You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'm looking for an alternative to gpg -s, but it seems no api can be used directly.
I've implemented a Sign function for this, but it requires some private structures from the openpgp package which I don't want to copy outside. It would be nice if this can be provided by the library.
// Sign acts like gpg -s: it makes a signature with the private key (which must// already have been decrypted) from signer and writes the signature with the// original data to w.// The resulting WriteCloser must be closed after the contents of the file have// been written.// If config is nil, sensible defaults will be used.funcSign(w io.Writer, signer*openpgp.Entity, hints*openpgp.FileHints, config*packet.Config) (plaintext io.WriteCloser, errerror) {
ifsigner.PrivateKey==nil {
returnnil, errors.InvalidArgumentError("signing key doesn't have a private key")
}
ifsigner.PrivateKey.Encrypted {
returnnil, errors.InvalidArgumentError("signing key is encrypted")
}
hashType:=config.Hash()
ops:=&packet.OnePassSignature{
SigType: packet.SigTypeBinary,
Hash: hashType,
PubKeyAlgo: signer.PrivateKey.PubKeyAlgo,
KeyId: signer.PrivateKey.KeyId,
IsLast: true,
}
iferr:=ops.Serialize(w); err!=nil {
returnnil, err
}
ifhints==nil {
hints=&openpgp.FileHints{}
}
varepochSecondsuint32if!hints.ModTime.IsZero() {
epochSeconds=uint32(hints.ModTime.Unix())
}
encryptedData:=noOpCloser{w: w}
literalData, err:=packet.SerializeLiteral(encryptedData, hints.IsBinary, hints.FileName, epochSeconds)
iferr!=nil {
returnnil, err
}
returnsignatureWriter{encryptedData, literalData, hashType, hashType.New(), signer.PrivateKey, config}, nil
}
Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.
If this is a security issue, please email security@golang.org and we will assess it and provide a fix.
If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.
If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.
Hi, I'm looking for an alternative to
gpg -s
, but it seems no api can be used directly.I've implemented a
Sign
function for this, but it requires some private structures from the openpgp package which I don't want to copy outside. It would be nice if this can be provided by the library.The
signatureWriter
andnoOpCloser
is private in the openpgp package.The text was updated successfully, but these errors were encountered: