helpers

func ExportGpgKey ¶

func ExportGpgKey(ctx context.Context, gpgKeyID string, gpgKeyExportPath string) error

ExportGpgKey exports a GPG key from the keyring to a file.

func GetGpgKey ¶

func GetGpgKey(gpgKeyReader io.Reader, passphrase string) (*openpgp.Entity, error)

GetGpgKey returns a GPG key entity from the given reader, decrypting it with the provided passphrase. If passphrase is empty, it prompts interactively (falling back to empty passphrase in non-TTY environments). Exported for use by autobump (github.com/rios0rios0/autobump).

func GetGpgKeyReader ¶

func GetGpgKeyReader(ctx context.Context, gpgKeyID string, gpgKeyPath string, appName string) (io.Reader, error)

GetGpgKeyReader returns a reader for the GPG key. The appName parameter is used for default key path generation (e.g. "autobump" -> ~/.gnupg/autobump-{keyID}.asc). Supports armored (ASCII) and base64-encoded armored key formats. Exported for use by autobump (github.com/rios0rios0/autobump).

func ReadSSHSigningKey ¶

func ReadSSHSigningKey(signingKey string) (string, error)

ReadSSHSigningKey resolves the SSH signing key reference from the git config value. It handles two modes:

• File path: expands ~ to the home directory and verifies the file exists (existing behavior).
• Inline public key (starts with "ssh-", "ecdsa-", or "sk-"): verifies SSH_AUTH_SOCK is set and returns the key string as-is for agent-based signing.

Exported for use by autobump (github.com/rios0rios0/autobump).

func SignSSHCommit ¶

func SignSSHCommit(ctx context.Context, commitContent []byte, signingKeyRef string) (string, error)

SignSSHCommit signs commit content using ssh-keygen and returns the SSH signature. It uses `ssh-keygen -Y sign` which is the same mechanism Git uses internally. When signingKeyRef is an inline public key (detected via isInlineSSHKey), it writes the key to a temp file and passes `-U` so ssh-keygen signs via the SSH agent.