key

package
v0.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2026 License: Apache-2.0 Imports: 25 Imported by: 17

Documentation

Index

Constants

View Source 
const (
	RSA     Type = "rsa"
	ECDSA   Type = "ecdsa"
	ED25519 Type = "ed25519"
	GPG     Type = "gpg"

	RsaPkcs1v15         Scheme = "rsassa-pkcs1v15"
	RsaSsaPssSha256     Scheme = "rsassa-pss-sha256"
	RsaSsaPssSha384     Scheme = "rsassa-pss-sha384"
	RsaSsaPssSha512     Scheme = "rsassa-pss-sha512"
	EcdsaSha2nistP224   Scheme = "ecdsa-sha2-nistp224"
	EcdsaSha2nistP256   Scheme = "ecdsa-sha2-nistp256"
	EcdsaSha2nistP384   Scheme = "ecdsa-sha2-nistp384"
	EcdsaSha2nistP521   Scheme = "ecdsa-sha2-nistp521"
	EcdsaSha256nistP256 Scheme = "ecdsa-sha256-nistp256"
	EcdsaSha384nistP384 Scheme = "ecdsa-sha384-nistp384"
	Ed25519             Scheme = "ed25519"
)

Variables

View Source 
var (
	ErrUnknownScheme          = errors.New("unknown key scheme")
	ErrIncorrectKeySchema     = errors.New("unable to set key scheme, incorrect key type")
	ErrIncorrectEllipticCurve = errors.New("schema curve does not match key")
	ErrUnknownEllipticCurve   = errors.New("unsupported elliptic curve")
)
View Source 
var DefaultGPGGenerateOptions = GPGGenerateOptions{
	Config: packet.Config{
		Algorithm: packet.PubKeyAlgoEdDSA,
		Curve:     packet.Curve25519,
	},
}

DefaultGPGGenerateOptions provides sensible defaults for GPG key generation.

View Source 
var DefaultGenerateOptions = GenerateOptions{
	Type:        ECDSA,
	Curve:       elliptic.P256(),
	RSAHashType: crypto.SHA256,
	KeyLength:   4096,
}

DefaultGenerateOptions default key generation options

Functions

This section is empty.

Types

type FnGPGGenOpt added in v0.4.0 

type FnGPGGenOpt func(*GPGGenerateOptions) error

FnGPGGenOpt is a functional option for GPG key generation.

func WithGPGAlgorithm added in v0.4.0 

func WithGPGAlgorithm(algo packet.PublicKeyAlgorithm) FnGPGGenOpt

WithGPGAlgorithm sets the key algorithm (e.g. packet.PubKeyAlgoRSA, packet.PubKeyAlgoECDSA, packet.PubKeyAlgoEdDSA).

func WithGPGComment added in v0.4.0 

func WithGPGComment(comment string) FnGPGGenOpt

WithGPGComment sets the comment for the GPG key.

func WithGPGCurve added in v0.4.0 

func WithGPGCurve(curve packet.Curve) FnGPGGenOpt

WithGPGCurve sets the elliptic curve for ECDSA/EdDSA keys.

func WithGPGEmail added in v0.4.0 

func WithGPGEmail(email string) FnGPGGenOpt

WithGPGEmail sets the email for the GPG key.

func WithGPGKeyLifetime added in v0.4.0 

func WithGPGKeyLifetime(seconds uint32) FnGPGGenOpt

WithGPGKeyLifetime sets the key expiration in seconds (0 = no expiration).

func WithGPGName added in v0.4.0 

func WithGPGName(name string) FnGPGGenOpt

WithGPGName sets the user name for the GPG key.

func WithGPGRSABits added in v0.4.0 

func WithGPGRSABits(bits int) FnGPGGenOpt

WithGPGRSABits sets the RSA key size in bits.

type FnGenOpt 

type FnGenOpt func(*GenerateOptions) error

func WithEllipticCurve 

func WithEllipticCurve(cv elliptic.Curve) FnGenOpt

func WithKeyLength 

func WithKeyLength(l int) FnGenOpt

func WithKeyType 

func WithKeyType(t Type) FnGenOpt

type FnOpt 

type FnOpt func(*KeyParseOptions)

func WithScheme 

func WithScheme(scheme Scheme) FnOpt

WithScheme defines a scheme for a key.

type GPGGenerateOptions added in v0.4.0 

type GPGGenerateOptions struct {
	Name    string
	Comment string
	Email   string
	packet.Config
}

GPGGenerateOptions configures GPG key generation.

type GPGPrivate added in v0.4.0 

type GPGPrivate struct {
	// contains filtered or unexported fields
}

GPGPrivate wraps an OpenPGP entity with private key material. It implements the Key, PublicKeyProvider, and PrivateKeyProvider interfaces.

func ParseGPGPrivateKey added in v0.4.0 

func ParseGPGPrivateKey(data, passphrase []byte) ([]*GPGPrivate, error)

ParseGPGPrivateKey reads OpenPGP private key data, decrypts with passphrase if provided, and returns one GPGPrivate per entity found.

func (*GPGPrivate) CreationTime added in v0.4.0 

func (g *GPGPrivate) CreationTime() time.Time

CreationTime returns the creation time of the primary key.

func (*GPGPrivate) Entity added in v0.4.0 

func (g *GPGPrivate) Entity() *openpgp.Entity

Entity returns the underlying openpgp.Entity.

func (*GPGPrivate) Fingerprint added in v0.4.0 

func (g *GPGPrivate) Fingerprint() string

Fingerprint returns the hex-encoded fingerprint of the primary key.

func (*GPGPrivate) GPGPublicKey added in v0.4.0 

func (g *GPGPrivate) GPGPublicKey() *GPGPublic

GPGPublicKey returns a GPGPublic view of this private key (stripping private material reference).

func (*GPGPrivate) GetData added in v0.4.0 

func (g *GPGPrivate) GetData() string

GetData returns the ASCII-armored representation of the private key.

func (*GPGPrivate) GetHashType added in v0.4.0 

func (g *GPGPrivate) GetHashType() crypto.Hash

GetHashType returns the hash type of the underlying signing key.

func (*GPGPrivate) GetKey added in v0.4.0 

func (g *GPGPrivate) GetKey() crypto.PublicKey

GetKey returns the underlying crypto.PublicKey from the primary signing key.

func (*GPGPrivate) GetNotAfter added in v0.4.0 

func (g *GPGPrivate) GetNotAfter() *time.Time

GetNotAfter returns the expiration time of the primary key, or nil if it doesn't expire.

func (*GPGPrivate) GetNotBefore added in v0.4.0 

func (g *GPGPrivate) GetNotBefore() *time.Time

GetNotBefore returns the creation time of the primary key.

func (*GPGPrivate) GetScheme added in v0.4.0 

func (g *GPGPrivate) GetScheme() Scheme

GetScheme returns the scheme of the underlying signing key.

func (*GPGPrivate) GetType added in v0.4.0 

func (g *GPGPrivate) GetType() Type

GetType returns the GPG key type.

func (*GPGPrivate) KeyID added in v0.4.0 

func (g *GPGPrivate) KeyID() string

KeyID returns the hex-encoded key ID of the primary key.

func (*GPGPrivate) PrivateKey added in v0.4.0 

func (g *GPGPrivate) PrivateKey() (*Private, error)

PrivateKey extracts the underlying crypto private key and returns it as a *Private.

func (*GPGPrivate) PublicKey added in v0.4.0 

func (g *GPGPrivate) PublicKey() (*Public, error)

PublicKey derives the public key from the private key entity.

func (*GPGPrivate) Serialize added in v0.4.0 

func (g *GPGPrivate) Serialize(w io.Writer) error

Serialize writes the private key in ASCII-armored format.

func (*GPGPrivate) SerializeBinary added in v0.4.0 

func (g *GPGPrivate) SerializeBinary(w io.Writer) error

SerializeBinary writes the private key in binary OpenPGP format.

func (*GPGPrivate) UserIDs added in v0.4.0 

func (g *GPGPrivate) UserIDs() []string

UserIDs returns the user ID strings from the entity.

type GPGPublic added in v0.4.0 

type GPGPublic struct {
	// contains filtered or unexported fields
}

GPGPublic wraps an OpenPGP entity and provides access to its public key material. It implements the Key and PublicKeyProvider interfaces.

func ParseGPGPublicKey added in v0.4.0 

func ParseGPGPublicKey(data []byte) ([]*GPGPublic, error)

ParseGPGPublicKey reads OpenPGP public key data (auto-detects ASCII armor vs binary) and returns one GPGPublic per entity found.

func (*GPGPublic) CreationTime added in v0.4.0 

func (g *GPGPublic) CreationTime() time.Time

CreationTime returns the creation time of the primary key.

func (*GPGPublic) Entity added in v0.4.0 

func (g *GPGPublic) Entity() *openpgp.Entity

Entity returns the underlying openpgp.Entity.

func (*GPGPublic) Fingerprint added in v0.4.0 

func (g *GPGPublic) Fingerprint() string

Fingerprint returns the hex-encoded fingerprint of the primary key.

func (*GPGPublic) GetData added in v0.4.0 

func (g *GPGPublic) GetData() string

GetData returns the ASCII-armored representation of the public key.

func (*GPGPublic) GetHashType added in v0.4.0 

func (g *GPGPublic) GetHashType() crypto.Hash

GetHashType returns the hash type of the underlying signing key.

func (*GPGPublic) GetKey added in v0.4.0 

func (g *GPGPublic) GetKey() crypto.PublicKey

GetKey returns the underlying crypto.PublicKey from the primary signing key.

func (*GPGPublic) GetNotAfter added in v0.4.0 

func (g *GPGPublic) GetNotAfter() *time.Time

GetNotAfter returns the expiration time of the primary key, or nil if it doesn't expire.

func (*GPGPublic) GetNotBefore added in v0.4.0 

func (g *GPGPublic) GetNotBefore() *time.Time

GetNotBefore returns the creation time of the primary key.

func (*GPGPublic) GetScheme added in v0.4.0 

func (g *GPGPublic) GetScheme() Scheme

GetScheme returns the scheme of the underlying signing key.

func (*GPGPublic) GetType added in v0.4.0 

func (g *GPGPublic) GetType() Type

GetType returns the GPG key type.

func (*GPGPublic) KeyID added in v0.4.0 

func (g *GPGPublic) KeyID() string

KeyID returns the hex-encoded key ID of the primary key.

func (*GPGPublic) PublicKey added in v0.4.0 

func (g *GPGPublic) PublicKey() (*Public, error)

PublicKey extracts the underlying crypto public key and returns it as a *Public.

func (*GPGPublic) Serialize added in v0.4.0 

func (g *GPGPublic) Serialize(w io.Writer) error

Serialize writes the public key in ASCII-armored format.

func (*GPGPublic) SerializeBinary added in v0.4.0 

func (g *GPGPublic) SerializeBinary(w io.Writer) error

SerializeBinary writes the public key in binary OpenPGP format.

func (*GPGPublic) SigningKeyFingerprint added in v0.4.5 

func (g *GPGPublic) SigningKeyFingerprint(signature []byte) (string, error)

SigningKeyFingerprint parses the OpenPGP signature packet and returns the hex-encoded fingerprint of the key within this entity that produced the signature.

When the signature was made by a subkey, this method returns the subkey's fingerprint, which is different from Fingerprint() which always returns the primary key's fingerprint.

func (*GPGPublic) UserIDs added in v0.4.0 

func (g *GPGPublic) UserIDs() []string

UserIDs returns the user ID strings from the entity.

type GenerateOptions 

type GenerateOptions struct {
	Type         Type
	Curve        elliptic.Curve
	UseECMarshal bool
	RSAHashType  crypto.Hash
	KeyLength    int
}

type Generator 

type Generator struct{}

Generator is a key generator that returns keys wrapped in our key wrappers. The key generator supports ECDSA, RSA and ED25519 and some basic options such as key length and defininig the elliptic curve to use.

func NewGenerator 

func NewGenerator() *Generator

func (*Generator) GenerateGPGKeyPair added in v0.4.0 

func (gen *Generator) GenerateGPGKeyPair(funcs ...FnGPGGenOpt) (*GPGPrivate, error)

GenerateGPGKeyPair creates a new GPG key pair with the full OpenPGP entity, preserving user IDs, self-signatures, and subkeys.

func (*Generator) GenerateKeyPair 

func (gen *Generator) GenerateKeyPair(funcs ...FnGenOpt) (*Private, error)

GenerateKeyPair creates a new keypair

type Key added in v0.3.7 

type Key interface {
	GetType() Type
	GetScheme() Scheme
	GetHashType() crypto.Hash
	GetData() string
	GetKey() crypto.PublicKey
	GetNotBefore() *time.Time
	GetNotAfter() *time.Time
}

Key is an interface to group both public and private keys

type KeyParseOptions 

type KeyParseOptions struct {
	Scheme Scheme
}

type KeySet added in v0.3.7 

type KeySet []Key

func (KeySet) ActiveKeys added in v0.3.7 

func (ks KeySet) ActiveKeys() KeySet

ActiveKeys returns all keys whose dates are currently valid or have no dates. A key is active if its NotBefore date has passed (or is nil) and its NotAfter date has not passed (or is nil).

func (KeySet) ActiveOrRecentlyExpiredKeys added in v0.3.7 

func (ks KeySet) ActiveOrRecentlyExpiredKeys(threshold time.Duration) KeySet

ActiveOrRecentlyExpiredKeys returns all active keys plus keys that expired within the given threshold duration.

func (KeySet) GetLatestKey added in v0.3.7 

func (ks KeySet) GetLatestKey() Key

GetLatestKey returns the most "recent" key from the set based on validity dates. It filters out expired keys and keys whose NotBefore date hasn't passed yet, then orders by NotBefore date (descending), then by NotAfter date for keys without NotBefore, and finally by original array order for keys with neither date.

type Parser 

type Parser struct{}

func NewParser 

func NewParser() *Parser

func (*Parser) ParsePublicKey 

func (p *Parser) ParsePublicKey(pubKeyData []byte, funcs ...FnOpt) (*Public, error)

ParsePublicKey parses a public key that can be used to verify. It supports PEM-encoded keys (RSA, ECDSA, ED25519) and GPG keys (ASCII-armored or binary). For GPG keys the underlying crypto public key is extracted and returned as a *Public.

func (*Parser) ParsePublicKeyProvider added in v0.4.0 

func (p *Parser) ParsePublicKeyProvider(pubKeyData []byte, funcs ...FnOpt) (PublicKeyProvider, error)

ParsePublicKeyProvider parses public key data and returns a PublicKeyProvider. It supports PEM-encoded keys (RSA, ECDSA, ED25519) and GPG keys (ASCII-armored or binary). For PEM keys the returned provider is a *Public; for GPG keys it is a *GPGPublic which preserves the full OpenPGP metadata.

type Private 

type Private struct {
	Type      Type
	Scheme    Scheme
	HashType  crypto.Hash
	Data      string
	Key       crypto.PublicKey
	NotBefore *time.Time `json:"not_before"`
	NotAfter  *time.Time `json:"not_after"`
}

Private abstracts a private key use mainly to sign.

func (*Private) ID added in v0.2.1 

func (p *Private) ID() string

ID computes a key id by hashing the key data and triming it to the first 8 bytes

func (*Private) PrivateKey 

func (p *Private) PrivateKey() (*Private, error)

PrivateKey implements the PrivateKeyProvider interface

func (*Private) PublicKey 

func (p *Private) PublicKey() (*Public, error)

PublicKey derives the public key from the provate one and returns a Public abstraction that can be used to verify signed things.

type PrivateKeyProvider 

type PrivateKeyProvider interface {
	PrivateKey() (*Private, error)
}

type Public 

type Public struct {
	Type      Type
	Scheme    Scheme
	HashType  crypto.Hash
	Data      string
	Key       crypto.PublicKey
	NotBefore *time.Time `json:"not_before"`
	NotAfter  *time.Time `json:"not_after"`

	// SigningKeyFingerprint is the fingerprint of the specific key that
	// produced a verified signature.
	// This is meant for GPG entities as it may differ from ID(). When a
	// signature was made with a subkey:
	//
	//  - ID() returns the primary (identity) fingerprint
	//  - This field returns the actual signer key.
	//
	// Only populated on entries in VerificationResult.Keys after a
	// successful verification. It is emptu on general-purpose Public keys.
	SigningKeyFingerprint string `json:"signing_key_fingerprint,omitempty"`
	// contains filtered or unexported fields
}

Public key abstracts a public key data and all its features required to verify. After parsing, the original key data is preserved in the srtuct.

func (*Public) Curve 

func (p *Public) Curve() string

Curve returns the nist name of elliptic curve used in the key. If it cannot be read or the key is not an elliptic curve key then this function returns an empty string.

func (*Public) ID added in v0.2.1 

func (p *Public) ID() string

ID computes a key id by hashing the key data and triming it to the first bytes

func (*Public) PublicKey 

func (p *Public) PublicKey() (*Public, error)

Public is the most basic public key provider. It just returns itself

func (*Public) SetScheme 

func (p *Public) SetScheme(scheme Scheme) error

SetScheme sets the scheme string in the key, verifying consistency and defining some features of the key.

type PublicKeyProvider 

type PublicKeyProvider interface {
	PublicKey() (*Public, error)
}

type Scheme 

type Scheme string

type Signer 

type Signer struct{}

func NewSigner 

func NewSigner() *Signer

func (*Signer) SignDigest 

func (s *Signer) SignDigest(keyProvider PrivateKeyProvider, digest []byte) ([]byte, error)

SignDigest signs the digest byte sequence using the key obtained from a key provider

func (*Signer) SignDigestString 

func (s *Signer) SignDigestString(keyProvider PrivateKeyProvider, digestString string) ([]byte, error)

SignDigestString signs a digest in hex string representation

func (*Signer) SignMessage 

func (s *Signer) SignMessage(keyProvider PrivateKeyProvider, message []byte) ([]byte, error)

SignMessage signs a supplied message

type Type 

type Type string

type VerificationResult 

type VerificationResult struct {
	Keys     []*Public
	Time     time.Time
	Digest   map[string]string
	Verified bool
}

VerificationResult captures the key verification result

type Verifier 

type Verifier struct{}

func NewVerifier 

func NewVerifier() *Verifier

func (*Verifier) VerifyDigest 

func (v *Verifier) VerifyDigest(pkeyProv PublicKeyProvider, digest, signature []byte) (bool, error)

VerifyDigest checks a sigest signature against a digest byte slice

func (*Verifier) VerifyDigestString 

func (v *Verifier) VerifyDigestString(pkeyProv PublicKeyProvider, digestString string, signature []byte) (bool, error)

VerifyDigestString verifies the signature from a digest string. The provided string must be a hex encoded string of a hash produced by algorithm defined in the public key abstraction.

func (*Verifier) VerifyMessage 

func (v *Verifier) VerifyMessage(pkeyProv PublicKeyProvider, message, signature []byte) (bool, error)

VerifyMessage verifies the signature by getting the whole message

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.