All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Key.IsRevoked()
to check the revocation status of a key
- Upgraded underlying crypto library to fix handling of revoked keys
- Protect the global
pgp
variable fields with a lock. - Unlock and lock dummy keys correctly
- Use the provided
verifyTime
instead of the current time when verifying embedded signatures.
- Keys are now generated with ZLIB as preferred compression algorithm
- Upgraded underlying crypto library
NewKeyFromEntity
to create a key from an openpgp entity
- Improved documentation for differences between text and binary messages
(key *Key) Check() (bool, error)
is now deprecated, all keys are now checked upon import from x/crypto
- Dummy keys now show the correct locked/unlocked status
- All keys are now checked on parsing from the underlying library
- Changed the returned
SignatureVerificationError.Status
when trying to verify a message with no embedded signature. It used to returnconstants.SIGNATURE_NO_VERIFIER
and now returnsconstants.SIGNATURE_NOT_SIGNED
. This change impacts :func (sk *SessionKey) DecryptAndVerify(...)
func (msg *PlainMessageReader) VerifySignature(...)
func (keyRing *KeyRing) Decrypt(...)
- Improved error messages for failures in password protected message decryption
- Helper to access the SignatureVerificationError explicitly when decrypting streams in mobile apps:
func VerifySignatureExplicit( reader *crypto.PlainMessageReader, ) (signatureVerificationError *crypto.SignatureVerificationError, err error)
- Streaming API:
-
New structs:
PlainMessageMetadata
: holds the metadata of a plain PGP messagetype PlainMessageMetadata struct { IsBinary bool Filename string ModTime int64 }
PlainMessageReader
implementsReader
and:func (msg *PlainMessageReader) GetMetadata() *PlainMessageMetadata func (msg *PlainMessageReader) VerifySignature() (err error)
EncryptSplitResult
implementsWriteCloser
and:func (res *EncryptSplitResult) GetKeyPacket() (keyPacket []byte, err error)
-
Keyring methods:
-
Encrypt (and optionally sign) a message directly into a
Writer
:func (keyRing *KeyRing) EncryptStream( pgpMessageWriter Writer, plainMessageMetadata *PlainMessageMetadata, signKeyRing *KeyRing, ) (plainMessageWriter WriteCloser, err error)
-
Encrypt (and optionally sign) a message directly into a
Writer
(split keypacket and datapacket):func (keyRing *KeyRing) EncryptSplitStream( dataPacketWriter Writer, plainMessageMetadata *PlainMessageMetadata, signKeyRing *KeyRing, ) (*EncryptSplitResult, error)
-
Decrypt (and optionally verify) a message from a
Reader
:func (keyRing *KeyRing) DecryptStream( message Reader, verifyKeyRing *KeyRing, verifyTime int64, ) (plainMessage *PlainMessageReader, err error)
N.B.: to verify the signature, you will need to call
plainMessage.VerifySignature()
after all the data has been read fromplainMessage
. -
Decrypt (and optionally verify) a split message, getting the datapacket from a
Reader
:func (keyRing *KeyRing) DecryptSplitStream( keypacket []byte, dataPacketReader Reader, verifyKeyRing *KeyRing, verifyTime int64, ) (plainMessage *PlainMessageReader, err error)
N.B.: to verify the signature, you will need to call
plainMessage.VerifySignature()
after all the data has been read fromplainMessage
. -
Generate a detached signature from a
Reader
:func (keyRing *KeyRing) SignDetachedStream(message Reader) (*PGPSignature, error)
-
Verify a detached signature for a
Reader
:func (keyRing *KeyRing) VerifyDetachedStream( message Reader, signature *PGPSignature, verifyTime int64, ) error
-
Generate an encrypted detached signature from a
Reader
:func (keyRing *KeyRing) SignDetachedEncryptedStream( message Reader, encryptionKeyRing *KeyRing, ) (encryptedSignature *PGPMessage, err error)
-
Verify an encrypted detached signature for a
Reader
:func (keyRing *KeyRing) VerifyDetachedEncryptedStream( message Reader, encryptedSignature *PGPMessage, decryptionKeyRing *KeyRing, verifyTime int64, ) error
-
-
SessionKey methods:
- Encrypt (and optionally sign) a message into a
Writer
:func (sk *SessionKey) EncryptStream( dataPacketWriter Writer, plainMessageMetadata *PlainMessageMetadata, signKeyRing *KeyRing, ) (plainMessageWriter WriteCloser, err error)
- Decrypt (and optionally verify) a message from a
Reader
:N.B.: to verify the signature, you will need to callfunc (sk *SessionKey) DecryptStream( dataPacketReader Reader, verifyKeyRing *KeyRing, verifyTime int64, ) (plainMessage *PlainMessageReader, err error)
plainMessage.VerifySignature()
after all the data has been read fromplainMessage
.
- Encrypt (and optionally sign) a message into a
-
Mobile apps helpers for
Reader
andWriter
: Due to limitations ofgomobile
, mobile apps can't implement theReader
andWriter
interfaces directly.-
Implementing
Reader
: Apps should implement the interface:type MobileReader interface { Read(max int) (result *MobileReadResult, err error) } type MobileReadResult struct { N int // N, The number of bytes read IsEOF bool // IsEOF, If true, then the reader has reached the end of the data to read. Data []byte // Data, the data that has been read }
And then wrap it with
Mobile2GoReader(mobileReader)
to turn it into aReader
. -
Implementing
Writer
:The apps should implement the
Writer
interface directly, but still need to wrap the writer withMobile2GoWriter(mobileWriter)
. We also provide theMobile2GoWriterWithSHA256
if you want to compute the SHA256 hash of the written data. -
Using a
Reader
: To use a reader returned by golang in mobile apps: you should wrap it with:- Android:
Go2AndroidReader(reader)
, implements theReader
interface, but returnsn == -1
instead oferr == io.EOF
- iOS:
Go2IOSReader(reader)
, implementsMobileReader
.
- Android:
-
Using a
Writer
: you can use a writer returned by golang directly.
-
-
- Removed time interpolation via monotonic clock that can cause signatures in the future
- Updated the underlying crypto library
- Key and KeyRing methods to check if a key/keyring can Encrypt or Verify
(key *Key) CanVerify() bool
(key *Key) CanEncrypt() bool
(keyRing *KeyRing) CanVerify() bool
(keyRing *KeyRing) CanEncrypt() bool
- SessionKey methods to encrypt/decrypt and simultaneously sign/verify with an asymmetric key (embedded signature)
(sk *SessionKey) EncryptAndSign(message *PlainMessage, signKeyRing *KeyRing) ([]byte, error)
(sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64) (*PlainMessage, error)
- The mobile helper
DecryptSessionKeyExplicitVerify
to allow using session key decryption + verification operations via gomobile
ManualAttachmentProcessor
: a new kind of attachment processor where the caller has to first allocate a buffer large enough for the whole data packet to be written to. It can be created withprocessor, err := keyRing.NewManualAttachmentProcessor(estimatedSize, filename, dataBuffer)
.
- Fix random failure in AES tests
- Updated the x/mobile fork and the build script to work with golang 1.16
- Decryption tests for attachments
- Armoring headers for public or private keys
- Session key decoding on invalid keys
- Support for multiple embedded signatures (not nested)
- Updated the underlying crypto library
- Removed an unnecessary cloning in the attachment processor, to perform better in low memory settings
- Methods for generating an verifying encrypted detached signatures
(signingKeyRing *KeyRing) SignDetachedEncrypted(message *PlainMessage, encryptionKeyRing *KeyRing) (encryptedSignature *PGPMessage, err error)
(verifyingKeyRing *KeyRing) VerifyDetachedEncrypted(message *PlainMessage, encryptedSignature *PGPMessage, decryptionKeyRing *KeyRing, verifyTime int64) error
helper.FreeOSMemory()
to explicitly call the GC and release the memory to the OS
- Users of the library no longer need a
replace
directive for x/crypto - Added new calls to
runtime.GC()
in the low memory attachment processor - Reduced attachment memory allocation
SetKeyGenerationOffset
to add an offset in key generation time and prevent not-yet-valid keys.
- Improved canonicalization performance
- Session key decryption now considers multiple key packets
- Improved key parsing error handling
- Updated underlying crypto library
- Key Armoring with custom headers
(key *Key) ArmorWithCustomHeaders(comment, version string) (string, error)
(key *Key) GetArmoredPublicKeyWithCustomHeaders(comment, version string) (string, error)
- Message armoring with custom headers
(msg *PGPMessage) GetArmoredWithCustomHeaders(comment, version string) (string, error)
- Extraction of encryption key IDs from a PGP message, i.e. the IDs of the keys used in the encryption of the session key
(msg *PGPMessage) GetEncryptionKeyIDs() ([]uint64, bool)
(msg *PGPMessage) GetHexEncryptionKeyIDs() ([]uint64, bool)
- Extraction of signing key IDs from a PGP message, i.e. the IDs of the keys used in the signature of the message (of all the readable, unencrypted signature packets)
(msg *PGPMessage) GetSignatureKeyIDs() ([]uint64, bool)
(msg *PGPMessage) GetHexSignatureKeyIDs() ([]string, bool)
- Getter for the x/crypto Entity (internal components of an OpenPGP key) from Key struct
(key *Key) GetEntity() *openpgp.Entity
- Helpers for binary message encryption and decryption
EncryptBinaryMessageArmored(key string, data []byte) (string, error)
DecryptBinaryMessageArmored(privateKey string, passphrase []byte, ciphertext string) ([]byte, error)
- Method to derive a public key object from a private key
(key *Key) ToPublic() (publicKey *Key, err error)
- Helpers to handle encryption (both with armored and unarmored cipher) + encrypted detached signatures in one call.
EncryptSignArmoredDetached(
publicKey, privateKey string,
passphrase, plainData []byte,
) (ciphertextArmored, encryptedSignatureArmored string, err error)
DecryptVerifyArmoredDetached(
publicKey, privateKey string,
passphrase []byte,
ciphertextArmored string,
encryptedSignatureArmored string,
) (plainData []byte, err error)
EncryptSignBinaryDetached(
publicKey, privateKey string,
passphrase, plainData []byte,
) (encryptedData []byte, encryptedSignatureArmored string, err error)
DecryptVerifyBinaryDetached(
publicKey, privateKey string,
passphrase []byte,
encryptedData []byte,
encryptedSignatureArmored string,
) (plainData []byte, err error)
- Wrappers for
EncryptSignArmoredDetached
andEncryptSignBinaryDetached
helpers, to be usable with gomobile (that doesn't support multiple retun values). These wrappers return custom structs instead.
type EncryptSignArmoredDetachedMobileResult struct {
CiphertextArmored, EncryptedSignatureArmored string
}
EncryptSignArmoredDetachedMobile(
publicKey, privateKey string,
passphrase, plainData []byte,
) (wrappedTuple *EncryptSignArmoredDetachedMobileResult, err error)
type EncryptSignBinaryDetachedMobileResult struct {
EncryptedData []byte
EncryptedSignatureArmored string
}
EncryptSignBinaryDetachedMobile(
publicKey, privateKey string,
passphrase, plainData []byte,
) (wrappedTuple *EncryptSignBinaryDetachedMobileResult, err error)
- helpers to encrypt/decrypt session keys with armored keys:
EncryptSessionKey(
publicKey string,
sessionKey *crypto.SessionKey,
) (encryptedSessionKey []byte, err error)
DecryptSessionKey(
privateKey string,
passphrase, encryptedSessionKey []byte,
) (sessionKey *crypto.SessionKey, err error)
- helpers to encrypt/decrypt binary files with armored keys:
EncryptAttachmentWithKey(
publicKey string,
filename string,
plainData []byte,
) (message *crypto.PGPSplitMessage, err error)
DecryptAttachmentWithKey(
privateKey string,
passphrase, keyPacket, dataPacket []byte,
) (attachment []byte, err error)
NewPlainMessageFromFile
Function to create newPlainMessage
s with a filename:
NewPlainMessageFromFile(data []byte, filename string, modTime int) *PlainMessage
GetFilename
to get the filename from a message:
(msg *PlainMessage) GetFilename() string
GetModTime
to get the modification time of a file
(msg *PlainMessage) GetModTime() uint32
EncryptWithCompression
to encrypt specifying a compression for asymmetric and session keys
(keyRing *KeyRing) EncryptWithCompression(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)
(sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error)
- Improved key and message armoring testing
EncryptSessionKey
now creates encrypted key packets for each valid encryption key in the provided keyring. Returns a byte slice with all the concatenated key packets.- Use aes256 cipher for password-encrypted messages.
- The helpers
EncryptSignMessageArmored
,DecryptVerifyMessageArmored
,DecryptVerifyAttachment
, andDecryptBinaryMessageArmored
now accept private keys as public keys and perform automatic casting if the keys are locked. - The
PlainMessage
struct now contains the fieldsFilename
(string) andTime
(uint32) - All the Decrypt* functions return the filename, type, and time specified in the encrypted message
- Improved error wrapping and management
- CI has been moved from travis to Actions, with automated artifacts build
- Public key armoring headers
EncryptSessionKey
throws an error when invalid encryption keys are provided- Session keys' size is now checked against the expected value to prevent panics
- Hex Key IDs returned from
(key *Key) GetHexKeyID() string
are now correctly padded - Avoid panics in
(msg *PGPMessage) GetEncryptionKeyIDs() ([]uint64, bool)
by breaking the packet.next cycle on specific packet types - Prevent the server time from going backwards in
UpdateTime
- Avoid panicking when messages with mixed symmetric/asymmetric key packets are decrypted with a password
- Updated underlying crypto library
- Improved memory zeroing in helpers
- Fixed garbage collection issues when compiled on gomobile, by copying byte slices
- Password encrypted binary files now have the correct flags
- Fixed missing space in
Hash
header of cleartext messages - Fixed tests
TestMultipleKeyMessageEncryption
andTestSymmetricKeyPacket
- Providing empty passphrase does no longer throw an error when unlocking an unencrypted private key
- Improved code linter
- SHA256 fingerprint support
(key *Key) GetSHA256Fingerprints() (fingerprints []string)
// Helper
GetSHA256Fingerprints(publicKey string) ([]string, error)
// Helper, mobile only, returns fingerprints encoded as JSON
GetJsonSHA256Fingerprints(publicKey string) ([]byte, error)
Since the open-sourcing of the library in May the API has been updated, listening to internal and external feedback, in order to have a flexible library, that can be used in a simple settings, with batteries included, or by more advanced users that might want to interact directly with the inner structure of the PGP messages and keys.
It allows direct interaction with keys and keyrings, passphrases, as well as session keys. It is designed with gomobile users in mind, so that they can use the full power of the library, without having to rely on a further wrapper.
This version comes with some design improvements, in particular the introduction of keys
- Dropped the use of strings for secrets
- New key checking functions
- Clear memory after use, in an attempt to reduce leftover secrets in RAM.
- Improved testing, in this and the underlying crypto library
KeyRing
s can now only be unencrypted, removing the problem of mixed encrypted/decrypted keyring, that caused keys not to be recognised.- Explicit key decryption and encryption.
- Underlying crypto library update.
- Underlying MIME library update.
- Fixed ECC critical bugs.
- Removed gopenpgp/pmcrypto object as it could create multiple globals. Methods are now static on the crypto object.
Signature
structSignature#KeyRing
functionSignature#IsBy
functionpmKeyObject
structencodedLength
function, internal and and unusedEncryptCore
is now internal.RandomTokenWith
,RandomToken
now takes a size- In the
KeyRing
struct:KeyRing#GetEntities
, entities are handled by the libKeyRing#GetSigningEntity
, has been made internalKeyRing#Unlock
, the unlocking functionalities are on now on the key objectBuildKeyRingNoError
,BuildKeyRingArmored
,BuildKeyRing
useNewKey
orNewKeyFromArmored
and handle errors then join them into KeyRings.ReadKeyRing
,ReadArmoredKeyRing
, useNewKeyFromArmoredReader
orNewKeyFromReader
.UnmarshalJSON
, the interface to unmarshal JSON is not relevant to this library.
Key
struct, to store, import (unserialize) and export (serialize) keys.
// Key contains a single private or public key
type Key struct {
// PGP entities in this keyring.
entity *openpgp.Entity
}
// With the functions
NewKeyFromArmoredReader(r io.Reader) (key *Key, err error)
NewKeyFromReader(r io.Reader) (key *Key, err error)
NewKey(binKeys []byte) (key *Key, err error)
NewKeyFromArmored(armored string) (key *Key, err error)
GenerateKey(name, email string, keyType string, bits int) (*Key, error)
GenerateRSAKeyWithPrimes(name, email string, bits int, primeone, primetwo, primethree, primefour []byte) (*Key, error)
(key *Key) Clone() (*Key, error)
(key *Key) Lock(passphrase []byte) (*Key, error)
(key *Key) Unlock(passphrase []byte) (*Key, error)
(key *Key) Serialize() ([]byte, error)
(key *Key) Armor() (string, error)
(key *Key) GetArmoredPublicKey() (s string, err error)
(key *Key) GetPublicKey() (b []byte, err error)
(key *Key) IsExpired() bool
(key *Key) IsPrivate() bool
(key *Key) IsLocked() (bool, error)
(key *Key) IsUnlocked() (bool, error)
(key *Key) Check() (bool, error)
(key *Key) PrintFingerprints()
(key *Key) GetHexKeyID() string
(key *Key) GetKeyID() uint64
(key *Key) GetFingerprint() string
(key *Key) ClearPrivateParams() (ok bool)
- In the
KeyRing
object:
NewKeyRing(key *Key) (*KeyRing, error)
(keyRing *KeyRing) AddKey(key *Key) error
(keyRing *KeyRing) GetKeys() []*Key
(keyRing *KeyRing) GetKey(n int) (*Key, error)
(keyRing *KeyRing) CountEntities() int
(keyRing *KeyRing) CountDecryptionEntities() int
(keyRing *KeyRing) GetIdentities() []*Identity
(keyRing *KeyRing) FirstKey() (*KeyRing, error)
(keyRing *KeyRing) Clone() (*KeyRing, error)
(keyRing *KeyRing) ClearPrivateParams()
PlainMessage
struct, to store un-encrypted messages
// PlainMessage stores a plain text / unencrypted message.
type PlainMessage struct {
// The content of the message
Data []byte
// if the content is text or binary
TextType bool
}
// With the functions
NewPlainMessage(data []byte) *PlainMessage
NewPlainMessageFromString(text string) *PlainMessage
(msg *PlainMessage) GetBinary()
(msg *PlainMessage) GetString()
(msg *PlainMessage) GetBase64()
(msg *PlainMessage) NewReader()
(msg *PlainMessage) IsText()
(msg *PlainMessage) IsBinary()
PGPMessage
struct, to store encrypted PGP messages
// PGPMessage stores a PGP-encrypted message.
type PGPMessage struct {
// The content of the message
Data []byte
}
// With the functions
NewPGPMessage(data []byte) *PGPMessage
NewPGPMessageFromArmored(armored string) (*PGPMessage, error)
(msg *PGPMessage) GetBinary() []byte
(msg *PGPMessage) NewReader() io.Reader
(msg *PGPMessage) GetArmored() (string, error)
(msg *PGPMessage) SeparateKeyAndData(estimatedLength, garbageCollector int) (outSplit *PGPSplitMessage, err error)
PGPSignature
struct, to store detached PGP signatures
// PGPSignature stores a PGP-encoded detached signature.
type PGPSignature struct {
// The content of the message
Data []byte
}
// With the functions
NewPGPSignature(data []byte) *PGPSignature
NewPGPSignatureFromArmored(armored string) (*PGPSignature, error)
(msg *PGPSignature) GetBinary() []byte
(msg *PGPSignature) GetArmored() (string, error)
SignatureVerificationError
struct, to separate signature verification errors from decryption errors
// SignatureVerificationError is returned from Decrypt and VerifyDetached functions when signature verification fails
type SignatureVerificationError struct {
Status int
Message string
}
-
IsKeyExpiredBin
has been renamed toIsKeyExpired
-
IsKeyExpired
has been renamed toIsArmoredKeyExpired
-
CheckKey
has been renamed toPrintFingerprints
-
KeyRing#ArmoredPublicKeyString
has been renamed toKeyRing#GetArmoredPublicKey
-
KeyRing#KeyIds
has been renamed toKeyRing#GetKeyIDs
-
GetTimeUnix
was renamed toGetUnixTime
-
EncryptedSplit
has been changed toPGPSplitMessage
models.EncryptedSplit struct {
DataPacket []byte
KeyPacket []byte
Algo string
}
// Is now
crypto.PGPSplitMessage struct {
DataPacket []byte
KeyPacket []byte
}
// With the functions
NewPGPSplitMessage(keyPacket []byte, dataPacket []byte) *PGPSplitMessage
NewPGPSplitMessageFromArmored(encrypted string) (*PGPSplitMessage, error)
(msg *PGPSplitMessage) GetBinaryDataPacket() []byte
(msg *PGPSplitMessage) GetBinaryKeyPacket() []byte
(msg *PGPSplitMessage) GetBinary() []byte
(msg *PGPSplitMessage) GetArmored() (string, error)
DecryptSignedVerify
has been changed toExplicitVerifyMessage
models.DecryptSignedVerify struct {
//clear text
Plaintext string
//bitmask verify status : 0
Verify int
//error message if verify failed
Message string
}
// Is now
// ExplicitVerifyMessage contains explicitely the signature verification error, for gomobile users
type ExplicitVerifyMessage struct {
Message *crypto.PlainMessage
SignatureVerificationError *crypto.SignatureVerificationError
}
// With the new helper
DecryptExplicitVerify (pgpMessage *crypto.PGPMessage, privateKeyRing, publicKeyRing *crypto.KeyRing, verifyTime int64) (*ExplicitVerifyMessage, error)
SignedString
has been changed toClearTextMessage
// SignedString wraps string with Signature
type SignedString struct {
String string
Signed *Signature
}
// Is now
// ClearTextMessage, split signed clear text message container
type ClearTextMessage struct {
Data []byte
Signature []byte
}
// With the functions
NewClearTextMessage(data []byte, signature []byte) *ClearTextMessage
NewClearTextMessageFromArmored(signedMessage string) (*ClearTextMessage, error)
(msg *ClearTextMessage) GetBinary() []byte
(msg *ClearTextMessage) GetString() string
(msg *ClearTextMessage) GetBinarySignature() []byte
(msg *ClearTextMessage) GetArmored() (string, error)
SymmetricKey
has been renamed toSessionKey
// SessionKey stores a decrypted session key.
type SessionKey struct {
// The decrypted binary session key.
Key []byte
// The symmetric encryption algorithm used with this key.
Algo string
}
// With the functions
NewSessionKeyFromToken(token []byte, algo string) *SessionKey
GenerateSessionKey() (*SessionKey, error)
GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error)
(sk *SessionKey) GetCipherFunc() packet.CipherFunction
(sk *SessionKey) GetBase64Key() string
(sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error)
(sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error)
(sk *SessionKey) Clear() (ok bool)
ReadClearSignedMessage
moved to crypto package and renamed toNewClearTextMessageFromArmored
. Changed to returnClearTextMessage
.
ReadClearSignedMessage(signedMessage string) (string, error)
// Is now
NewClearTextMessageFromArmored(signedMessage string) (*ClearTextMessage, error)
// In addition, were added:
NewClearTextMessage(data []byte, signature []byte) *ClearTextMessage
(msg *ClearTextMessage) GetBinary() []byte
(msg *ClearTextMessage) GetString() string
(msg *ClearTextMessage) GetBinarySignature() []byte
(msg *ClearTextMessage) GetArmored() (string, error)
// As helpers were added:
SignCleartextMessageArmored(privateKey string, passphrase []byte, text string) (string, error)
VerifyCleartextMessageArmored(publicKey, armored string, verifyTime int64) (string, error)
SignCleartextMessage(keyRing *crypto.KeyRing, text string) (string, error)
VerifyCleartextMessage(keyRing *crypto.KeyRing, armored string, verifyTime int64) (string, error)
EncryptAttachment
's parameters are changed to messages.
(pm *PmCrypto) EncryptAttachment(plainData []byte, fileName string, publicKey *KeyRing) (*models.EncryptedSplit, error)
// Is now
(keyRing *KeyRing) EncryptAttachment(message *PlainMessage, fileName string) (*PGPSplitMessage, error)
// As a helper was added:
EncryptSignAttachment(publicKey, privateKey string, passphrase []byte, fileName string, plainData []byte) (keyPacket, dataPacket, signature []byte, err error)
DecryptAttachment
has been moved to KeyRing struct (likeEncryptAttachment
)
(pm *PmCrypto) DecryptAttachment(keyPacket []byte, dataPacket []byte, kr *KeyRing, passphrase string) ([]byte, error)
// Is now
(keyRing *KeyRing) DecryptAttachment(message *PGPSplitMessage) (*PlainMessage, error)
// As a helper was added:
DecryptVerifyAttachment(publicKey, privateKey string, passphrase, keyPacket, dataPacket []byte, armoredSignature string) (plainData []byte, err error)
EncryptAttachmentLowMemory
was renamed toNewLowMemoryAttachmentProcessor
.
(pm *PmCrypto) EncryptAttachmentLowMemory(estimatedSize int, fileName string, publicKey *KeyRing) (*AttachmentProcessor, error)
// Is now
(keyRing *KeyRing) NewLowMemoryAttachmentProcessor(estimatedSize int, fileName string) (*AttachmentProcessor, error)
SplitArmor
was renamed toNewPGPSplitMessageFromArmored
and the model changed.
SplitArmor(encrypted string) (*models.EncryptedSplit, error)
// Is now
NewPGPSplitMessageFromArmored(encrypted string) (*PGPSplitMessage, error)
DecryptAttKey
was renamed toDecryptSessionKey
and the parameter keypacket changed to[]byte
as it's binary, not armored.
DecryptAttKey(kr *KeyRing, keyPacket string) (key *SymmetricKey, err error):
// Is now
(keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)
SetKey
has been renamed toEncryptSessionKey
, and the keypacket return value changed to[]byte
.
SetKey(kr *KeyRing, symKey *SymmetricKey) (packets string, err error):
// Is now
(keyRing *KeyRing) EncryptSessionKey(sessionSplit *SessionKey) ([]byte, error)
SeparateKeyAndData
has been split in two different function, as it did not only separate the data, but when provided a KeyRing decrypted the session key too.
SeparateKeyAndData(kr *KeyRing, r io.Reader, estimatedLength int, garbageCollector int) (outSplit *models.EncryptedSplit, err error):
// Is now the conjunction of the following function:
// To separate key and data
(msg *PGPMessage) SeparateKeyAndData(estimatedLength, garbageCollector int) (outSplit *PGPSplitMessage, err error)
// To decrypt the SessionKey
(keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)
EncryptSymmetric
has been changed, now the procedure is split in two parts:Encrypt
andSeparateKeyAndData
(kr *KeyRing) EncryptSymmetric(textToEncrypt string, canonicalizeText bool) (outSplit *models.EncryptedSplit, err error):
// Is now the conjunction of the following function:
// To encrypt
(keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)
// To separate key and data
(msg *PGPMessage) SeparateKeyAndData(estimatedLength, garbageCollector int) (outSplit *PGPSplitMessage, err error)
GenerateKey
's signature has been altered:- It now returns a
Key
struct userName
anddomain
are now joined inemail
, thename
parameter was added (To emulate the old behaviourname = email = userName + "@" + domain
).
- It now returns a
(pm *PmCrypto) GenerateKey(userName, domain, passphrase, keyType string, bits int) (string, error) :
// Is now
GenerateKey(name, email string, keyType string, bits int) (*Key, error)
// As a helper was added:
GenerateKey(name, email string, passphrase []byte, keyType string, bits int) (string, error)
GenerateRSAKeyWithPrimes
's signature has been altered:- It now returns a
Key
struct userName
anddomain
are now joined inemail
, thename
parameter was added (To emulate the old behaviourname = email = userName + "@" + domain
).
- It now returns a
(pm *PmCrypto) GenerateRSAKeyWithPrimes(userName, domain, passphrase, keyType string, bits int, prime1, prime2, prime3, prime4 []byte) (string, error):
GenerateRSAKeyWithPrimes(name, email string, bits int, primeone, primetwo, primethree, primefour []byte,) (*Key, error)
Encrypt
,EncryptArmored
,EncryptString
,EncryptMessage
functions have been changed to return and accept messages.
(kr *KeyRing) Encrypt(w io.Writer, sign *KeyRing, filename string, canonicalizeText bool) (io.WriteCloser, error)
// Is now
(keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error)
// As a helpers were added:
EncryptMessageArmored(publicKey, plaintext string) (ciphertext string, err error)
EncryptSignMessageArmored(publicKey, privateKey string, passphrase []byte, plaintext string) (ciphertext string, err error) {
Decrypt
,DecryptArmored
,DecryptString
,DecryptMessage
,DecryptMessageVerify
, andDecryptMessageStringKey
functions have been changed to return and accept messages (Same as Encrypt*). If signature verification fails they will return a SignatureVerificationError.
(kr *KeyRing) DecryptString(encrypted string) (SignedString, error)
// Is now
(keyRing *KeyRing) Decrypt(message *PGPMessage, verifyKey *KeyRing, verifyTime int64) (*PlainMessage, error)
// As a helpers were added:
DecryptMessageArmored(privateKey string, passphrase []byte, ciphertext string) (plaintext string, err error)
DecryptVerifyMessageArmored(publicKey, privateKey string, passphrase []byte, ciphertext string) (plaintext string, err error)
DecryptExplicitVerify(pgpMessage *crypto.PGPMessage, privateKeyRing, publicKeyRing *crypto.KeyRing, verifyTime int64) (*ExplicitVerifyMessage, error) {
DecryptStringIfNeeded
has been replaced withIsPGPMessage
+Decrypt*
.
(kr *KeyRing) DecryptStringIfNeeded(data string) (decrypted string, err error)
// Is now the conjunction of the following function:
// To check if the data is a PGP message
IsPGPMessage(data string) bool
// To decrypt
(keyRing *KeyRing) Decrypt(message *PGPMessage, verifyKey *KeyRing, verifyTime int64) (*PlainMessage, error)
SignString
andDetachedSign
have been replaced by signing methods.
(kr *KeyRing) SignString(message string, canonicalizeText bool) (signed string, err error)
(kr *KeyRing) DetachedSign(w io.Writer, toSign io.Reader, canonicalizeText bool, armored bool)
// Are now
(keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error)
VerifyString
has been altered in the same way as as signing. Returns SignatureVerificationError if the verification fails.
(kr *KeyRing) VerifyString(message, signature string, sign *KeyRing) (err error)
// Is now
(keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error
EncryptMessageWithPassword
uses AES-256 instead of AES-128, and has a new signature.
(pm *PmCrypto) EncryptMessageWithPassword(plaintext string, password string) (string, error)
// Is now
EncryptMessageWithPassword(message *PlainMessage, password []byte) (*PGPMessage, error)
// As a helper was added:
EncryptMessageWithPassword(password []byte, plaintext string) (ciphertext string, err error)
DecryptMessageWithPassword
accepts all symmetric algorithms known to the lib, and has a new signature
(pm *PmCrypto) DecryptMessageWithPassword(encrypted string, password string) (string, error)
// Is now
DecryptMessageWithPassword(message *PGPMessage, password []byte) (*PlainMessage, error)
// As a helper was added:
DecryptMessageWithPassword(password []byte, ciphertext string) (plaintext string, err error)
DecryptMIMEMessage
was moved toKeyRing
, and the parameters transformed to messages
(pm *PmCrypto) DecryptMIMEMessage(encryptedText string, verifierKey *KeyRing, privateKeyRing *KeyRing, passphrase string, callbacks MIMECallbacks, verifyTime int64):
// Is now
(keyRing *KeyRing) DecryptMIMEMessage(message *PGPMessage, verifyKey *KeyRing, callbacks MIMECallbacks, verifyTime int64)
RandomToken
now takes a size
(pm *PmCrypto) RandomToken() ([]byte, error)
// Is now
RandomToken(size int) ([]byte, error)
GetSessionFromKeyPacket
was changed toDecryptSessionKey
.
(pm *PmCrypto) GetSessionFromKeyPacket(keyPackage []byte, privateKey *KeyRing, passphrase string) (*SymmetricKey, error)
// Is now
(keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)
KeyPacketWithPublicKey
andKeyPacketWithPublicKeyBin
have been merged toEncryptSessionKey
.
(pm *PmCrypto) KeyPacketWithPublicKey(sessionSplit *SymmetricKey, publicKey string) ([]byte, error)
(pm *PmCrypto) KeyPacketWithPublicKeyBin(sessionSplit *SymmetricKey, publicKey []byte) ([]byte, error)
(keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error)
GetSessionFromSymmetricPacket
was renamed toDecryptSessionKeyWithPassword
.
(pm *PmCrypto) GetSessionFromSymmetricPacket(keyPackage []byte, password string) (*SymmetricKey, error)
// Is now
DecryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, error)
SymmetricKeyPacketWithPassword
has been renamed toEncryptSessionKeyWithPassword
(pm *PmCrypto) SymmetricKeyPacketWithPassword(sessionSplit *SymmetricKey, password string) ([]byte, error):
EncryptSessionKeyWithPassword(sk *SessionKey, password []byte]) ([]byte, error)
SignTextDetached
andSignBinDetached
have been changed toSignDetached
(pm *PmCrypto) SignTextDetached(plaintext string, privateKey *KeyRing, passphrase string, trim bool) (string, error)
(pm *PmCrypto) SignBinDetached(plainData []byte, privateKey *KeyRing, passphrase string) (string, error)
// Are now
(keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error)
// As helpers were added:
SignCleartextMessage(keyRing *crypto.KeyRing, text string) (string, error)
SignCleartextMessageArmored(privateKey string, passphrase []byte, text string) (string, error)
VerifyTextSignDetachedBinKey
andVerifyBinSignDetachedBinKey
have been changed toVerify
.
(pm *PmCrypto) VerifyTextSignDetachedBinKey(signature string, plaintext string, publicKey *KeyRing, verifyTime int64) (bool, error):
(pm *PmCrypto) VerifyBinSignDetachedBinKey(signature string, plainData []byte, publicKey *KeyRing, verifyTime int64) (bool, error)
// Are now
(keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error
// As helpers were added:
VerifyCleartextMessage(keyRing *crypto.KeyRing, armored string, verifyTime int64) (string, error)
VerifyCleartextMessageArmored(publicKey, armored string, verifyTime int64) (string, error)
Initial release, opensourcing of the internal library PMCrypto
, and subsequent renaming to gopenpgp