Documentation ¶
Overview ¶
Package crypto provides a high-level API for common OpenPGP functionality.
Index ¶
- func EncryptSessionKeyWithPassword(sk *SessionKey, password []byte) ([]byte, error)
- func GetTime() time.Time
- func GetUnixTime() int64
- func IsPGPMessage(data string) bool
- func RandomToken(size int) ([]byte, error)
- func SetKeyGenerationOffset(offset int64)
- func UpdateTime(newTime int64)
- type AttachmentProcessor
- type ClearTextMessage
- type EncryptSplitResult
- type GopenPGP
- type Identity
- type Key
- func GenerateKey(name, email string, keyType string, bits int) (*Key, error)
- func GenerateRSAKeyWithPrimes(name, email string, bits int, primeone, primetwo, primethree, primefour []byte) (*Key, error)
- func NewKey(binKeys []byte) (key *Key, err error)
- func NewKeyFromArmored(armored string) (key *Key, err error)
- func NewKeyFromArmoredReader(r io.Reader) (key *Key, err error)
- func NewKeyFromEntity(entity *openpgp.Entity) (*Key, error)
- func NewKeyFromReader(r io.Reader) (key *Key, err error)
- func (key *Key) Armor() (string, error)
- func (key *Key) ArmorWithCustomHeaders(comment, version string) (string, error)
- func (key *Key) CanEncrypt() bool
- func (key *Key) CanVerify() bool
- func (key *Key) Check() (bool, error)
- func (key *Key) ClearPrivateParams() (ok bool)
- func (key *Key) Copy() (*Key, error)
- func (key *Key) GetArmoredPublicKey() (s string, err error)
- func (key *Key) GetArmoredPublicKeyWithCustomHeaders(comment, version string) (string, error)
- func (key *Key) GetEntity() *openpgp.Entity
- func (key *Key) GetFingerprint() string
- func (key *Key) GetHexKeyID() string
- func (key *Key) GetKeyID() uint64
- func (key *Key) GetPublicKey() (b []byte, err error)
- func (key *Key) GetSHA256Fingerprints() (fingerprints []string)
- func (key *Key) IsExpired() bool
- func (key *Key) IsLocked() (bool, error)
- func (key *Key) IsPrivate() bool
- func (key *Key) IsRevoked() bool
- func (key *Key) IsUnlocked() (bool, error)
- func (key *Key) Lock(passphrase []byte) (*Key, error)
- func (key *Key) PrintFingerprints()
- func (key *Key) Serialize() ([]byte, error)
- func (key *Key) ToPublic() (publicKey *Key, err error)
- func (key *Key) Unlock(passphrase []byte) (*Key, error)
- type KeyRing
- func (keyRing *KeyRing) AddKey(key *Key) error
- func (keyRing *KeyRing) CanEncrypt() bool
- func (keyRing *KeyRing) CanVerify() bool
- func (keyRing *KeyRing) ClearPrivateParams()
- func (keyRing *KeyRing) Copy() (*KeyRing, error)
- func (keyRing *KeyRing) CountDecryptionEntities() int
- func (keyRing *KeyRing) CountEntities() int
- func (keyRing *KeyRing) Decrypt(message *PGPMessage, verifyKey *KeyRing, verifyTime int64) (*PlainMessage, error)
- func (keyRing *KeyRing) DecryptAttachment(message *PGPSplitMessage) (*PlainMessage, error)
- func (keyRing *KeyRing) DecryptMIMEMessage(message *PGPMessage, verifyKey *KeyRing, callbacks MIMECallbacks, ...)
- func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)
- func (keyRing *KeyRing) DecryptSplitStream(keypacket []byte, dataPacketReader Reader, verifyKeyRing *KeyRing, ...) (plainMessage *PlainMessageReader, err error)
- func (keyRing *KeyRing) DecryptStream(message Reader, verifyKeyRing *KeyRing, verifyTime int64) (plainMessage *PlainMessageReader, err error)
- func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)
- func (keyRing *KeyRing) EncryptAttachment(message *PlainMessage, filename string) (*PGPSplitMessage, error)
- func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error)
- func (keyRing *KeyRing) EncryptSplitStream(dataPacketWriter Writer, plainMessageMetadata *PlainMessageMetadata, ...) (*EncryptSplitResult, error)
- func (keyRing *KeyRing) EncryptStream(pgpMessageWriter Writer, plainMessageMetadata *PlainMessageMetadata, ...) (plainMessageWriter WriteCloser, err error)
- func (keyRing *KeyRing) EncryptWithCompression(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)
- func (keyRing *KeyRing) FirstKey() (*KeyRing, error)
- func (keyRing *KeyRing) GetIdentities() []*Identity
- func (keyRing *KeyRing) GetKey(n int) (*Key, error)
- func (keyRing *KeyRing) GetKeyIDs() []uint64
- func (keyRing *KeyRing) GetKeys() []*Key
- func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, signature *PGPSignature, verifyTime int64) (int64, error)
- func (keyRing *KeyRing) NewLowMemoryAttachmentProcessor(estimatedSize int, filename string) (*AttachmentProcessor, error)
- func (keyRing *KeyRing) NewManualAttachmentProcessor(estimatedSize int, filename string, dataBuffer []byte) (*ManualAttachmentProcessor, error)
- func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error)
- func (keyRing *KeyRing) SignDetachedEncrypted(message *PlainMessage, encryptionKeyRing *KeyRing) (encryptedSignature *PGPMessage, err error)
- func (keyRing *KeyRing) SignDetachedEncryptedStream(message Reader, encryptionKeyRing *KeyRing) (encryptedSignature *PGPMessage, err error)
- func (keyRing *KeyRing) SignDetachedStream(message Reader) (*PGPSignature, error)
- func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error
- func (keyRing *KeyRing) VerifyDetachedEncrypted(message *PlainMessage, encryptedSignature *PGPMessage, ...) error
- func (keyRing *KeyRing) VerifyDetachedEncryptedStream(message Reader, encryptedSignature *PGPMessage, decryptionKeyRing *KeyRing, ...) error
- func (keyRing *KeyRing) VerifyDetachedStream(message Reader, signature *PGPSignature, verifyTime int64) error
- type MIMECallbacks
- type ManualAttachmentProcessor
- type PGPMessage
- func (msg *PGPMessage) GetArmored() (string, error)
- func (msg *PGPMessage) GetArmoredWithCustomHeaders(comment, version string) (string, error)
- func (msg *PGPMessage) GetBinary() []byte
- func (msg *PGPMessage) GetEncryptionKeyIDs() ([]uint64, bool)
- func (msg *PGPMessage) GetHexEncryptionKeyIDs() ([]string, bool)
- func (msg *PGPMessage) GetHexSignatureKeyIDs() ([]string, bool)
- func (msg *PGPMessage) GetSignatureKeyIDs() ([]uint64, bool)
- func (msg *PGPMessage) NewReader() io.Reader
- func (msg *PGPMessage) SeparateKeyAndData(_ int, _ int) (*PGPSplitMessage, error)
- func (msg *PGPMessage) SplitMessage() (*PGPSplitMessage, error)
- type PGPSignature
- type PGPSplitMessage
- type PlainMessage
- func (msg *PlainMessage) GetBase64() string
- func (msg *PlainMessage) GetBinary() []byte
- func (msg *PlainMessage) GetFilename() string
- func (msg *PlainMessage) GetString() string
- func (msg *PlainMessage) GetTime() uint32
- func (msg *PlainMessage) IsBinary() bool
- func (msg *PlainMessage) IsText() bool
- func (msg *PlainMessage) NewReader() io.Reader
- type PlainMessageMetadata
- type PlainMessageReader
- type Reader
- type SessionKey
- func (sk *SessionKey) Clear() (ok bool)
- func (sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error)
- func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64) (*PlainMessage, error)
- func (sk *SessionKey) DecryptStream(dataPacketReader Reader, verifyKeyRing *KeyRing, verifyTime int64) (plainMessage *PlainMessageReader, err error)
- func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error)
- func (sk *SessionKey) EncryptAndSign(message *PlainMessage, signKeyRing *KeyRing) ([]byte, error)
- func (sk *SessionKey) EncryptStream(dataPacketWriter Writer, plainMessageMetadata *PlainMessageMetadata, ...) (plainMessageWriter WriteCloser, err error)
- func (sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error)
- func (sk *SessionKey) GetBase64Key() string
- func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error)
- type SignatureCollector
- type SignatureVerificationError
- type WriteCloser
- type Writer
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EncryptSessionKeyWithPassword ¶
func EncryptSessionKeyWithPassword(sk *SessionKey, password []byte) ([]byte, error)
EncryptSessionKeyWithPassword encrypts the session key with the password and returns a binary symmetrically encrypted session key packet.
func IsPGPMessage ¶
IsPGPMessage checks if data if has armored PGP message format.
func RandomToken ¶
RandomToken generates a random token with the specified key size.
func SetKeyGenerationOffset ¶
func SetKeyGenerationOffset(offset int64)
SetKeyGenerationOffset updates the offset when generating keys.
Types ¶
type AttachmentProcessor ¶
type AttachmentProcessor struct {
// contains filtered or unexported fields
}
AttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files).
func (*AttachmentProcessor) Finish ¶
func (ap *AttachmentProcessor) Finish() (*PGPSplitMessage, error)
Finish closes the attachment and returns the encrypted data.
func (*AttachmentProcessor) Process ¶
func (ap *AttachmentProcessor) Process(plainData []byte)
Process writes attachment data to be encrypted.
type ClearTextMessage ¶
A ClearTextMessage is a signed but not encrypted PGP message, i.e. the ones beginning with -----BEGIN PGP SIGNED MESSAGE-----.
func NewClearTextMessage ¶
func NewClearTextMessage(data []byte, signature []byte) *ClearTextMessage
NewClearTextMessage generates a new ClearTextMessage from data and signature.
func NewClearTextMessageFromArmored ¶
func NewClearTextMessageFromArmored(signedMessage string) (*ClearTextMessage, error)
NewClearTextMessageFromArmored returns the message body and unarmored signature from a clearsigned message.
func (*ClearTextMessage) GetArmored ¶
func (msg *ClearTextMessage) GetArmored() (string, error)
GetArmored armors plaintext and signature with the PGP SIGNED MESSAGE armoring.
func (*ClearTextMessage) GetBinary ¶
func (msg *ClearTextMessage) GetBinary() []byte
GetBinary returns the unarmored signed data as a []byte.
func (*ClearTextMessage) GetBinarySignature ¶
func (msg *ClearTextMessage) GetBinarySignature() []byte
GetBinarySignature returns the unarmored binary signature as a []byte.
func (*ClearTextMessage) GetString ¶
func (msg *ClearTextMessage) GetString() string
GetString returns the unarmored signed data as a string.
type EncryptSplitResult ¶
type EncryptSplitResult struct {
// contains filtered or unexported fields
}
EncryptSplitResult is used to wrap the encryption writecloser while storing the key packet.
func (*EncryptSplitResult) Close ¶
func (res *EncryptSplitResult) Close() (err error)
func (*EncryptSplitResult) GetKeyPacket ¶
func (res *EncryptSplitResult) GetKeyPacket() (keyPacket []byte, err error)
GetKeyPacket returns the Public-Key Encrypted Session Key Packets (https://datatracker.ietf.org/doc/html/rfc4880#section-5.1). This can be retrieved only after the message has been fully written and the writer is closed.
type GopenPGP ¶
type GopenPGP struct {
// contains filtered or unexported fields
}
GopenPGP is used as a "namespace" for many of the functions in this package. It is a struct that keeps track of time skew between server and client.
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
Key contains a single private or public key.
func GenerateKey ¶
GenerateKey generates a key of the given keyType ("rsa" or "x25519"). If keyType is "rsa", bits is the RSA bitsize of the key. If keyType is "x25519" bits is unused.
func GenerateRSAKeyWithPrimes ¶
func GenerateRSAKeyWithPrimes( name, email string, bits int, primeone, primetwo, primethree, primefour []byte, ) (*Key, error)
GenerateRSAKeyWithPrimes generates a RSA key using the given primes.
func NewKeyFromArmored ¶
NewKeyFromArmored creates a new key from the first key in an armored string.
func NewKeyFromArmoredReader ¶
NewKeyFromArmoredReader reads an armored data into a key.
func NewKeyFromReader ¶
NewKeyFromReader reads binary data into a Key object.
func (*Key) ArmorWithCustomHeaders ¶
ArmorWithCustomHeaders returns the armored key as a string, with the given headers. Empty parameters are omitted from the headers.
func (*Key) CanEncrypt ¶
CanEncrypt returns true if any of the subkeys can be used for encryption.
func (*Key) Check ¶
Check verifies if the public keys match the private key parameters by signing and verifying. Deprecated: all keys are now checked on parsing.
func (*Key) ClearPrivateParams ¶
func (*Key) GetArmoredPublicKey ¶
GetArmoredPublicKey returns the armored public keys from this keyring.
func (*Key) GetArmoredPublicKeyWithCustomHeaders ¶
GetArmoredPublicKeyWithCustomHeaders returns the armored public key as a string, with the given headers. Empty parameters are omitted from the headers.
func (*Key) GetFingerprint ¶
GetFingerprint gets the fingerprint from the key.
func (*Key) GetHexKeyID ¶
GetHexKeyID returns the key ID, hex encoded as a string.
func (*Key) GetPublicKey ¶
GetPublicKey returns the unarmored public keys from this keyring.
func (*Key) GetSHA256Fingerprints ¶
GetSHA256Fingerprints computes the SHA256 fingerprints of the key and subkeys.
func (*Key) IsRevoked ¶
IsRevoked checks whether the key or the primary identity has a valid revocation signature.
func (*Key) IsUnlocked ¶
IsUnlocked checks if a private key is unlocked.
func (*Key) PrintFingerprints ¶
func (key *Key) PrintFingerprints()
PrintFingerprints is a debug helper function that prints the key and subkey fingerprints.
Example ¶
keyringKey, _ := NewKeyFromArmored(readTestFile("keyring_publicKey", false)) keyringKey.PrintFingerprints()
Output: SubKey:37e4bcf09b36e34012d10c0247dc67b5cb8267f6 PrimaryKey:6e8ba229b0cccaf6962f97953eb6259edf21df24
type KeyRing ¶
type KeyRing struct { // FirstKeyID as obtained from API to match salt FirstKeyID string // contains filtered or unexported fields }
KeyRing contains multiple private and public keys.
func FilterExpiredKeys ¶
FilterExpiredKeys takes a given KeyRing list and it returns only those KeyRings which contain at least, one unexpired Key. It returns only unexpired parts of these KeyRings.
func NewKeyRing ¶
NewKeyRing creates a new KeyRing, empty if key is nil.
func (*KeyRing) CanEncrypt ¶
CanEncrypt returns true if any of the keys in the keyring can be used for encryption.
func (*KeyRing) CanVerify ¶
CanVerify returns true if any of the keys in the keyring can be used for verification.
func (*KeyRing) ClearPrivateParams ¶
func (keyRing *KeyRing) ClearPrivateParams()
func (*KeyRing) CountDecryptionEntities ¶
CountDecryptionEntities returns the number of entities in the keyring.
func (*KeyRing) CountEntities ¶
CountEntities returns the number of entities in the keyring.
func (*KeyRing) Decrypt ¶
func (keyRing *KeyRing) Decrypt( message *PGPMessage, verifyKey *KeyRing, verifyTime int64, ) (*PlainMessage, error)
Decrypt decrypts encrypted string using pgp keys, returning a PlainMessage * message : The encrypted input as a PGPMessage * verifyKey : Public key for signature verification (optional) * verifyTime : Time at verification (necessary only if verifyKey is not nil)
When verifyKey is not provided, then verifyTime should be zero, and signature verification will be ignored.
func (*KeyRing) DecryptAttachment ¶
func (keyRing *KeyRing) DecryptAttachment(message *PGPSplitMessage) (*PlainMessage, error)
DecryptAttachment takes a PGPSplitMessage, containing a session key packet and symmetrically encrypted data and returns a decrypted PlainMessage Specifically designed for attachments rather than text messages.
func (*KeyRing) DecryptMIMEMessage ¶
func (keyRing *KeyRing) DecryptMIMEMessage( message *PGPMessage, verifyKey *KeyRing, callbacks MIMECallbacks, verifyTime int64, )
DecryptMIMEMessage decrypts a MIME message.
func (*KeyRing) DecryptSessionKey ¶
func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)
DecryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.
func (*KeyRing) DecryptSplitStream ¶
func (keyRing *KeyRing) DecryptSplitStream( keypacket []byte, dataPacketReader Reader, verifyKeyRing *KeyRing, verifyTime int64, ) (plainMessage *PlainMessageReader, err error)
DecryptSplitStream is used to decrypt a split pgp message as a Reader. It takes a key packet and a reader for the data packet and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.
func (*KeyRing) DecryptStream ¶
func (keyRing *KeyRing) DecryptStream( message Reader, verifyKeyRing *KeyRing, verifyTime int64, ) (plainMessage *PlainMessageReader, err error)
DecryptStream is used to decrypt a pgp message as a Reader. It takes a reader for the message data and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.
func (*KeyRing) Encrypt ¶
func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)
Encrypt encrypts a PlainMessage, outputs a PGPMessage. If an unlocked private key is also provided it will also sign the message. * message : The plaintext input as a PlainMessage. * privateKey : (optional) an unlocked private keyring to include signature in the message.
func (*KeyRing) EncryptAttachment ¶
func (keyRing *KeyRing) EncryptAttachment(message *PlainMessage, filename string) (*PGPSplitMessage, error)
EncryptAttachment encrypts a file given a PlainMessage and a filename. If given a filename it will override the information in the PlainMessage object. Returns a PGPSplitMessage containing a session key packet and symmetrically encrypted data. Specifically designed for attachments rather than text messages.
func (*KeyRing) EncryptSessionKey ¶
func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error)
EncryptSessionKey encrypts the session key with the unarmored publicKey and returns a binary public-key encrypted session key packet.
func (*KeyRing) EncryptSplitStream ¶
func (keyRing *KeyRing) EncryptSplitStream( dataPacketWriter Writer, plainMessageMetadata *PlainMessageMetadata, signKeyRing *KeyRing, ) (*EncryptSplitResult, error)
EncryptSplitStream is used to encrypt data as a stream. It takes a writer for the Symmetrically Encrypted Data Packet (https://datatracker.ietf.org/doc/html/rfc4880#section-5.7) and returns a writer for the plaintext data and the key packet. If signKeyRing is not nil, it is used to do an embedded signature.
func (*KeyRing) EncryptStream ¶
func (keyRing *KeyRing) EncryptStream( pgpMessageWriter Writer, plainMessageMetadata *PlainMessageMetadata, signKeyRing *KeyRing, ) (plainMessageWriter WriteCloser, err error)
EncryptStream is used to encrypt data as a Writer. It takes a writer for the encrypted data and returns a WriteCloser for the plaintext data If signKeyRing is not nil, it is used to do an embedded signature.
func (*KeyRing) EncryptWithCompression ¶
func (keyRing *KeyRing) EncryptWithCompression(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)
EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage using public/private keys. * message : The plain data as a PlainMessage. * privateKey : (optional) an unlocked private keyring to include signature in the message. * output : The encrypted data as PGPMessage.
func (*KeyRing) GetIdentities ¶
GetIdentities returns the list of identities associated with this key ring.
func (*KeyRing) GetVerifiedSignatureTimestamp ¶
func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, signature *PGPSignature, verifyTime int64) (int64, error)
GetVerifiedSignatureTimestamp verifies a PlainMessage with a detached PGPSignature returns the creation time of the signature if it succeeds and returns a SignatureVerificationError if fails.
func (*KeyRing) NewLowMemoryAttachmentProcessor ¶
func (keyRing *KeyRing) NewLowMemoryAttachmentProcessor( estimatedSize int, filename string, ) (*AttachmentProcessor, error)
NewLowMemoryAttachmentProcessor creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and filename as hints about the file. It is optimized for low-memory environments and collects garbage every megabyte.
func (*KeyRing) NewManualAttachmentProcessor ¶
func (keyRing *KeyRing) NewManualAttachmentProcessor( estimatedSize int, filename string, dataBuffer []byte, ) (*ManualAttachmentProcessor, error)
NewManualAttachmentProcessor creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and filename as hints about the file and a buffer to hold the DataPacket. It is optimized for low-memory environments and collects garbage every megabyte. The buffer for the data packet must be manually allocated by the caller. Make sure that the dataBuffer is large enough to hold the whole data packet otherwise Finish() will return an error.
func (*KeyRing) SignDetached ¶
func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error)
SignDetached generates and returns a PGPSignature for a given PlainMessage.
func (*KeyRing) SignDetachedEncrypted ¶
func (keyRing *KeyRing) SignDetachedEncrypted(message *PlainMessage, encryptionKeyRing *KeyRing) (encryptedSignature *PGPMessage, err error)
SignDetachedEncrypted generates and returns a PGPMessage containing an encrypted detached signature for a given PlainMessage.
func (*KeyRing) SignDetachedEncryptedStream ¶
func (keyRing *KeyRing) SignDetachedEncryptedStream( message Reader, encryptionKeyRing *KeyRing, ) (encryptedSignature *PGPMessage, err error)
SignDetachedEncryptedStream generates and returns a PGPMessage containing an encrypted detached signature for a given message Reader.
func (*KeyRing) SignDetachedStream ¶
func (keyRing *KeyRing) SignDetachedStream(message Reader) (*PGPSignature, error)
SignDetachedStream generates and returns a PGPSignature for a given message Reader.
func (*KeyRing) VerifyDetached ¶
func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error
VerifyDetached verifies a PlainMessage with a detached PGPSignature and returns a SignatureVerificationError if fails.
func (*KeyRing) VerifyDetachedEncrypted ¶
func (keyRing *KeyRing) VerifyDetachedEncrypted(message *PlainMessage, encryptedSignature *PGPMessage, decryptionKeyRing *KeyRing, verifyTime int64) error
VerifyDetachedEncrypted verifies a PlainMessage with a PGPMessage containing an encrypted detached signature and returns a SignatureVerificationError if fails.
func (*KeyRing) VerifyDetachedEncryptedStream ¶
func (keyRing *KeyRing) VerifyDetachedEncryptedStream( message Reader, encryptedSignature *PGPMessage, decryptionKeyRing *KeyRing, verifyTime int64, ) error
VerifyDetachedEncryptedStream verifies a PlainMessage with a PGPMessage containing an encrypted detached signature and returns a SignatureVerificationError if fails.
func (*KeyRing) VerifyDetachedStream ¶
func (keyRing *KeyRing) VerifyDetachedStream( message Reader, signature *PGPSignature, verifyTime int64, ) error
VerifyDetachedStream verifies a message reader with a detached PGPSignature and returns a SignatureVerificationError if fails.
type MIMECallbacks ¶
type MIMECallbacks interface { OnBody(body string, mimetype string) OnAttachment(headers string, data []byte) // Encrypted headers can be in an attachment and thus be placed at the end of the mime structure. OnEncryptedHeaders(headers string) OnVerified(verified int) OnError(err error) }
MIMECallbacks defines callback methods to process a MIME message.
type ManualAttachmentProcessor ¶
type ManualAttachmentProcessor struct {
// contains filtered or unexported fields
}
ManualAttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files). With this processor, the caller has to first allocate a buffer large enough to hold the whole data packet.
func (*ManualAttachmentProcessor) Finish ¶
func (ap *ManualAttachmentProcessor) Finish() error
Finish tells the processor to finalize encryption.
func (*ManualAttachmentProcessor) GetDataLength ¶
func (ap *ManualAttachmentProcessor) GetDataLength() int
GetDataLength returns the number of bytes in the DataPacket. This should be called only after Finish() has been called.
func (*ManualAttachmentProcessor) GetKeyPacket ¶
func (ap *ManualAttachmentProcessor) GetKeyPacket() []byte
GetKeyPacket returns the key packet for the attachment. This should be called only after Finish() has been called.
func (*ManualAttachmentProcessor) Process ¶
func (ap *ManualAttachmentProcessor) Process(plainData []byte) error
Process writes attachment data to be encrypted.
type PGPMessage ¶
type PGPMessage struct { // The content of the message Data []byte }
PGPMessage stores a PGP-encrypted message.
func EncryptMessageWithPassword ¶
func EncryptMessageWithPassword(message *PlainMessage, password []byte) (*PGPMessage, error)
EncryptMessageWithPassword encrypts a PlainMessage to PGPMessage with a SymmetricKey. * message : The plain data as a PlainMessage. * password: A password that will be derived into an encryption key. * output : The encrypted data as PGPMessage.
func NewPGPMessage ¶
func NewPGPMessage(data []byte) *PGPMessage
NewPGPMessage generates a new PGPMessage from the unarmored binary data.
func NewPGPMessageFromArmored ¶
func NewPGPMessageFromArmored(armored string) (*PGPMessage, error)
NewPGPMessageFromArmored generates a new PGPMessage from an armored string ready for decryption.
func (*PGPMessage) GetArmored ¶
func (msg *PGPMessage) GetArmored() (string, error)
GetArmored returns the armored message as a string.
func (*PGPMessage) GetArmoredWithCustomHeaders ¶
func (msg *PGPMessage) GetArmoredWithCustomHeaders(comment, version string) (string, error)
GetArmoredWithCustomHeaders returns the armored message as a string, with the given headers. Empty parameters are omitted from the headers.
func (*PGPMessage) GetBinary ¶
func (msg *PGPMessage) GetBinary() []byte
GetBinary returns the unarmored binary content of the message as a []byte.
func (*PGPMessage) GetEncryptionKeyIDs ¶
func (msg *PGPMessage) GetEncryptionKeyIDs() ([]uint64, bool)
GetEncryptionKeyIDs Returns the key IDs of the keys to which the session key is encrypted.
func (*PGPMessage) GetHexEncryptionKeyIDs ¶
func (msg *PGPMessage) GetHexEncryptionKeyIDs() ([]string, bool)
GetHexEncryptionKeyIDs Returns the key IDs of the keys to which the session key is encrypted.
func (*PGPMessage) GetHexSignatureKeyIDs ¶
func (msg *PGPMessage) GetHexSignatureKeyIDs() ([]string, bool)
GetHexSignatureKeyIDs Returns the key IDs of the keys to which the session key is encrypted.
func (*PGPMessage) GetSignatureKeyIDs ¶
func (msg *PGPMessage) GetSignatureKeyIDs() ([]uint64, bool)
GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.
func (*PGPMessage) NewReader ¶
func (msg *PGPMessage) NewReader() io.Reader
NewReader returns a New io.Reader for the unarmored binary data of the message.
func (*PGPMessage) SeparateKeyAndData ¶
func (msg *PGPMessage) SeparateKeyAndData(_ int, _ int) (*PGPSplitMessage, error)
SeparateKeyAndData splits the message into key and data packet(s). Parameters are for backwards compatibility and are unused. Deprecated: use SplitMessage().
func (*PGPMessage) SplitMessage ¶
func (msg *PGPMessage) SplitMessage() (*PGPSplitMessage, error)
SplitMessage splits the message into key and data packet(s). Parameters are for backwards compatibility and are unused.
type PGPSignature ¶
type PGPSignature struct { // The content of the signature Data []byte }
PGPSignature stores a PGP-encoded detached signature.
func NewPGPSignature ¶
func NewPGPSignature(data []byte) *PGPSignature
NewPGPSignature generates a new PGPSignature from the unarmored binary data.
func NewPGPSignatureFromArmored ¶
func NewPGPSignatureFromArmored(armored string) (*PGPSignature, error)
NewPGPSignatureFromArmored generates a new PGPSignature from the armored string ready for verification.
func (*PGPSignature) GetArmored ¶
func (sig *PGPSignature) GetArmored() (string, error)
GetArmored returns the armored signature as a string.
func (*PGPSignature) GetBinary ¶
func (sig *PGPSignature) GetBinary() []byte
GetBinary returns the unarmored binary content of the signature as a []byte.
func (*PGPSignature) GetHexSignatureKeyIDs ¶
func (sig *PGPSignature) GetHexSignatureKeyIDs() ([]string, bool)
GetHexSignatureKeyIDs Returns the key IDs of the keys to which the session key is encrypted.
func (*PGPSignature) GetSignatureKeyIDs ¶
func (sig *PGPSignature) GetSignatureKeyIDs() ([]uint64, bool)
GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.
type PGPSplitMessage ¶
PGPSplitMessage contains a separate session key packet and symmetrically encrypted data packet.
func NewPGPSplitMessage ¶
func NewPGPSplitMessage(keyPacket []byte, dataPacket []byte) *PGPSplitMessage
NewPGPSplitMessage generates a new PGPSplitMessage from the binary unarmored keypacket, datapacket, and encryption algorithm.
func NewPGPSplitMessageFromArmored ¶
func NewPGPSplitMessageFromArmored(encrypted string) (*PGPSplitMessage, error)
NewPGPSplitMessageFromArmored generates a new PGPSplitMessage by splitting an armored message into its session key packet and symmetrically encrypted data packet.
func (*PGPSplitMessage) GetArmored ¶
func (msg *PGPSplitMessage) GetArmored() (string, error)
GetArmored returns the armored message as a string, with joined data and key packets.
func (*PGPSplitMessage) GetBinary ¶
func (msg *PGPSplitMessage) GetBinary() []byte
GetBinary returns the unarmored binary joined packets as a []byte.
func (*PGPSplitMessage) GetBinaryDataPacket ¶
func (msg *PGPSplitMessage) GetBinaryDataPacket() []byte
GetBinaryDataPacket returns the unarmored binary datapacket as a []byte.
func (*PGPSplitMessage) GetBinaryKeyPacket ¶
func (msg *PGPSplitMessage) GetBinaryKeyPacket() []byte
GetBinaryKeyPacket returns the unarmored binary keypacket as a []byte.
func (*PGPSplitMessage) GetPGPMessage ¶
func (msg *PGPSplitMessage) GetPGPMessage() *PGPMessage
GetPGPMessage joins asymmetric session key packet with the symmetric data packet to obtain a PGP message.
type PlainMessage ¶
type PlainMessage struct { // The content of the message Data []byte // If the content is text or binary TextType bool // The file's latest modification time Time uint32 // The encrypted message's filename Filename string }
PlainMessage stores a plain text / unencrypted message.
func DecryptMessageWithPassword ¶
func DecryptMessageWithPassword(message *PGPMessage, password []byte) (*PlainMessage, error)
DecryptMessageWithPassword decrypts password protected pgp binary messages. * encrypted: The encrypted data as PGPMessage. * password: A password that will be derived into an encryption key. * output: The decrypted data as PlainMessage.
func NewPlainMessage ¶
func NewPlainMessage(data []byte) *PlainMessage
NewPlainMessage generates a new binary PlainMessage ready for encryption, signature, or verification from the unencrypted binary data. This will encrypt the message with the binary flag and preserve the file as is.
func NewPlainMessageFromFile ¶
func NewPlainMessageFromFile(data []byte, filename string, time uint32) *PlainMessage
NewPlainMessageFromFile generates a new binary PlainMessage ready for encryption, signature, or verification from the unencrypted binary data. This will encrypt the message with the binary flag and preserve the file as is. It assigns a filename and a modification time.
func NewPlainMessageFromString ¶
func NewPlainMessageFromString(text string) *PlainMessage
NewPlainMessageFromString generates a new text PlainMessage, ready for encryption, signature, or verification from an unencrypted string. This will encrypt the message with the text flag, canonicalize the line endings (i.e. set all of them to \r\n) and strip the trailing spaces for each line. This allows seamless conversion to clear text signed messages (see RFC 4880 5.2.1 and 7.1).
func (*PlainMessage) GetBase64 ¶
func (msg *PlainMessage) GetBase64() string
GetBase64 returns the base-64 encoded binary content of the message as a string.
func (*PlainMessage) GetBinary ¶
func (msg *PlainMessage) GetBinary() []byte
GetBinary returns the binary content of the message as a []byte.
func (*PlainMessage) GetFilename ¶
func (msg *PlainMessage) GetFilename() string
GetFilename returns the file name of the message as a string.
func (*PlainMessage) GetString ¶
func (msg *PlainMessage) GetString() string
GetString returns the content of the message as a string.
func (*PlainMessage) GetTime ¶
func (msg *PlainMessage) GetTime() uint32
GetTime returns the modification time of a file (if provided in the ciphertext).
func (*PlainMessage) IsBinary ¶
func (msg *PlainMessage) IsBinary() bool
IsBinary returns whether the message is a binary message.
func (*PlainMessage) IsText ¶
func (msg *PlainMessage) IsText() bool
IsText returns whether the message is a text message.
func (*PlainMessage) NewReader ¶
func (msg *PlainMessage) NewReader() io.Reader
NewReader returns a New io.Reader for the binary data of the message.
type PlainMessageMetadata ¶
func NewPlainMessageMetadata ¶
func NewPlainMessageMetadata(isBinary bool, filename string, modTime int64) *PlainMessageMetadata
type PlainMessageReader ¶
type PlainMessageReader struct {
// contains filtered or unexported fields
}
PlainMessageReader is used to wrap the data of the decrypted plain message. It can be used to read the decrypted data and verify the embedded signature.
func (*PlainMessageReader) GetMetadata ¶
func (msg *PlainMessageReader) GetMetadata() *PlainMessageMetadata
GetMetadata returns the metadata of the decrypted message.
func (*PlainMessageReader) Read ¶
func (msg *PlainMessageReader) Read(b []byte) (n int, err error)
Read is used to access the message decrypted data. Makes PlainMessageReader implement the Reader interface.
func (*PlainMessageReader) VerifySignature ¶
func (msg *PlainMessageReader) VerifySignature() (err error)
VerifySignature is used to verify that the signature is valid. This method needs to be called once all the data has been read. It will return an error if the signature is invalid or if the message hasn't been read entirely.
type SessionKey ¶
type SessionKey struct { // The decrypted binary session key. Key []byte // The symmetric encryption algorithm used with this key. Algo string }
SessionKey stores a decrypted session key.
func DecryptSessionKeyWithPassword ¶
func DecryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, error)
DecryptSessionKeyWithPassword decrypts the binary symmetrically encrypted session key packet and returns the session key.
func GenerateSessionKey ¶
func GenerateSessionKey() (*SessionKey, error)
GenerateSessionKey generates a random key for the default cipher.
func GenerateSessionKeyAlgo ¶
func GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error)
GenerateSessionKeyAlgo generates a random key of the correct length for the specified algorithm.
func NewSessionKeyFromToken ¶
func NewSessionKeyFromToken(token []byte, algo string) *SessionKey
func (*SessionKey) Clear ¶
func (sk *SessionKey) Clear() (ok bool)
func (*SessionKey) Decrypt ¶
func (sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error)
Decrypt decrypts pgp data packets using directly a session key. * encrypted: PGPMessage. * output: PlainMessage.
func (*SessionKey) DecryptAndVerify ¶
func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64) (*PlainMessage, error)
DecryptAndVerify decrypts pgp data packets using directly a session key and verifies embedded signatures. * encrypted: PGPMessage. * verifyKeyRing: KeyRing with verification public keys * verifyTime: when should the signature be valid, as timestamp. If 0 time verification is disabled. * output: PlainMessage.
func (*SessionKey) DecryptStream ¶
func (sk *SessionKey) DecryptStream( dataPacketReader Reader, verifyKeyRing *KeyRing, verifyTime int64, ) (plainMessage *PlainMessageReader, err error)
DecryptStream is used to decrypt a data packet as a Reader. It takes a reader for the data packet and returns a PlainMessageReader for the plaintext data. If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will verify the embedded signature with the given key ring and verification time.
func (*SessionKey) Encrypt ¶
func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error)
Encrypt encrypts a PlainMessage to PGPMessage with a SessionKey. * message : The plain data as a PlainMessage. * output : The encrypted data as PGPMessage.
func (*SessionKey) EncryptAndSign ¶
func (sk *SessionKey) EncryptAndSign(message *PlainMessage, signKeyRing *KeyRing) ([]byte, error)
EncryptAndSign encrypts a PlainMessage to PGPMessage with a SessionKey and signs it with a Private key. * message : The plain data as a PlainMessage. * signKeyRing: The KeyRing to sign the message * output : The encrypted data as PGPMessage.
func (*SessionKey) EncryptStream ¶
func (sk *SessionKey) EncryptStream( dataPacketWriter Writer, plainMessageMetadata *PlainMessageMetadata, signKeyRing *KeyRing, ) (plainMessageWriter WriteCloser, err error)
EncryptStream is used to encrypt data as a Writer. It takes a writer for the encrypted data packet and returns a writer for the plaintext data. If signKeyRing is not nil, it is used to do an embedded signature.
func (*SessionKey) EncryptWithCompression ¶
func (sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error)
EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage with a SessionKey. * message : The plain data as a PlainMessage. * output : The encrypted data as PGPMessage.
func (*SessionKey) GetBase64Key ¶
func (sk *SessionKey) GetBase64Key() string
GetBase64Key returns the session key as base64 encoded string.
func (*SessionKey) GetCipherFunc ¶
func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error)
GetCipherFunc returns the cipher function corresponding to the algorithm used with this SessionKey.
type SignatureCollector ¶
type SignatureCollector struct {
// contains filtered or unexported fields
}
SignatureCollector structure.
func (*SignatureCollector) Accept ¶
func (sc *SignatureCollector) Accept( part io.Reader, header textproto.MIMEHeader, hasPlainSibling, isFirst, isLast bool, ) (err error)
Accept collects the signature.
func (SignatureCollector) GetSignature ¶
func (sc SignatureCollector) GetSignature() string
GetSignature collected by Accept.
type SignatureVerificationError ¶
SignatureVerificationError is returned from Decrypt and VerifyDetached functions when signature verification fails.
func (SignatureVerificationError) Error ¶
func (e SignatureVerificationError) Error() string
Error is the base method for all errors.