jsonsign (perkeep/pkg/jsonsign) - Perkeep

Home Download Docs Code Community

import "perkeep/pkg/jsonsign"

Overview ▹

Overview ▾

Package jsonsign implements Perkeep's cryptographic signing and verification of JSON blobs.

Index

func ArmoredPublicKey(entity *openpgp.Entity) (string, error)

func EntityFromSecring(keyID, keyFile string) (*openpgp.Entity, error)

func GenerateNewSecRing(secRing string) (keyID string, err error)

func KeyIdFromRing(secRing string) (keyID string, err error)

func NewEntity() (*openpgp.Entity, error)

func ParseArmoredPublicKey(r io.Reader) (fingerprint, armoredKey string, err error)

func WriteKeyRing(w io.Writer, el openpgp.EntityList) error

type CachingEntityFetcher

func (ce *CachingEntityFetcher) FetchEntity(fingerprint string) (*openpgp.Entity, error)

type EntityFetcher

type FileEntityFetcher

func FlagEntityFetcher() *FileEntityFetcher

func (fe *FileEntityFetcher) FetchEntity(fingerprint string) (*openpgp.Entity, error)

type SignRequest

func (sr *SignRequest) Sign(ctx context.Context) (signedJSON string, err error)

type VerifiedSignature

type VerifyRequest

func NewVerificationRequest(sjson string, fetcher blob.Fetcher) (vr *VerifyRequest)

func (vr *VerifyRequest) FindAndParsePublicKeyBlob(ctx context.Context) error

func (vr *VerifyRequest) ParsePayloadMap() bool

func (vr *VerifyRequest) ParseSigMap() bool

func (vr *VerifyRequest) Verify(ctx context.Context) (info VerifiedSignature, err error)

func (vr *VerifyRequest) VerifySignature() bool

Package files

doc.go keys.go sign.go sign_normal.go verify.go

func ArmoredPublicKey

func ArmoredPublicKey(entity *openpgp.Entity) (string, error)

func EntityFromSecring

func EntityFromSecring(keyID, keyFile string) (*openpgp.Entity, error)

EntityFromSecring returns the openpgp Entity from keyFile that matches keyID. If empty, keyFile defaults to osutil.SecretRingFile().

func GenerateNewSecRing

func GenerateNewSecRing(secRing string) (keyID string, err error)

GenerateNewSecRing creates a new secret ring file secRing, with a new GPG identity. It returns the public keyID of that identity. It returns an error if the file already exists.

func KeyIdFromRing

func KeyIdFromRing(secRing string) (keyID string, err error)

KeyIdFromRing returns the public keyID contained in the secret ring file secRing. It expects only one keyID in this secret ring and returns an error otherwise.

func NewEntity

func NewEntity() (*openpgp.Entity, error)

NewEntity returns a new OpenPGP entity.

func ParseArmoredPublicKey

func ParseArmoredPublicKey(r io.Reader) (fingerprint, armoredKey string, err error)

ParseArmoredPublicKey tries to parse an armored public key from r, taking care to bound the amount it reads. The returned fingerprint is 40 capital hex digits. The returned armoredKey is a copy of the contents read.

func WriteKeyRing

func WriteKeyRing(w io.Writer, el openpgp.EntityList) error

type CachingEntityFetcher

type CachingEntityFetcher struct {
    Fetcher EntityFetcher
    // contains filtered or unexported fields
}

func (*CachingEntityFetcher) FetchEntity

func (ce *CachingEntityFetcher) FetchEntity(fingerprint string) (*openpgp.Entity, error)

type EntityFetcher

type EntityFetcher interface {
    FetchEntity(fingerprint string) (*openpgp.Entity, error)
}

type FileEntityFetcher

type FileEntityFetcher struct {
    File string
}

func FlagEntityFetcher

func FlagEntityFetcher() *FileEntityFetcher

func (*FileEntityFetcher) FetchEntity

func (fe *FileEntityFetcher) FetchEntity(fingerprint string) (*openpgp.Entity, error)

type SignRequest

type SignRequest struct {
    UnsignedJSON string
    Fetcher      blob.Fetcher
    ServerMode   bool // if true, can't use pinentry or gpg-agent, etc.

    // Optional signature time. If zero, time.Now() is used.
    SignatureTime time.Time

    // Optional function to return an entity (including decrypting
    // the PrivateKey, if necessary)
    EntityFetcher EntityFetcher

    // SecretKeyringPath is only used if EntityFetcher is nil,
    // in which case SecretKeyringPath is used if non-empty.
    // As a final resort, we default to osutil.SecretRingFile().
    SecretKeyringPath string
}

func (*SignRequest) Sign

func (sr *SignRequest) Sign(ctx context.Context) (signedJSON string, err error)

type VerifiedSignature

type VerifiedSignature struct {
}

type VerifyRequest

type VerifyRequest struct {
    CamliSigner     blob.Ref
    CamliSig        string
    PublicKeyPacket *packet.PublicKey

    // set if Verify() returns true:
    PayloadMap  map[string]interface{} // The JSON values from BPJ
    SignerKeyId string                 // e.g. "2931A67C26F5ABDA"

    Err error // last error encountered
    // contains filtered or unexported fields
}

See doc/json-signing/* for background and details on these variable names.

func NewVerificationRequest

func NewVerificationRequest(sjson string, fetcher blob.Fetcher) (vr *VerifyRequest)

func (*VerifyRequest) FindAndParsePublicKeyBlob

func (vr *VerifyRequest) FindAndParsePublicKeyBlob(ctx context.Context) error

func (*VerifyRequest) ParsePayloadMap

func (vr *VerifyRequest) ParsePayloadMap() bool

func (*VerifyRequest) ParseSigMap

func (vr *VerifyRequest) ParseSigMap() bool

func (*VerifyRequest) Verify

func (vr *VerifyRequest) Verify(ctx context.Context) (info VerifiedSignature, err error)

func (*VerifyRequest) VerifySignature

func (vr *VerifyRequest) VerifySignature() bool

Subdirectories

Name		Synopsis
..
signhandler		Package signhandler implements the HTTP interface to signing and verifying Perkeep JSON blobs.

Website layout inspired by memcached.
Content by the authors.