pgp

package
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 3, 2023 License: BSD-3-Clause Imports: 6 Imported by: 0

README

GoDoc

keyctl/pgp

A "helper" package for use with the golang.org/x/crypto/openpgp package which can transparently cache private key passphrases using the linux kernel's secure keyring system. Such cached passphrases can automatically expire after a configurable duration.

Usage

To use, simply import the parent pkg keyctl, open the user session keyring, embed it in a static pgp.PassphraseKeyring struct and call ReadMessage on this struct instead of using goglang.org/x/crypto/openpgp.ReadMessage. To customize the passphrase prompt, either assign your own pgp.Prompter compatible interface to PassphraseKeyring or pass in an openpgp.PromptFunction in the ReadMessage() method call.

For convenience, an openpgp.PromptFunction compatible func named PassphrasePrompt is exposed in the package.

Example

package main

import (
  "io"
  "log"
  "golang.org/x/crypto/openpgp"
  "github.com/jsipprell/keyctl"
  "github.com/jsipprell/keyctl/pgp"
)

func decryptReader(r io.Reader, pgpKeyring openpgp.KeyRing) {
  kr, err := keyctl.UserSessionKeyring()
  if err != nil {
    log.Fatal(err)
  }
  
  pkr := pgp.PassphraseKeyring{Keyring:kr}
  // Discard passphrases after 10 minutes
  pkr.SetDefaultTimeout(600)

  msgDetails, err := pkr.ReadMessage(r, pgpKeyring, pgp.PassphrasePrompt, nil)
  if err != nil {
    log.Fatal(err)
  }
  log.Printf("%#v\n", msgDetails)
}

Documentation

Overview

Provides a keyring with an openpgp.ReadMessage wrapper method that when called will automatically attempt private key decryption and save the passphrase in the private session kernel keyring for a configurable amount of time. If an encrypted private key is seen again before it expires, the original PromptFunction will not be called (unless decryption fails)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PassphrasePrompt

func PassphrasePrompt(keys []openpgp.Key, symmetric bool) ([]byte, error)

Types

type PassphraseKeyring

type PassphraseKeyring struct {
	keyctl.Keyring
	Prompt Prompter
}

A wrapper keyring that can automatically decrypt openpgp secret keys if the passphrase was previously used by the keyring (and the ttl has not expired) Such caching lives beyond the lifetime of the current process unless the process or thread keyring is used.

func (PassphraseKeyring) ReadMessage

func (pkr PassphraseKeyring) ReadMessage(r io.Reader, keyring openpgp.KeyRing,
	prompt interface{}, config *packet.Config) (*openpgp.MessageDetails, error)

A look-alike to "golang.org/x/crypto/opengpg".ReadMessage. When called it calls the openpgp.ReadMessage function, passing the io.Reader and openpgp.Keyring verbatim but in

type Prompter

type Prompter interface {
	Prompt([]openpgp.Key, bool) ([]byte, error)
}

A standard passphrase prompting interface

func NewPrompter

func NewPrompter(prompt openpgp.PromptFunction) Prompter

Create a new Prompter from an openpgp prompting function

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL