GitHub - ProtonMail/gopenpgp: A high-level OpenPGP library
source link: https://github.com/ProtonMail/gopenpgp
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
GopenPGP
GopenPGP is a high-level OpenPGP library built on top of a fork of the golang crypto library.
Table of Contents
Download/Install
-
Run
go get -u github.com/ProtonMail/gopenpgp
, or manuallygit clone
this repository into$GOPATH/src/github.com/ProtonMail/gopenpgp
. -
curl https://glide.sh/get | sh
-
Install dependencies using glide:
cd $GOPATH/src/github.com/ProtonMail/gopenpgp glide install
Documentation
https://godoc.org/github.com/ProtonMail/gopenpgp/crypto
Using with Go Mobile
Setup Go Mobile and build/bind the source code:
Go Mobile repo: https://github.com/golang/mobile Go Mobile wiki: https://github.com/golang/go/wiki/Mobile
-
Install Go:
brew install go
-
Install Gomobile:
go get -u golang.org/x/mobile/cmd/gomobile
-
Install Gobind:
go install golang.org/x/mobile/cmd/gobind
-
Install Android SDK and NDK using Android Studio
-
Set env:
export ANDROID_HOME="/AndroidSDK"
(path to your SDK) -
Init gomobile:
gomobile init -ndk /AndroidSDK/ndk-bundle/
(path to your NDK) -
Build examples:
gomobile build -target=android #or ios
Bind examples:
gomobile bind -target ios -o frameworks/name.framework
gomobile bind -target android
The bind will create framework for iOS and jar&aar files for Android (x86_64 and ARM).
Other notes
If you wish to use build.sh, you may need to modify the paths in it.
Interfacing between Go and Swift: https://medium.com/@matryer/tutorial-calling-go-code-from-swift-on-ios-and-vice-versa-with-gomobile-7925620c17a4.
Examples
Set up
import "github.com/ProtonMail/gopenpgp/crypto"
Encrypt and decrypt
Encryption and decryption will use the AES256 algorithm by default.
Encrypt / Decrypt with password
var pgp = crypto.GopenPGP{} const password = "my secret password" // Encrypt data with password armor, err := pgp.EncryptMessageWithPassword("my message", password) // Decrypt data with password message, err := pgp.DecryptMessageWithPassword(armor, password)
Encrypt / Decrypt with PGP keys
// put keys in backtick (``) to avoid errors caused by spaces or tabs const pubkey = `-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----` const privkey = `-----BEGIN PGP PRIVATE KEY BLOCK----- ... -----END PGP PRIVATE KEY BLOCK-----` // encrypted private key const passphrase = `the passphrase of the private key` // what the privKey is encrypted with publicKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(pubkey)) privateKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(privkey)) privateKeyRing.Unlock([]byte(passphrase)) // if private key is locked with passphrase // encrypt message using public key, can be optionally signed using private key armor, err := publicKeyRing.EncryptMessage("plain text", privateKeyRing) // decrypt armored encrypted message using the private key signedText, err := privateKeyRing.DecryptMessage(armor) plainText = signedText.String // verify signature (optional) signed = signedText.Signed.IsBy(publicKeyRing)
Generate key
Keys are generated with the GenerateKey
function, that returns the armored key as a string and a potential error.
The library supports RSA with different key lengths or Curve25519 keys.
var pgp = crypto.GopenPGP{} const ( localPart = "name.surname" domain = "example.com" passphrase = "LongSecret" rsaBits = 2048 ecBits = 256 ) // RSA rsaKey, err := pgp.GenerateKey(localPart, domain, passphrase, "rsa", rsaBits) // Curve25519 ecKey, err := pgp.GenerateKey(localPart, domain, passphrase, "x25519", ecBits)
Sign plain text messages
To sign plain text data either an unlocked private keyring or a passphrase must be provided. The output is an armored signature.
const privkey = `-----BEGIN PGP PRIVATE KEY BLOCK----- ... -----END PGP PRIVATE KEY BLOCK-----` // encrypted private key passphrase = "LongSecret" const trimNewlines = false signingKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(privkey)) signature, err := signingKeyRing.SignTextDetached(plaintext, passphrase, trimNewlines) // passphrase is optional if the key is already unlocked
To verify a signature either private or public keyring can be provided.
The newlines in the text are never trimmed in the verification process.
The function outputs a bool, if the verification fails verified
will be false, and the error will be not nil
.
const pubkey = `-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----` const signature = `-----BEGIN PGP SIGNATURE----- ... -----END PGP SIGNATURE-----` const verifyTime = 0 const trimNewlines = false signingKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(pubkey)) verified, err := signingKeyRing.VerifyTextDetachedSig(signature, signedPlainText, verifyTime, trimNewlines)
Detached signatures for binary data
To sign binary data either an unlocked private keyring or a passphrase must be provided. The output is an armored signature.
const privkey = `-----BEGIN PGP PRIVATE KEY BLOCK----- ... -----END PGP PRIVATE KEY BLOCK-----` // encrypted private key passphrase = "LongSecret" signingKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(privkey)) signature, err := signingKeyRing.SignBinDetached(data, passphrase) // passphrase is optional if the key is already unlocked
To verify a signature either private or public keyring can be provided.
The newlines in the text are never trimmed in the verification process.
The function outputs a bool, if the verification fails verified
will be false, and the error will be not nil
.
const pubkey = `-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----` const signature = `-----BEGIN PGP SIGNATURE----- ... -----END PGP SIGNATURE-----` const verifyTime = 0 signingKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(pubkey)) verified, err := signingKeyRing.VerifyBinDetachedSig(signature, data, verifyTime)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK