ProtonMail / go-crypto

Fork of go/x/crypto, providing an up-to-date OpenPGP implementation
https://pkg.go.dev/github.com/ProtonMail/go-crypto
BSD 3-Clause "New" or "Revised" License
334 stars 101 forks source link

WIP: Update to v6 as described in the crypto refresh #161

Closed lubux closed 9 months ago

lubux commented 1 year ago

This pull request implements most of the missing features described in the crypto refresh. The following features are added:

lubux commented 1 year ago

Thanks for the review. The update includes the following changes:

Currently, the SOP interoperability test suite fails due to the removal of armor checksums. It seems that GnuPG does not accept such messages without a checksum for detachable signature verification.

Fails to verify with GnuPG:

-----BEGIN PGP SIGNATURE-----
Version: GopenPGP 2.6.1
Comment: https://gopenpgp.org

wsDzBAABCgAnBQJkQRqPCZD7/MgqAV5zMBYhBNGmbhojsYLJmA94jPv8yCoBXnMw
AAD96wv9H138x1JuuuUu5qPCJiZZnZyC0H7z9IA3tlc6TtpMKBlATTQWMVA0m2bh
D9IwZit4W0Qvfih4o04eZBkQDGvzBsJQ0F63GQCyIHfEBbl2UlMmG8sR1qaqCD9E
qD4PN8S9kAi/+B0ntaH7EUW835GscdgwaC/v2uDXiiW/01jzCs0HrD/7Yi26SI4+
Ytp11ots5ySVAq6E+JtNwJ6IRGy+T6wRUZ+D5Y9UaxFoavG1S0N7QFauxcBa4Yn8
qjh03/vyQSzjkV6MwCIwNI7k4Q+FddzbbXn45xNjmHLkwu5qOuvm52K24V298lbi
wpZRhe+FUTz/uQxsUu2/sKrVmCygVk2BDJ+mKQH1Xg9Zd41V3TEivjOwosuSjj2K
LhPXwLDAB8/nw51S//uIO9YErn8tqB44zH7yASw8C+TQ/vjL+GAUhAnNS/DO1w6l
qa1D/osXcDLQF8sIlwqZFiRbx7ARAjFWu6EQr86HBYCuVJ0Dcn++2axKga6VcFDl
GDsGmvRk
-----END PGP SIGNATURE-----

Verifies with GnuPG:

-----BEGIN PGP SIGNATURE-----
Version: GopenPGP 2.6.1
Comment: https://gopenpgp.org

wsDzBAABCgAnBQJkQRqPCZD7/MgqAV5zMBYhBNGmbhojsYLJmA94jPv8yCoBXnMw
AAD96wv9H138x1JuuuUu5qPCJiZZnZyC0H7z9IA3tlc6TtpMKBlATTQWMVA0m2bh
D9IwZit4W0Qvfih4o04eZBkQDGvzBsJQ0F63GQCyIHfEBbl2UlMmG8sR1qaqCD9E
qD4PN8S9kAi/+B0ntaH7EUW835GscdgwaC/v2uDXiiW/01jzCs0HrD/7Yi26SI4+
Ytp11ots5ySVAq6E+JtNwJ6IRGy+T6wRUZ+D5Y9UaxFoavG1S0N7QFauxcBa4Yn8
qjh03/vyQSzjkV6MwCIwNI7k4Q+FddzbbXn45xNjmHLkwu5qOuvm52K24V298lbi
wpZRhe+FUTz/uQxsUu2/sKrVmCygVk2BDJ+mKQH1Xg9Zd41V3TEivjOwosuSjj2K
LhPXwLDAB8/nw51S//uIO9YErn8tqB44zH7yASw8C+TQ/vjL+GAUhAnNS/DO1w6l
qa1D/osXcDLQF8sIlwqZFiRbx7ARAjFWu6EQr86HBYCuVJ0Dcn++2axKga6VcFDl
GDsGmvRk
=s/ni
-----END PGP SIGNATURE-----
twiss commented 1 year ago

OK, thanks for the summary. Maybe let's still generate the checksum for armored detached v4 signatures, then.

lubux commented 1 year ago

I changed the API such that armor.Encode(...) produces a checksum for now. To produce an armored message without a checksum, one has to use armor.EncodeWithoutChecksum(...)