crypto

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 15, 2019 License: MIT Imports: 31 Imported by: 0

Documentation

Overview

Package crypto provides a high-level API for common OpenPGP functionality.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncryptCore 

func EncryptCore(w io.Writer, encryptEntities []*openpgp.Entity, signEntity *openpgp.Entity, filename string,
	canonicalizeText bool, timeGenerator func() time.Time) (io.WriteCloser, error)

EncryptCore is lower-level encryption method used by KeyRing.Encrypt.

func SeparateKeyAndData 

func SeparateKeyAndData(
	kr *KeyRing, r io.Reader,
	estimatedLength, garbageCollector int,
) (outSplit *models.EncryptedSplit, err error)

SeparateKeyAndData reads a binary PGP message from r and splits it into its session key packet and symmetrically encrypted data packet.

func SplitArmor 

func SplitArmor(encrypted string) (*models.EncryptedSplit, error)

SplitArmor is a helper method which splits an armored message into its session key packet and symmetrically encrypted data packet.

Types

type AttachmentProcessor 

type AttachmentProcessor struct {
	// contains filtered or unexported fields
}

AttachmentProcessor keeps track of the progress of encrypting an attachment (optimized for encrypting large files).

func (*AttachmentProcessor) Finish 

func (ap *AttachmentProcessor) Finish() (*models.EncryptedSplit, error)

Finish closes the attachment and returns the encrypted data

func (*AttachmentProcessor) Process 

func (ap *AttachmentProcessor) Process(plainData []byte)

Process writes attachment data to be encrypted

type GopenPGP 

type GopenPGP struct {
	// contains filtered or unexported fields
}

GopenPGP is used as a "namespace" for many of the functions in this package. It is a struct that keeps track of time skew between server and client.

func GetGopenPGP 

func GetGopenPGP() *GopenPGP

GetGopenPGP return global GopenPGP

func (*GopenPGP) BuildKeyRing 

func (pgp *GopenPGP) BuildKeyRing(binKeys []byte) (kr *KeyRing, err error)

BuildKeyRing reads keyring from binary data

func (*GopenPGP) BuildKeyRingArmored 

func (pgp *GopenPGP) BuildKeyRingArmored(key string) (kr *KeyRing, err error)

BuildKeyRingArmored reads armored string and returns keyring

func (*GopenPGP) BuildKeyRingNoError 

func (pgp *GopenPGP) BuildKeyRingNoError(binKeys []byte) (kr *KeyRing)

BuildKeyRingNoError does not return error on fail

func (*GopenPGP) CheckKey 

func (pgp *GopenPGP) CheckKey(pubKey string) (string, error)

CheckKey is a debug helper function that prints the key and subkey fingerprints.

func (*GopenPGP) DecryptAttachment 

func (pgp *GopenPGP) DecryptAttachment(
	keyPacket, dataPacket []byte,
	kr *KeyRing, passphrase string,
) ([]byte, error)

DecryptAttachment takes a session key packet and symmetrically encrypted data packet. privateKeys is a KeyRing that can contain multiple keys. The passphrase is used to unlock keys in privateKeys.

func (*GopenPGP) DecryptMIMEMessage 

func (pgp *GopenPGP) DecryptMIMEMessage(
	encryptedText string, verifierKey, privateKeyRing *KeyRing,
	passphrase string, callbacks MIMECallbacks, verifyTime int64,
)

DecryptMIMEMessage decrypts a MIME message.

func (*GopenPGP) DecryptMessage 

func (pgp *GopenPGP) DecryptMessage(encryptedText string, privateKey *KeyRing, passphrase string) (string, error)

DecryptMessage decrypts encrypted string using keyring encryptedText : string armored encrypted privateKey : keyring with private key to decrypt message, could be multiple keys passphrase : match with private key to decrypt message

func (*GopenPGP) DecryptMessageStringKey 

func (pgp *GopenPGP) DecryptMessageStringKey(
	encryptedText, privateKey, passphrase string,
) (string, error)

DecryptMessageStringKey decrypts encrypted message use private key (string) encryptedText : string armored encrypted privateKey : armored private use to decrypt message passphrase : match with private key to decrypt message

func (*GopenPGP) DecryptMessageVerify 

func (pgp *GopenPGP) DecryptMessageVerify(
	encryptedText string, verifierKey, privateKeyRing *KeyRing,
	passphrase string, verifyTime int64,
) (*models.DecryptSignedVerify, error)

DecryptMessageVerify decrypts message and verify the signature encryptedText: string armored encrypted verifierKey []byte: unarmored verifier keys privateKeyRing []byte: unarmored private key to decrypt. could be multiple passphrase: match with private key to decrypt message

func (*GopenPGP) DecryptMessageWithPassword 

func (pgp *GopenPGP) DecryptMessageWithPassword(encrypted string, password string) (string, error)

DecryptMessageWithPassword decrypts a pgp message with a password encrypted string : armored pgp message output string : clear text

func (*GopenPGP) EncryptAttachment 

func (pgp *GopenPGP) EncryptAttachment(
	plainData []byte, fileName string, publicKey *KeyRing,
) (*models.EncryptedSplit, error)

EncryptAttachment encrypts a file. fileName

func (*GopenPGP) EncryptAttachmentLowMemory 

func (pgp *GopenPGP) EncryptAttachmentLowMemory(
	estimatedSize int, fileName string, publicKey *KeyRing,
) (*AttachmentProcessor, error)

EncryptAttachmentLowMemory creates an AttachmentProcessor which can be used to encrypt a file. It takes an estimatedSize and fileName as hints about the file. It is optimized for low-memory environments and collects garbage every megabyte.

func (*GopenPGP) EncryptMessage 

func (pgp *GopenPGP) EncryptMessage(
	plainText string, publicKey, privateKey *KeyRing,
	passphrase string, trim bool,
) (string, error)

EncryptMessage encrypts message with unarmored public key, if pass private key and passphrase will also sign the message publicKey : bytes unarmored public key plainText : the input privateKey : optional required when you want to sign passphrase : optional required when you pass the private key and this passphrase should decrypt the private key trim : bool true if need to trim new lines

func (*GopenPGP) EncryptMessageWithPassword 

func (pgp *GopenPGP) EncryptMessageWithPassword(plainText string, password string) (string, error)

EncryptMessageWithPassword encrypts a plain text to pgp message with a password plainText string: clear text output string: armored pgp message

func (*GopenPGP) GenerateKey 

func (pgp *GopenPGP) GenerateKey(userName, domain, passphrase, keyType string, bits int) (string, error)

GenerateKey generates a key of the given keyType ("rsa" or "x25519"). If keyType is "rsa", bits is the RSA bitsize of the key. If keyType is "x25519", bits is unused.

func (*GopenPGP) GenerateRSAKeyWithPrimes 

func (pgp *GopenPGP) GenerateRSAKeyWithPrimes(
	userName, domain, passphrase string,
	bits int,
	primeone, primetwo, primethree, primefour []byte,
) (string, error)

GenerateRSAKeyWithPrimes generates a RSA key using the given primes.

func (*GopenPGP) GetSessionFromKeyPacket 

func (pgp *GopenPGP) GetSessionFromKeyPacket(
	keyPacket []byte, privateKey *KeyRing, passphrase string,
) (*SymmetricKey,
	error)

GetSessionFromKeyPacket returns the decrypted session key from a binary public-key encrypted session key packet.

func (*GopenPGP) GetSessionFromSymmetricPacket 

func (pgp *GopenPGP) GetSessionFromSymmetricPacket(keyPacket []byte, password string) (*SymmetricKey, error)

GetSessionFromSymmetricPacket decrypts the binary symmetrically encrypted session key packet and returns the session key.

func (*GopenPGP) GetTime 

func (pgp *GopenPGP) GetTime() time.Time

GetTime gets latest cached time

func (*GopenPGP) GetTimeUnix 

func (pgp *GopenPGP) GetTimeUnix() int64

GetTimeUnix gets latest cached time

func (*GopenPGP) IsKeyExpired 

func (pgp *GopenPGP) IsKeyExpired(publicKey string) (bool, error)

IsKeyExpired checks whether the given armored key is expired.

func (*GopenPGP) IsKeyExpiredBin 

func (pgp *GopenPGP) IsKeyExpiredBin(publicKey []byte) (bool, error)

IsKeyExpiredBin checks whether the given (unarmored, binary) key is expired.

func (*GopenPGP) KeyPacketWithPublicKey 

func (pgp *GopenPGP) KeyPacketWithPublicKey(sessionSplit *SymmetricKey, publicKey string) ([]byte, error)

KeyPacketWithPublicKey encrypts the session key with the armored publicKey and returns a binary public-key encrypted session key packet.

func (*GopenPGP) KeyPacketWithPublicKeyBin 

func (pgp *GopenPGP) KeyPacketWithPublicKeyBin(sessionSplit *SymmetricKey, publicKey []byte) ([]byte, error)

KeyPacketWithPublicKeyBin encrypts the session key with the unarmored publicKey and returns a binary public-key encrypted session key packet.

func (*GopenPGP) RandomToken 

func (pgp *GopenPGP) RandomToken() ([]byte, error)

RandomToken generates a random token with the key size of the default cipher.

func (*GopenPGP) RandomTokenWith 

func (pgp *GopenPGP) RandomTokenWith(size int) ([]byte, error)

RandomTokenWith generates a random token with the given key size.

func (*GopenPGP) SymmetricKeyPacketWithPassword 

func (pgp *GopenPGP) SymmetricKeyPacketWithPassword(sessionSplit *SymmetricKey, password string) ([]byte, error)

SymmetricKeyPacketWithPassword encrypts the session key with the password and returns a binary symmetrically encrypted session key packet.

func (*GopenPGP) UpdatePrivateKeyPassphrase 

func (pgp *GopenPGP) UpdatePrivateKeyPassphrase(
	privateKey string, oldPassphrase string, newPassphrase string,
) (string, error)

UpdatePrivateKeyPassphrase decrypts the given armored privateKey with oldPassphrase, re-encrypts it with newPassphrase, and returns the new armored key.

func (*GopenPGP) UpdateTime 

func (pgp *GopenPGP) UpdateTime(newTime int64)

UpdateTime updates cached time

type Identity 

type Identity struct {
	Name  string
	Email string
}

Identity contains the name and the email of a key holder.

type KeyRing 

type KeyRing struct {

	// FirstKeyID as obtained from API to match salt
	FirstKeyID string
	// contains filtered or unexported fields
}

KeyRing contains multiple private and public keys.

func FilterExpiredKeys 

func FilterExpiredKeys(contactKeys []*KeyRing) (filteredKeys []*KeyRing, err error)

FilterExpiredKeys takes a given KeyRing list and it returns only those KeyRings which contain at least, one unexpired Key. It returns only unexpired parts of these KeyRings.

func ReadArmoredKeyRing 

func ReadArmoredKeyRing(r io.Reader) (kr *KeyRing, err error)

ReadArmoredKeyRing reads an armored data into keyring.

func ReadKeyRing 

func ReadKeyRing(r io.Reader) (kr *KeyRing, err error)

ReadKeyRing reads an binary data into keyring.

func (*KeyRing) CheckPassphrase 

func (kr *KeyRing) CheckPassphrase(passphrase string) bool

CheckPassphrase checks if private key passphrase is correct for every sub key.

func (*KeyRing) Decrypt 

func (kr *KeyRing) Decrypt(r io.Reader) (decrypted io.Reader, signed *Signature, err error)

Decrypt decrypts a message sent to the keypair's owner. If the message is not signed, signed will be nil. If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors), contents are still provided if library clients wish to process this message further.

func (*KeyRing) DecryptArmored 

func (kr *KeyRing) DecryptArmored(r io.Reader) (decrypted io.Reader, signed *Signature, err error)

DecryptArmored decrypts an armored message sent to the keypair's owner. If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors), contents are still provided if library clients wish to process this message further.

func (*KeyRing) DecryptMessage 

func (kr *KeyRing) DecryptMessage(encrypted string) (SignedString, error)

DecryptMessage decrypts an armored string sent to the keypair's owner. If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors), contents are still provided if library clients wish to process this message further.

func (*KeyRing) DecryptMessageIfNeeded 

func (kr *KeyRing) DecryptMessageIfNeeded(data string) (decrypted string, err error)

DecryptMessageIfNeeded data if has armored PGP message format, if not return original data. If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors), contents are still provided if library clients wish to process this message further.

func (*KeyRing) Encrypt 

func (kr *KeyRing) Encrypt(w io.Writer, sign *KeyRing, filename string, canonicalizeText bool) (io.WriteCloser, error)

Encrypt encrypts data to this keyring's owner. If sign is not nil, it also signs data with it. The keyring sign must be unlocked to be able to sign data, if not an error will be returned.

func (*KeyRing) EncryptArmored 

func (kr *KeyRing) EncryptArmored(w io.Writer, sign *KeyRing) (wc io.WriteCloser, err error)

EncryptArmored encrypts and armors data to the keyring's owner. Wrapper of Encrypt.

func (*KeyRing) EncryptKey 

func (kr *KeyRing) EncryptKey(symKey *SymmetricKey) (packets string, err error)

EncryptKey encrypts the provided key.

func (*KeyRing) EncryptMessage 

func (kr *KeyRing) EncryptMessage(s string, sign *KeyRing) (encrypted string, err error)

EncryptMessage encrypts and armors a string to the keyring's owner. Wrapper of Encrypt.

func (*KeyRing) EncryptSymmetric 

func (kr *KeyRing) EncryptSymmetric(textToEncrypt string, canonicalizeText bool) (outSplit *models.EncryptedSplit,
	err error)

EncryptSymmetric data using generated symmetric key encrypted with this KeyRing. Wrapper of Encrypt.

func (*KeyRing) GetArmoredPublicKey 

func (kr *KeyRing) GetArmoredPublicKey() (s string, err error)

GetArmoredPublicKey returns the armored public keys from this keyring.

func (*KeyRing) GetEntities 

func (kr *KeyRing) GetEntities() openpgp.EntityList

GetEntities returns openpgp entities contained in this KeyRing.

func (*KeyRing) GetFingerprint 

func (kr *KeyRing) GetFingerprint() (string, error)

GetFingerprint gets the fingerprint from the keyring.

func (*KeyRing) GetPublicKey 

func (kr *KeyRing) GetPublicKey() (b []byte, err error)

GetPublicKey returns the unarmored public keys from this keyring.

func (*KeyRing) GetSigningEntity 

func (kr *KeyRing) GetSigningEntity(passphrase string) (*openpgp.Entity, error)

GetSigningEntity returns first private unlocked signing entity from keyring.

func (*KeyRing) Identities 

func (kr *KeyRing) Identities() []*Identity

Identities returns the list of identities associated with this key ring.

func (*KeyRing) KeyIds 

func (kr *KeyRing) KeyIds() []uint64

KeyIds returns array of IDs of keys in this KeyRing.

func (*KeyRing) SignBinDetached 

func (kr *KeyRing) SignBinDetached(plainData []byte, passphrase string) (string, error)

SignBinDetached creates an armored detached signature of binary data.

func (*KeyRing) SignTextDetached 

func (kr *KeyRing) SignTextDetached(plainText string, passphrase string, trimNewlines bool) (string, error)

SignTextDetached creates an armored detached signature of a given string.

func (*KeyRing) Unlock 

func (kr *KeyRing) Unlock(passphrase []byte) error

Unlock tries to unlock as many keys as possible with the following password. Note that keyrings can contain keys locked with different passwords, and thus err == nil does not mean that all keys have been successfully decrypted. If err != nil, the password is wrong for every key, and err is the last error encountered.

func (*KeyRing) UnmarshalJSON 

func (kr *KeyRing) UnmarshalJSON(b []byte) (err error)

UnmarshalJSON implements encoding/json.Unmarshaler.

func (*KeyRing) VerifyBinDetachedSig 

func (kr *KeyRing) VerifyBinDetachedSig(signature string, plainData []byte, verifyTime int64) (bool, error)

VerifyBinDetachedSig verifies an armored detached signature given the plaintext as binary data.

func (*KeyRing) VerifyTextDetachedSig 

func (kr *KeyRing) VerifyTextDetachedSig(
	signature string, plainText string, verifyTime int64, trimNewlines bool,
) (bool, error)

VerifyTextDetachedSig verifies an armored detached signature given the plaintext as a string.

func (*KeyRing) WriteArmoredPublicKey 

func (kr *KeyRing) WriteArmoredPublicKey(w io.Writer) (err error)

WriteArmoredPublicKey outputs armored public keys from the keyring to w.

func (*KeyRing) WritePublicKey 

func (kr *KeyRing) WritePublicKey(w io.Writer) (err error)

WritePublicKey outputs unarmored public keys from the keyring to w.

type MIMECallbacks 

type MIMECallbacks interface {
	OnBody(body string, mimetype string)
	OnAttachment(headers string, data []byte)
	// Encrypted headers can be in an attachment and thus be placed at the end of the mime structure.
	OnEncryptedHeaders(headers string)
	OnVerified(verified int)
	OnError(err error)
}

MIMECallbacks defines callback methods to process a MIME message.

type Signature 

type Signature struct {
	// contains filtered or unexported fields
}

Signature is be used to check a signature. Because the signature is checked when the reader is consumed, Signature must only be used after EOF has been seen. A signature is only valid if s.Err() returns nil, otherwise the sender's identity cannot be trusted.

func (*Signature) Err 

func (s *Signature) Err() error

Err returns a non-nil error if the signature is invalid.

func (*Signature) IsBy 

func (s *Signature) IsBy(kr *KeyRing) bool

IsBy returns true if the signature has been created by kr's owner.

func (*Signature) KeyRing 

func (s *Signature) KeyRing() *KeyRing

KeyRing returns the key ring that was used to produce the signature, if available.

type SignatureCollector 

type SignatureCollector struct {
	// contains filtered or unexported fields
}

SignatureCollector structure

func (*SignatureCollector) Accept 

func (sc *SignatureCollector) Accept(
	part io.Reader, header textproto.MIMEHeader,
	hasPlainSibling, isFirst, isLast bool,
) (err error)

Accept collects the signature

func (SignatureCollector) GetSignature 

func (sc SignatureCollector) GetSignature() string

GetSignature collected by Accept

type SignedString 

type SignedString struct {
	String string
	Signed *Signature
}

SignedString wraps string with a Signature

type SymmetricKey 

type SymmetricKey struct {
	// The decrypted binary session key.
	Key []byte
	// The symmetric encryption algorithm used with this key.
	Algo string
}

SymmetricKey stores a decrypted session key.

func DecryptAttKey 

func DecryptAttKey(kr *KeyRing, keyPacket string) (key *SymmetricKey, err error)

DecryptAttKey decrypts a public-key encrypted session key and returns the decrypted symmetric session key.

func (*SymmetricKey) GetBase64Key 

func (sk *SymmetricKey) GetBase64Key() string

GetBase64Key returns the session key as base64 encoded string.

func (*SymmetricKey) GetCipherFunc 

func (sk *SymmetricKey) GetCipherFunc() packet.CipherFunction

GetCipherFunc returns the cipher function corresponding to the algorithm used with this SymmetricKey.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.