crypto

package
v2.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 4, 2020 License: MIT Imports: 36 Imported by: 0

Documentation

Overview

Package crypto provides a high-level API for common OpenPGP functionality.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncryptSessionKeyWithPassword 

func EncryptSessionKeyWithPassword(sk *SessionKey, password []byte) ([]byte, error)

EncryptSessionKeyWithPassword encrypts the session key with the password and returns a binary symmetrically encrypted session key packet.

func GetTime 

func GetTime() time.Time

GetTime gets latest cached time.

func GetUnixTime 

func GetUnixTime() int64

GetUnixTime gets latest cached time.

func IsPGPMessage 

func IsPGPMessage(data string) bool

IsPGPMessage checks if data if has armored PGP message format.

func RandomToken 

func RandomToken(size int) ([]byte, error)

RandomToken generates a random token with the specified key size.

func UpdateTime 

func UpdateTime(newTime int64)

UpdateTime updates cached time.

Types

type AttachmentProcessor 

type AttachmentProcessor struct {
	// contains filtered or unexported fields
}

AttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files).

func (*AttachmentProcessor) Finish 

func (ap *AttachmentProcessor) Finish() (*PGPSplitMessage, error)

Finish closes the attachment and returns the encrypted data.

func (*AttachmentProcessor) Process 

func (ap *AttachmentProcessor) Process(plainData []byte)

Process writes attachment data to be encrypted.

type ClearTextMessage 

type ClearTextMessage struct {
	Data      []byte
	Signature []byte
}

A ClearTextMessage is a signed but not encrypted PGP message, i.e. the ones beginning with -----BEGIN PGP SIGNED MESSAGE-----.

func NewClearTextMessage 

func NewClearTextMessage(data []byte, signature []byte) *ClearTextMessage

NewClearTextMessage generates a new ClearTextMessage from data and signature.

func NewClearTextMessageFromArmored 

func NewClearTextMessageFromArmored(signedMessage string) (*ClearTextMessage, error)

NewClearTextMessageFromArmored returns the message body and unarmored signature from a clearsigned message.

func (*ClearTextMessage) GetArmored 

func (msg *ClearTextMessage) GetArmored() (string, error)

GetArmored armors plaintext and signature with the PGP SIGNED MESSAGE armoring.

func (*ClearTextMessage) GetBinary 

func (msg *ClearTextMessage) GetBinary() []byte

GetBinary returns the unarmored signed data as a []byte.

func (*ClearTextMessage) GetBinarySignature 

func (msg *ClearTextMessage) GetBinarySignature() []byte

GetBinarySignature returns the unarmored binary signature as a []byte.

func (*ClearTextMessage) GetString 

func (msg *ClearTextMessage) GetString() string

GetString returns the unarmored signed data as a string.

type GopenPGP 

type GopenPGP struct {
	// contains filtered or unexported fields
}

GopenPGP is used as a "namespace" for many of the functions in this package. It is a struct that keeps track of time skew between server and client.

type Identity 

type Identity struct {
	Name  string
	Email string
}

Identity contains the name and the email of a key holder.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key contains a single private or public key.

func GenerateKey 

func GenerateKey(name, email string, keyType string, bits int) (*Key, error)

GenerateKey generates a key of the given keyType ("rsa" or "x25519"). If keyType is "rsa", bits is the RSA bitsize of the key. If keyType is "x25519" bits is unused.

func GenerateKeyWithExpiration added in v2.0.4 

func GenerateKeyWithExpiration(name, email string, keyType string, bits int, expiration *uint32) (*Key, error)

GenerateKeyWithExpiration generates a key of the given keyType ("rsa" or "x25519"). Expiration is some time in the future If keyType is "rsa", bits is the RSA bitsize of the key. If keyType is "x25519" bits is unused.

func GenerateRSAKeyWithPrimes 

func GenerateRSAKeyWithPrimes(
	name, email string,
	bits int,
	expiration *uint32,
	primeone, primetwo, primethree, primefour []byte,
) (*Key, error)

GenerateRSAKeyWithPrimes generates a RSA key using the given primes.

func NewKey 

func NewKey(binKeys []byte) (key *Key, err error)

NewKey creates a new key from the first key in the unarmored binary data.

func NewKeyFromArmored 

func NewKeyFromArmored(armored string) (key *Key, err error)

NewKeyFromArmored creates a new key from the first key in an armored string.

func NewKeyFromArmoredReader 

func NewKeyFromArmoredReader(r io.Reader) (key *Key, err error)

NewKeyFromArmoredReader reads an armored data into a key.

func NewKeyFromReader 

func NewKeyFromReader(r io.Reader) (key *Key, err error)

NewKeyFromReader reads binary data into a Key object.

func (*Key) Armor 

func (key *Key) Armor() (string, error)

func (*Key) Check 

func (key *Key) Check() (bool, error)

Check verifies if the public keys match the private key parameters by signing and verifying.

func (*Key) ClearPrivateParams 

func (key *Key) ClearPrivateParams() (ok bool)

func (*Key) Copy 

func (key *Key) Copy() (*Key, error)

Copy creates a deep copy of the key.

func (*Key) GetArmoredPublicKey 

func (key *Key) GetArmoredPublicKey() (s string, err error)

GetArmoredPublicKey returns the armored public keys from this keyring.

func (*Key) GetFingerprint 

func (key *Key) GetFingerprint() string

GetFingerprint gets the fingerprint from the key.

func (*Key) GetHexKeyID 

func (key *Key) GetHexKeyID() string

GetHexKeyID returns the key ID, hex encoded as a string.

func (*Key) GetKeyID 

func (key *Key) GetKeyID() uint64

GetKeyID returns the key ID, encoded as 8-byte int.

func (*Key) GetPublicKey 

func (key *Key) GetPublicKey() (b []byte, err error)

GetPublicKey returns the unarmored public keys from this keyring.

func (*Key) GetSHA256Fingerprints 

func (key *Key) GetSHA256Fingerprints() (fingerprints []string)

GetSHA256Fingerprints computes the SHA256 fingerprints of the key and subkeys.

func (*Key) IsExpired 

func (key *Key) IsExpired() bool

IsExpired checks whether the key is expired.

func (*Key) IsLocked 

func (key *Key) IsLocked() (bool, error)

IsLocked checks if a private key is locked.

func (*Key) IsPrivate 

func (key *Key) IsPrivate() bool

IsPrivate returns true if the key is private.

func (*Key) IsUnlocked 

func (key *Key) IsUnlocked() (bool, error)

IsUnlocked checks if a private key is unlocked.

func (*Key) Lock 

func (key *Key) Lock(passphrase []byte) (*Key, error)

Lock locks a copy of the key.

func (*Key) PrintFingerprints 

func (key *Key) PrintFingerprints() ([]string, string)

PrintFingerprints is a debug helper function that prints the key and subkey fingerprints.

Example 
keyringKey, _ := NewKeyFromArmored(readTestFile("keyring_publicKey", false))
keyringKey.PrintFingerprints()

Output:

SubKey:37e4bcf09b36e34012d10c0247dc67b5cb8267f6
PrimaryKey:6e8ba229b0cccaf6962f97953eb6259edf21df24

func (*Key) Serialize 

func (key *Key) Serialize() ([]byte, error)

func (*Key) Unlock 

func (key *Key) Unlock(passphrase []byte) (*Key, error)

Unlock unlocks a copy of the key.

type KeyRing 

type KeyRing struct {

	// FirstKeyID as obtained from API to match salt
	FirstKeyID string
	// contains filtered or unexported fields
}

KeyRing contains multiple private and public keys.

func FilterExpiredKeys 

func FilterExpiredKeys(contactKeys []*KeyRing) (filteredKeys []*KeyRing, err error)

FilterExpiredKeys takes a given KeyRing list and it returns only those KeyRings which contain at least, one unexpired Key. It returns only unexpired parts of these KeyRings.

func NewKeyRing 

func NewKeyRing(key *Key) (*KeyRing, error)

NewKeyRing creates a new KeyRing, empty if key is nil.

func (*KeyRing) AddKey 

func (keyRing *KeyRing) AddKey(key *Key) error

AddKey adds the given key to the keyring.

func (*KeyRing) ClearPrivateParams 

func (keyRing *KeyRing) ClearPrivateParams()

func (*KeyRing) Copy 

func (keyRing *KeyRing) Copy() (*KeyRing, error)

Copy creates a deep copy of the keyring.

func (*KeyRing) CountDecryptionEntities 

func (keyRing *KeyRing) CountDecryptionEntities() int

CountDecryptionEntities returns the number of entities in the keyring.

func (*KeyRing) CountEntities 

func (keyRing *KeyRing) CountEntities() int

CountEntities returns the number of entities in the keyring.

func (*KeyRing) Decrypt 

func (keyRing *KeyRing) Decrypt(
	message *PGPMessage, verifyKey *KeyRing, verifyTime int64,
) (*PlainMessage, error)

Decrypt decrypts encrypted string using pgp keys, returning a PlainMessage * message : The encrypted input as a PGPMessage * verifyKey : Public key for signature verification (optional) * verifyTime : Time at verification (necessary only if verifyKey is not nil)

When verifyKey is not provided, then verifyTime should be zero, and signature verification will be ignored.

func (*KeyRing) DecryptAttachment 

func (keyRing *KeyRing) DecryptAttachment(message *PGPSplitMessage) (*PlainMessage, error)

DecryptAttachment takes a PGPSplitMessage, containing a session key packet and symmetrically encrypted data and returns a decrypted PlainMessage Specifically designed for attachments rather than text messages.

func (*KeyRing) DecryptMIMEMessage 

func (keyRing *KeyRing) DecryptMIMEMessage(
	message *PGPMessage, verifyKey *KeyRing, callbacks MIMECallbacks, verifyTime int64,
)

DecryptMIMEMessage decrypts a MIME message.

func (*KeyRing) DecryptSessionKey 

func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)

DecryptSessionKey returns the decrypted session key from a binary encrypted session key packet.

func (*KeyRing) Encrypt 

func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)

Encrypt encrypts a PlainMessage, outputs a PGPMessage. If an unlocked private key is also provided it will also sign the message. * message : The plaintext input as a PlainMessage. * privateKey : (optional) an unlocked private keyring to include signature in the message.

func (*KeyRing) EncryptAttachment 

func (keyRing *KeyRing) EncryptAttachment(message *PlainMessage, fileName string) (*PGPSplitMessage, error)

EncryptAttachment encrypts a file given a PlainMessage and a fileName. Returns a PGPSplitMessage containing a session key packet and symmetrically encrypted data. Specifically designed for attachments rather than text messages.

func (*KeyRing) EncryptSessionKey 

func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error)

EncryptSessionKey encrypts the session key with the unarmored publicKey and returns a binary public-key encrypted session key packet.

func (*KeyRing) FirstKey 

func (keyRing *KeyRing) FirstKey() (*KeyRing, error)

FirstKey returns a KeyRing with only the first key of the original one.

func (*KeyRing) GetIdentities 

func (keyRing *KeyRing) GetIdentities() []*Identity

GetIdentities returns the list of identities associated with this key ring.

func (*KeyRing) GetKey 

func (keyRing *KeyRing) GetKey(n int) (*Key, error)

GetKey returns the n-th openpgp key contained in this KeyRing.

func (*KeyRing) GetKeyIDs 

func (keyRing *KeyRing) GetKeyIDs() []uint64

GetKeyIDs returns array of IDs of keys in this KeyRing.

func (*KeyRing) GetKeys 

func (keyRing *KeyRing) GetKeys() []*Key

GetKeys returns openpgp keys contained in this KeyRing.

func (*KeyRing) NewLowMemoryAttachmentProcessor 

func (keyRing *KeyRing) NewLowMemoryAttachmentProcessor(
	estimatedSize int, fileName string,
) (*AttachmentProcessor, error)

NewLowMemoryAttachmentProcessor creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and fileName as hints about the file. It is optimized for low-memory environments and collects garbage every megabyte.

func (*KeyRing) SignDetached 

func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error)

SignDetached generates and returns a PGPSignature for a given PlainMessage.

func (*KeyRing) VerifyDetached 

func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error

VerifyDetached verifies a PlainMessage with embedded a PGPSignature and returns a SignatureVerificationError if fails.

type MIMECallbacks 

type MIMECallbacks interface {
	OnBody(body string, mimetype string)
	OnAttachment(headers string, data []byte)
	// Encrypted headers can be in an attachment and thus be placed at the end of the mime structure.
	OnEncryptedHeaders(headers string)
	OnVerified(verified int)
	OnError(err error)
}

MIMECallbacks defines callback methods to process a MIME message.

type PGPMessage 

type PGPMessage struct {
	// The content of the message
	Data []byte
}

PGPMessage stores a PGP-encrypted message.

func EncryptMessageWithPassword 

func EncryptMessageWithPassword(message *PlainMessage, password []byte) (*PGPMessage, error)

EncryptMessageWithPassword encrypts a PlainMessage to PGPMessage with a SymmetricKey. * message : The plain data as a PlainMessage. * password: A password that will be derived into an encryption key. * output : The encrypted data as PGPMessage.

func NewPGPMessage 

func NewPGPMessage(data []byte) *PGPMessage

NewPGPMessage generates a new PGPMessage from the unarmored binary data.

func NewPGPMessageFromArmored 

func NewPGPMessageFromArmored(armored string) (*PGPMessage, error)

NewPGPMessageFromArmored generates a new PGPMessage from an armored string ready for decryption.

func (*PGPMessage) GetArmored 

func (msg *PGPMessage) GetArmored() (string, error)

GetArmored returns the armored message as a string.

func (*PGPMessage) GetArmoredWithCustomHeaders 

func (msg *PGPMessage) GetArmoredWithCustomHeaders(comment, version string) (string, error)

GetArmoredWithCustomHeaders returns the armored message as a string, with the given headers. Empty parameters are omitted from the headers.

func (*PGPMessage) GetBinary 

func (msg *PGPMessage) GetBinary() []byte

GetBinary returns the unarmored binary content of the message as a []byte.

func (*PGPMessage) NewReader 

func (msg *PGPMessage) NewReader() io.Reader

NewReader returns a New io.Reader for the unarmored binary data of the message.

func (*PGPMessage) SeparateKeyAndData 

func (msg *PGPMessage) SeparateKeyAndData(estimatedLength, garbageCollector int) (outSplit *PGPSplitMessage, err error)

SeparateKeyAndData returns the first keypacket and the (hopefully unique) dataPacket (not verified). * estimatedLength is the estimate length of the message. * garbageCollector > 0 activates the garbage collector.

type PGPSignature 

type PGPSignature struct {
	// The content of the signature
	Data []byte
}

PGPSignature stores a PGP-encoded detached signature.

func NewPGPSignature 

func NewPGPSignature(data []byte) *PGPSignature

NewPGPSignature generates a new PGPSignature from the unarmored binary data.

func NewPGPSignatureFromArmored 

func NewPGPSignatureFromArmored(armored string) (*PGPSignature, error)

NewPGPSignatureFromArmored generates a new PGPSignature from the armored string ready for verification.

func (*PGPSignature) GetArmored 

func (msg *PGPSignature) GetArmored() (string, error)

GetArmored returns the armored signature as a string.

func (*PGPSignature) GetBinary 

func (msg *PGPSignature) GetBinary() []byte

GetBinary returns the unarmored binary content of the signature as a []byte.

type PGPSplitMessage 

type PGPSplitMessage struct {
	DataPacket []byte
	KeyPacket  []byte
}

PGPSplitMessage contains a separate session key packet and symmetrically encrypted data packet.

func NewPGPSplitMessage 

func NewPGPSplitMessage(keyPacket []byte, dataPacket []byte) *PGPSplitMessage

NewPGPSplitMessage generates a new PGPSplitMessage from the binary unarmored keypacket, datapacket, and encryption algorithm.

func NewPGPSplitMessageFromArmored 

func NewPGPSplitMessageFromArmored(encrypted string) (*PGPSplitMessage, error)

NewPGPSplitMessageFromArmored generates a new PGPSplitMessage by splitting an armored message into its session key packet and symmetrically encrypted data packet.

func (*PGPSplitMessage) GetArmored 

func (msg *PGPSplitMessage) GetArmored() (string, error)

GetArmored returns the armored message as a string, with joined data and key packets.

func (*PGPSplitMessage) GetBinary 

func (msg *PGPSplitMessage) GetBinary() []byte

GetBinary returns the unarmored binary joined packets as a []byte.

func (*PGPSplitMessage) GetBinaryDataPacket 

func (msg *PGPSplitMessage) GetBinaryDataPacket() []byte

GetBinaryDataPacket returns the unarmored binary datapacket as a []byte.

func (*PGPSplitMessage) GetBinaryKeyPacket 

func (msg *PGPSplitMessage) GetBinaryKeyPacket() []byte

GetBinaryKeyPacket returns the unarmored binary keypacket as a []byte.

func (*PGPSplitMessage) GetPGPMessage 

func (msg *PGPSplitMessage) GetPGPMessage() *PGPMessage

GetPGPMessage joins asymmetric session key packet with the symmetric data packet to obtain a PGP message.

type PlainMessage 

type PlainMessage struct {
	// The content of the message
	Data []byte
	// if the content is text or binary
	TextType bool
}

PlainMessage stores a plain text / unencrypted message.

func DecryptMessageWithPassword 

func DecryptMessageWithPassword(message *PGPMessage, password []byte) (*PlainMessage, error)

DecryptMessageWithPassword decrypts password protected pgp binary messages. * encrypted: The encrypted data as PGPMessage. * password: A password that will be derived into an encryption key. * output: The decrypted data as PlainMessage.

func NewPlainMessage 

func NewPlainMessage(data []byte) *PlainMessage

NewPlainMessage generates a new binary PlainMessage ready for encryption, signature, or verification from the unencrypted binary data.

func NewPlainMessageFromString 

func NewPlainMessageFromString(text string) *PlainMessage

NewPlainMessageFromString generates a new text PlainMessage, ready for encryption, signature, or verification from an unencrypted string.

func (*PlainMessage) GetBase64 

func (msg *PlainMessage) GetBase64() string

GetBase64 returns the base-64 encoded binary content of the message as a string.

func (*PlainMessage) GetBinary 

func (msg *PlainMessage) GetBinary() []byte

GetBinary returns the binary content of the message as a []byte.

func (*PlainMessage) GetString 

func (msg *PlainMessage) GetString() string

GetString returns the content of the message as a string.

func (*PlainMessage) IsBinary 

func (msg *PlainMessage) IsBinary() bool

IsBinary returns whether the message is a binary message.

func (*PlainMessage) IsText 

func (msg *PlainMessage) IsText() bool

IsText returns whether the message is a text message.

func (*PlainMessage) NewReader 

func (msg *PlainMessage) NewReader() io.Reader

NewReader returns a New io.Reader for the binary data of the message.

type SessionKey 

type SessionKey struct {
	// The decrypted binary session key.
	Key []byte
	// The symmetric encryption algorithm used with this key.
	Algo string
}

SessionKey stores a decrypted session key.

func DecryptSessionKeyWithPassword 

func DecryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, error)

DecryptSessionKeyWithPassword decrypts the binary symmetrically encrypted session key packet and returns the session key.

func GenerateSessionKey 

func GenerateSessionKey() (*SessionKey, error)

GenerateSessionKey generates a random key for the default cipher.

func GenerateSessionKeyAlgo 

func GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error)

GenerateSessionKeyAlgo generates a random key of the correct length for the specified algorithm.

func NewSessionKeyFromToken 

func NewSessionKeyFromToken(token []byte, algo string) *SessionKey

func (*SessionKey) Clear 

func (sk *SessionKey) Clear() (ok bool)

func (*SessionKey) Decrypt 

func (sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error)

Decrypt decrypts password protected pgp binary messages. * encrypted: PGPMessage. * output: PlainMessage.

func (*SessionKey) Encrypt 

func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error)

Encrypt encrypts a PlainMessage to PGPMessage with a SessionKey. * message : The plain data as a PlainMessage. * output : The encrypted data as PGPMessage.

func (*SessionKey) GetBase64Key 

func (sk *SessionKey) GetBase64Key() string

GetBase64Key returns the session key as base64 encoded string.

func (*SessionKey) GetCipherFunc 

func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error)

GetCipherFunc returns the cipher function corresponding to the algorithm used with this SessionKey.

type SignatureCollector 

type SignatureCollector struct {
	// contains filtered or unexported fields
}

SignatureCollector structure.

func (*SignatureCollector) Accept 

func (sc *SignatureCollector) Accept(
	part io.Reader, header textproto.MIMEHeader,
	hasPlainSibling, isFirst, isLast bool,
) (err error)

Accept collects the signature.

func (SignatureCollector) GetSignature 

func (sc SignatureCollector) GetSignature() string

GetSignature collected by Accept.

type SignatureVerificationError 

type SignatureVerificationError struct {
	Status  int
	Message string
}

SignatureVerificationError is returned from Decrypt and VerifyDetached functions when signature verification fails.

func (SignatureVerificationError) Error 

func (e SignatureVerificationError) Error() string

Error is the base method for all errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.