Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/openpgp: Support non detached sign #20545

Closed
tsl0922 opened this issue Jun 1, 2017 · 1 comment
Closed

x/crypto/openpgp: Support non detached sign #20545

tsl0922 opened this issue Jun 1, 2017 · 1 comment
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@tsl0922
Copy link

tsl0922 commented Jun 1, 2017

Hi, I'm looking for an alternative to gpg -s, but it seems no api can be used directly.

I've implemented a Sign function for this, but it requires some private structures from the openpgp package which I don't want to copy outside. It would be nice if this can be provided by the library.

// Sign acts like gpg -s: it makes a signature with the private key (which must
// already have been decrypted) from signer and writes the signature with the
// original data to w.
// The resulting WriteCloser must be closed after the contents of the file have
// been written.
// If config is nil, sensible defaults will be used.
func Sign(w io.Writer, signer *openpgp.Entity, hints *openpgp.FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
	if signer.PrivateKey == nil {
		return nil, errors.InvalidArgumentError("signing key doesn't have a private key")
	}
	if signer.PrivateKey.Encrypted {
		return nil, errors.InvalidArgumentError("signing key is encrypted")
	}

	hashType := config.Hash()
	ops := &packet.OnePassSignature{
		SigType:    packet.SigTypeBinary,
		Hash:       hashType,
		PubKeyAlgo: signer.PrivateKey.PubKeyAlgo,
		KeyId:      signer.PrivateKey.KeyId,
		IsLast:     true,
	}
	if err := ops.Serialize(w); err != nil {
		return nil, err
	}

	if hints == nil {
		hints = &openpgp.FileHints{}
	}

	var epochSeconds uint32
	if !hints.ModTime.IsZero() {
		epochSeconds = uint32(hints.ModTime.Unix())
	}

	encryptedData := noOpCloser{w: w}
	literalData, err := packet.SerializeLiteral(encryptedData, hints.IsBinary, hints.FileName, epochSeconds)
	if err != nil {
		return nil, err
	}

	return signatureWriter{encryptedData, literalData, hashType, hashType.New(), signer.PrivateKey, config}, nil
}

The signatureWriter and noOpCloser is private in the openpgp package.
@gopherbot gopherbot added this to the Unreleased milestone Jun 1, 2017
@FiloSottile
Copy link
Contributor

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email security@golang.org and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.

@golang golang locked and limited conversation to collaborators Mar 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@FiloSottile @tsl0922 @gopherbot