diff --git a/go.mod b/go.mod index f8b1c3c..a2d8879 100644 --- a/go.mod +++ b/go.mod @@ -3,15 +3,18 @@ module kastelo.dev/ezapt go 1.23.3 require ( + github.com/ProtonMail/go-crypto v1.1.3 github.com/alecthomas/kong v1.4.0 - golang.org/x/crypto v0.9.0 golang.org/x/mod v0.22.0 pault.ag/go/debian v0.17.0 ) require ( + github.com/cloudflare/circl v1.5.0 // indirect github.com/kjk/lzma v0.0.0-20161016003348-3fd93898850d // indirect github.com/klauspost/compress v1.16.5 // indirect github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect + golang.org/x/crypto v0.29.0 // indirect + golang.org/x/sys v0.27.0 // indirect pault.ag/go/topsort v0.1.1 // indirect ) diff --git a/go.sum b/go.sum index c69c356..e96397b 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,15 @@ +github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= +github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0= github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= github.com/alecthomas/kong v1.4.0 h1:UL7tzGMnnY0YRMMvJyITIRX1EpO6RbBRZDNcCevy3HA= github.com/alecthomas/kong v1.4.0/go.mod h1:p2vqieVMeTAnaC83txKtXe8FLke2X07aruPWXyMPQrU= github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc= github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys= +github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= github.com/kjk/lzma v0.0.0-20161016003348-3fd93898850d h1:RnWZeH8N8KXfbwMTex/KKMYMj0FJRCF6tQubUuQ02GM= @@ -12,10 +18,16 @@ github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/d github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= pault.ag/go/debian v0.17.0 h1:H+frUQv9X5yoJpYE0MLdqoAdyoHQizFL6vq+4qMMKrc= pault.ag/go/debian v0.17.0/go.mod h1:JFl0XWRCv9hWBrB5MDDZjA5GSEs1X3zcFK/9kCNIUmE= pault.ag/go/topsort v0.1.1 h1:L0QnhUly6LmTv0e3DEzbN2q6/FGgAcQvaEw65S53Bg4= diff --git a/internal/publish/pgp.go b/internal/publish/pgp.go index 8ff8d5b..6ef6811 100644 --- a/internal/publish/pgp.go +++ b/internal/publish/pgp.go @@ -2,38 +2,33 @@ package publish import ( "crypto" + "encoding/hex" "fmt" "io" + "log/slog" - _ "crypto/sha256" - - _ "golang.org/x/crypto/ripemd160" - - "golang.org/x/crypto/openpgp" - "golang.org/x/crypto/openpgp/clearsign" - "golang.org/x/crypto/openpgp/packet" + "github.com/ProtonMail/go-crypto/openpgp/clearsign" + "github.com/ProtonMail/go-crypto/openpgp/packet" + openpgp "github.com/ProtonMail/go-crypto/openpgp/v2" ) type signer struct { - keys []*packet.PrivateKey + entities []*openpgp.Entity } func newSigner(keychain io.Reader) (*signer, error) { pr := packet.NewReader(keychain) s := &signer{} for { - pkt, err := pr.Next() + ent, err := openpgp.ReadEntity(pr) if err == io.EOF { break } if err != nil { return nil, err } - if key, ok := pkt.(*packet.PrivateKey); ok { - if !key.IsSubkey && key.PublicKey.PublicKey != nil { - s.keys = append(s.keys, key) - } - } + slog.Info("Loaded key", "fingerprint", hex.EncodeToString(ent.PrimaryKey.Fingerprint)) + s.entities = append(s.entities, ent) } return s, nil } @@ -44,30 +39,28 @@ type seekable interface { } func (s *signer) DetachSign(in seekable, out io.Writer) error { - if len(s.keys) == 0 { - return fmt.Errorf("no private keys found") + if len(s.entities) == 0 { + return fmt.Errorf("no entities") } cfg := &packet.Config{ DefaultHash: crypto.SHA256, } - for _, key := range s.keys { - if _, err := in.Seek(0, io.SeekStart); err != nil { - return err - } - signer := &openpgp.Entity{PrivateKey: key} - if err := openpgp.DetachSign(out, signer, in, cfg); err != nil { - return err - } + if err := openpgp.DetachSign(out, s.entities, in, cfg); err != nil { + return err } return nil } func (s *signer) ClearSign(in seekable, out io.Writer) error { - if len(s.keys) == 0 { - return fmt.Errorf("no private keys found") + if len(s.entities) == 0 { + return fmt.Errorf("no entities") } - w, err := clearsign.EncodeMulti(out, s.keys, nil) + keys := make([]*packet.PrivateKey, len(s.entities)) + for i, e := range s.entities { + keys[i] = e.PrivateKey + } + w, err := clearsign.EncodeMulti(out, keys, nil) if err != nil { return err }