...

Package packet

import "golang.org/x/crypto/openpgp/packet"
Overview
Index

Overview ▾

Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.

Deprecated: this package is unmaintained except for security fixes. New applications should consider a more focused, modern alternative to OpenPGP for their specific task. If you are required to interoperate with OpenPGP systems and need a maintained package, consider a community fork. See https://golang.org/issue/44226.

Index ▾

Constants
func NewOCFBDecrypter(block cipher.Block, prefix []byte, resync OCFBResyncOption) cipher.Stream
func NewOCFBEncrypter(block cipher.Block, randData []byte, resync OCFBResyncOption) (cipher.Stream, []byte)
func SerializeCompressed(w io.WriteCloser, algo CompressionAlgo, cc *CompressionConfig) (literaldata io.WriteCloser, err error)
func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, config *Config) error
func SerializeLiteral(w io.WriteCloser, isBinary bool, fileName string, time uint32) (plaintext io.WriteCloser, err error)
func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error)
func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error)
type CipherFunction
    func (cipher CipherFunction) KeySize() int
type Compressed
type CompressionAlgo
type CompressionConfig
type Config
    func (c *Config) Cipher() CipherFunction
    func (c *Config) Compression() CompressionAlgo
    func (c *Config) Hash() crypto.Hash
    func (c *Config) Now() time.Time
    func (c *Config) PasswordHashIterations() int
    func (c *Config) Random() io.Reader
type EncryptedKey
    func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error
    func (e *EncryptedKey) Serialize(w io.Writer) error
type LiteralData
    func (l *LiteralData) ForEyesOnly() bool
type OCFBResyncOption
type OnePassSignature
    func (ops *OnePassSignature) Serialize(w io.Writer) error
type OpaquePacket
    func (op *OpaquePacket) Parse() (p Packet, err error)
    func (op *OpaquePacket) Serialize(w io.Writer) (err error)
type OpaqueReader
    func NewOpaqueReader(r io.Reader) *OpaqueReader
    func (or *OpaqueReader) Next() (op *OpaquePacket, err error)
type OpaqueSubpacket
    func OpaqueSubpackets(contents []byte) (result []*OpaqueSubpacket, err error)
    func (osp *OpaqueSubpacket) Serialize(w io.Writer) (err error)
type Packet
    func Read(r io.Reader) (p Packet, err error)
type PrivateKey
    func NewDSAPrivateKey(creationTime time.Time, priv *dsa.PrivateKey) *PrivateKey
    func NewECDSAPrivateKey(creationTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey
    func NewElGamalPrivateKey(creationTime time.Time, priv *elgamal.PrivateKey) *PrivateKey
    func NewRSAPrivateKey(creationTime time.Time, priv *rsa.PrivateKey) *PrivateKey
    func NewSignerPrivateKey(creationTime time.Time, signer crypto.Signer) *PrivateKey
    func (pk *PrivateKey) Decrypt(passphrase []byte) error
    func (pk *PrivateKey) Serialize(w io.Writer) (err error)
type PublicKey
    func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey
    func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey
    func NewElGamalPublicKey(creationTime time.Time, pub *elgamal.PublicKey) *PublicKey
    func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey
    func (pk *PublicKey) BitLength() (bitLength uint16, err error)
    func (pk *PublicKey) CanSign() bool
    func (pk *PublicKey) KeyIdShortString() string
    func (pk *PublicKey) KeyIdString() string
    func (pk *PublicKey) Serialize(w io.Writer) (err error)
    func (pk *PublicKey) SerializeSignaturePrefix(h io.Writer)
    func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) error
    func (pk *PublicKey) VerifyRevocationSignature(sig *Signature) (err error)
    func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err error)
    func (pk *PublicKey) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error)
    func (pk *PublicKey) VerifyUserIdSignature(id string, pub *PublicKey, sig *Signature) (err error)
    func (pk *PublicKey) VerifyUserIdSignatureV3(id string, pub *PublicKey, sig *SignatureV3) (err error)
type PublicKeyAlgorithm
    func (pka PublicKeyAlgorithm) CanEncrypt() bool
    func (pka PublicKeyAlgorithm) CanSign() bool
type PublicKeyV3
    func (pk *PublicKeyV3) BitLength() (bitLength uint16, err error)
    func (pk *PublicKeyV3) CanSign() bool
    func (pk *PublicKeyV3) KeyIdShortString() string
    func (pk *PublicKeyV3) KeyIdString() string
    func (pk *PublicKeyV3) Serialize(w io.Writer) (err error)
    func (pk *PublicKeyV3) SerializeSignaturePrefix(w io.Writer)
    func (pk *PublicKeyV3) VerifyKeySignatureV3(signed *PublicKeyV3, sig *SignatureV3) (err error)
    func (pk *PublicKeyV3) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error)
    func (pk *PublicKeyV3) VerifyUserIdSignatureV3(id string, pub *PublicKeyV3, sig *SignatureV3) (err error)
type Reader
    func NewReader(r io.Reader) *Reader
    func (r *Reader) Next() (p Packet, err error)
    func (r *Reader) Push(reader io.Reader) (err error)
    func (r *Reader) Unread(p Packet)
type Signature
    func (sig *Signature) KeyExpired(currentTime time.Time) bool
    func (sig *Signature) Serialize(w io.Writer) (err error)
    func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err error)
    func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config) error
    func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, config *Config) error
type SignatureType
type SignatureV3
    func (sig *SignatureV3) Serialize(w io.Writer) (err error)
type SymmetricKeyEncrypted
    func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunction, error)
type SymmetricallyEncrypted
    func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error)
type UserAttribute
    func NewUserAttribute(contents ...*OpaqueSubpacket) *UserAttribute
    func NewUserAttributePhoto(photos ...image.Image) (uat *UserAttribute, err error)
    func (uat *UserAttribute) ImageData() (imageData [][]byte)
    func (uat *UserAttribute) Serialize(w io.Writer) (err error)
type UserId
    func NewUserId(name, comment, email string) *UserId
    func (uid *UserId) Serialize(w io.Writer) error

Package files

compressed.go config.go encrypted_key.go literal.go ocfb.go one_pass_signature.go opaque.go packet.go private_key.go public_key.go public_key_v3.go reader.go signature.go signature_v3.go symmetric_key_encrypted.go symmetrically_encrypted.go userattribute.go userid.go

Constants

const (
    NoCompression      = flate.NoCompression
    BestSpeed          = flate.BestSpeed
    BestCompression    = flate.BestCompression
    DefaultCompression = flate.DefaultCompression
)
const (
    SigTypeBinary            SignatureType = 0
    SigTypeText                            = 1
    SigTypeGenericCert                     = 0x10
    SigTypePersonaCert                     = 0x11
    SigTypeCasualCert                      = 0x12
    SigTypePositiveCert                    = 0x13
    SigTypeSubkeyBinding                   = 0x18
    SigTypePrimaryKeyBinding               = 0x19
    SigTypeDirectSignature                 = 0x1F
    SigTypeKeyRevocation                   = 0x20
    SigTypeSubkeyRevocation                = 0x28
)
const (
    // See RFC 4880, section 5.2.3.21 for details.
    KeyFlagCertify = 1 << iota
    KeyFlagSign
    KeyFlagEncryptCommunications
    KeyFlagEncryptStorage
)
const UserAttrImageSubpacket = 1

func NewOCFBDecrypter

func NewOCFBDecrypter(block cipher.Block, prefix []byte, resync OCFBResyncOption) cipher.Stream

NewOCFBDecrypter returns a cipher.Stream which decrypts data with OpenPGP's cipher feedback mode using the given cipher.Block. Prefix must be the first blockSize + 2 bytes of the ciphertext, where blockSize is the cipher.Block's block size. If an incorrect key is detected then nil is returned. On successful exit, blockSize+2 bytes of decrypted data are written into prefix. Resync determines if the "resynchronization step" from RFC 4880, 13.9 step 7 is performed. Different parts of OpenPGP vary on this point.

func NewOCFBEncrypter

func NewOCFBEncrypter(block cipher.Block, randData []byte, resync OCFBResyncOption) (cipher.Stream, []byte)

NewOCFBEncrypter returns a cipher.Stream which encrypts data with OpenPGP's cipher feedback mode using the given cipher.Block, and an initial amount of ciphertext. randData must be random bytes and be the same length as the cipher.Block's block size. Resync determines if the "resynchronization step" from RFC 4880, 13.9 step 7 is performed. Different parts of OpenPGP vary on this point.

func SerializeCompressed

func SerializeCompressed(w io.WriteCloser, algo CompressionAlgo, cc *CompressionConfig) (literaldata io.WriteCloser, err error)

SerializeCompressed serializes a compressed data packet to w and returns a WriteCloser to which the literal data packets themselves can be written and which MUST be closed on completion. If cc is nil, sensible defaults will be used to configure the compression algorithm.

func SerializeEncryptedKey

func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, config *Config) error

SerializeEncryptedKey serializes an encrypted key packet to w that contains key, encrypted to pub. If config is nil, sensible defaults will be used.

func SerializeLiteral

func SerializeLiteral(w io.WriteCloser, isBinary bool, fileName string, time uint32) (plaintext io.WriteCloser, err error)

SerializeLiteral serializes a literal data packet to w and returns a WriteCloser to which the data itself can be written and which MUST be closed on completion. The fileName is truncated to 255 bytes.

func SerializeSymmetricKeyEncrypted

func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error)

SerializeSymmetricKeyEncrypted serializes a symmetric key packet to w. The packet contains a random session key, encrypted by a key derived from the given passphrase. The session key is returned and must be passed to SerializeSymmetricallyEncrypted. If config is nil, sensible defaults will be used.

func SerializeSymmetricallyEncrypted

func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error)

SerializeSymmetricallyEncrypted serializes a symmetrically encrypted packet to w and returns a WriteCloser to which the to-be-encrypted packets can be written. If config is nil, sensible defaults will be used.

type CipherFunction

CipherFunction represents the different block ciphers specified for OpenPGP. See http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13

type CipherFunction uint8
const (
    Cipher3DES   CipherFunction = 2
    CipherCAST5  CipherFunction = 3
    CipherAES128 CipherFunction = 7
    CipherAES192 CipherFunction = 8
    CipherAES256 CipherFunction = 9
)

func (CipherFunction) KeySize

func (cipher CipherFunction) KeySize() int

KeySize returns the key size, in bytes, of cipher.

type Compressed

Compressed represents a compressed OpenPGP packet. The decompressed contents will contain more OpenPGP packets. See RFC 4880, section 5.6.

type Compressed struct {
    Body io.Reader
}

type CompressionAlgo

CompressionAlgo Represents the different compression algorithms supported by OpenPGP (except for BZIP2, which is not currently supported). See Section 9.3 of RFC 4880.

type CompressionAlgo uint8
const (
    CompressionNone CompressionAlgo = 0
    CompressionZIP  CompressionAlgo = 1
    CompressionZLIB CompressionAlgo = 2
)

type CompressionConfig

CompressionConfig contains compressor configuration settings.

type CompressionConfig struct {
    // Level is the compression level to use. It must be set to
    // between -1 and 9, with -1 causing the compressor to use the
    // default compression level, 0 causing the compressor to use
    // no compression and 1 to 9 representing increasing (better,
    // slower) compression levels. If Level is less than -1 or
    // more then 9, a non-nil error will be returned during
    // encryption. See the constants above for convenient common
    // settings for Level.
    Level int
}

type Config

Config collects a number of parameters along with sensible defaults. A nil *Config is valid and results in all default values.

type Config struct {
    // Rand provides the source of entropy.
    // If nil, the crypto/rand Reader is used.
    Rand io.Reader
    // DefaultHash is the default hash function to be used.
    // If zero, SHA-256 is used.
    DefaultHash crypto.Hash
    // DefaultCipher is the cipher to be used.
    // If zero, AES-128 is used.
    DefaultCipher CipherFunction
    // Time returns the current time as the number of seconds since the
    // epoch. If Time is nil, time.Now is used.
    Time func() time.Time
    // DefaultCompressionAlgo is the compression algorithm to be
    // applied to the plaintext before encryption. If zero, no
    // compression is done.
    DefaultCompressionAlgo CompressionAlgo
    // CompressionConfig configures the compression settings.
    CompressionConfig *CompressionConfig
    // S2KCount is only used for symmetric encryption. It
    // determines the strength of the passphrase stretching when
    // the said passphrase is hashed to produce a key. S2KCount
    // should be between 1024 and 65011712, inclusive. If Config
    // is nil or S2KCount is 0, the value 65536 used. Not all
    // values in the above range can be represented. S2KCount will
    // be rounded up to the next representable value if it cannot
    // be encoded exactly. When set, it is strongly encrouraged to
    // use a value that is at least 65536. See RFC 4880 Section
    // 3.7.1.3.
    S2KCount int
    // RSABits is the number of bits in new RSA keys made with NewEntity.
    // If zero, then 2048 bit keys are created.
    RSABits int
}

func (*Config) Cipher

func (c *Config) Cipher() CipherFunction

func (*Config) Compression

func (c *Config) Compression() CompressionAlgo

func (*Config) Hash

func (c *Config) Hash() crypto.Hash

func (*Config) Now

func (c *Config) Now() time.Time

func (*Config) PasswordHashIterations

func (c *Config) PasswordHashIterations() int

func (*Config) Random

func (c *Config) Random() io.Reader

type EncryptedKey

EncryptedKey represents a public-key encrypted session key. See RFC 4880, section 5.1.

type EncryptedKey struct {
    KeyId      uint64
    Algo       PublicKeyAlgorithm
    CipherFunc CipherFunction // only valid after a successful Decrypt
    Key        []byte         // only valid after a successful Decrypt
    // contains filtered or unexported fields
}

func (*EncryptedKey) Decrypt

func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error

Decrypt decrypts an encrypted session key with the given private key. The private key must have been decrypted first. If config is nil, sensible defaults will be used.

func (*EncryptedKey) Serialize

func (e *EncryptedKey) Serialize(w io.Writer) error

Serialize writes the encrypted key packet, e, to w.

type LiteralData

LiteralData represents an encrypted file. See RFC 4880, section 5.9.

type LiteralData struct {
    IsBinary bool
    FileName string
    Time     uint32 // Unix epoch time. Either creation time or modification time. 0 means undefined.
    Body     io.Reader
}

func (*LiteralData) ForEyesOnly

func (l *LiteralData) ForEyesOnly() bool

ForEyesOnly returns whether the contents of the LiteralData have been marked as especially sensitive.

type OCFBResyncOption

An OCFBResyncOption determines if the "resynchronization step" of OCFB is performed.

type OCFBResyncOption bool
const (
    OCFBResync   OCFBResyncOption = true
    OCFBNoResync OCFBResyncOption = false
)

type OnePassSignature

OnePassSignature represents a one-pass signature packet. See RFC 4880, section 5.4.

type OnePassSignature struct {
    SigType    SignatureType
    Hash       crypto.Hash
    PubKeyAlgo PublicKeyAlgorithm
    KeyId      uint64
    IsLast     bool
}

func (*OnePassSignature) Serialize

func (ops *OnePassSignature) Serialize(w io.Writer) error

Serialize marshals the given OnePassSignature to w.

type OpaquePacket

OpaquePacket represents an OpenPGP packet as raw, unparsed data. This is useful for splitting and storing the original packet contents separately, handling unsupported packet types or accessing parts of the packet not yet implemented by this package.

type OpaquePacket struct {
    // Packet type
    Tag uint8
    // Reason why the packet was parsed opaquely
    Reason error
    // Binary contents of the packet data
    Contents []byte
}

func (*OpaquePacket) Parse

func (op *OpaquePacket) Parse() (p Packet, err error)

Parse attempts to parse the opaque contents into a structure supported by this package. If the packet is not known then the result will be another OpaquePacket.

func (*OpaquePacket) Serialize

func (op *OpaquePacket) Serialize(w io.Writer) (err error)

Serialize marshals the packet to a writer in its original form, including the packet header.

type OpaqueReader

OpaqueReader reads OpaquePackets from an io.Reader.

type OpaqueReader struct {
    // contains filtered or unexported fields
}

func NewOpaqueReader

func NewOpaqueReader(r io.Reader) *OpaqueReader

func (*OpaqueReader) Next

func (or *OpaqueReader) Next() (op *OpaquePacket, err error)

Read the next OpaquePacket.

type OpaqueSubpacket

OpaqueSubpacket represents an unparsed OpenPGP subpacket, as found in signature and user attribute packets.

type OpaqueSubpacket struct {
    SubType  uint8
    Contents []byte
}

func OpaqueSubpackets

func OpaqueSubpackets(contents []byte) (result []*OpaqueSubpacket, err error)

OpaqueSubpackets extracts opaque, unparsed OpenPGP subpackets from their byte representation.

func (*OpaqueSubpacket) Serialize

func (osp *OpaqueSubpacket) Serialize(w io.Writer) (err error)

type Packet

Packet represents an OpenPGP packet. Users are expected to try casting instances of this interface to specific packet types.

type Packet interface {
    // contains filtered or unexported methods
}

func Read

func Read(r io.Reader) (p Packet, err error)

Read reads a single OpenPGP packet from the given io.Reader. If there is an error parsing a packet, the whole packet is consumed from the input.

type PrivateKey

PrivateKey represents a possibly encrypted private key. See RFC 4880, section 5.5.3.

type PrivateKey struct {
    PublicKey
    Encrypted bool // if true then the private key is unavailable until Decrypt has been called.

    PrivateKey interface{} // An *{rsa|dsa|ecdsa}.PrivateKey or crypto.Signer/crypto.Decrypter (Decryptor RSA only).
    // contains filtered or unexported fields
}

func NewDSAPrivateKey

func NewDSAPrivateKey(creationTime time.Time, priv *dsa.PrivateKey) *PrivateKey

func NewECDSAPrivateKey

func NewECDSAPrivateKey(creationTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey

func NewElGamalPrivateKey

func NewElGamalPrivateKey(creationTime time.Time, priv *elgamal.PrivateKey) *PrivateKey

func NewRSAPrivateKey

func NewRSAPrivateKey(creationTime time.Time, priv *rsa.PrivateKey) *PrivateKey

func NewSignerPrivateKey

func NewSignerPrivateKey(creationTime time.Time, signer crypto.Signer) *PrivateKey

NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that implements RSA or ECDSA.

func (*PrivateKey) Decrypt

func (pk *PrivateKey) Decrypt(passphrase []byte) error

Decrypt decrypts an encrypted private key using a passphrase.

func (*PrivateKey) Serialize

func (pk *PrivateKey) Serialize(w io.Writer) (err error)

type PublicKey

PublicKey represents an OpenPGP public key. See RFC 4880, section 5.5.2.

type PublicKey struct {
    CreationTime time.Time
    PubKeyAlgo   PublicKeyAlgorithm
    PublicKey    interface{} // *rsa.PublicKey, *dsa.PublicKey or *ecdsa.PublicKey
    Fingerprint  [20]byte
    KeyId        uint64
    IsSubkey     bool
    // contains filtered or unexported fields
}

func NewDSAPublicKey

func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey

NewDSAPublicKey returns a PublicKey that wraps the given dsa.PublicKey.

func NewECDSAPublicKey

func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey

func NewElGamalPublicKey

func NewElGamalPublicKey(creationTime time.Time, pub *elgamal.PublicKey) *PublicKey

NewElGamalPublicKey returns a PublicKey that wraps the given elgamal.PublicKey.

func NewRSAPublicKey

func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey

NewRSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey.

func (*PublicKey) BitLength

func (pk *PublicKey) BitLength() (bitLength uint16, err error)

BitLength returns the bit length for the given public key.

func (*PublicKey) CanSign

func (pk *PublicKey) CanSign() bool

CanSign returns true iff this public key can generate signatures

func (*PublicKey) KeyIdShortString

func (pk *PublicKey) KeyIdShortString() string

KeyIdShortString returns the short form of public key's fingerprint in capital hex, as shown by gpg --list-keys (e.g. "621CC013").

func (*PublicKey) KeyIdString

func (pk *PublicKey) KeyIdString() string

KeyIdString returns the public key's fingerprint in capital hex (e.g. "6C7EE1B8621CC013").

func (*PublicKey) Serialize

func (pk *PublicKey) Serialize(w io.Writer) (err error)

func (*PublicKey) SerializeSignaturePrefix

func (pk *PublicKey) SerializeSignaturePrefix(h io.Writer)

SerializeSignaturePrefix writes the prefix for this public key to the given Writer. The prefix is used when calculating a signature over this public key. See RFC 4880, section 5.2.4.

func (*PublicKey) VerifyKeySignature

func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) error

VerifyKeySignature returns nil iff sig is a valid signature, made by this public key, of signed.

func (*PublicKey) VerifyRevocationSignature

func (pk *PublicKey) VerifyRevocationSignature(sig *Signature) (err error)

VerifyRevocationSignature returns nil iff sig is a valid signature, made by this public key.

func (*PublicKey) VerifySignature

func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err error)

VerifySignature returns nil iff sig is a valid signature, made by this public key, of the data hashed into signed. signed is mutated by this call.

func (*PublicKey) VerifySignatureV3

func (pk *PublicKey) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error)

VerifySignatureV3 returns nil iff sig is a valid signature, made by this public key, of the data hashed into signed. signed is mutated by this call.

func (*PublicKey) VerifyUserIdSignature

func (pk *PublicKey) VerifyUserIdSignature(id string, pub *PublicKey, sig *Signature) (err error)

VerifyUserIdSignature returns nil iff sig is a valid signature, made by this public key, that id is the identity of pub.

func (*PublicKey) VerifyUserIdSignatureV3

func (pk *PublicKey) VerifyUserIdSignatureV3(id string, pub *PublicKey, sig *SignatureV3) (err error)

VerifyUserIdSignatureV3 returns nil iff sig is a valid signature, made by this public key, that id is the identity of pub.

type PublicKeyAlgorithm

PublicKeyAlgorithm represents the different public key system specified for OpenPGP. See http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-12

type PublicKeyAlgorithm uint8
const (
    PubKeyAlgoRSA     PublicKeyAlgorithm = 1
    PubKeyAlgoElGamal PublicKeyAlgorithm = 16
    PubKeyAlgoDSA     PublicKeyAlgorithm = 17
    // RFC 6637, Section 5.
    PubKeyAlgoECDH  PublicKeyAlgorithm = 18
    PubKeyAlgoECDSA PublicKeyAlgorithm = 19

    // Deprecated in RFC 4880, Section 13.5. Use key flags instead.
    PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
    PubKeyAlgoRSASignOnly    PublicKeyAlgorithm = 3
)

func (PublicKeyAlgorithm) CanEncrypt

func (pka PublicKeyAlgorithm) CanEncrypt() bool

CanEncrypt returns true if it's possible to encrypt a message to a public key of the given type.

func (PublicKeyAlgorithm) CanSign

func (pka PublicKeyAlgorithm) CanSign() bool

CanSign returns true if it's possible for a public key of the given type to sign a message.

type PublicKeyV3

PublicKeyV3 represents older, version 3 public keys. These keys are less secure and should not be used for signing or encrypting. They are supported here only for parsing version 3 key material and validating signatures. See RFC 4880, section 5.5.2.

type PublicKeyV3 struct {
    CreationTime time.Time
    DaysToExpire uint16
    PubKeyAlgo   PublicKeyAlgorithm
    PublicKey    *rsa.PublicKey
    Fingerprint  [16]byte
    KeyId        uint64
    IsSubkey     bool
    // contains filtered or unexported fields
}

func (*PublicKeyV3) BitLength

func (pk *PublicKeyV3) BitLength() (bitLength uint16, err error)

BitLength returns the bit length for the given public key.

func (*PublicKeyV3) CanSign

func (pk *PublicKeyV3) CanSign() bool

CanSign returns true iff this public key can generate signatures

func (*PublicKeyV3) KeyIdShortString

func (pk *PublicKeyV3) KeyIdShortString() string

KeyIdShortString returns the short form of public key's fingerprint in capital hex, as shown by gpg --list-keys (e.g. "621CC013").

func (*PublicKeyV3) KeyIdString

func (pk *PublicKeyV3) KeyIdString() string

KeyIdString returns the public key's fingerprint in capital hex (e.g. "6C7EE1B8621CC013").

func (*PublicKeyV3) Serialize

func (pk *PublicKeyV3) Serialize(w io.Writer) (err error)

func (*PublicKeyV3) SerializeSignaturePrefix

func (pk *PublicKeyV3) SerializeSignaturePrefix(w io.Writer)

SerializeSignaturePrefix writes the prefix for this public key to the given Writer. The prefix is used when calculating a signature over this public key. See RFC 4880, section 5.2.4.

func (*PublicKeyV3) VerifyKeySignatureV3

func (pk *PublicKeyV3) VerifyKeySignatureV3(signed *PublicKeyV3, sig *SignatureV3) (err error)

VerifyKeySignatureV3 returns nil iff sig is a valid signature, made by this public key, of signed.

func (*PublicKeyV3) VerifySignatureV3

func (pk *PublicKeyV3) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error)

VerifySignatureV3 returns nil iff sig is a valid signature, made by this public key, of the data hashed into signed. signed is mutated by this call.

func (*PublicKeyV3) VerifyUserIdSignatureV3

func (pk *PublicKeyV3) VerifyUserIdSignatureV3(id string, pub *PublicKeyV3, sig *SignatureV3) (err error)

VerifyUserIdSignatureV3 returns nil iff sig is a valid signature, made by this public key, that id is the identity of pub.

type Reader

Reader reads packets from an io.Reader and allows packets to be 'unread' so that they result from the next call to Next.

type Reader struct {
    // contains filtered or unexported fields
}

func NewReader

func NewReader(r io.Reader) *Reader

func (*Reader) Next

func (r *Reader) Next() (p Packet, err error)

Next returns the most recently unread Packet, or reads another packet from the top-most io.Reader. Unknown packet types are skipped.

func (*Reader) Push

func (r *Reader) Push(reader io.Reader) (err error)

Push causes the Reader to start reading from a new io.Reader. When an EOF error is seen from the new io.Reader, it is popped and the Reader continues to read from the next most recent io.Reader. Push returns a StructuralError if pushing the reader would exceed the maximum recursion level, otherwise it returns nil.

func (*Reader) Unread

func (r *Reader) Unread(p Packet)

Unread causes the given Packet to be returned from the next call to Next.

type Signature

Signature represents a signature. See RFC 4880, section 5.2.

type Signature struct {
    SigType    SignatureType
    PubKeyAlgo PublicKeyAlgorithm
    Hash       crypto.Hash

    // HashSuffix is extra data that is hashed in after the signed data.
    HashSuffix []byte
    // HashTag contains the first two bytes of the hash for fast rejection
    // of bad signed data.
    HashTag      [2]byte
    CreationTime time.Time

    RSASignature         parsedMPI
    DSASigR, DSASigS     parsedMPI
    ECDSASigR, ECDSASigS parsedMPI

    SigLifetimeSecs, KeyLifetimeSecs                        *uint32
    PreferredSymmetric, PreferredHash, PreferredCompression []uint8
    IssuerKeyId                                             *uint64
    IsPrimaryId                                             *bool

    // FlagsValid is set if any flags were given. See RFC 4880, section
    // 5.2.3.21 for details.
    FlagsValid                                                           bool
    FlagCertify, FlagSign, FlagEncryptCommunications, FlagEncryptStorage bool

    // RevocationReason is set if this signature has been revoked.
    // See RFC 4880, section 5.2.3.23 for details.
    RevocationReason     *uint8
    RevocationReasonText string

    // MDC is set if this signature has a feature packet that indicates
    // support for MDC subpackets.
    MDC bool

    // EmbeddedSignature, if non-nil, is a signature of the parent key, by
    // this key. This prevents an attacker from claiming another's signing
    // subkey as their own.
    EmbeddedSignature *Signature
    // contains filtered or unexported fields
}

func (*Signature) KeyExpired

func (sig *Signature) KeyExpired(currentTime time.Time) bool

KeyExpired returns whether sig is a self-signature of a key that has expired.

func (*Signature) Serialize

func (sig *Signature) Serialize(w io.Writer) (err error)

Serialize marshals sig to w. Sign, SignUserId or SignKey must have been called first.

func (*Signature) Sign

func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err error)

Sign signs a message with a private key. The hash, h, must contain the hash of the message to be signed and will be mutated by this function. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.

func (*Signature) SignKey

func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config) error

SignKey computes a signature from priv, asserting that pub is a subkey. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.

func (*Signature) SignUserId

func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, config *Config) error

SignUserId computes a signature from priv, asserting that pub is a valid key for the identity id. On success, the signature is stored in sig. Call Serialize to write it out. If config is nil, sensible defaults will be used.

type SignatureType

SignatureType represents the different semantic meanings of an OpenPGP signature. See RFC 4880, section 5.2.1.

type SignatureType uint8

type SignatureV3

SignatureV3 represents older version 3 signatures. These signatures are less secure than version 4 and should not be used to create new signatures. They are included here for backwards compatibility to read and validate with older key material. See RFC 4880, section 5.2.2.

type SignatureV3 struct {
    SigType      SignatureType
    CreationTime time.Time
    IssuerKeyId  uint64
    PubKeyAlgo   PublicKeyAlgorithm
    Hash         crypto.Hash
    HashTag      [2]byte

    RSASignature     parsedMPI
    DSASigR, DSASigS parsedMPI
}

func (*SignatureV3) Serialize

func (sig *SignatureV3) Serialize(w io.Writer) (err error)

Serialize marshals sig to w. Sign, SignUserId or SignKey must have been called first.

type SymmetricKeyEncrypted

SymmetricKeyEncrypted represents a passphrase protected session key. See RFC 4880, section 5.3.

type SymmetricKeyEncrypted struct {
    CipherFunc CipherFunction
    // contains filtered or unexported fields
}

func (*SymmetricKeyEncrypted) Decrypt

func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunction, error)

Decrypt attempts to decrypt an encrypted session key and returns the key and the cipher to use when decrypting a subsequent Symmetrically Encrypted Data packet.

type SymmetricallyEncrypted

SymmetricallyEncrypted represents a symmetrically encrypted byte string. The encrypted contents will consist of more OpenPGP packets. See RFC 4880, sections 5.7 and 5.13.

type SymmetricallyEncrypted struct {
    MDC bool // true iff this is a type 18 packet and thus has an embedded MAC.
    // contains filtered or unexported fields
}

func (*SymmetricallyEncrypted) Decrypt

func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error)

Decrypt returns a ReadCloser, from which the decrypted contents of the packet can be read. An incorrect key can, with high probability, be detected immediately and this will result in a KeyIncorrect error being returned.

type UserAttribute

UserAttribute is capable of storing other types of data about a user beyond name, email and a text comment. In practice, user attributes are typically used to store a signed thumbnail photo JPEG image of the user. See RFC 4880, section 5.12.

type UserAttribute struct {
    Contents []*OpaqueSubpacket
}

func NewUserAttribute

func NewUserAttribute(contents ...*OpaqueSubpacket) *UserAttribute

NewUserAttribute creates a new user attribute packet containing the given subpackets.

func NewUserAttributePhoto

func NewUserAttributePhoto(photos ...image.Image) (uat *UserAttribute, err error)

NewUserAttributePhoto creates a user attribute packet containing the given images.

func (*UserAttribute) ImageData

func (uat *UserAttribute) ImageData() (imageData [][]byte)

ImageData returns zero or more byte slices, each containing JPEG File Interchange Format (JFIF), for each photo in the user attribute packet.

func (*UserAttribute) Serialize

func (uat *UserAttribute) Serialize(w io.Writer) (err error)

Serialize marshals the user attribute to w in the form of an OpenPGP packet, including header.

type UserId

UserId contains text that is intended to represent the name and email address of the key holder. See RFC 4880, section 5.11. By convention, this takes the form "Full Name (Comment) <email@example.com>"

type UserId struct {
    Id string // By convention, this takes the form "Full Name (Comment) <email@example.com>" which is split out in the fields below.

    Name, Comment, Email string
}

func NewUserId

func NewUserId(name, comment, email string) *UserId

NewUserId returns a UserId or nil if any of the arguments contain invalid characters. The invalid characters are '\x00', '(', ')', '<' and '>'

func (*UserId) Serialize

func (uid *UserId) Serialize(w io.Writer) error

Serialize marshals uid to w in the form of an OpenPGP packet, including header.