Update module github.com/ProtonMail/gopenpgp/v2 to v2.7.5
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| github.com/ProtonMail/gopenpgp/v2 | require | minor |
v2.5.0 -> v2.7.5
|
⚠ WarningSome dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
ProtonMail/gopenpgp (github.com/ProtonMail/gopenpgp/v2)
v2.7.5
Added
- API to get signature key IDs for mobile:
func (msg *PGPMessage) GetHexSignatureKeyIDsJson() []byte - API to get encryption key IDs for mobile:
func (msg *PGPMessage) GetHexEncryptionKeyIDsJson() []byte - API to get the number of key packets in a PGP message:
func (msg *PGPSplitMessage) GetNumberOfKeyPackets() (int, error) - API in package
helperto encrypt a PGP message to an additional key:func EncryptPGPMessageToAdditionalKey(messageToModify *crypto.PGPSplitMessage, keyRing *crypto.KeyRing, additionalKey *crypto.KeyRing) error
v2.7.4
Fixed
- Ensure that
(SessionKey).Decryptfunctions return an error if no integrity protection is present in the encrypted input. To protect SEIPDv1 encrypted messages, SED packets must not be allowed in decryption.
v2.7.3
Added
- Add
helper.QuickCheckDecryptfunction to the helper package. The function allows to check with high probability if a session key can decrypt a SEIPDv1 data packet given its 24-byte prefix.
v2.7.2
Update the underlying crypto library
v2.7.1
Added
- Add mobile helpers for signature verification with contexts.
v2.7.0
Changed
- The
SignatureVerificationErrorstruct now has aCause errorfield, which is returned by the the Unwrap function. The cause is also included in the error message. NB: If the caller was relying on the exact message of the error, it might break the flow. - When a signature fails verification because of the signature context, it returns a
SignatureVerificationErrorwith statusconstants.SIGNATURE_BAD_CONTEXTinstead ofconstants.SIGNATURE_FAILED.
Added
- Add api for signature context on streams
SignDetachedStreamWithContext. - Add API for signature context on embedded signatures.
Fixed
- When verifying detached signatures, gopenpgp sometimes needs to reattempt verification a second time to check for edge cases of signature expiration. This logic was broken because it was not rewinding the data readers.
v2.6.1
Security fix
- Update
github.com/ProtonMail/go-cryptoandgithub.com/ProtonMail/go-mimeto fix panic on invalid inputs.
v2.6.0: Release version 2.6.0
Added
- API for adding context to detached signatures:
sig, err := keyRing.SignDetachedWithContext(message, context) - API to verify the context of detached signatures:
err := keyRing.VerifyDetachedWithContext(message, signature, verifyTime, verificationContext)
Changed
- Update
github.com/ProtonMail/go-cryptoto the latest version - More strictly verify detached signatures: reject detached signatures from revoked and expired keys.
- In
GetVerifiedSignatureTimestamp, use the newVerifyDetachedSignatureAndHashfunction to get the verified signature, instead of parsing the signature packets manually to get the timestamp. - Upgraded golang.org/x/crypto dependency to v0.7.0
v2.5.2: Release version 2.5.2
Changed
- Update
github.com/ProtonMail/go-cryptoto the latest version
v2.5.1: Release version 2.5.1
Added
- Streaming API to encrypt with compression:
func (keyRing *KeyRing) EncryptStreamWithCompressionfunc (keyRing *KeyRing) EncryptSplitStreamWithCompressionfunc (sk *SessionKey) EncryptStreamWithCompression
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Edited by renovate