An EntityList contains one or more Entities.
DecryptionKeys returns all private keys that are valid for decryption.
KeysById returns the set of keys that have the given key id.
KeysByIdAndUsage returns the set of keys with the given id that also meet
the key usage given by requiredUsage. The requiredUsage is expressed as
the bitwise-OR of packet.KeyFlag* values.
T : KeyRing
func ReadArmoredKeyRing(r io.Reader) (EntityList, error)
func ReadKeyRing(r io.Reader) (el EntityList, err error)
FileHints contains metadata about encrypted files. This metadata is, itself,
encrypted.
FileName hints at the name of the file that should be written. It's
truncated to 255 bytes if longer. It may be empty to suggest that the
file should not be written to disk. It may be equal to "_CONSOLE" to
suggest the data should not be written to disk.
IsBinary can be set to hint that the contents are binary data.
ModTime contains the modification time of the file, or the zero time if not applicable.
func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error)
func Sign(output io.Writer, signed *Entity, hints *FileHints, config *packet.Config) (input io.WriteCloser, err error)
func SymmetricallyEncrypt(ciphertext io.Writer, passphrase []byte, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error)
func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error)
MessageDetails contains the result of parsing an OpenPGP encrypted and/or
signed message.
// the private key used to decrypt the message, if any.
// the list of recipient key ids.
// true if the message was encrypted.
// true if the message is signed.
// true if a passphrase could have decrypted the message.
// the metadata of the contents
// the signature packet itself, if v4 (default)
If IsSigned is true and SignedBy is non-zero then the signature will
be verified as UnverifiedBody is read. The signature cannot be
checked until the whole of UnverifiedBody is read so UnverifiedBody
must be consumed until EOF before the data can be trusted. Even if a
message isn't signed (or the signer is unknown) the data may contain
an authentication code that is only checked once UnverifiedBody has
been consumed. Once EOF has been seen, the following fields are
valid. (An authentication code failure is reported as a
SignatureError error when reading from UnverifiedBody.)
// nil if the signature is good.
// the signature packet if it is a v2 or v3 signature
// the key of the signer, if available.
// the key id of the signer, if any.
// the contents of the message.
decryptedio.ReadCloser
func ReadMessage(r io.Reader, keyring KeyRing, prompt PromptFunction, config *packet.Config) (md *MessageDetails, err error)
func readSignedMessage(packets *packet.Reader, mdin *MessageDetails, keyring KeyRing) (md *MessageDetails, err error)
func readSignedMessage(packets *packet.Reader, mdin *MessageDetails, keyring KeyRing) (md *MessageDetails, err error)
A PromptFunction is used as a callback by functions that may need to decrypt
a private key, or prompt for a passphrase. It is called with a list of
acceptable, encrypted private keys and a boolean that indicates whether a
passphrase is usable. It should either decrypt a private key or return a
passphrase to try. If the decrypted private key or given passphrase isn't
correct, the function will be called again, forever. Any error returned will
be passed up.
func ReadMessage(r io.Reader, keyring KeyRing, prompt PromptFunction, config *packet.Config) (md *MessageDetails, err error)
checkReader wraps an io.Reader from a LiteralData packet. When it sees EOF
it closes the ReadCloser from any SymmetricallyEncrypted packet to trigger
MDC checks.
md*MessageDetails( T) Read(buf []byte) (n int, err error)
T : github.com/jbenet/go-context/io.Reader
T : io.Reader
A keyEnvelopePair is used to store a private key with the envelope that
contains a symmetric key, encrypted with that key.
encryptedKey*packet.EncryptedKeykeyKey
noOpCloser is like an ioutil.NopCloser, but for an io.Writer.
TODO: we have two of these in OpenPGP packages alone. This probably needs
to be promoted somewhere more common.
wio.Writer( T) Close() error( T) Write(data []byte) (n int, err error)
T : github.com/go-git/go-git/v5/plumbing/protocol/packp/sideband.Progress
T : github.com/jbenet/go-context/io.Writer
T : io.Closer
T : io.WriteCloser
T : io.Writer
signatureCheckReader wraps an io.Reader from a LiteralData packet and hashes
the data as it is read. When it sees an EOF from the underlying io.Reader
it parses and checks a trailing Signature packet and triggers any MDC checks.
hhash.Hashmd*MessageDetailspackets*packet.ReaderwrappedHashhash.Hash(*T) Read(buf []byte) (n int, err error)
*T : github.com/jbenet/go-context/io.Reader
*T : io.Reader
Package-Level Functions (total 27, in which 15 are exported)
ArmoredDetachSign signs message with the private key from signer (which
must already have been decrypted) and writes an armored signature to w.
If config is nil, sensible defaults will be used.
ArmoredDetachSignText signs message (after canonicalising the line endings)
with the private key from signer (which must already have been decrypted)
and writes an armored signature to w.
If config is nil, sensible defaults will be used.
CheckArmoredDetachedSignature performs the same actions as
CheckDetachedSignature but expects the signature to be armored.
CheckDetachedSignature takes a signed file and a detached signature and
returns the signer if the signature is valid. If the signer isn't known,
ErrUnknownIssuer is returned.
DetachSign signs message with the private key from signer (which must
already have been decrypted) and writes the signature to w.
If config is nil, sensible defaults will be used.
DetachSignText signs message (after canonicalising the line endings) with
the private key from signer (which must already have been decrypted) and
writes the signature to w.
If config is nil, sensible defaults will be used.
Encrypt encrypts a message to a number of recipients and, optionally, signs
it. hints contains optional information, that is also encrypted, that aids
the recipients in processing the message. The resulting WriteCloser must
be closed after the contents of the file have been written.
If config is nil, sensible defaults will be used.
NewCanonicalTextHash reformats text written to it into the canonical
form and then applies the hash h. See RFC 4880, section 5.2.1.
NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a
single identity composed of the given full name, comment and email, any of
which may be empty but must not contain any of "()<>\x00".
If config is nil, sensible defaults will be used.
ReadArmoredKeyRing reads one or more public/private keys from an armor keyring file.
ReadEntity reads an entity (public key, identities, subkeys etc) from the
given Reader.
ReadKeyRing reads one or more public/private keys. Unsupported keys are
ignored as long as at least a single valid key is found.
ReadMessage parses an OpenPGP message that may be signed and/or encrypted.
The given KeyRing should contain both public keys (for signature
verification) and, possibly encrypted, private keys for decrypting.
If config is nil, sensible defaults will be used.
Sign signs a message. The resulting WriteCloser must be closed after the
contents of the file have been written. hints contains optional information
that aids the recipients in processing the message.
If config is nil, sensible defaults will be used.
SymmetricallyEncrypt acts like gpg -c: it encrypts a file with a passphrase.
The resulting WriteCloser must be closed after the contents of the file have
been written.
If config is nil, sensible defaults will be used.
hashForSignature returns a pair of hashes that can be used to verify a
signature. The signature may specify that the contents of the signed message
should be preprocessed (i.e. to normalize line endings). Thus this function
returns two hashes. The second should be used to hash the message itself and
performs any needed preprocessing.
intersectPreferences mutates and returns a prefix of a that contains only
the values in the intersection of a and b. The order of a is preserved.
readArmored reads an armored block with the given type.
readSignedMessage reads a possibly signed message if mdin is non-zero then
that structure is updated and returned. Otherwise a fresh MessageDetails is
used.
readToNextPublicKey reads packets until the start of the entity and leaves
the first packet of the new entity in the Reader.
writeAndSign writes the data as a payload package and, optionally, signs
it. hints contains optional information, that is also encrypted,
that aids the recipients in processing the message. The resulting
WriteCloser must be closed after the contents of the file have been
written. If config is nil, sensible defaults will be used.
Package-Level Variables (total 4, in which 3 are exported)
PrivateKeyType is the armor type for a PGP private key.
PublicKeyType is the armor type for a PGP public key.
SignatureType is the armor type for a PGP signature.
The pages are generated with Goldsv0.3.2-preview. (GOOS=darwin GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.
