	New()
verifyResult, err := verifier.VerifyCleartext([]byte(exampleCleartextSignature))
if err != nil {
	fmt.Println(err)
	return
}
if sigErr := verifyResult.SignatureError(); sigErr != nil {
	fmt.Println(sigErr)
} else {
	fmt.Println("OK")
}
fmt.Println(string(verifyResult.Cleartext()))

Output:

OK
message to sign
Example (Detached) 
// Verify detached signature with a public key.
verifyMessage := []byte("message to sign")
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	fmt.Println(err)
	return
}
pgp := PGP()
verifier, _ := pgp.Verify().
	VerificationKey(publicKey).
	New()
verifyResult, err := verifier.VerifyDetached(verifyMessage, []byte(exampleDetachedSignature), Armor)
if err != nil {
	fmt.Println(err)
	return
}
if sigErr := verifyResult.SignatureError(); sigErr != nil {
	fmt.Println(sigErr)
} else {
	fmt.Println("OK")
}

Output:

OK
Example (Inline) 
// Verify a inline signed message with a public key.
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	fmt.Println(err)
	return
}
pgp := PGP()
verifier, _ := pgp.Verify().
	VerificationKey(publicKey).
	New()
verifyResult, err := verifier.VerifyInline([]byte(exampleInlineSignature), Armor)
if err != nil {
	fmt.Println(err)
	return
}
if sigErr := verifyResult.SignatureError(); sigErr != nil {
	fmt.Println(sigErr)
} else {
	fmt.Println("OK")
}
fmt.Println(verifyResult.String())

Output:

OK
message to sign
Example (Stream) 
// Verify a inline signed message with a public key using streaming.
publicKey, err := NewKeyFromArmored(examplePubKey)
if err != nil {
	fmt.Println(err)
	return
}
pgp := PGP()
verifier, _ := pgp.Verify().
	VerificationKey(publicKey).
	New()
messageReader, err := verifier.VerifyingReader(nil, strings.NewReader(exampleInlineSignature), Armor)
if err != nil {
	fmt.Println(err)
	return
}
verifyResult, err := messageReader.ReadAllAndVerifySignature()
if err != nil {
	fmt.Println(err)
	return
}
if sigErr := verifyResult.SignatureError(); sigErr != nil {
	fmt.Println(sigErr)
} else {
	fmt.Println("OK")
}
fmt.Println(verifyResult.String())

Output:

OK
message to sign

type PGPKeyGeneration 

type PGPKeyGeneration interface {
	// GenerateKey generates a pgp key with the standard security level.
	GenerateKey() (*Key, error)
	// GenerateKeyWithSecurity generates a pgp key with the given security level.
	// The argument security allows to set the security level, either standard or high.
	GenerateKeyWithSecurity(securityLevel int8) (*Key, error)
}

PGPKeyGeneration is an interface for generating pgp keys with GopenPGP. Use the KeyGenerationBuilder to create a handle that implements PGPKeyGeneration.

type PGPMessage 

type PGPMessage struct {
	// KeyPacket references the PKESK and SKESK packets of the message
	KeyPacket []byte
	// DataPacket references the SEIPD or AEAD protected packet of the message
	DataPacket []byte
	// DetachedSignature stores the encrypted detached signature.
	// Nil when the signature is embedded in the data packet or not present.
	DetachedSignature []byte
	// contains filtered or unexported fields
}

PGPMessage stores a PGP-encrypted message.

func NewPGPMessage 

func NewPGPMessage(data []byte) *PGPMessage

NewPGPMessage generates a new PGPMessage from the unarmored binary data. Clones the data for go-mobile compatibility.

func NewPGPMessageFromArmored 

func NewPGPMessageFromArmored(armored string) (*PGPMessage, error)

NewPGPMessageFromArmored generates a new PGPMessage from an armored string ready for decryption.

func NewPGPMessageWithCloneFlag 

func NewPGPMessageWithCloneFlag(data []byte, doClone bool) *PGPMessage

NewPGPMessageWithCloneFlag generates a new PGPMessage from the unarmored binary data.

func NewPGPSplitMessage 

func NewPGPSplitMessage(keyPacket []byte, dataPacket []byte) *PGPMessage

NewPGPSplitMessage generates a new PGPSplitMessage from the binary unarmored keypacket and datapacket. Clones the slices for go-mobile compatibility.

func (*PGPMessage) Armor 

func (msg *PGPMessage) Armor() (string, error)

Armor returns the armored message as a string.

func (*PGPMessage) ArmorBytes 

func (msg *PGPMessage) ArmorBytes() ([]byte, error)

ArmorBytes returns the armored message as a string.

func (*PGPMessage) ArmorWithCustomHeaders 

func (msg *PGPMessage) ArmorWithCustomHeaders(comment, version string) (string, error)

ArmorWithCustomHeaders returns the armored message as a string, with the given headers. Empty parameters are omitted from the headers.

func (*PGPMessage) BinaryDataPacket 

func (msg *PGPMessage) BinaryDataPacket() []byte

BinaryDataPacket returns the unarmored binary datapacket as a []byte.

func (*PGPMessage) BinaryKeyPacket 

func (msg *PGPMessage) BinaryKeyPacket() []byte

BinaryKeyPacket returns the unarmored binary keypacket as a []byte.

func (*PGPMessage) Bytes 

func (msg *PGPMessage) Bytes() []byte

Bytes returns the unarmored binary content of the message as a []byte.

func (*PGPMessage) EncryptedDetachedSignature 

func (msg *PGPMessage) EncryptedDetachedSignature() *PGPMessage

EncryptedDetachedSignature returns the encrypted detached signature of this message as a PGPMessage where the data is the encrypted signature. If no detached signature is present in this message, it returns nil.

func (*PGPMessage) EncryptionKeyIDs 

func (msg *PGPMessage) EncryptionKeyIDs() ([]uint64, bool)

EncryptionKeyIDs Returns the key IDs of the keys to which the session key is encrypted. Not supported on go-mobile clients use msg.HexEncryptionKeyIDsJson() instead.

func (*PGPMessage) GetNumberOfKeyPackets 

func (msg *PGPMessage) GetNumberOfKeyPackets() (int, error)

GetNumberOfKeyPackets returns the number of keys packets in this message.

func (*PGPMessage) HexEncryptionKeyIDs 

func (msg *PGPMessage) HexEncryptionKeyIDs() ([]string, bool)

HexEncryptionKeyIDs returns the key IDs of the keys to which the session key is encrypted. Not supported on go-mobile clients use msg.HexEncryptionKeyIDsJson() instead.

func (*PGPMessage) HexEncryptionKeyIDsJson 

func (msg *PGPMessage) HexEncryptionKeyIDsJson() []byte

HexEncryptionKeyIDsJson returns the key IDs of the keys to which the session key is encrypted as a JSON array. If an error occurs it returns nil. Helper function for go-mobile clients.

func (*PGPMessage) HexSignatureKeyIDs 

func (msg *PGPMessage) HexSignatureKeyIDs() ([]string, bool)

HexSignatureKeyIDs returns the key IDs of the keys to which the session key is encrypted. Not supported on go-mobile clients use msg.HexSignatureKeyIDsJson() instead.

func (*PGPMessage) HexSignatureKeyIDsJson 

func (msg *PGPMessage) HexSignatureKeyIDsJson() []byte

HexSignatureKeyIDsJson returns the key IDs of the keys to which the session key is encrypted as a JSON array. If an error occurs it returns nil. Helper function for go-mobile clients.

func (*PGPMessage) NewReader 

func (msg *PGPMessage) NewReader() io.Reader

NewReader returns a New io.Reader for the unarmored binary data of the message. Not supported on go-mobile clients.

func (*PGPMessage) PlainDetachedSignature 

func (msg *PGPMessage) PlainDetachedSignature() ([]byte, error)

PlainDetachedSignature returns the plaintext detached signature of this message. If no plaintext detached signature is present in this message, it returns an error.

func (*PGPMessage) PlainDetachedSignatureArmor 

func (msg *PGPMessage) PlainDetachedSignatureArmor() ([]byte, error)

PlainDetachedSignatureArmor returns the armored plaintext detached signature of this message. If no plaintext detached signature is present or armoring fails it returns an error.

func (*PGPMessage) SignatureKeyIDs 

func (msg *PGPMessage) SignatureKeyIDs() ([]uint64, bool)

SignatureKeyIDs returns the key IDs of the keys to which the (readable) signature packets are encrypted to. Not supported on go-mobile clients use msg.HexSignatureKeyIDsJson() instead.

type PGPMessageBuffer 

type PGPMessageBuffer struct {
	// contains filtered or unexported fields
}

func NewPGPMessageBuffer 

func NewPGPMessageBuffer() *PGPMessageBuffer

NewPGPMessageBuffer creates a message buffer.

func (*PGPMessageBuffer) Keys 

func (mb *PGPMessageBuffer) Keys() Writer

func (*PGPMessageBuffer) PGPMessage 

func (mb *PGPMessageBuffer) PGPMessage() *PGPMessage

PGPMessage returns the PGPMessage extracted from the internal buffers.

func (*PGPMessageBuffer) PGPMessageWithOptions 

func (mb *PGPMessageBuffer) PGPMessageWithOptions(isPlain, omitArmorChecksum bool) *PGPMessage

PGPMessageWithOptions returns the PGPMessage extracted from the internal buffers. The isPlain flag indicates wether the detached signature is encrypted or plaintext, if any.

func (*PGPMessageBuffer) Signature 

func (mb *PGPMessageBuffer) Signature() Writer

func (*PGPMessageBuffer) Write 

func (mb *PGPMessageBuffer) Write(b []byte) (n int, err error)

type PGPSign 

type PGPSign interface {
	// SigningWriter returns a wrapper around underlying output Writer,
	// such that any write-operation via the wrapper results in a write to a detached or inline signature message.
	// The encoding argument defines the output encoding, i.e., Bytes or Armored
	// Once close is called on the returned WriteCloser the final signature is written to the output.
	// Thus, the returned WriteCloser must be closed after the plaintext has been written.
	SigningWriter(output Writer, encoding int8) (WriteCloser, error)
	// Sign creates a detached or inline signature from the provided byte slice.
	// The encoding argument defines the output encoding, i.e., Bytes or Armored
	Sign(message []byte, encoding int8) ([]byte, error)
	// SignCleartext produces an armored cleartext message according to the specification.
	// Returns an armored message even if the PGPSign is not configured for armored output.
	SignCleartext(message []byte) ([]byte, error)
	// ClearPrivateParams clears all secret key material contained in the PGPSign from memory,
	ClearPrivateParams()
}

PGPSign is an interface for creating signature messages with GopenPGP.

type PGPSplitReader 

type PGPSplitReader interface {
	Reader
	Signature() Reader
}

type PGPSplitWriter 

type PGPSplitWriter interface {
	Writer
	// Keys returns the Writer to which the key packets are written to.
	Keys() Writer
	// Signature returns the Writer to which an encrypted detached signature is written to.
	Signature() Writer
}

PGPSplitWriter is an interface to write different parts of a PGP message (i.e., packets) to different streams.

func NewPGPSplitWriter 

func NewPGPSplitWriter(keyPackets Writer, encPackets Writer, encSigPacket Writer) PGPSplitWriter

NewPGPSplitWriter creates a type that implements the PGPSplitWriter interface for encrypting a plaintext where the output PGP packets should be written to the different streams provided. Key packets are written to keyPackets whereas the encrypted data packets are written to encPackets. The encrypted detached signature data is written to encSigPacket.

func NewPGPSplitWriterDetachedSignature 

func NewPGPSplitWriterDetachedSignature(encMessage Writer, encSigMessage Writer) PGPSplitWriter

NewPGPSplitWriterDetachedSignature creates a type that implements the PGPSplitWriter interface for encrypting a plaintext where the output PGP messages should be written to the different streams provided. The encrypted data message is written to encMessage whereas the encrypted detached signature is written to encSigMessage.

func NewPGPSplitWriterFromWriter 

func NewPGPSplitWriterFromWriter(writer Writer) PGPSplitWriter

NewPGPSplitWriterFromWriter creates a type that implements the PGPSplitWriter interface for encrypting a plaintext where the output PGP messages to the provided Writer.

func NewPGPSplitWriterKeyAndData 

func NewPGPSplitWriterKeyAndData(keyPackets Writer, encPackets Writer) PGPSplitWriter

NewPGPSplitWriterKeyAndData creates a type that implements the PGPSplitWriter interface for encrypting a plaintext where the output PGP packets should be written to the different streams provided. Key packets are written to keyPackets whereas the encrypted data packets are written to encPackets.

type PGPVerify 

type PGPVerify interface {
	// VerifyingReader wraps a reader with a signature verify reader.
	// Once all data is read from the returned verify reader, the signature can be verified
	// with (VerifyDataReader).VerifySignature().
	// Note that an error is only returned if it is not a signature error.
	// The encoding indicates if the input signature message should be unarmored or not,
	// i.e., Bytes/Armor/Auto where Auto tries to detect it automatically.
	// If detachedData is nil, signatureMessage is treated as an inline signature message.
	// Thus, it is expected that signatureMessage contains the data to be verified.
	// If detachedData is not nil, signatureMessage must contain a detached signature,
	// which is verified against the detachedData.
	VerifyingReader(detachedData, signatureMessage Reader, encoding int8) (*VerifyDataReader, error)
	// VerifyDetached verifies a detached signature pgp message
	// and returns a VerifyResult. The VerifyResult can be checked for failure
	// and allows access to information about the signatures.
	// Note that an error is only returned if it is not a signature error.
	// The encoding indicates if the input signature message should be unarmored or not,
	// i.e., Bytes/Armor/Auto where Auto tries to detect it automatically.
	VerifyDetached(data []byte, signature []byte, encoding int8) (*VerifyResult, error)
	// VerifyInline verifies an inline signed pgp message
	// and returns a VerifiedDataResult. The VerifiedDataResult can be checked for failure,
	// allows access to information about the signatures, and includes the plain message.
	// Note that an error is only returned if it is not a signature error.
	// The encoding indicates if the input message should be unarmored or not, i.e., Bytes/Armor/Auto
	// where Auto tries to detect it automatically.
	VerifyInline(message []byte, encoding int8) (*VerifiedDataResult, error)
	// VerifyCleartext verifies an armored cleartext message
	// and returns a VerifyCleartextResult. The VerifyCleartextResult can be checked for failure
	// and allows access the contained message
	// Note that an error is only returned if it is not a signature error.
	VerifyCleartext(cleartext []byte) (*VerifyCleartextResult, error)
}

PGPVerify is an interface for verifying detached signatures with GopenPGP.

type Reader 

type Reader interface {
	Read(b []byte) (n int, err error)
}

type SessionKey 

type SessionKey struct {
	// Key defines the decrypted binary session key.
	Key []byte
	// Algo defines the symmetric encryption algorithm used with this key.
	// Only present if the key was not parsed from a v6 packet.
	Algo string
	// contains filtered or unexported fields
}

SessionKey stores a decrypted session key.

func GenerateSessionKeyAlgo 

func GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error)

GenerateSessionKeyAlgo generates a random key of the correct length for the specified algorithm.

func NewSessionKeyFromToken 

func NewSessionKeyFromToken(token []byte, algo string) *SessionKey

NewSessionKeyFromToken creates a SessionKey struct with the given token and algorithm. Clones the token for compatibility with go-mobile.

func (*SessionKey) Clear 

func (sk *SessionKey) Clear() (ok bool)

Clear zeroes the sensitive data in the session key.

func (*SessionKey) GetBase64Key 

func (sk *SessionKey) GetBase64Key() string

GetBase64Key returns the session key as base64 encoded string.

func (*SessionKey) GetCipherFunc 

func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error)

GetCipherFunc returns the cipher function corresponding to the algorithm used with this SessionKey. Not supported in go-mobile clients use sk.GetCipherFuncInt instead.

func (*SessionKey) GetCipherFuncInt 

func (sk *SessionKey) GetCipherFuncInt() (int8, error)

GetCipherFuncInt returns the cipher function as int8 corresponding to the algorithm used with this SessionKey. The int8 type is used for go-mobile clients, see constant.Cipher...

type SignHandleBuilder 

type SignHandleBuilder struct {
	// contains filtered or unexported fields
}

SignHandleBuilder allows to configure a sign handle to sign data with OpenPGP.

func (*SignHandleBuilder) ArmorHeader 

func (shb *SignHandleBuilder) ArmorHeader(version, comment string) *SignHandleBuilder

ArmorHeader indicates that the produced signature should be armored with the given version and comment as header. Note that this option only affects the method SignHandle.SigningWriter and the headers in SignHandle.SignCleartext.

func (*SignHandleBuilder) Detached 

func (shb *SignHandleBuilder) Detached() *SignHandleBuilder

Detached indicates if a detached signature should be produced. The sign output will be a detached signature message without the data included.

func (*SignHandleBuilder) Error 

func (shb *SignHandleBuilder) Error() error

Error returns any errors that occurred within the builder.

func (*SignHandleBuilder) New 

func (shb *SignHandleBuilder) New() (PGPSign, error)

New creates a SignHandle and checks that the given combination of parameters is valid. If the parameters are invalid an error is returned.

func (*SignHandleBuilder) SignTime 

func (shb *SignHandleBuilder) SignTime(unixTime int64) *SignHandleBuilder

SignTime sets the internal clock to always return the supplied unix time for signing instead of the device time.

func (*SignHandleBuilder) SigningContext 

func (shb *SignHandleBuilder) SigningContext(signingContext *SigningContext) *SignHandleBuilder

SigningContext provides a signing context for the signature in the message. Triggers that each signature includes the sining context.

func (*SignHandleBuilder) SigningKey 

func (shb *SignHandleBuilder) SigningKey(key *Key) *SignHandleBuilder

SigningKey sets the signing key that is used to create signature of the message.

func (*SignHandleBuilder) SigningKeys 

func (shb *SignHandleBuilder) SigningKeys(signingKeys *KeyRing) *SignHandleBuilder

SigningKeys sets the signing keys that are used to create signature of the message.

func (*SignHandleBuilder) Utf8 

func (shb *SignHandleBuilder) Utf8() *SignHandleBuilder

Utf8 indicates if the plaintext should be signed with a text type signature. If set, the plaintext is signed after canonicalising the line endings.

type SignProfile 

type SignProfile interface {
	SignConfig() *packet.Config
}

type SignatureVerificationError 

type SignatureVerificationError struct {
	Status  int
	Message string
	Cause   error
}

SignatureVerificationError is returned from Decrypt and VerifyDetached functions when signature verification fails.

func (SignatureVerificationError) Error 

func (e SignatureVerificationError) Error() string

Error is the base method for all errors.

func (SignatureVerificationError) Unwrap 

func (e SignatureVerificationError) Unwrap() error

Unwrap returns the cause of failure.

type SigningContext 

type SigningContext struct {
	Value      string
	IsCritical bool
}

SigningContext gives the context that will be included in the signature's notation data.

func NewSigningContext 

func NewSigningContext(value string, isCritical bool) *SigningContext

NewSigningContext creates a new signing context. The value is set to the notation data. isCritical controls whether the notation is flagged as a critical packet.

type VerificationContext 

type VerificationContext struct {
	Value         string
	IsRequired    bool
	RequiredAfter int64
}

VerificationContext gives the context that will be used to verify the signature.

func NewVerificationContext 

func NewVerificationContext(value string, isRequired bool, requiredAfter int64) *VerificationContext

NewVerificationContext creates a new verification context. The value is checked against the signature's notation data. If isRequired is false, the signature is allowed to have no context set. If requiredAfter is != 0, the signature is allowed to have no context set if it was created before the unix time set in requiredAfter.

type VerifiedDataResult 

type VerifiedDataResult struct {
	VerifyResult
	// contains filtered or unexported fields
}

VerifiedDataResult is a result that contains data and the result of a potential signature verification on the data.

func (*VerifiedDataResult) Bytes 

func (r *VerifiedDataResult) Bytes() []byte

Bytes returns the result data as bytes.

func (*VerifiedDataResult) Metadata 

func (r *VerifiedDataResult) Metadata() *LiteralMetadata

Metadata returns the associated literal metadata of the data.

func (*VerifiedDataResult) SessionKey 

func (r *VerifiedDataResult) SessionKey() *SessionKey

SessionKey returns the session key the data is decrypted with. Returns nil, if the data was not encrypted or session key caching was not enabled.

func (*VerifiedDataResult) String 

func (r *VerifiedDataResult) String() string

String returns the result data as string.

type VerifiedSignature 

type VerifiedSignature struct {
	Signature      *packet.Signature
	SignedBy       *Key
	SignatureError *SignatureVerificationError
}

VerifiedSignature is a result of a signature verification.

type VerifyCleartextResult 

type VerifyCleartextResult struct {
	VerifyResult
	// contains filtered or unexported fields
}

VerifyCleartextResult is a result of a cleartext message verification.

func (*VerifyCleartextResult) Cleartext 

func (vc *VerifyCleartextResult) Cleartext() []byte

Cleartext returns the parsed plain text of the result.

type VerifyDataReader 

type VerifyDataReader struct {
	// contains filtered or unexported fields
}

VerifyDataReader is used for reading data that should be verified with a signature. It further contains additional information about the parsed pgp message where the read data stems from.

func (*VerifyDataReader) DiscardAll 

func (msg *VerifyDataReader) DiscardAll() (err error)

DiscardAll reads all data from the reader and discards it.

func (*VerifyDataReader) DiscardAllAndVerifySignature 

func (msg *VerifyDataReader) DiscardAllAndVerifySignature() (vr *VerifyResult, err error)

DiscardAllAndVerifySignature reads all plaintext data from the reader but discards it. Returns a verification result for signature verification on the read data.

func (*VerifyDataReader) GetMetadata 

func (msg *VerifyDataReader) GetMetadata() *LiteralMetadata

GetMetadata returns the metadata of the literal data packet that this reader reads from. Can be nil, if the data is not read from a literal data packet.

func (*VerifyDataReader) Read 

func (msg *VerifyDataReader) Read(b []byte) (n int, err error)

Read is used read data from the pgp message. Makes VerifyDataReader implement the Reader interface.

func (*VerifyDataReader) ReadAll 

func (msg *VerifyDataReader) ReadAll() (plaintext []byte, err error)

ReadAll reads all plaintext data from the reader and returns it as a byte slice.

func (*VerifyDataReader) ReadAllAndVerifySignature 

func (msg *VerifyDataReader) ReadAllAndVerifySignature() (*VerifiedDataResult, error)

ReadAllAndVerifySignature reads all plaintext data from the reader and tries to verify the signatures included in the message. Returns the data in a VerifiedDataResult struct, which can be checked for signature errors.

func (*VerifyDataReader) SessionKey 

func (msg *VerifyDataReader) SessionKey() *SessionKey

SessionKey returns the session key the data is decrypted with. Returns nil, if this reader does not read from an encrypted message or session key caching was not enabled.

func (*VerifyDataReader) VerifySignature 

func (msg *VerifyDataReader) VerifySignature() (result *VerifyResult, err error)

VerifySignature is used to verify that the embedded signatures are valid. This method needs to be called once all the data has been read. It will return an error if the signature is invalid, no verifying keys are accessible, or if the message hasn't been read entirely.

type VerifyHandleBuilder 

type VerifyHandleBuilder struct {
	// contains filtered or unexported fields
}

VerifyHandleBuilder configures a VerifyHandle handle.

func (*VerifyHandleBuilder) DisableAutomaticTextSanitize 

func (vhb *VerifyHandleBuilder) DisableAutomaticTextSanitize() *VerifyHandleBuilder

DisableAutomaticTextSanitize indicates that automatic text sanitization should be disabled. If not disabled, the output will be sanitized if a text signature is present.

func (*VerifyHandleBuilder) DisableStrictMessageParsing 

func (vhb *VerifyHandleBuilder) DisableStrictMessageParsing() *VerifyHandleBuilder

DisableStrictMessageParsing disables the check that the inputs conform to the OpenPGP message grammar. If set, no error is thrown if the input message does not conform to the OpenPGP specification.

func (*VerifyHandleBuilder) DisableVerifyTimeCheck 

func (vhb *VerifyHandleBuilder) DisableVerifyTimeCheck() *VerifyHandleBuilder

DisableVerifyTimeCheck disables the check for comparing the signature expiration time against the verification time.

func (*VerifyHandleBuilder) Error 

func (vhb *VerifyHandleBuilder) Error() error

Error returns any errors that occurred within the builder.

func (*VerifyHandleBuilder) New 

func (vhb *VerifyHandleBuilder) New() (PGPVerify, error)

New creates a VerifyHandle and checks that the given combination of parameters is valid. If the parameters are invalid, an error is returned.

func (*VerifyHandleBuilder) Utf8 

func (vhb *VerifyHandleBuilder) Utf8() *VerifyHandleBuilder

Utf8 indicates if the output plaintext is Utf8 and should be sanitized from canonicalised line endings. If enabled for detached verification, it canonicalises the input before verification independent of the signature type.

func (*VerifyHandleBuilder) VerificationContext 

func (vhb *VerifyHandleBuilder) VerificationContext(verifyContext *VerificationContext) *VerifyHandleBuilder

VerificationContext sets a verification context for signatures of the pgp message, if any. Only considered if VerifyKeys are set.

func (*VerifyHandleBuilder) VerificationKey 

func (vhb *VerifyHandleBuilder) VerificationKey(key *Key) *VerifyHandleBuilder

VerificationKey sets the public key for verifying the signatures.

func (*VerifyHandleBuilder) VerificationKeys 

func (vhb *VerifyHandleBuilder) VerificationKeys(keys *KeyRing) *VerifyHandleBuilder

VerificationKeys sets the public keys for verifying the signatures.

func (*VerifyHandleBuilder) VerifyTime 

func (vhb *VerifyHandleBuilder) VerifyTime(unixTime int64) *VerifyHandleBuilder

VerifyTime sets the verification time to the provided timestamp. If not set, the systems current time is used for signature verification.

type VerifyResult 

type VerifyResult struct {
	// All signatures found in the message.
	Signatures []*VerifiedSignature
	// contains filtered or unexported fields
}

VerifyResult is a result of a pgp message signature verification.

func (*VerifyResult) ConstrainToTimeRange 

func (vr *VerifyResult) ConstrainToTimeRange(unixFrom int64, unixTo int64)

ConstrainToTimeRange updates the signature result to only consider signatures with a creation time within the given time frame. unixFrom and unixTo are in unix time and are inclusive.

func (*VerifyResult) Signature 

func (vr *VerifyResult) Signature() ([]byte, error)

Signature returns the serialized openpgp signature packet of the selected signature.

func (*VerifyResult) SignatureCreationTime 

func (vr *VerifyResult) SignatureCreationTime() int64

SignatureCreationTime returns the creation time of the selected verified signature if found, else returns 0.

func (*VerifyResult) SignatureError 

func (vr *VerifyResult) SignatureError() error

SignatureError returns nil if no signature err occurred else the signature error.

func (*VerifyResult) SignatureErrorExplicit 

func (vr *VerifyResult) SignatureErrorExplicit() *SignatureVerificationError

SignatureErrorExplicit returns nil if no signature err occurred else the explicit signature error.

func (*VerifyResult) SignedByFingerprint 

func (vr *VerifyResult) SignedByFingerprint() []byte

SignedByFingerprint returns the key fingerprint of the key that was used to verify the selected signature, if found, else returns nil.

func (*VerifyResult) SignedByKey 

func (vr *VerifyResult) SignedByKey() *Key

SignedByKey returns the key that was used to verify the selected signature, if found, else returns nil.

func (*VerifyResult) SignedByKeyId 

func (vr *VerifyResult) SignedByKeyId() uint64

SignedByKeyId returns the key id of the key that was used to verify the selected signature, if found, else returns 0. Not supported in go-mobile use SignedByKeyIdString instead.

func (*VerifyResult) SignedByKeyIdHex 

func (vr *VerifyResult) SignedByKeyIdHex() string

SignedByKeyIdHex returns the key id of the key that was used to verify the selected signature as a hex encoded string. Helper for go-mobile.

func (*VerifyResult) SignedWithType 

func (vr *VerifyResult) SignedWithType() packet.SignatureType

SignedWithType returns the type of the signature if found, else returns 0. Not supported in go-mobile use SignedWithTypeInteger instead.

func (*VerifyResult) SignedWithTypeInt8 

func (vr *VerifyResult) SignedWithTypeInt8() int8

SignedWithTypeInt8 returns the type of the signature as int8 type if found, else returns 0. See constants.SigType... for the different types.

type WriteCloser 

type WriteCloser interface {
	Write(b []byte) (n int, err error)
	Close() (err error)
}

WriteCloser replicates the io.WriteCloser interface for go-mobile.

type Writer 

type Writer interface {
	Write(b []byte) (n int, err error)
}

Writer replicates the io.Writer interface for go-mobile.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.