crypto

package
v2.0.0-...-34b898d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2022 License: MIT Imports: 36 Imported by: 0

Documentation

Overview

Package crypto provides a high-level API for common OpenPGP functionality.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncryptSessionKeyWithPassword

func EncryptSessionKeyWithPassword(sk *SessionKey, password []byte) ([]byte, error)

EncryptSessionKeyWithPassword encrypts the session key with the password and returns a binary symmetrically encrypted session key packet.

func GetTime

func GetTime() time.Time

GetTime gets latest cached time.

func GetUnixTime

func GetUnixTime() int64

GetUnixTime gets latest cached time.

func IsPGPMessage

func IsPGPMessage(data string) bool

IsPGPMessage checks if data if has armored PGP message format.

func RandomToken

func RandomToken(size int) ([]byte, error)

RandomToken generates a random token with the specified key size.

func SetKeyGenerationOffset

func SetKeyGenerationOffset(offset int64)

SetKeyGenerationOffset updates the offset when generating keys.

func UpdateTime

func UpdateTime(newTime int64)

UpdateTime updates cached time.

Types

type AttachmentProcessor

type AttachmentProcessor struct {
	// contains filtered or unexported fields
}

AttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files).

func (*AttachmentProcessor) Finish

func (ap *AttachmentProcessor) Finish() (*PGPSplitMessage, error)

Finish closes the attachment and returns the encrypted data.

func (*AttachmentProcessor) Process

func (ap *AttachmentProcessor) Process(plainData []byte)

Process writes attachment data to be encrypted.

type ClearTextMessage

type ClearTextMessage struct {
	Data      []byte
	Signature []byte
}

A ClearTextMessage is a signed but not encrypted PGP message, i.e. the ones beginning with -----BEGIN PGP SIGNED MESSAGE-----.

func NewClearTextMessage

func NewClearTextMessage(data []byte, signature []byte) *ClearTextMessage

NewClearTextMessage generates a new ClearTextMessage from data and signature.

func NewClearTextMessageFromArmored

func NewClearTextMessageFromArmored(signedMessage string) (*ClearTextMessage, error)

NewClearTextMessageFromArmored returns the message body and unarmored signature from a clearsigned message.

func (*ClearTextMessage) GetArmored

func (msg *ClearTextMessage) GetArmored() (string, error)

GetArmored armors plaintext and signature with the PGP SIGNED MESSAGE armoring.

func (*ClearTextMessage) GetBinary

func (msg *ClearTextMessage) GetBinary() []byte

GetBinary returns the unarmored signed data as a []byte.

func (*ClearTextMessage) GetBinarySignature

func (msg *ClearTextMessage) GetBinarySignature() []byte

GetBinarySignature returns the unarmored binary signature as a []byte.

func (*ClearTextMessage) GetString

func (msg *ClearTextMessage) GetString() string

GetString returns the unarmored signed data as a string.

type EncryptSplitResult

type EncryptSplitResult struct {
	// contains filtered or unexported fields
}

EncryptSplitResult is used to wrap the encryption writecloser while storing the key packet.

func (*EncryptSplitResult) Close

func (res *EncryptSplitResult) Close() (err error)

func (*EncryptSplitResult) GetKeyPacket

func (res *EncryptSplitResult) GetKeyPacket() (keyPacket []byte, err error)

GetKeyPacket returns the Public-Key Encrypted Session Key Packets (https://datatracker.ietf.org/doc/html/rfc4880#section-5.1). This can be retrieved only after the message has been fully written and the writer is closed.

func (*EncryptSplitResult) Write

func (res *EncryptSplitResult) Write(b []byte) (n int, err error)

type GopenPGP

type GopenPGP struct {
	// contains filtered or unexported fields
}

GopenPGP is used as a "namespace" for many of the functions in this package. It is a struct that keeps track of time skew between server and client.

type Identity

type Identity struct {
	Name  string
	Email string
}

Identity contains the name and the email of a key holder.

type Key

type Key struct {
	// contains filtered or unexported fields
}

Key contains a single private or public key.

func GenerateKey

func GenerateKey(name, email string, keyType string, bits int) (*Key, error)

GenerateKey generates a key of the given keyType ("rsa" or "x25519"). If keyType is "rsa", bits is the RSA bitsize of the key. If keyType is "x25519" bits is unused.

func GenerateRSAKeyWithPrimes

func GenerateRSAKeyWithPrimes(
	name, email string,
	bits int,
	primeone, primetwo, primethree, primefour []byte,
) (*Key, error)

GenerateRSAKeyWithPrimes generates a RSA key using the given primes.

func NewKey

func NewKey(binKeys []byte) (key *Key, err error)

NewKey creates a new key from the first key in the unarmored binary data.

func NewKeyFromArmored

func NewKeyFromArmored(armored string) (key *Key, err error)

NewKeyFromArmored creates a new key from the first key in an armored string.

func NewKeyFromArmoredReader

func NewKeyFromArmoredReader(r io.Reader) (key *Key, err error)

NewKeyFromArmoredReader reads an armored data into a key.

func NewKeyFromEntity

func NewKeyFromEntity(entity *openpgp.Entity) (*Key, error)

func NewKeyFromReader

func NewKeyFromReader(r io.Reader) (key *Key, err error)

NewKeyFromReader reads binary data into a Key object.

func (*Key) Armor

func (key *Key) Armor() (string, error)

Armor returns the armored key as a string with default gopenpgp headers.

func (*Key) ArmorWithCustomHeaders

func (key *Key) ArmorWithCustomHeaders(comment, version string) (string, error)

ArmorWithCustomHeaders returns the armored key as a string, with the given headers. Empty parameters are omitted from the headers.

func (*Key) CanEncrypt

func (key *Key) CanEncrypt() bool

CanEncrypt returns true if any of the subkeys can be used for encryption.

func (*Key) CanVerify

func (key *Key) CanVerify() bool

CanVerify returns true if any of the subkeys can be used for verification.

func (*Key) Check

func (key *Key) Check() (bool, error)

Check verifies if the public keys match the private key parameters by signing and verifying. Deprecated: all keys are now checked on parsing.

func (*Key) ClearPrivateParams

func (key *Key) ClearPrivateParams() (ok bool)

func (*Key) Copy

func (key *Key) Copy() (*Key, error)

Copy creates a deep copy of the key.

func (*Key) GetArmoredPublicKey

func (key *Key) GetArmoredPublicKey() (s string, err error)

GetArmoredPublicKey returns the armored public keys from this keyring.

func (*Key) GetArmoredPublicKeyWithCustomHeaders

func (key *Key) GetArmoredPublicKeyWithCustomHeaders(comment, version string) (string, error)

GetArmoredPublicKeyWithCustomHeaders returns the armored public key as a string, with the given headers. Empty parameters are omitted from the headers.

func (*Key) GetEntity

func (key *Key) GetEntity() *openpgp.Entity

GetEntity gets x/crypto Entity object.

func (*Key) GetFingerprint

func (key *Key) GetFingerprint() string

GetFingerprint gets the fingerprint from the key.

func (*Key) GetHexKeyID

func (key *Key) GetHexKeyID() string

GetHexKeyID returns the key ID, hex encoded as a string.

func (*Key) GetKeyID

func (key *Key) GetKeyID() uint64

GetKeyID returns the key ID, encoded as 8-byte int.

func (*Key) GetPublicKey

func (key *Key) GetPublicKey() (b []byte, err error)

GetPublicKey returns the unarmored public keys from this keyring.

func (*Key) GetSHA256Fingerprints

func (key *Key) GetSHA256Fingerprints() (fingerprints []string)

GetSHA256Fingerprints computes the SHA256 fingerprints of the key and subkeys.

func (*Key) IsExpired

func (key *Key) IsExpired() bool

IsExpired checks whether the key is expired.

func (*Key) IsLocked

func (key *Key) IsLocked() (bool, error)

IsLocked checks if a private key is locked.

func (*Key) IsPrivate

func (key *Key) IsPrivate() bool

IsPrivate returns true if the key is private.

func (*Key) IsRevoked

func (key *Key) IsRevoked() bool

IsRevoked checks whether the key or the primary identity has a valid revocation signature.

func (*Key) IsUnlocked

func (key *Key) IsUnlocked() (bool, error)

IsUnlocked checks if a private key is unlocked.

func (*Key) Lock

func (key *Key) Lock(passphrase []byte) (*Key, error)

Lock locks a copy of the key.

func (*Key) PrintFingerprints

func (key *Key) PrintFingerprints()

PrintFingerprints is a debug helper function that prints the key and subkey fingerprints.

Example
keyringKey, _ := NewKeyFromArmored(readTestFile("keyring_publicKey", false))
keyringKey.PrintFingerprints()
Output:

SubKey:37e4bcf09b36e34012d10c0247dc67b5cb8267f6
PrimaryKey:6e8ba229b0cccaf6962f97953eb6259edf21df24

func (*Key) Serialize

func (key *Key) Serialize() ([]byte, error)

func (*Key) ToPublic

func (key *Key) ToPublic() (publicKey *Key, err error)

ToPublic returns the corresponding public key of the given private key.

func (*Key) Unlock

func (key *Key) Unlock(passphrase []byte) (*Key, error)

Unlock unlocks a copy of the key.

type KeyRing

type KeyRing struct {

	// FirstKeyID as obtained from API to match salt
	FirstKeyID string
	// contains filtered or unexported fields
}

KeyRing contains multiple private and public keys.

func FilterExpiredKeys

func FilterExpiredKeys(contactKeys []*KeyRing) (filteredKeys []*KeyRing, err error)

FilterExpiredKeys takes a given KeyRing list and it returns only those KeyRings which contain at least, one unexpired Key. It returns only unexpired parts of these KeyRings.

func NewKeyRing

func NewKeyRing(key *Key) (*KeyRing, error)

NewKeyRing creates a new KeyRing, empty if key is nil.

func (*KeyRing) AddKey

func (keyRing *KeyRing) AddKey(key *Key) error

AddKey adds the given key to the keyring.

func (*KeyRing) CanEncrypt

func (keyRing *KeyRing) CanEncrypt() bool

CanEncrypt returns true if any of the keys in the keyring can be used for encryption.

func (*KeyRing) CanVerify

func (keyRing *KeyRing) CanVerify() bool

CanVerify returns true if any of the keys in the keyring can be used for verification.

func (*KeyRing) ClearPrivateParams

func (keyRing *KeyRing) ClearPrivateParams()

func (*KeyRing) Copy

func (keyRing *KeyRing) Copy() (*KeyRing, error)

Copy creates a deep copy of the keyring.

func (*KeyRing) CountDecryptionEntities

func (keyRing *KeyRing) CountDecryptionEntities() int

CountDecryptionEntities returns the number of entities in the keyring.

func (*KeyRing) CountEntities

func (keyRing *KeyRing) CountEntities() int

CountEntities returns the number of entities in the keyring.

func (*KeyRing) Decrypt

func (keyRing *KeyRing) Decrypt(
	message *PGPMessage, verifyKey *KeyRing, verifyTime int64,
) (*PlainMessage, error)

Decrypt decrypts encrypted string using pgp keys, returning a PlainMessage * message : The encrypted input as a PGPMessage * verifyKey : Public key for signature verification (optional) * verifyTime : Time at verification (necessary only if verifyKey is not nil)

When verifyKey is not provided, then verifyTime should be zero, and signature verification will be ignored.

func (*KeyRing) DecryptAttachment

func (keyRing *KeyRing) DecryptAttachment(message *PGPSplitMessage) (*PlainMessage, error)

DecryptAttachment takes a PGPSplitMessage, containing a session key packet and symmetrically encrypted data and returns a decrypted PlainMessage Specifically designed for attachments rather than text messages.

func (*KeyRing) DecryptMIMEMessage

func (keyRing *KeyRing) DecryptMIMEMessage(
	message *PGPMessage, verifyKey *KeyRing, callbacks MIMECallbacks, verifyTime int64,
)

DecryptMIMEMessage decrypts a MIME message.

func (*KeyRing) DecryptSessionKey

func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)

DecryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.

func (*KeyRing) DecryptSplitStream

func (keyRing *KeyRing) DecryptSplitStream(
	keypacket []byte,
	dataPacketReader Reader,
	verifyKeyRing *KeyRing, verifyTime int64,
) (plainMessage *PlainMessageReader, err error)

DecryptSplitStream is used to decrypt a split pgp message as a Reader. It takes a key packet and a reader for the data packet and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.

func (*KeyRing) DecryptStream

func (keyRing *KeyRing) DecryptStream(
	message Reader,
	verifyKeyRing *KeyRing,
	verifyTime int64,
) (plainMessage *PlainMessageReader, err error)

DecryptStream is used to decrypt a pgp message as a Reader. It takes a reader for the message data and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.

func (*KeyRing) Encrypt

func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)

Encrypt encrypts a PlainMessage, outputs a PGPMessage. If an unlocked private key is also provided it will also sign the message. * message : The plaintext input as a PlainMessage. * privateKey : (optional) an unlocked private keyring to include signature in the message.

func (*KeyRing) EncryptAttachment

func (keyRing *KeyRing) EncryptAttachment(message *PlainMessage, filename string) (*PGPSplitMessage, error)

EncryptAttachment encrypts a file given a PlainMessage and a filename. If given a filename it will override the information in the PlainMessage object. Returns a PGPSplitMessage containing a session key packet and symmetrically encrypted data. Specifically designed for attachments rather than text messages.

func (*KeyRing) EncryptSessionKey

func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error)

EncryptSessionKey encrypts the session key with the unarmored publicKey and returns a binary public-key encrypted session key packet.

func (*KeyRing) EncryptSplitStream

func (keyRing *KeyRing) EncryptSplitStream(
	dataPacketWriter Writer,
	plainMessageMetadata *PlainMessageMetadata,
	signKeyRing *KeyRing,
) (*EncryptSplitResult, error)

EncryptSplitStream is used to encrypt data as a stream. It takes a writer for the Symmetrically Encrypted Data Packet (https://datatracker.ietf.org/doc/html/rfc4880#section-5.7) and returns a writer for the plaintext data and the key packet. If signKeyRing is not nil, it is used to do an embedded signature.

func (*KeyRing) EncryptStream

func (keyRing *KeyRing) EncryptStream(
	pgpMessageWriter Writer,
	plainMessageMetadata *PlainMessageMetadata,
	signKeyRing *KeyRing,
) (plainMessageWriter WriteCloser, err error)

EncryptStream is used to encrypt data as a Writer. It takes a writer for the encrypted data and returns a WriteCloser for the plaintext data If signKeyRing is not nil, it is used to do an embedded signature.

func (*KeyRing) EncryptWithCompression

func (keyRing *KeyRing) EncryptWithCompression(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)

EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage using public/private keys. * message : The plain data as a PlainMessage. * privateKey : (optional) an unlocked private keyring to include signature in the message. * output : The encrypted data as PGPMessage.

func (*KeyRing) FirstKey

func (keyRing *KeyRing) FirstKey() (*KeyRing, error)

FirstKey returns a KeyRing with only the first key of the original one.

func (*KeyRing) GetIdentities

func (keyRing *KeyRing) GetIdentities() []*Identity

GetIdentities returns the list of identities associated with this key ring.

func (*KeyRing) GetKey

func (keyRing *KeyRing) GetKey(n int) (*Key, error)

GetKey returns the n-th openpgp key contained in this KeyRing.

func (*KeyRing) GetKeyIDs

func (keyRing *KeyRing) GetKeyIDs() []uint64

GetKeyIDs returns array of IDs of keys in this KeyRing.

func (*KeyRing) GetKeys

func (keyRing *KeyRing) GetKeys() []*Key

GetKeys returns openpgp keys contained in this KeyRing.

func (*KeyRing) GetVerifiedSignatureTimestamp

func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, signature *PGPSignature, verifyTime int64) (int64, error)

GetVerifiedSignatureTimestamp verifies a PlainMessage with a detached PGPSignature returns the creation time of the signature if it succeeds and returns a SignatureVerificationError if fails.

func (*KeyRing) NewLowMemoryAttachmentProcessor

func (keyRing *KeyRing) NewLowMemoryAttachmentProcessor(
	estimatedSize int, filename string,
) (*AttachmentProcessor, error)

NewLowMemoryAttachmentProcessor creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and filename as hints about the file. It is optimized for low-memory environments and collects garbage every megabyte.

func (*KeyRing) NewManualAttachmentProcessor

func (keyRing *KeyRing) NewManualAttachmentProcessor(
	estimatedSize int, filename string, dataBuffer []byte,
) (*ManualAttachmentProcessor, error)

NewManualAttachmentProcessor creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and filename as hints about the file and a buffer to hold the DataPacket. It is optimized for low-memory environments and collects garbage every megabyte. The buffer for the data packet must be manually allocated by the caller. Make sure that the dataBuffer is large enough to hold the whole data packet otherwise Finish() will return an error.

func (*KeyRing) SignDetached

func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error)

SignDetached generates and returns a PGPSignature for a given PlainMessage.

func (*KeyRing) SignDetachedEncrypted

func (keyRing *KeyRing) SignDetachedEncrypted(message *PlainMessage, encryptionKeyRing *KeyRing) (encryptedSignature *PGPMessage, err error)

SignDetachedEncrypted generates and returns a PGPMessage containing an encrypted detached signature for a given PlainMessage.

func (*KeyRing) SignDetachedEncryptedStream

func (keyRing *KeyRing) SignDetachedEncryptedStream(
	message Reader,
	encryptionKeyRing *KeyRing,
) (encryptedSignature *PGPMessage, err error)

SignDetachedEncryptedStream generates and returns a PGPMessage containing an encrypted detached signature for a given message Reader.

func (*KeyRing) SignDetachedStream

func (keyRing *KeyRing) SignDetachedStream(message Reader) (*PGPSignature, error)

SignDetachedStream generates and returns a PGPSignature for a given message Reader.

func (*KeyRing) VerifyDetached

func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error

VerifyDetached verifies a PlainMessage with a detached PGPSignature and returns a SignatureVerificationError if fails.

func (*KeyRing) VerifyDetachedEncrypted

func (keyRing *KeyRing) VerifyDetachedEncrypted(message *PlainMessage, encryptedSignature *PGPMessage, decryptionKeyRing *KeyRing, verifyTime int64) error

VerifyDetachedEncrypted verifies a PlainMessage with a PGPMessage containing an encrypted detached signature and returns a SignatureVerificationError if fails.

func (*KeyRing) VerifyDetachedEncryptedStream

func (keyRing *KeyRing) VerifyDetachedEncryptedStream(
	message Reader,
	encryptedSignature *PGPMessage,
	decryptionKeyRing *KeyRing,
	verifyTime int64,
) error

VerifyDetachedEncryptedStream verifies a PlainMessage with a PGPMessage containing an encrypted detached signature and returns a SignatureVerificationError if fails.

func (*KeyRing) VerifyDetachedStream

func (keyRing *KeyRing) VerifyDetachedStream(
	message Reader,
	signature *PGPSignature,
	verifyTime int64,
) error

VerifyDetachedStream verifies a message reader with a detached PGPSignature and returns a SignatureVerificationError if fails.

type MIMECallbacks

type MIMECallbacks interface {
	OnBody(body string, mimetype string)
	OnAttachment(headers string, data []byte)
	// Encrypted headers can be in an attachment and thus be placed at the end of the mime structure.
	OnEncryptedHeaders(headers string)
	OnVerified(verified int)
	OnError(err error)
}

MIMECallbacks defines callback methods to process a MIME message.

type ManualAttachmentProcessor

type ManualAttachmentProcessor struct {
	// contains filtered or unexported fields
}

ManualAttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files). With this processor, the caller has to first allocate a buffer large enough to hold the whole data packet.

func (*ManualAttachmentProcessor) Finish

func (ap *ManualAttachmentProcessor) Finish() error

Finish tells the processor to finalize encryption.

func (*ManualAttachmentProcessor) GetDataLength

func (ap *ManualAttachmentProcessor) GetDataLength() int

GetDataLength returns the number of bytes in the DataPacket. This should be called only after Finish() has been called.

func (*ManualAttachmentProcessor) GetKeyPacket

func (ap *ManualAttachmentProcessor) GetKeyPacket() []byte

GetKeyPacket returns the key packet for the attachment. This should be called only after Finish() has been called.

func (*ManualAttachmentProcessor) Process

func (ap *ManualAttachmentProcessor) Process(plainData []byte) error

Process writes attachment data to be encrypted.

type PGPMessage

type PGPMessage struct {
	// The content of the message
	Data []byte
}

PGPMessage stores a PGP-encrypted message.

func EncryptMessageWithPassword

func EncryptMessageWithPassword(message *PlainMessage, password []byte) (*PGPMessage, error)

EncryptMessageWithPassword encrypts a PlainMessage to PGPMessage with a SymmetricKey. * message : The plain data as a PlainMessage. * password: A password that will be derived into an encryption key. * output : The encrypted data as PGPMessage.

func NewPGPMessage

func NewPGPMessage(data []byte) *PGPMessage

NewPGPMessage generates a new PGPMessage from the unarmored binary data.

func NewPGPMessageFromArmored

func NewPGPMessageFromArmored(armored string) (*PGPMessage, error)

NewPGPMessageFromArmored generates a new PGPMessage from an armored string ready for decryption.

func (*PGPMessage) GetArmored

func (msg *PGPMessage) GetArmored() (string, error)

GetArmored returns the armored message as a string.

func (*PGPMessage) GetArmoredWithCustomHeaders

func (msg *PGPMessage) GetArmoredWithCustomHeaders(comment, version string) (string, error)

GetArmoredWithCustomHeaders returns the armored message as a string, with the given headers. Empty parameters are omitted from the headers.

func (*PGPMessage) GetBinary

func (msg *PGPMessage) GetBinary() []byte

GetBinary returns the unarmored binary content of the message as a []byte.

func (*PGPMessage) GetEncryptionKeyIDs

func (msg *PGPMessage) GetEncryptionKeyIDs() ([]uint64, bool)

GetEncryptionKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPMessage) GetHexEncryptionKeyIDs

func (msg *PGPMessage) GetHexEncryptionKeyIDs() ([]string, bool)

GetHexEncryptionKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPMessage) GetHexSignatureKeyIDs

func (msg *PGPMessage) GetHexSignatureKeyIDs() ([]string, bool)

GetHexSignatureKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPMessage) GetSignatureKeyIDs

func (msg *PGPMessage) GetSignatureKeyIDs() ([]uint64, bool)

GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.

func (*PGPMessage) NewReader

func (msg *PGPMessage) NewReader() io.Reader

NewReader returns a New io.Reader for the unarmored binary data of the message.

func (*PGPMessage) SeparateKeyAndData

func (msg *PGPMessage) SeparateKeyAndData(_ int, _ int) (*PGPSplitMessage, error)

SeparateKeyAndData splits the message into key and data packet(s). Parameters are for backwards compatibility and are unused. Deprecated: use SplitMessage().

func (*PGPMessage) SplitMessage

func (msg *PGPMessage) SplitMessage() (*PGPSplitMessage, error)

SplitMessage splits the message into key and data packet(s). Parameters are for backwards compatibility and are unused.

type PGPSignature

type PGPSignature struct {
	// The content of the signature
	Data []byte
}

PGPSignature stores a PGP-encoded detached signature.

func NewPGPSignature

func NewPGPSignature(data []byte) *PGPSignature

NewPGPSignature generates a new PGPSignature from the unarmored binary data.

func NewPGPSignatureFromArmored

func NewPGPSignatureFromArmored(armored string) (*PGPSignature, error)

NewPGPSignatureFromArmored generates a new PGPSignature from the armored string ready for verification.

func (*PGPSignature) GetArmored

func (sig *PGPSignature) GetArmored() (string, error)

GetArmored returns the armored signature as a string.

func (*PGPSignature) GetBinary

func (sig *PGPSignature) GetBinary() []byte

GetBinary returns the unarmored binary content of the signature as a []byte.

func (*PGPSignature) GetHexSignatureKeyIDs

func (sig *PGPSignature) GetHexSignatureKeyIDs() ([]string, bool)

GetHexSignatureKeyIDs Returns the key IDs of the keys to which the session key is encrypted.

func (*PGPSignature) GetSignatureKeyIDs

func (sig *PGPSignature) GetSignatureKeyIDs() ([]uint64, bool)

GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.

type PGPSplitMessage

type PGPSplitMessage struct {
	DataPacket []byte
	KeyPacket  []byte
}

PGPSplitMessage contains a separate session key packet and symmetrically encrypted data packet.

func NewPGPSplitMessage

func NewPGPSplitMessage(keyPacket []byte, dataPacket []byte) *PGPSplitMessage

NewPGPSplitMessage generates a new PGPSplitMessage from the binary unarmored keypacket, datapacket, and encryption algorithm.

func NewPGPSplitMessageFromArmored

func NewPGPSplitMessageFromArmored(encrypted string) (*PGPSplitMessage, error)

NewPGPSplitMessageFromArmored generates a new PGPSplitMessage by splitting an armored message into its session key packet and symmetrically encrypted data packet.

func (*PGPSplitMessage) GetArmored

func (msg *PGPSplitMessage) GetArmored() (string, error)

GetArmored returns the armored message as a string, with joined data and key packets.

func (*PGPSplitMessage) GetBinary

func (msg *PGPSplitMessage) GetBinary() []byte

GetBinary returns the unarmored binary joined packets as a []byte.

func (*PGPSplitMessage) GetBinaryDataPacket

func (msg *PGPSplitMessage) GetBinaryDataPacket() []byte

GetBinaryDataPacket returns the unarmored binary datapacket as a []byte.

func (*PGPSplitMessage) GetBinaryKeyPacket

func (msg *PGPSplitMessage) GetBinaryKeyPacket() []byte

GetBinaryKeyPacket returns the unarmored binary keypacket as a []byte.

func (*PGPSplitMessage) GetPGPMessage

func (msg *PGPSplitMessage) GetPGPMessage() *PGPMessage

GetPGPMessage joins asymmetric session key packet with the symmetric data packet to obtain a PGP message.

type PlainMessage

type PlainMessage struct {
	// The content of the message
	Data []byte
	// If the content is text or binary
	TextType bool
	// The file's latest modification time
	Time uint32
	// The encrypted message's filename
	Filename string
}

PlainMessage stores a plain text / unencrypted message.

func DecryptMessageWithPassword

func DecryptMessageWithPassword(message *PGPMessage, password []byte) (*PlainMessage, error)

DecryptMessageWithPassword decrypts password protected pgp binary messages. * encrypted: The encrypted data as PGPMessage. * password: A password that will be derived into an encryption key. * output: The decrypted data as PlainMessage.

func NewPlainMessage

func NewPlainMessage(data []byte) *PlainMessage

NewPlainMessage generates a new binary PlainMessage ready for encryption, signature, or verification from the unencrypted binary data. This will encrypt the message with the binary flag and preserve the file as is.

func NewPlainMessageFromFile

func NewPlainMessageFromFile(data []byte, filename string, time uint32) *PlainMessage

NewPlainMessageFromFile generates a new binary PlainMessage ready for encryption, signature, or verification from the unencrypted binary data. This will encrypt the message with the binary flag and preserve the file as is. It assigns a filename and a modification time.

func NewPlainMessageFromString

func NewPlainMessageFromString(text string) *PlainMessage

NewPlainMessageFromString generates a new text PlainMessage, ready for encryption, signature, or verification from an unencrypted string. This will encrypt the message with the text flag, canonicalize the line endings (i.e. set all of them to \r\n) and strip the trailing spaces for each line. This allows seamless conversion to clear text signed messages (see RFC 4880 5.2.1 and 7.1).

func (*PlainMessage) GetBase64

func (msg *PlainMessage) GetBase64() string

GetBase64 returns the base-64 encoded binary content of the message as a string.

func (*PlainMessage) GetBinary

func (msg *PlainMessage) GetBinary() []byte

GetBinary returns the binary content of the message as a []byte.

func (*PlainMessage) GetFilename

func (msg *PlainMessage) GetFilename() string

GetFilename returns the file name of the message as a string.

func (*PlainMessage) GetString

func (msg *PlainMessage) GetString() string

GetString returns the content of the message as a string.

func (*PlainMessage) GetTime

func (msg *PlainMessage) GetTime() uint32

GetTime returns the modification time of a file (if provided in the ciphertext).

func (*PlainMessage) IsBinary

func (msg *PlainMessage) IsBinary() bool

IsBinary returns whether the message is a binary message.

func (*PlainMessage) IsText

func (msg *PlainMessage) IsText() bool

IsText returns whether the message is a text message.

func (*PlainMessage) NewReader

func (msg *PlainMessage) NewReader() io.Reader

NewReader returns a New io.Reader for the binary data of the message.

type PlainMessageMetadata

type PlainMessageMetadata struct {
	IsBinary bool
	Filename string
	ModTime  int64
}

func NewPlainMessageMetadata

func NewPlainMessageMetadata(isBinary bool, filename string, modTime int64) *PlainMessageMetadata

type PlainMessageReader

type PlainMessageReader struct {
	// contains filtered or unexported fields
}

PlainMessageReader is used to wrap the data of the decrypted plain message. It can be used to read the decrypted data and verify the embedded signature.

func (*PlainMessageReader) GetMetadata

func (msg *PlainMessageReader) GetMetadata() *PlainMessageMetadata

GetMetadata returns the metadata of the decrypted message.

func (*PlainMessageReader) Read

func (msg *PlainMessageReader) Read(b []byte) (n int, err error)

Read is used to access the message decrypted data. Makes PlainMessageReader implement the Reader interface.

func (*PlainMessageReader) VerifySignature

func (msg *PlainMessageReader) VerifySignature() (err error)

VerifySignature is used to verify that the signature is valid. This method needs to be called once all the data has been read. It will return an error if the signature is invalid or if the message hasn't been read entirely.

type Reader

type Reader interface {
	Read(b []byte) (n int, err error)
}

type SessionKey

type SessionKey struct {
	// The decrypted binary session key.
	Key []byte
	// The symmetric encryption algorithm used with this key.
	Algo string
}

SessionKey stores a decrypted session key.

func DecryptSessionKeyWithPassword

func DecryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, error)

DecryptSessionKeyWithPassword decrypts the binary symmetrically encrypted session key packet and returns the session key.

func GenerateSessionKey

func GenerateSessionKey() (*SessionKey, error)

GenerateSessionKey generates a random key for the default cipher.

func GenerateSessionKeyAlgo

func GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error)

GenerateSessionKeyAlgo generates a random key of the correct length for the specified algorithm.

func NewSessionKeyFromToken

func NewSessionKeyFromToken(token []byte, algo string) *SessionKey

func (*SessionKey) Clear

func (sk *SessionKey) Clear() (ok bool)

func (*SessionKey) Decrypt

func (sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error)

Decrypt decrypts pgp data packets using directly a session key. * encrypted: PGPMessage. * output: PlainMessage.

func (*SessionKey) DecryptAndVerify

func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64) (*PlainMessage, error)

DecryptAndVerify decrypts pgp data packets using directly a session key and verifies embedded signatures. * encrypted: PGPMessage. * verifyKeyRing: KeyRing with verification public keys * verifyTime: when should the signature be valid, as timestamp. If 0 time verification is disabled. * output: PlainMessage.

func (*SessionKey) DecryptStream

func (sk *SessionKey) DecryptStream(
	dataPacketReader Reader,
	verifyKeyRing *KeyRing,
	verifyTime int64,
) (plainMessage *PlainMessageReader, err error)

DecryptStream is used to decrypt a data packet as a Reader. It takes a reader for the data packet and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.

func (*SessionKey) Encrypt

func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error)

Encrypt encrypts a PlainMessage to PGPMessage with a SessionKey. * message : The plain data as a PlainMessage. * output : The encrypted data as PGPMessage.

func (*SessionKey) EncryptAndSign

func (sk *SessionKey) EncryptAndSign(message *PlainMessage, signKeyRing *KeyRing) ([]byte, error)

EncryptAndSign encrypts a PlainMessage to PGPMessage with a SessionKey and signs it with a Private key. * message : The plain data as a PlainMessage. * signKeyRing: The KeyRing to sign the message * output : The encrypted data as PGPMessage.

func (*SessionKey) EncryptStream

func (sk *SessionKey) EncryptStream(
	dataPacketWriter Writer,
	plainMessageMetadata *PlainMessageMetadata,
	signKeyRing *KeyRing,
) (plainMessageWriter WriteCloser, err error)

EncryptStream is used to encrypt data as a Writer. It takes a writer for the encrypted data packet and returns a writer for the plaintext data. If signKeyRing is not nil, it is used to do an embedded signature.

func (*SessionKey) EncryptWithCompression

func (sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error)

EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage with a SessionKey. * message : The plain data as a PlainMessage. * output : The encrypted data as PGPMessage.

func (*SessionKey) GetBase64Key

func (sk *SessionKey) GetBase64Key() string

GetBase64Key returns the session key as base64 encoded string.

func (*SessionKey) GetCipherFunc

func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error)

GetCipherFunc returns the cipher function corresponding to the algorithm used with this SessionKey.

type SignatureCollector

type SignatureCollector struct {
	// contains filtered or unexported fields
}

SignatureCollector structure.

func (*SignatureCollector) Accept

func (sc *SignatureCollector) Accept(
	part io.Reader, header textproto.MIMEHeader,
	hasPlainSibling, isFirst, isLast bool,
) (err error)

Accept collects the signature.

func (SignatureCollector) GetSignature

func (sc SignatureCollector) GetSignature() string

GetSignature collected by Accept.

type SignatureVerificationError

type SignatureVerificationError struct {
	Status  int
	Message string
}

SignatureVerificationError is returned from Decrypt and VerifyDetached functions when signature verification fails.

func (SignatureVerificationError) Error

Error is the base method for all errors.

type WriteCloser

type WriteCloser interface {
	Write(b []byte) (n int, err error)
	Close() (err error)
}

type Writer

type Writer interface {
	Write(b []byte) (n int, err error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL