Documentation ¶
Overview ¶
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
Index ¶
- Constants
- func KeyRevocationHash(pk signingKey, hashFunc crypto.Hash) (h hash.Hash, err error)
- func NewOCFBDecrypter(block cipher.Block, prefix []byte, resync OCFBResyncOption) cipher.Stream
- func NewOCFBEncrypter(block cipher.Block, randData []byte, resync OCFBResyncOption) (cipher.Stream, []byte)
- func SerializeCompressed(w io.WriteCloser, algo CompressionAlgo, cc *CompressionConfig) (literaldata io.WriteCloser, err error)
- func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, ...) error
- func SerializeLiteral(w io.WriteCloser, isBinary bool, fileName string, time uint32) (plaintext io.WriteCloser, err error)
- func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error)
- func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error)
- type CipherFunction
- type Compressed
- type CompressionAlgo
- type CompressionConfig
- type Config
- type EncryptedKey
- type LiteralData
- type OCFBResyncOption
- type OnePassSignature
- type OpaquePacket
- type OpaqueReader
- type OpaqueSubpacket
- type Packet
- type PrivateKey
- func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey) *PrivateKey
- func NewECDSAPrivateKey(currentTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey
- func NewElGamalPrivateKey(currentTime time.Time, priv *elgamal.PrivateKey) *PrivateKey
- func NewRSAPrivateKey(currentTime time.Time, priv *rsa.PrivateKey) *PrivateKey
- func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey
- type PublicKey
- func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey
- func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey
- func NewElGamalPublicKey(creationTime time.Time, pub *elgamal.PublicKey) *PublicKey
- func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey
- func (pk *PublicKey) BitLength() (bitLength uint16, err error)
- func (pk *PublicKey) CanSign() bool
- func (pk *PublicKey) KeyIdShortString() string
- func (pk *PublicKey) KeyIdString() string
- func (pk *PublicKey) Serialize(w io.Writer) (err error)
- func (pk *PublicKey) SerializeSignaturePrefix(h io.Writer)
- func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) error
- func (pk *PublicKey) VerifyRevocationSignature(sig *Signature) (err error)
- func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err error)
- func (pk *PublicKey) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error)
- func (pk *PublicKey) VerifyUserIdSignature(id string, pub *PublicKey, sig *Signature) (err error)
- func (pk *PublicKey) VerifyUserIdSignatureV3(id string, pub *PublicKey, sig *SignatureV3) (err error)
- type PublicKeyAlgorithm
- type PublicKeyV3
- func (pk *PublicKeyV3) BitLength() (bitLength uint16, err error)
- func (pk *PublicKeyV3) CanSign() bool
- func (pk *PublicKeyV3) KeyIdShortString() string
- func (pk *PublicKeyV3) KeyIdString() string
- func (pk *PublicKeyV3) Serialize(w io.Writer) (err error)
- func (pk *PublicKeyV3) SerializeSignaturePrefix(w io.Writer)
- func (pk *PublicKeyV3) VerifyKeySignatureV3(signed *PublicKeyV3, sig *SignatureV3) (err error)
- func (pk *PublicKeyV3) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error)
- func (pk *PublicKeyV3) VerifyUserIdSignatureV3(id string, pub *PublicKeyV3, sig *SignatureV3) (err error)
- type Reader
- type Signature
- func (sig *Signature) KeyExpired(currentTime time.Time) bool
- func (sig *Signature) Serialize(w io.Writer) (err error)
- func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err error)
- func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config) error
- func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, config *Config) error
- type SignatureType
- type SignatureV3
- type SymmetricKeyEncrypted
- type SymmetricallyEncrypted
- type UserAttribute
- type UserId
Constants ¶
const ( NoCompression = flate.NoCompression BestSpeed = flate.BestSpeed BestCompression = flate.BestCompression DefaultCompression = flate.DefaultCompression )
const ( SigTypeBinary SignatureType = 0 SigTypeText = 1 SigTypeGenericCert = 0x10 SigTypePersonaCert = 0x11 SigTypeCasualCert = 0x12 SigTypePositiveCert = 0x13 SigTypeSubkeyBinding = 0x18 SigTypePrimaryKeyBinding = 0x19 SigTypeDirectSignature = 0x1F SigTypeKeyRevocation = 0x20 SigTypeSubkeyRevocation = 0x28 )
const ( S2KUsageConventionUnencrypted = 0 S2KUsageConventionPlaintextChecksum = 255 S2KUsageConventionEncryptedSha1 = 254 )
https://tools.ietf.org/html/rfc4880#section-5.5.3
const ( // See RFC 4880, section 5.2.3.21 for details. KeyFlagCertify = 1 << iota KeyFlagSign KeyFlagEncryptCommunications KeyFlagEncryptStorage )
const UserAttrImageSubpacket = 1
Variables ¶
This section is empty.
Functions ¶
func KeyRevocationHash ¶
func NewOCFBDecrypter ¶
NewOCFBDecrypter returns a cipher.Stream which decrypts data with OpenPGP's cipher feedback mode using the given cipher.Block. Prefix must be the first blockSize + 2 bytes of the ciphertext, where blockSize is the cipher.Block's block size. If an incorrect key is detected then nil is returned. On successful exit, blockSize+2 bytes of decrypted data are written into prefix. Resync determines if the "resynchronization step" from RFC 4880, 13.9 step 7 is performed. Different parts of OpenPGP vary on this point.
func NewOCFBEncrypter ¶
func NewOCFBEncrypter(block cipher.Block, randData []byte, resync OCFBResyncOption) (cipher.Stream, []byte)
NewOCFBEncrypter returns a cipher.Stream which encrypts data with OpenPGP's cipher feedback mode using the given cipher.Block, and an initial amount of ciphertext. randData must be random bytes and be the same length as the cipher.Block's block size. Resync determines if the "resynchronization step" from RFC 4880, 13.9 step 7 is performed. Different parts of OpenPGP vary on this point.
func SerializeCompressed ¶
func SerializeCompressed(w io.WriteCloser, algo CompressionAlgo, cc *CompressionConfig) (literaldata io.WriteCloser, err error)
SerializeCompressed serializes a compressed data packet to w and returns a WriteCloser to which the literal data packets themselves can be written and which MUST be closed on completion. If cc is nil, sensible defaults will be used to configure the compression algorithm.
func SerializeEncryptedKey ¶
func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, config *Config) error
SerializeEncryptedKey serializes an encrypted key packet to w that contains key, encrypted to pub. If config is nil, sensible defaults will be used.
func SerializeLiteral ¶
func SerializeLiteral(w io.WriteCloser, isBinary bool, fileName string, time uint32) (plaintext io.WriteCloser, err error)
SerializeLiteral serializes a literal data packet to w and returns a WriteCloser to which the data itself can be written and which MUST be closed on completion. The fileName is truncated to 255 bytes.
func SerializeSymmetricKeyEncrypted ¶
func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error)
SerializeSymmetricKeyEncrypted serializes a symmetric key packet to w. The packet contains a random session key, encrypted by a key derived from the given passphrase. The session key is returned and must be passed to SerializeSymmetricallyEncrypted. If config is nil, sensible defaults will be used.
func SerializeSymmetricallyEncrypted ¶
func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error)
SerializeSymmetricallyEncrypted serializes a symmetrically encrypted packet to w and returns a WriteCloser to which the to-be-encrypted packets can be written. If config is nil, sensible defaults will be used.
Types ¶
type CipherFunction ¶
type CipherFunction uint8
CipherFunction represents the different block ciphers specified for OpenPGP. See http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13
const ( Cipher3DES CipherFunction = 2 CipherCAST5 CipherFunction = 3 CipherAES128 CipherFunction = 7 CipherAES192 CipherFunction = 8 CipherAES256 CipherFunction = 9 )
func (CipherFunction) KeySize ¶
func (cipher CipherFunction) KeySize() int
KeySize returns the key size, in bytes, of cipher.
type Compressed ¶
Compressed represents a compressed OpenPGP packet. The decompressed contents will contain more OpenPGP packets. See RFC 4880, section 5.6.
type CompressionAlgo ¶
type CompressionAlgo uint8
CompressionAlgo Represents the different compression algorithms supported by OpenPGP (except for BZIP2, which is not currently supported). See Section 9.3 of RFC 4880.
const ( CompressionNone CompressionAlgo = 0 CompressionZIP CompressionAlgo = 1 CompressionZLIB CompressionAlgo = 2 )
type CompressionConfig ¶
type CompressionConfig struct { // Level is the compression level to use. It must be set to // between -1 and 9, with -1 causing the compressor to use the // default compression level, 0 causing the compressor to use // no compression and 1 to 9 representing increasing (better, // slower) compression levels. If Level is less than -1 or // more then 9, a non-nil error will be returned during // encryption. See the constants above for convenient common // settings for Level. Level int }
CompressionConfig contains compressor configuration settings.
type Config ¶
type Config struct { // Rand provides the source of entropy. // If nil, the crypto/rand Reader is used. Rand io.Reader // DefaultHash is the default hash function to be used. // If zero, SHA-256 is used. DefaultHash crypto.Hash // DefaultCipher is the cipher to be used. // If zero, AES-128 is used. DefaultCipher CipherFunction // Time returns the current time as the number of seconds since the // epoch. If Time is nil, time.Now is used. Time func() time.Time // DefaultCompressionAlgo is the compression algorithm to be // applied to the plaintext before encryption. If zero, no // compression is done. DefaultCompressionAlgo CompressionAlgo // CompressionConfig configures the compression settings. CompressionConfig *CompressionConfig // S2KCount is only used for symmetric encryption. It // determines the strength of the passphrase stretching when // the said passphrase is hashed to produce a key. S2KCount // should be between 1024 and 65011712, inclusive. If Config // is nil or S2KCount is 0, the value 65536 used. Not all // values in the above range can be represented. S2KCount will // be rounded up to the next representable value if it cannot // be encoded exactly. When set, it is strongly encrouraged to // use a value that is at least 65536. See RFC 4880 Section // 3.7.1.3. S2KCount int // RSABits is the number of bits in new RSA keys made with NewEntity. // If zero, then 2048 bit keys are created. RSABits int SerializePrivatePassword string }
Config collects a number of parameters along with sensible defaults. A nil *Config is valid and results in all default values.
func (*Config) Cipher ¶
func (c *Config) Cipher() CipherFunction
func (*Config) Compression ¶
func (c *Config) Compression() CompressionAlgo
func (*Config) PasswordHashIterations ¶
type EncryptedKey ¶
type EncryptedKey struct { KeyId uint64 Algo PublicKeyAlgorithm CipherFunc CipherFunction // only valid after a successful Decrypt Key []byte // only valid after a successful Decrypt // contains filtered or unexported fields }
EncryptedKey represents a public-key encrypted session key. See RFC 4880, section 5.1.
func (*EncryptedKey) Decrypt ¶
func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error
Decrypt decrypts an encrypted session key with the given private key. The private key must have been decrypted first. If config is nil, sensible defaults will be used.
type LiteralData ¶
type LiteralData struct { IsBinary bool FileName string Time uint32 // Unix epoch time. Either creation time or modification time. 0 means undefined. Body io.Reader }
LiteralData represents an encrypted file. See RFC 4880, section 5.9.
func (*LiteralData) ForEyesOnly ¶
func (l *LiteralData) ForEyesOnly() bool
ForEyesOnly returns whether the contents of the LiteralData have been marked as especially sensitive.
type OCFBResyncOption ¶
type OCFBResyncOption bool
An OCFBResyncOption determines if the "resynchronization step" of OCFB is performed.
const ( OCFBResync OCFBResyncOption = true OCFBNoResync OCFBResyncOption = false )
type OnePassSignature ¶
type OnePassSignature struct { SigType SignatureType Hash crypto.Hash PubKeyAlgo PublicKeyAlgorithm KeyId uint64 IsLast bool }
OnePassSignature represents a one-pass signature packet. See RFC 4880, section 5.4.
type OpaquePacket ¶
type OpaquePacket struct { // Packet type Tag uint8 // Reason why the packet was parsed opaquely Reason error // Binary contents of the packet data Contents []byte }
OpaquePacket represents an OpenPGP packet as raw, unparsed data. This is useful for splitting and storing the original packet contents separately, handling unsupported packet types or accessing parts of the packet not yet implemented by this package.
func (*OpaquePacket) Parse ¶
func (op *OpaquePacket) Parse() (p Packet, err error)
Parse attempts to parse the opaque contents into a structure supported by this package. If the packet is not known then the result will be another OpaquePacket.
type OpaqueReader ¶
type OpaqueReader struct {
// contains filtered or unexported fields
}
OpaqueReader reads OpaquePackets from an io.Reader.
func NewOpaqueReader ¶
func NewOpaqueReader(r io.Reader) *OpaqueReader
func (*OpaqueReader) Next ¶
func (or *OpaqueReader) Next() (op *OpaquePacket, err error)
Read the next OpaquePacket.
type OpaqueSubpacket ¶
OpaqueSubpacket represents an unparsed OpenPGP subpacket, as found in signature and user attribute packets.
func OpaqueSubpackets ¶
func OpaqueSubpackets(contents []byte) (result []*OpaqueSubpacket, err error)
OpaqueSubpackets extracts opaque, unparsed OpenPGP subpackets from their byte representation.
type Packet ¶
type Packet interface {
// contains filtered or unexported methods
}
Packet represents an OpenPGP packet. Users are expected to try casting instances of this interface to specific packet types.
type PrivateKey ¶
type PrivateKey struct { PublicKey Encrypted bool // if true then the private key is unavailable until Decrypt has been called. PrivateKey interface{} // An *{rsa|dsa|ecdsa}.PrivateKey or a crypto.Signer. // contains filtered or unexported fields }
PrivateKey represents a possibly encrypted private key. See RFC 4880, section 5.5.3.
func NewDSAPrivateKey ¶
func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey) *PrivateKey
func NewECDSAPrivateKey ¶
func NewECDSAPrivateKey(currentTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey
func NewElGamalPrivateKey ¶
func NewElGamalPrivateKey(currentTime time.Time, priv *elgamal.PrivateKey) *PrivateKey
func NewRSAPrivateKey ¶
func NewRSAPrivateKey(currentTime time.Time, priv *rsa.PrivateKey) *PrivateKey
func NewSignerPrivateKey ¶
func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey
NewSignerPrivateKey creates a sign-only PrivateKey from a crypto.Signer that implements RSA or ECDSA.
func (*PrivateKey) Decrypt ¶
func (pk *PrivateKey) Decrypt(passphrase []byte) error
Decrypt decrypts an encrypted private key using a passphrase.
func (*PrivateKey) Serialize ¶
func (pk *PrivateKey) Serialize(w io.Writer, config *Config) (err error)
func (*PrivateKey) SerializeEncrypted ¶
func (pk *PrivateKey) SerializeEncrypted(w io.Writer, config *Config) (err error)
func (*PrivateKey) SerializeUnencrypted ¶
func (pk *PrivateKey) SerializeUnencrypted(w io.Writer) (err error)
type PublicKey ¶
type PublicKey struct { CreationTime time.Time PubKeyAlgo PublicKeyAlgorithm PublicKey interface{} // *rsa.PublicKey, *dsa.PublicKey or *ecdsa.PublicKey Fingerprint [20]byte KeyId uint64 IsSubkey bool // contains filtered or unexported fields }
PublicKey represents an OpenPGP public key. See RFC 4880, section 5.5.2.
func NewDSAPublicKey ¶
NewDSAPublicKey returns a PublicKey that wraps the given dsa.PublicKey.
func NewECDSAPublicKey ¶
func NewElGamalPublicKey ¶
NewElGamalPublicKey returns a PublicKey that wraps the given elgamal.PublicKey.
func NewRSAPublicKey ¶
NewRSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey.
func (*PublicKey) KeyIdShortString ¶
KeyIdShortString returns the short form of public key's fingerprint in capital hex, as shown by gpg --list-keys (e.g. "621CC013").
func (*PublicKey) KeyIdString ¶
KeyIdString returns the public key's fingerprint in capital hex (e.g. "6C7EE1B8621CC013").
func (*PublicKey) SerializeSignaturePrefix ¶
SerializeSignaturePrefix writes the prefix for this public key to the given Writer. The prefix is used when calculating a signature over this public key. See RFC 4880, section 5.2.4.
func (*PublicKey) VerifyKeySignature ¶
VerifyKeySignature returns nil iff sig is a valid signature, made by this public key, of signed.
func (*PublicKey) VerifyRevocationSignature ¶
VerifyRevocationSignature returns nil iff sig is a valid signature, made by this public key.
func (*PublicKey) VerifySignature ¶
VerifySignature returns nil iff sig is a valid signature, made by this public key, of the data hashed into signed. signed is mutated by this call.
func (*PublicKey) VerifySignatureV3 ¶
func (pk *PublicKey) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error)
VerifySignatureV3 returns nil iff sig is a valid signature, made by this public key, of the data hashed into signed. signed is mutated by this call.
func (*PublicKey) VerifyUserIdSignature ¶
VerifyUserIdSignature returns nil iff sig is a valid signature, made by this public key, that id is the identity of pub.
func (*PublicKey) VerifyUserIdSignatureV3 ¶
func (pk *PublicKey) VerifyUserIdSignatureV3(id string, pub *PublicKey, sig *SignatureV3) (err error)
VerifyUserIdSignatureV3 returns nil iff sig is a valid signature, made by this public key, that id is the identity of pub.
type PublicKeyAlgorithm ¶
type PublicKeyAlgorithm uint8
PublicKeyAlgorithm represents the different public key system specified for OpenPGP. See http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-12
const ( PubKeyAlgoRSA PublicKeyAlgorithm = 1 PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2 PubKeyAlgoRSASignOnly PublicKeyAlgorithm = 3 PubKeyAlgoElGamal PublicKeyAlgorithm = 16 PubKeyAlgoDSA PublicKeyAlgorithm = 17 // RFC 6637, Section 5. PubKeyAlgoECDH PublicKeyAlgorithm = 18 PubKeyAlgoECDSA PublicKeyAlgorithm = 19 )
func (PublicKeyAlgorithm) CanEncrypt ¶
func (pka PublicKeyAlgorithm) CanEncrypt() bool
CanEncrypt returns true if it's possible to encrypt a message to a public key of the given type.
func (PublicKeyAlgorithm) CanSign ¶
func (pka PublicKeyAlgorithm) CanSign() bool
CanSign returns true if it's possible for a public key of the given type to sign a message.
type PublicKeyV3 ¶
type PublicKeyV3 struct { CreationTime time.Time DaysToExpire uint16 PubKeyAlgo PublicKeyAlgorithm PublicKey *rsa.PublicKey Fingerprint [16]byte KeyId uint64 IsSubkey bool // contains filtered or unexported fields }
PublicKeyV3 represents older, version 3 public keys. These keys are less secure and should not be used for signing or encrypting. They are supported here only for parsing version 3 key material and validating signatures. See RFC 4880, section 5.5.2.
func (*PublicKeyV3) BitLength ¶
func (pk *PublicKeyV3) BitLength() (bitLength uint16, err error)
BitLength returns the bit length for the given public key.
func (*PublicKeyV3) CanSign ¶
func (pk *PublicKeyV3) CanSign() bool
CanSign returns true iff this public key can generate signatures
func (*PublicKeyV3) KeyIdShortString ¶
func (pk *PublicKeyV3) KeyIdShortString() string
KeyIdShortString returns the short form of public key's fingerprint in capital hex, as shown by gpg --list-keys (e.g. "621CC013").
func (*PublicKeyV3) KeyIdString ¶
func (pk *PublicKeyV3) KeyIdString() string
KeyIdString returns the public key's fingerprint in capital hex (e.g. "6C7EE1B8621CC013").
func (*PublicKeyV3) SerializeSignaturePrefix ¶
func (pk *PublicKeyV3) SerializeSignaturePrefix(w io.Writer)
SerializeSignaturePrefix writes the prefix for this public key to the given Writer. The prefix is used when calculating a signature over this public key. See RFC 4880, section 5.2.4.
func (*PublicKeyV3) VerifyKeySignatureV3 ¶
func (pk *PublicKeyV3) VerifyKeySignatureV3(signed *PublicKeyV3, sig *SignatureV3) (err error)
VerifyKeySignatureV3 returns nil iff sig is a valid signature, made by this public key, of signed.
func (*PublicKeyV3) VerifySignatureV3 ¶
func (pk *PublicKeyV3) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error)
VerifySignatureV3 returns nil iff sig is a valid signature, made by this public key, of the data hashed into signed. signed is mutated by this call.
func (*PublicKeyV3) VerifyUserIdSignatureV3 ¶
func (pk *PublicKeyV3) VerifyUserIdSignatureV3(id string, pub *PublicKeyV3, sig *SignatureV3) (err error)
VerifyUserIdSignatureV3 returns nil iff sig is a valid signature, made by this public key, that id is the identity of pub.
type Reader ¶
type Reader struct {
// contains filtered or unexported fields
}
Reader reads packets from an io.Reader and allows packets to be 'unread' so that they result from the next call to Next.
func (*Reader) Next ¶
Next returns the most recently unread Packet, or reads another packet from the top-most io.Reader. Unknown packet types are skipped.
func (*Reader) Push ¶
Push causes the Reader to start reading from a new io.Reader. When an EOF error is seen from the new io.Reader, it is popped and the Reader continues to read from the next most recent io.Reader. Push returns a StructuralError if pushing the reader would exceed the maximum recursion level, otherwise it returns nil.
type Signature ¶
type Signature struct { SigType SignatureType PubKeyAlgo PublicKeyAlgorithm Hash crypto.Hash // HashSuffix is extra data that is hashed in after the signed data. HashSuffix []byte // HashTag contains the first two bytes of the hash for fast rejection // of bad signed data. HashTag [2]byte CreationTime time.Time RSASignature parsedMPI DSASigR, DSASigS parsedMPI ECDSASigR, ECDSASigS parsedMPI SigLifetimeSecs, KeyLifetimeSecs *uint32 PreferredSymmetric, PreferredHash, PreferredCompression []uint8 IssuerKeyId *uint64 IsPrimaryId *bool // FlagsValid is set if any flags were given. See RFC 4880, section // 5.2.3.21 for details. FlagsValid bool FlagCertify, FlagSign, FlagEncryptCommunications, FlagEncryptStorage bool // RevocationReason is set if this signature has been revoked. // See RFC 4880, section 5.2.3.23 for details. RevocationReason *uint8 RevocationReasonText string // MDC is set if this signature has a feature packet that indicates // support for MDC subpackets. MDC bool // EmbeddedSignature, if non-nil, is a signature of the parent key, by // this key. This prevents an attacker from claiming another's signing // subkey as their own. EmbeddedSignature *Signature ExportableCertification *bool // contains filtered or unexported fields }
Signature represents a signature. See RFC 4880, section 5.2.
func (*Signature) KeyExpired ¶
KeyExpired returns whether sig is a self-signature of a key that has expired.
func (*Signature) Serialize ¶
Serialize marshals sig to w. Sign, SignUserId or SignKey must have been called first.
func (*Signature) Sign ¶
Sign signs a message with a private key. The hash, h, must contain the hash of the message to be signed and will be mutated by this function. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
func (*Signature) SignKey ¶
func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config) error
SignKey computes a signature from priv, asserting that pub is a subkey. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
func (*Signature) SignUserId ¶
SignUserId computes a signature from priv, asserting that pub is a valid key for the identity id. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.
type SignatureType ¶
type SignatureType uint8
SignatureType represents the different semantic meanings of an OpenPGP signature. See RFC 4880, section 5.2.1.
type SignatureV3 ¶
type SignatureV3 struct { SigType SignatureType CreationTime time.Time IssuerKeyId uint64 PubKeyAlgo PublicKeyAlgorithm Hash crypto.Hash HashTag [2]byte RSASignature parsedMPI DSASigR, DSASigS parsedMPI }
SignatureV3 represents older version 3 signatures. These signatures are less secure than version 4 and should not be used to create new signatures. They are included here for backwards compatibility to read and validate with older key material. See RFC 4880, section 5.2.2.
type SymmetricKeyEncrypted ¶
type SymmetricKeyEncrypted struct { CipherFunc CipherFunction // contains filtered or unexported fields }
SymmetricKeyEncrypted represents a passphrase protected session key. See RFC 4880, section 5.3.
func (*SymmetricKeyEncrypted) Decrypt ¶
func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunction, error)
Decrypt attempts to decrypt an encrypted session key and returns the key and the cipher to use when decrypting a subsequent Symmetrically Encrypted Data packet.
type SymmetricallyEncrypted ¶
type SymmetricallyEncrypted struct { MDC bool // true iff this is a type 18 packet and thus has an embedded MAC. // contains filtered or unexported fields }
SymmetricallyEncrypted represents a symmetrically encrypted byte string. The encrypted contents will consist of more OpenPGP packets. See RFC 4880, sections 5.7 and 5.13.
func (*SymmetricallyEncrypted) Decrypt ¶
func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error)
Decrypt returns a ReadCloser, from which the decrypted contents of the packet can be read. An incorrect key can, with high probability, be detected immediately and this will result in a KeyIncorrect error being returned.
type UserAttribute ¶
type UserAttribute struct {
Contents []*OpaqueSubpacket
}
UserAttribute is capable of storing other types of data about a user beyond name, email and a text comment. In practice, user attributes are typically used to store a signed thumbnail photo JPEG image of the user. See RFC 4880, section 5.12.
func NewUserAttribute ¶
func NewUserAttribute(contents ...*OpaqueSubpacket) *UserAttribute
NewUserAttribute creates a new user attribute packet containing the given subpackets.
func NewUserAttributePhoto ¶
func NewUserAttributePhoto(photos ...image.Image) (uat *UserAttribute, err error)
NewUserAttributePhoto creates a user attribute packet containing the given images.
func (*UserAttribute) ImageData ¶
func (uat *UserAttribute) ImageData() (imageData [][]byte)
ImageData returns zero or more byte slices, each containing JPEG File Interchange Format (JFIF), for each photo in the the user attribute packet.
type UserId ¶
type UserId struct { Id string // By convention, this takes the form "Full Name (Comment) <email@example.com>" which is split out in the fields below. Name, Comment, Email string }
UserId contains text that is intended to represent the name and email address of the key holder. See RFC 4880, section 5.11. By convention, this takes the form "Full Name (Comment) <email@example.com>"