gpg

package
v2.14.0-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: Apache-2.0 Imports: 13 Imported by: 9

Documentation

Index

Constants

View Source
const (
	VerifyResultGood    = "Good"
	VerifyResultBad     = "Bad"
	VerifyResultInvalid = "Invalid"
	VerifyResultUnknown = "Unknown"
)

Signature verification results

View Source
const (
	TrustUnknown  = "unknown"
	TrustNone     = "never"
	TrustMarginal = "marginal"
	TrustFull     = "full"
	TrustUltimate = "ultimate"
)

Key trust values

View Source
const MaxVerificationLinesToParse = 40

Maximum number of lines to parse for a gpg verify-commit output

Variables

This section is empty.

Functions

func DeletePGPKey

func DeletePGPKey(keyID string) error

DeletePGPKey deletes a key from our GnuPG key ring

func GetInstalledPGPKeys

func GetInstalledPGPKeys(kids []string) ([]*appsv1.GnuPGPublicKey, error)

GetInstalledPGPKeys() runs gpg to retrieve public keys from our keyring. If kids is non-empty, limit result to those key IDs

func ImportPGPKeys

func ImportPGPKeys(keyFile string) ([]*appsv1.GnuPGPublicKey, error)

ImportPGPKeys imports one or more keys from a file into the local keyring and optionally signs them with the transient private key for leveraging the trust DB.

func ImportPGPKeysFromString

func ImportPGPKeysFromString(keyData string) ([]*appsv1.GnuPGPublicKey, error)

func InitializeGnuPG

func InitializeGnuPG() error

InitializeGnuPG will initialize a GnuPG working directory and also create a transient private key so that the trust DB will work correctly.

func IsGPGEnabled

func IsGPGEnabled() bool

IsGPGEnabled returns true if GPG feature is enabled

func IsLongKeyID

func IsLongKeyID(k string) bool

IsLongKeyID returns true if the string represents a long key ID (aka fingerprint)

func IsSecretKey

func IsSecretKey(keyID string) (bool, error)

IsSecretKey returns true if the keyID also has a private key in the keyring

func IsShortKeyID

func IsShortKeyID(k string) bool

IsShortKeyID returns true if the string represents a short key ID

func KeyID

func KeyID(k string) string

KeyID get the actual correct (short) key ID from either a fingerprint or the key ID. Returns the empty string if k seems not to be a PGP key ID.

func SetPGPTrustLevel

func SetPGPTrustLevel(pgpKeys []*appsv1.GnuPGPublicKey, trustLevel string) error

SetPGPTrustLevel sets the given trust level on specified keys

func SetPGPTrustLevelById

func SetPGPTrustLevelById(kids []string, trustLevel string) error

SetPGPTrustLevelById sets the given trust level on keys with specified key IDs

func SyncKeyRingFromDirectory

func SyncKeyRingFromDirectory(basePath string) ([]string, []string, error)

SyncKeyRingFromDirectory will sync the GPG keyring with files in a directory. This is a one-way sync, with the configuration being the leading information. Files must have a file name matching their Key ID. Keys that are found in the directory but are not in the keyring will be installed to the keyring, files that exist in the keyring but do not exist in the directory will be deleted.

func ValidatePGPKeys

func ValidatePGPKeys(keyFile string) (map[string]*appsv1.GnuPGPublicKey, error)

ValidatePGPKeys validates whether the keys in keyFile are valid PGP keys and can be imported It does so by importing them into a temporary keyring. The returned keys are complete, that is, they contain all relevant information

func ValidatePGPKeysFromString

func ValidatePGPKeysFromString(keyData string) (map[string]*appsv1.GnuPGPublicKey, error)

Types

type PGPKeyID

type PGPKeyID string

type PGPVerifyResult

type PGPVerifyResult struct {
	// Date the signature was made
	Date string
	// KeyID the signature was made with
	KeyID string
	// Identity
	Identity string
	// Trust level of the key
	Trust string
	// Cipher of the key the signature was made with
	Cipher string
	// Result of verification - "unknown", "good" or "bad"
	Result string
	// Additional informational message
	Message string
}

Result of a git commit verification

func ParseGitCommitVerification

func ParseGitCommitVerification(signature string) PGPVerifyResult

ParseGitCommitVerification parses the output of "git verify-commit" and returns the result

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL