gopenpgp
gopenpgp copied to clipboard
ProtonMail
A high-level OpenPGP library
Rename "latestServerTime" to "fixedTime" which better describes actual behavior (it was already setting fixed time for all time related operations). Allow using custom time offset for all time related operations...
Currently verifySignature accepts seconds for verification, but internally it uses time.Time for comparison. That means if we created openpgp.Entity with default time field, test can fail with "key expired" error...
The repository `github.com/pkg/errors` is no longer maintained. Instead, the package is now part of the Go standard library (`pkg.go.dev/errors`) and further developed. In this commit we refactor the usages of...
I am currently working on a Middleware for encrypting/signing mails with go-mail and was wondering why the helper packages does not provide a `EncryptSignBinaryMessageArmored` method. Is that intentionally or has...
This prevent hard plumbing and to only use io.Reader interface with security. Signed-off-by: Guilhem Lettron
SHA-1 is unsuitable for signatures over data. The first collision was published in 2017, and attacks have advanced since to the point that chosen-prefix attacks are feasible now. Signatures using...
When a certificate contains an unbound subkey, GopenPGP refuses to encrypt for the certificate's bound subkey: ``` -----BEGIN PGP PUBLIC KEY BLOCK----- xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv /seOXpgecTdOcVttfzC8ycIKrt3aQTiwOG/ctaR4Bk/t6ayNFfdUNxHWk4WCKzdz /56fW2O0F23qIRd8UUJp5IIlN4RDdRCtdhVQIAuzvp2oVy/LaS2kxQoKvph/5pQ/ 5whqsyroEWDJoSV0yOb25B/iwk/pLUFoyhDG9bj0kIzDxrEqW+7Ba8nocQlecMF3 X5KMN5kp2zraLv9dlBBpWW43XktjcCZgMy20SouraVma8Je/ECwUWYUiAZxLIlMv 9CurEOtxUw6N3RdOtLmYZS9uEnn5y1UkF88o8Nku890uk6BrewFzJyLAx5wRZ4F0 qV/yq36UWQ0JB/AUGhHVPdFf6pl6eaxBwT5GXvbBUibtf8YI2og5RsgTWtXfU7eb SGXrl5ZMpbA6mbfhd0R8aPxWfmDWiIOhBufhMCvUHh1sApMKVZnvIff9/0Dca3wb...
Unknown versions of Signature packets should be ignored to allow for a smooth evolution of the OpenPGP message format. - https://tests.sequoia-pgp.org/#Detached_signatures_with_unknown_packets Reproducer: This is a fictitious v23 signature followed by...
Unknown versions of PKESK and SKESK packets, as well as unknown S2K parameters in known versions of SKESK packets, should be ignored to allow for a smooth evolution of the...