pgp

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 7, 2023 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// DefaultKDFParameters are the default key derivation parameters used when constructing
	// encryption keys.
	DefaultKDFParameters = &KeyDerivationParameters{
		HashFunction:    HashFuncSHA256,
		CipherAlgorithm: CipherAlgoAES128,
	}

	// DefaultStringToKeyHashFunc is the default string-to-key (S2K) hash function.
	DefaultStringToKeyHashFunc = HashFuncSHA256
)

Functions

func EncodeMPI 

func EncodeMPI(n *big.Int) []byte

EncodeMPI encodes a given integer as a multiprecision integer according to the OpenPGP protocol. 

https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2

func EncodePacket 

func EncodePacket(tag PacketTag, payload []byte) []byte

EncodePacket encodes a binary Packet according to the generic OpenPGP packet encoding protocol. 

https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-4.2

func EncryptS2K 

func EncryptS2K(hashFunc HashFuncID, plaintext, password []byte) ([]byte, error)

EncryptS2K encrypts a given plaintext with the OpenPGP iterated & salted string-to-key algorithm. This is not a very secure symmetric cipher, as we only use a simple hash and not a dedicated PBKDF.

Types

type CipherAlgoID 

type CipherAlgoID byte

CipherAlgoID identifies a symmetric encryption algorithm within OpenPGP packets. 

const (
	CipherAlgoDES    CipherAlgoID = 2
	CipherAlgoAES128 CipherAlgoID = 7
	CipherAlgoAES192 CipherAlgoID = 8
	CipherAlgoAES256 CipherAlgoID = 9
)

type CompresssionAlgoID added in v0.0.2 

type CompresssionAlgoID byte

CompresssionAlgoID represents a compression algorithm used to compress signed or encrypted data. 

const (
	CompressionAlgoNone  CompresssionAlgoID = 0
	CompressionAlgoZIP   CompresssionAlgoID = 1
	CompressionAlgoZLIB  CompresssionAlgoID = 2
	CompressionAlgoBZIP2 CompresssionAlgoID = 3
)

type Curve25519Subkey 

type Curve25519Subkey struct {
	Private  []byte
	Public   []byte
	Creation time.Time
	Expiry   time.Time
	KDF      *KeyDerivationParameters
	// contains filtered or unexported fields
}

Curve25519Subkey represents an OpenPGP X25519 Diffie-Hellman encryption subkey.

func NewCurve25519Subkey 

func NewCurve25519Subkey(
	seed []byte,
	creation time.Time,
	expiry time.Time,
	kdfParams *KeyDerivationParameters,
) (*Curve25519Subkey, error)

NewCurve25519Subkey derives an X25519 encryption subkey from the given 32-byte seed, and sets the given key creation and expiry dates.

If kdfParams is nil, DefaultKDFParameters is used instead.

func (*Curve25519Subkey) EncodePrivatePacket 

func (key *Curve25519Subkey) EncodePrivatePacket(password []byte) ([]byte, error)

EncodePrivatePacket encodes the private key into a serialized OpenPGP packet.

func (*Curve25519Subkey) EncodePublicSubkeyPacket 

func (key *Curve25519Subkey) EncodePublicSubkeyPacket() []byte

EncodePublicSubkeyPacket encodes the public key into a serialized OpenPGP packet.

func (*Curve25519Subkey) FingerprintV4 

func (key *Curve25519Subkey) FingerprintV4() []byte

FingerprintV4 returns the 20-byte SHA1 hash of the serialized public key.

type ED25519MasterKey 

type ED25519MasterKey struct {
	Private  ed25519.PrivateKey
	Public   ed25519.PublicKey
	Creation time.Time
	Expiry   time.Time
	// contains filtered or unexported fields
}

ED25519MasterKey represents an OpenPGP ED25519 EdDSA signing and certification master key.

func NewED25519MasterKey 

func NewED25519MasterKey(seed []byte, creation, expiry time.Time) (*ED25519MasterKey, error)

NewED25519MasterKey derives an ED25519 signing master key from the given 32-byte seed, and sets the given key creation and expiry dates.

func (*ED25519MasterKey) BindSubkey 

func (key *ED25519MasterKey) BindSubkey(
	subkeyBase *ellipticCurveKey,
	keyFlags byte,
	expiry time.Time,
) *Signature

BindSubkey returns a subkey binding signature on the given encryption subkey.

func (*ED25519MasterKey) EncodePrivateDummyPacket 

func (key *ED25519MasterKey) EncodePrivateDummyPacket() []byte

EncodePrivateDummyPacket encodes the public key and a private key stub into a serialized OpenPGP packet.

func (*ED25519MasterKey) EncodePrivatePacket 

func (key *ED25519MasterKey) EncodePrivatePacket(password []byte) ([]byte, error)

EncodePrivatePacket encodes the private key into a serialized OpenPGP packet.

func (*ED25519MasterKey) EncodePublicPacket 

func (key *ED25519MasterKey) EncodePublicPacket() []byte

EncodePublicPacket encodes the public key into a serialized OpenPGP packet.

func (*ED25519MasterKey) FingerprintV4 

func (key *ED25519MasterKey) FingerprintV4() []byte

FingerprintV4 returns the 20-byte SHA1 hash of the serialized public key.

func (*ED25519MasterKey) SelfCertify 

func (key *ED25519MasterKey) SelfCertify(userID *UserID) *Signature

SelfCertify returns a self-certification signature, needed to prove the key attests to being owned by a given user identifier.

type ED25519Subkey 

type ED25519Subkey struct {
	Private  ed25519.PrivateKey
	Public   ed25519.PublicKey
	Creation time.Time
	Expiry   time.Time
	// contains filtered or unexported fields
}

ED25519Subkey represents an OpenPGP ED25519 authentication subkey.

func NewED25519Subkey 

func NewED25519Subkey(seed []byte, creation time.Time, expiry time.Time) (*ED25519Subkey, error)

ED25519Subkey derives an ED25519 authentication subkey from the given 32-byte seed, and sets the given key creation and expiry dates.

func (*ED25519Subkey) EncodePrivatePacket 

func (key *ED25519Subkey) EncodePrivatePacket(password []byte) ([]byte, error)

EncodePrivatePacket encodes the private key into a serialized OpenPGP packet.

func (*ED25519Subkey) EncodePublicSubkeyPacket 

func (key *ED25519Subkey) EncodePublicSubkeyPacket() []byte

EncodePublicPacket encodes the public key into a serialized OpenPGP packet.

func (*ED25519Subkey) FingerprintV4 

func (key *ED25519Subkey) FingerprintV4() []byte

FingerprintV4 returns the 20-byte SHA1 hash of the serialized public key.

type HashFuncID 

type HashFuncID byte

HashFuncID identifies a hash function within OpenPGP packets. 

const (
	HashFuncSHA1   HashFuncID = 2
	HashFuncSHA256 HashFuncID = 8
	HashFuncSHA384 HashFuncID = 9
	HashFuncSHA512 HashFuncID = 10
	HashFuncSHA224 HashFuncID = 11
)

func (HashFuncID) New 

func (id HashFuncID) New() hash.Hash

type KeyDerivationParameters 

type KeyDerivationParameters struct {
	HashFunction    HashFuncID
	CipherAlgorithm CipherAlgoID
}

KeyDerivationParameters represents a set of key-derivation parameters included within public key packets. These parameters are included in serialized encryption subkeys.

func (*KeyDerivationParameters) Encode 

func (kdf *KeyDerivationParameters) Encode() []byte

type KeySet 

type KeySet struct {
	// Required for a valid OpenPGP packet.
	UserID    *UserID
	MasterKey *ED25519MasterKey

	// Optional subkeys.
	EncryptionSubkey     *Curve25519Subkey
	AuthenticationSubkey *ED25519Subkey
	SigningSubkey        *ED25519Subkey
}

KeySet represents a full set of PGP keys, with an associated user identifier.

func (*KeySet) EncodePackets 

func (keySet *KeySet) EncodePackets(password []byte) ([]byte, error)

EncodePackets encodes the KeySet as a series of binary OpenPGP packets.

If password is not nil and longer than 0 bytes, it is used as a key to encrypt the PGP private key packets using the S2K iterated & salted algorithm.

func (*KeySet) EncodeSubkeyPackets 

func (keySet *KeySet) EncodeSubkeyPackets(password []byte, withSelfCert bool) ([]byte, error)

EncodeSubkeyPackets encodes the KeySet as a series of binary OpenPGP packets, but only includes the private key material for subkeys. The master key is encoded as a private key stub without providing the private key material itself.

To use the output of this method, the caller is presumed to already have the master key, so the self-certification signature is not provided.

If password is not nil and longer than 0 bytes, it is used as a key to encrypt the PGP private subkeys using the S2K iterated & salted algorithm.

type PacketTag 

type PacketTag byte

PacketTag is included in the header of every OpenPGP packet. It indicates the type of OpenPGP packet that follows, and how to decode it. 

const (
	PacketTagSignature    PacketTag = 2
	PacketTagSecretKey    PacketTag = 5
	PacketTagPublicKey    PacketTag = 6
	PacketTagSecretSubkey PacketTag = 7
	PacketTagUserID       PacketTag = 13
	PacketTagPublicSubkey PacketTag = 14
)

type Signature 

type Signature struct {
	HashedSubpackets   []*Subpacket
	UnhashedSubpackets []*Subpacket
	Type               SignatureType
	HashFunction       HashFuncID
	SigHash            []byte
	R, S               *big.Int
}

Signature represents an OpenPGP EdDSA signature.

func Sign 

func Sign(privateKey ed25519.PrivateKey, req *SignatureRequest) *Signature

Sign signs the signature request using the EdDSA algorithm on the Edwards 25519 curve.

func (*Signature) Encode 

func (signature *Signature) Encode() []byte

Encode returns the binary encoding of the signature hash preimage trailer and the EdDSA signature value pair (r, s).

func (*Signature) EncodePacket 

func (signature *Signature) EncodePacket() []byte

type SignatureRequest 

type SignatureRequest struct {
	// SigningKeyFingerprint is the fingerprint of the signing PGP key.
	SigningKeyFingerprint []byte

	// HashFunction describes how the final data block should be hashed
	// to prepare it for EdDSA signing.
	HashFunction HashFuncID

	// Data is the arbitrary context-dependent data to be signed.
	Data []byte

	// Type describes what kind of signature should be made.
	Type SignatureType

	// HashedSubpackets is a collection of extra data which will be committed
	// to by the signature.
	HashedSubpackets []*Subpacket

	// UnhashedSubpackets is a collection of extra subpackets which are not
	// committed to by the signature.
	UnhashedSubpackets []*Subpacket

	// Time is the timestamp when the signature is created.
	Time time.Time
}

SignatureRequest is the input data needed for an OpenPGP signature.

type SignatureType 

type SignatureType byte

SignatureType denotes the intent of a signature. 

https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-5.2.1

const (

	// SignatureTypePositiveCertification indicates the signature intends to certify
	// that a given public key belongs to a given user identity.
	SignatureTypePositiveCertification SignatureType = 0x13

	// SignatureTypeSubkeyBinding indicates the signature intends to bind a subkey to
	// a master certification key.
	SignatureTypeSubkeyBinding SignatureType = 0x18

	// SignatureTypePrimaryKeyBinding indicates the signature intends to bind a master
	// key to a signing subkey.
	SignatureTypePrimaryKeyBinding SignatureType = 0x19

	// Assorted signature types not used by this library but exported for optional
	// downstream funcionality extensions.
	SignatureTypeBinaryDocument         SignatureType = 0x00
	SignatureTypeTextDocument           SignatureType = 0x01
	SignatureTypeStandalone             SignatureType = 0x02
	SignatureTypeGenericCertification   SignatureType = 0x10
	SignatureTypePersonaCertification   SignatureType = 0x11
	SignatureTypeCasualCertification    SignatureType = 0x12
	SignatureTypeAttestedKey            SignatureType = 0x16
	SignatureTypeDirectKey              SignatureType = 0x1F
	SignatureTypeRevocation             SignatureType = 0x20
	SignatureTypeSubkeyRevocation       SignatureType = 0x28
	SignatureTypeCertifiationRevocation SignatureType = 0x30
	SignatureTypeTimestamp              SignatureType = 0x40
	SignatureTypeThirdPartyConfirmation SignatureType = 0x50
)

type Subpacket 

type Subpacket struct {
	Type SubpacketType
	Body []byte
}

Subpacket contains extra metadata about the conditions of a signature's assertion, and they may or may not be committed to by the signature, depending on their position within the signature packet.

func (*Subpacket) Encode 

func (sp *Subpacket) Encode() []byte

Encode returns the binary encoding of the Subpacket.

type SubpacketType 

type SubpacketType byte

SubpacketType identifies the meaning of a subpacket in an OpenPGP signature packet. 

const (
	SubpacketTypeCreationTime                   SubpacketType = 2
	SubpacketTypeExpiry                         SubpacketType = 9
	SubpacketTypePreferredCipherAlgorithms      SubpacketType = 11
	SubpacketTypeIssuer                         SubpacketType = 16
	SubpacketTypePreferredHashAlgorithms        SubpacketType = 21
	SubpacketTypePreferredCompressionAlgorithms SubpacketType = 22
	SubpacketTypeKeyServerPreferences           SubpacketType = 23
	SubpacketTypeKeyFlags                       SubpacketType = 27
	SubpacketTypeFeatures                       SubpacketType = 30
	SubpacketTypeEmbeddedSignature              SubpacketType = 32
	SubpacketTypeIssuerFingerprint              SubpacketType = 33
	SubpacketTypePreferredAEADAlgorithms        SubpacketType = 34
)

type UserID 

type UserID struct {
	Name  string
	Email string
}

UserID represents a human-readable user identity.

func (*UserID) Encode 

func (id *UserID) Encode() []byte

func (*UserID) EncodePacket 

func (id *UserID) EncodePacket() []byte

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.