Documentation ¶
Overview ¶
Package pgp contains an implementation of the go.mozilla.org/sops/v3.MasterKey interface that encrypts and decrypts the data key by first trying with the github.com/ProtonMail/go-crypto/openpgp package and if that fails, by calling the "gpg" binary.
Index ¶
- type MasterKey
- func (key *MasterKey) Decrypt() ([]byte, error)
- func (key *MasterKey) Encrypt(dataKey []byte) error
- func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error
- func (key *MasterKey) EncryptedDataKey() []byte
- func (key *MasterKey) NeedsRotation() bool
- func (key *MasterKey) SetEncryptedDataKey(enc []byte)
- func (key MasterKey) ToMap() map[string]interface{}
- func (key *MasterKey) ToString() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type MasterKey ¶
MasterKey is a PGP key used to securely store sops' data key by encrypting it and decrypting it
func MasterKeysFromFingerprintString ¶
MasterKeysFromFingerprintString takes a comma separated list of PGP fingerprints and returns a slice of new MasterKeys with those fingerprints
func NewMasterKeyFromFingerprint ¶
NewMasterKeyFromFingerprint takes a PGP fingerprint and returns a new MasterKey with that fingerprint
func (*MasterKey) Decrypt ¶
Decrypt uses PGP to obtain the data key from the EncryptedKey store in the MasterKey and returns it
func (*MasterKey) Encrypt ¶
Encrypt encrypts the data key with the PGP key with the same fingerprint as the MasterKey. It looks for PGP public keys in $PGPHOME/pubring.gpg.
func (*MasterKey) EncryptIfNeeded ¶
EncryptIfNeeded encrypts the data key with PGP only if it's needed, that is, if it hasn't been encrypted already
func (*MasterKey) EncryptedDataKey ¶
EncryptedDataKey returns the encrypted data key this master key holds
func (*MasterKey) NeedsRotation ¶
NeedsRotation returns whether the data key needs to be rotated or not
func (*MasterKey) SetEncryptedDataKey ¶
SetEncryptedDataKey sets the encrypted data key for this master key