Update module github.com/ProtonMail/gopenpgp/v2 to v3
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
github.com/ProtonMail/gopenpgp/v2 | require | major |
v2.5.0 -> v3.1.0
|
⚠️ WarningSome dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
ProtonMail/gopenpgp (github.com/ProtonMail/gopenpgp/v2)
v3.1.0
What's Changed
Added
- Add decryption option to allow disabling the integrity tag requirement by @JasonQuinn in https://github.com/ProtonMail/gopenpgp/pull/314
- Add option to decrypt with signature keys by @lubux in https://github.com/ProtonMail/gopenpgp/pull/316
Changed
- Adapt to go-crypto cleartext API changes by @lubux in https://github.com/ProtonMail/gopenpgp/pull/310
- Rename
profile.Custom.AllowWeakRSA
toprofile.Custom.InsecureAllowWeakRSA
- Update go-crypto fork to
v1.1.3
Full Changelog: https://github.com/ProtonMail/gopenpgp/compare/v3.0.0...v3.1.0
v3.0.0
What's Changed
New simplified and unified API
GopenPGP v3 introduces a new unified API for high level OpenPGP operations. In comparison to GopenPGP v2, where similar functions were dispersed across different types and required varying implementations for the same operations, GopenPGP v3 consolidates these functions into a consistent interface. Now, operations such as Sign, Verify, Encrypt, Decrypt, and Key generation are each accessible through a unified, builder like API, simplifying integration and enhancing code readability across cryptographic workflows.
However, applications migrating from v2 to v3 will need to update their API calls, as the changes are not backward-compatible. This means that all previous API calls must be rewritten to align with the new, unified API structure. GopenPGP v3 supports the migration process by offering extensive documentation and practical examples. We recommend upgrading to v3 for the latest features and improvements, but we'll continue to support GopenPGP v2 for the time being. Our support includes ongoing bug fixes and minor feature updates to ensure stability and functionality for existing users.
For usage examples of the new API, see the README. For the full documentation, see https://pkg.go.dev/github.com/ProtonMail/gopenpgp/v3.
Profiles
GopenPGP v3 introduces the concept of profiles, enabling applications to configure OpenPGP algorithm selection based on their specific needs. For most applications, the provided preset profiles offer robust and secure defaults, eliminating the need for additional configuration.
RFC 9580 and Interoperability
GopenPGP v3 adds full support for the latest OpenPGP specification, RFC 9580. Compliance with the specification has also been significantly enhanced, as confirmed by the results in the OpenPGP interoperability test suite. These enhancements in GopenPGP v3 are possible by leveraging a new API in the go-crypto fork, which enables a range of improvements in functionality, compliance, and performance.
Go Mobile Support
GopenPGP v3 aims to be fully compatible with Gomobile to provide an API for mobile platforms. For this reason, the library defaults to a builder-like pattern, which is less commonly used in Go. All code that is only relevant for mobile platforms has been moved to the mobile
module.
Extending Functionality
GopenPGP v3 introduces a streaming interface across all APIs, enabling memory efficient processing of large data. Additionally, it extends the library's functionality with various improvements, such as:
- Consider all signatures in a message during verification and allow inspection of each.
- Support signing with multiple keys.
- Support encrypting to an "anonymous recipient", where the recipient KeyID is represented as all zeros in the message.
- Add support for the intended recipient feature as specified in RFC 9580.
- Ensure consistent behaviour across all APIs.
- Support generating v6 keys as specified in RFC 9580.
Full Changelog: https://github.com/ProtonMail/gopenpgp/compare/v2.7.5...v3.0.0.
Changelog since v3.0.0-beta.0: https://github.com/ProtonMail/gopenpgp/compare/v3.0.0-beta.0...v3.0.0.
v2.8.1
What's Changed
Changed
- Update go-crypto fork to
v1.1.3
Full Changelog: https://github.com/ProtonMail/gopenpgp/compare/v2.8.0...v2.8.1
v2.8.0
What's Changed
Support for RFC 9580
Adds support for reading and writing messages with RFC 9580 by updating the underlying go-crypto fork library to the latest version. Note that GopenPGP v2 currently does not support:
- RFC 9580 intended recipients
- RFC 9580 key generation
For full RFC 9580 support, we recommend upgrading to GopenPGP v3.
Full Changelog: https://github.com/ProtonMail/gopenpgp/compare/v2.7.5...v2.8.0
v2.7.5
Added
- API to get signature key IDs for mobile:
func (msg *PGPMessage) GetHexSignatureKeyIDsJson() []byte
- API to get encryption key IDs for mobile:
func (msg *PGPMessage) GetHexEncryptionKeyIDsJson() []byte
- API to get the number of key packets in a PGP message:
func (msg *PGPSplitMessage) GetNumberOfKeyPackets() (int, error)
- API in package
helper
to encrypt a PGP message to an additional key:func EncryptPGPMessageToAdditionalKey(messageToModify *crypto.PGPSplitMessage, keyRing *crypto.KeyRing, additionalKey *crypto.KeyRing) error
v2.7.4
Fixed
- Ensure that
(SessionKey).Decrypt
functions return an error if no integrity protection is present in the encrypted input. To protect SEIPDv1 encrypted messages, SED packets must not be allowed in decryption.
v2.7.3
Added
- Add
helper.QuickCheckDecrypt
function to the helper package. The function allows to check with high probability if a session key can decrypt a SEIPDv1 data packet given its 24-byte prefix.
v2.7.2
Update the underlying crypto library
v2.7.1
Added
- Add mobile helpers for signature verification with contexts.
v2.7.0
Changed
- The
SignatureVerificationError
struct now has aCause error
field, which is returned by the the Unwrap function. The cause is also included in the error message. NB: If the caller was relying on the exact message of the error, it might break the flow. - When a signature fails verification because of the signature context, it returns a
SignatureVerificationError
with statusconstants.SIGNATURE_BAD_CONTEXT
instead ofconstants.SIGNATURE_FAILED
.
Added
- Add api for signature context on streams
SignDetachedStreamWithContext
. - Add API for signature context on embedded signatures.
Fixed
- When verifying detached signatures, gopenpgp sometimes needs to reattempt verification a second time to check for edge cases of signature expiration. This logic was broken because it was not rewinding the data readers.
v2.6.1
Security fix
- Update
github.com/ProtonMail/go-crypto
andgithub.com/ProtonMail/go-mime
to fix panic on invalid inputs.
v2.6.0
: Release version 2.6.0
Added
- API for adding context to detached signatures:
sig, err := keyRing.SignDetachedWithContext(message, context)
- API to verify the context of detached signatures:
err := keyRing.VerifyDetachedWithContext(message, signature, verifyTime, verificationContext)
Changed
- Update
github.com/ProtonMail/go-crypto
to the latest version - More strictly verify detached signatures: reject detached signatures from revoked and expired keys.
- In
GetVerifiedSignatureTimestamp
, use the newVerifyDetachedSignatureAndHash
function to get the verified signature, instead of parsing the signature packets manually to get the timestamp. - Upgraded golang.org/x/crypto dependency to v0.7.0
v2.5.2
: Release version 2.5.2
Changed
- Update
github.com/ProtonMail/go-crypto
to the latest version
v2.5.1
: Release version 2.5.1
Added
- Streaming API to encrypt with compression:
func (keyRing *KeyRing) EncryptStreamWithCompression
func (keyRing *KeyRing) EncryptSplitStreamWithCompression
func (sk *SessionKey) EncryptStreamWithCompression
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.