Rename functions, clarify examples (#3)
This commit is contained in:
wussler
Daniel Huigens
parent
b3047cee4d
commit
388fa872e7
3 changed files with 23 additions and 24 deletions
27
README.md
27
README.md
|
|
@ -114,21 +114,20 @@ const privkey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||||
|
|
||||||
const passphrase = `the passphrase of the private key` // what the privKey is encrypted with
|
const passphrase = `the passphrase of the private key` // what the privKey is encrypted with
|
||||||
|
|
||||||
privateKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(privkey))
|
|
||||||
publicKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(pubkey))
|
publicKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(pubkey))
|
||||||
|
|
||||||
// encrypt message using public key and can be optionally signed using private key and passphrase
|
privateKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(privkey))
|
||||||
armor, err := pgp.EncryptMessage("plain text", publicKeyRing, privateKeyRing, passphrase, false)
|
|
||||||
// OR
|
|
||||||
privateKeyRing.Unlock([]byte(passphrase)) // if private key is locked with passphrase
|
privateKeyRing.Unlock([]byte(passphrase)) // if private key is locked with passphrase
|
||||||
armor, err := publicKeyRing.EncryptString("plain text", privateKeyRing)
|
|
||||||
|
|
||||||
// decrypt armored encrypted message using the private key and the passphrase of the private key
|
// encrypt message using public key, can be optionally signed using private key
|
||||||
plainText, err := pgp.DecryptMessage(armor, privateKeyRing, passphrase)
|
armor, err := publicKeyRing.EncryptMessage("plain text", privateKeyRing)
|
||||||
// OR
|
|
||||||
signedText, err := privateKeyRing.DecryptString(armor)
|
// decrypt armored encrypted message using the private key
|
||||||
|
signedText, err := privateKeyRing.DecryptMessage(armor)
|
||||||
plainText = signedText.String
|
plainText = signedText.String
|
||||||
|
|
||||||
|
// verify signature (optional)
|
||||||
|
signed = signedText.Signed.IsBy(publicKeyRing)
|
||||||
```
|
```
|
||||||
|
|
||||||
### Generate key
|
### Generate key
|
||||||
|
|
@ -139,7 +138,7 @@ The library supports RSA with different key lengths or Curve25519 keys.
|
||||||
```go
|
```go
|
||||||
var pgp = crypto.GopenPGP{}
|
var pgp = crypto.GopenPGP{}
|
||||||
|
|
||||||
var (
|
const (
|
||||||
localPart = "name.surname"
|
localPart = "name.surname"
|
||||||
domain = "example.com"
|
domain = "example.com"
|
||||||
passphrase = "LongSecret"
|
passphrase = "LongSecret"
|
||||||
|
|
@ -166,7 +165,7 @@ const privkey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||||
passphrase = "LongSecret"
|
passphrase = "LongSecret"
|
||||||
const trimNewlines = false
|
const trimNewlines = false
|
||||||
|
|
||||||
signingKeyRing, err := ReadArmoredKeyRing(strings.NewReader(privkey))
|
signingKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(privkey))
|
||||||
|
|
||||||
signature, err := signingKeyRing.SignTextDetached(plaintext, passphrase, trimNewlines)
|
signature, err := signingKeyRing.SignTextDetached(plaintext, passphrase, trimNewlines)
|
||||||
// passphrase is optional if the key is already unlocked
|
// passphrase is optional if the key is already unlocked
|
||||||
|
|
@ -188,7 +187,7 @@ const signature = `-----BEGIN PGP SIGNATURE-----
|
||||||
const verifyTime = 0
|
const verifyTime = 0
|
||||||
const trimNewlines = false
|
const trimNewlines = false
|
||||||
|
|
||||||
signingKeyRing, err := ReadArmoredKeyRing(strings.NewReader(pubkey))
|
signingKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(pubkey))
|
||||||
|
|
||||||
verified, err := signingKeyRing.VerifyTextDetachedSig(signature, signedPlainText, verifyTime, trimNewlines)
|
verified, err := signingKeyRing.VerifyTextDetachedSig(signature, signedPlainText, verifyTime, trimNewlines)
|
||||||
```
|
```
|
||||||
|
|
@ -204,7 +203,7 @@ const privkey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||||
-----END PGP PRIVATE KEY BLOCK-----` // encrypted private key
|
-----END PGP PRIVATE KEY BLOCK-----` // encrypted private key
|
||||||
passphrase = "LongSecret"
|
passphrase = "LongSecret"
|
||||||
|
|
||||||
signingKeyRing, err := ReadArmoredKeyRing(strings.NewReader(privkey))
|
signingKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(privkey))
|
||||||
|
|
||||||
signature, err := signingKeyRing.SignBinDetached(data, passphrase)
|
signature, err := signingKeyRing.SignBinDetached(data, passphrase)
|
||||||
// passphrase is optional if the key is already unlocked
|
// passphrase is optional if the key is already unlocked
|
||||||
|
|
@ -225,7 +224,7 @@ const signature = `-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
const verifyTime = 0
|
const verifyTime = 0
|
||||||
|
|
||||||
signingKeyRing, err := ReadArmoredKeyRing(strings.NewReader(pubkey))
|
signingKeyRing, err := crypto.ReadArmoredKeyRing(strings.NewReader(pubkey))
|
||||||
|
|
||||||
verified, err := signingKeyRing.VerifyBinDetachedSig(signature, data, verifyTime)
|
verified, err := signingKeyRing.VerifyBinDetachedSig(signature, data, verifyTime)
|
||||||
```
|
```
|
||||||
|
|
|
||||||
|
|
@ -228,9 +228,9 @@ func (kr *KeyRing) EncryptArmored(w io.Writer, sign *KeyRing) (wc io.WriteCloser
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptString encrypts and armors a string to the keyring's owner.
|
// EncryptMessage encrypts and armors a string to the keyring's owner.
|
||||||
// Wrapper of Encrypt.
|
// Wrapper of Encrypt.
|
||||||
func (kr *KeyRing) EncryptString(s string, sign *KeyRing) (encrypted string, err error) {
|
func (kr *KeyRing) EncryptMessage(s string, sign *KeyRing) (encrypted string, err error) {
|
||||||
var b bytes.Buffer
|
var b bytes.Buffer
|
||||||
w, err := kr.EncryptArmored(&b, sign)
|
w, err := kr.EncryptArmored(&b, sign)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -272,10 +272,10 @@ func (kr *KeyRing) EncryptSymmetric(textToEncrypt string, canonicalizeText bool)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// DecryptString decrypts an armored string sent to the keypair's owner.
|
// DecryptMessage decrypts an armored string sent to the keypair's owner.
|
||||||
// If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors),
|
// If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors),
|
||||||
// contents are still provided if library clients wish to process this message further.
|
// contents are still provided if library clients wish to process this message further.
|
||||||
func (kr *KeyRing) DecryptString(encrypted string) (SignedString, error) {
|
func (kr *KeyRing) DecryptMessage(encrypted string) (SignedString, error) {
|
||||||
r, signed, err := kr.DecryptArmored(strings.NewReader(encrypted))
|
r, signed, err := kr.DecryptArmored(strings.NewReader(encrypted))
|
||||||
if err != nil && err != pgperrors.ErrSignatureExpired {
|
if err != nil && err != pgperrors.ErrSignatureExpired {
|
||||||
return SignedString{String: encrypted, Signed: nil}, err
|
return SignedString{String: encrypted, Signed: nil}, err
|
||||||
|
|
@ -290,15 +290,15 @@ func (kr *KeyRing) DecryptString(encrypted string) (SignedString, error) {
|
||||||
return SignedString{String: s, Signed: signed}, nil
|
return SignedString{String: s, Signed: signed}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// DecryptStringIfNeeded data if has armored PGP message format, if not return original data.
|
// DecryptMessageIfNeeded data if has armored PGP message format, if not return original data.
|
||||||
// If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors),
|
// If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors),
|
||||||
// contents are still provided if library clients wish to process this message further.
|
// contents are still provided if library clients wish to process this message further.
|
||||||
func (kr *KeyRing) DecryptStringIfNeeded(data string) (decrypted string, err error) {
|
func (kr *KeyRing) DecryptMessageIfNeeded(data string) (decrypted string, err error) {
|
||||||
if re := regexp.MustCompile("^-----BEGIN " + constants.PGPMessageHeader + "-----(?s:.+)-----END " +
|
if re := regexp.MustCompile("^-----BEGIN " + constants.PGPMessageHeader + "-----(?s:.+)-----END " +
|
||||||
constants.PGPMessageHeader + "-----"); re.MatchString(data) {
|
constants.PGPMessageHeader + "-----"); re.MatchString(data) {
|
||||||
|
|
||||||
var signed SignedString
|
var signed SignedString
|
||||||
signed, err = kr.DecryptString(data)
|
signed, err = kr.DecryptMessage(data)
|
||||||
decrypted = signed.String
|
decrypted = signed.String
|
||||||
} else {
|
} else {
|
||||||
decrypted = data
|
decrypted = data
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestKeyRing_Decrypt(t *testing.T) {
|
func TestKeyRing_Decrypt(t *testing.T) {
|
||||||
decString, err := testPrivateKeyRing.DecryptStringIfNeeded(readTestFile("keyring_token", false))
|
decString, err := testPrivateKeyRing.DecryptMessageIfNeeded(readTestFile("keyring_token", false))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot decrypt token:", err)
|
t.Fatal("Cannot decrypt token:", err)
|
||||||
}
|
}
|
||||||
|
|
@ -66,14 +66,14 @@ func TestKeyRing_Decrypt(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestKeyRing_Encrypt(t *testing.T) {
|
func TestKeyRing_Encrypt(t *testing.T) {
|
||||||
encrypted, err := testPublicKeyRing.EncryptString(testToken, testPrivateKeyRing)
|
encrypted, err := testPublicKeyRing.EncryptMessage(testToken, testPrivateKeyRing)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot encrypt token:", err)
|
t.Fatal("Cannot encrypt token:", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// We can't just check if encrypted == testEncryptedToken
|
// We can't just check if encrypted == testEncryptedToken
|
||||||
// Decrypt instead
|
// Decrypt instead
|
||||||
ss, err := testPrivateKeyRing.DecryptString(encrypted)
|
ss, err := testPrivateKeyRing.DecryptMessage(encrypted)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot decrypt token:", err)
|
t.Fatal("Cannot decrypt token:", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue