This commit adds support for the OpenPGP crypto-refresh.
- Updates go-crypto dependency to v1.1.0-alpha.1
- Adapts the session key logic to handle PKESK/SKESK v6 packets without an algorithm attached
- Updates the min go version to 1.17 as requires by go-crypto v1.1.0-alpha.1
- Update the cricl dependency to 1.3.7 matching go-crypto
Not supported:
- crypto-refresh intended recipients
- v6 key generation
Adds the following API functions:
- API to get signature key IDs for mobile:
func (msg *PGPMessage) GetHexSignatureKeyIDsJson() []byte
- API to get encryption key IDs for mobile:
func (msg *PGPMessage) GetHexEncryptionKeyIDsJson() []byte
- API to get the number of key packets in a PGP message:
func (msg *PGPSplitMessage) GetNumberOfKeyPackets() (int, error)
- API in package `helper` to encrypt a PGP message to an additional key:
func EncryptPGPMessageToAdditionalKey(messageToModify *crypto.PGPSplitMessage, keyRing *crypto.KeyRing, additionalKey *crypto.KeyRing) error
Using the notation data packets of signatures, we add a way to
set a context to detached signatures.
We also add a way to enforce that signatures have the right context
during verification.
Instead of parsing the signature packets manually, use the signature
packet returned by VerifyDetachedSignatureAndHash to get the
signature creation time.
In swift, strings must be strictly utf8, and when golang
returns a string with non utf8 characters, it gets translated to
an empty string for utf8.
To avoid this situation, we sanitize strings before returning them.
This behavior is only enabled when building with the "ios" build tag.
When the PGP/MIME decryption encounters a signature verification error, it will keep decrypting the content
and return it in the appropriate callbacks.
This allows the caller to choose to display the content with a warning rather than just returning an error.
In pgpMessage.SeparateKeyAndData(), the parsing would
ignore AEAD encrypted data packets. Which would result
in a split message with a nil data packet.
We add support for AEAD encrypted data packets.
This also affects `NewPGPSplitMessageFromArmored` and `NewPGPSplitMessage`.
When decrypting message, we have to use verifyTime in the config
otherwise signatures not valid at verifyTime but valid at Now()
will be seen as valid.
