Ensure that (SessionKey).Decrypt functions return an error if no integrity protection is present in the encrypted input. To protect SEIPDv1 encrypted messages, SED packets must not be allowed in decryption.
Add helper.QuickCheckDecrypt function to the helper package. The function allows to check with high probability if a session key can decrypt a SEIPDv1 data packet given its 24-byte prefix.
The SignatureVerificationError struct now has a Cause error field, which is returned by the the Unwrap function. The cause is also included in the error message.
NB: If the caller was relying on the exact message of the error, it might break the flow.
When a signature fails verification because of the signature context, it returns a SignatureVerificationError with
status constants.SIGNATURE_BAD_CONTEXT instead of constants.SIGNATURE_FAILED.
Added
Add api for signature context on streams SignDetachedStreamWithContext.
Add API for signature context on embedded signatures.
Fixed
When verifying detached signatures, gopenpgp sometimes needs to reattempt verification a second time to check for edge cases of signature expiration. This logic was broken because it was not rewinding the data readers.
Update github.com/ProtonMail/go-crypto to the latest version
More strictly verify detached signatures: reject detached signatures from revoked and expired keys.
In GetVerifiedSignatureTimestamp, use the new VerifyDetachedSignatureAndHash function to get the verified signature, instead of parsing the signature packets manually to get the timestamp.
