Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/openpgp: Support Encrypted OpenPGP PrivateKey packet #16664

Closed
tcz001 opened this issue Aug 10, 2016 · 6 comments
Closed

x/crypto/openpgp: Support Encrypted OpenPGP PrivateKey packet #16664

tcz001 opened this issue Aug 10, 2016 · 6 comments
Labels
ExpertNeeded FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@tcz001
Copy link

tcz001 commented Aug 10, 2016
edited

Hi,
We are working on providing an alternative of GnuPG,
With the help of x/crypto/openpgp we can easily read and parse a key, and decrypt it with passphrase,
But there's no support for encryption & serialization of PrivateKeys, as the comment says: TODO(agl): support encrypted private keys

We made some implementation of this feature, but it needs review and suggestion about the configuration for s2k related parameters (s2kMode, salt, hashFunction, iteratedCount)

Related RFC4880 https://tools.ietf.org/html/rfc4880#section-3.7.2.1
@gopherbot
Copy link

CL https://golang.org/cl/26773 mentions this issue.

@ianlancetaylor ianlancetaylor changed the title x/crypto/openpgp Support Encrypted OpenPGP PrivateKey packet x/crypto/openpgp: Support Encrypted OpenPGP PrivateKey packet Aug 10, 2016
@ianlancetaylor
Copy link
Contributor

CC @agl

@ianlancetaylor ianlancetaylor added this to the Unreleased milestone Aug 10, 2016
tcz001 added a commit to claucece/crypto that referenced this issue Aug 11, 2016
@tcz001
x/crypto/openpgp: add Encryption/Serialization of Encrypted PrivateKey
c87a2cf 
Add support for encryption & serialization of PrivateKeys

Related issue: golang/go#16664

Change-Id: Idf41057795ba7c0bf4a6fb37662bb048680c5b2d
tcz001 added a commit to claucece/crypto that referenced this issue Aug 18, 2016
@tcz001
x/crypto/openpgp: add Encryption/Serialization of Encrypted PrivateKey
b8c92d6 
Add support for encryption & serialization of PrivateKeys

Related issue: golang/go#16664

Change-Id: Idf41057795ba7c0bf4a6fb37662bb048680c5b2d
tcz001 added a commit to claucece/crypto that referenced this issue Aug 18, 2016
@tcz001
x/crypto/openpgp: add Encryption/Serialization of Encrypted PrivateKey
d20f29a 
Add support for encryption & serialization of PrivateKeys

Related issue: golang/go#16664

Change-Id: Idf41057795ba7c0bf4a6fb37662bb048680c5b2d
@odeke-em odeke-em mentioned this issue Feb 18, 2017
Closed
racerxdl added a commit to quan-to/chevron that referenced this issue Feb 5, 2019
@racerxdl
Added missing openpgp stuff (see description)
6c293f6 
*	The oficial GPG does not support encryption of private key, so we used the implementation at claucece/crypto@d20f29a
*	See golang/go#16664
@andybons andybons added ExpertNeeded NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Feb 5, 2019
@andybons
Copy link
Member

andybons commented Feb 5, 2019

@FiloSottile

@nickname76
Copy link

2 years later... Where is this feauture?

@FiloSottile
Copy link
Contributor

x/crypto/openpgp is looking for maintainers.

https://groups.google.com/d/msg/golang-openpgp/_P6AmeCmD9w/raw7JhKuCAAJ

@FiloSottile
Copy link
Contributor

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email security@golang.org and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.

@golang golang locked and limited conversation to collaborators Mar 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
ExpertNeeded FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
6 participants
@andybons @FiloSottile @tcz001 @ianlancetaylor @gopherbot @nickname76