gpg

package

v3.0.0-rc3 Latest Latest Go to latest Published: Mar 24, 2025 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Documentation ¶

Index ¶

Constants
func DeletePGPKey(keyID string) error
func GetInstalledPGPKeys(kids []string) ([]*appsv1.GnuPGPublicKey, error)
func ImportPGPKeys(keyFile string) ([]*appsv1.GnuPGPublicKey, error)
func ImportPGPKeysFromString(keyData string) ([]*appsv1.GnuPGPublicKey, error)
func InitializeGnuPG() error
func IsGPGEnabled() bool
func IsLongKeyID(k string) bool
func IsSecretKey(keyID string) (bool, error)
func IsShortKeyID(k string) bool
func KeyID(k string) string
func SetPGPTrustLevel(pgpKeys []*appsv1.GnuPGPublicKey, trustLevel string) error
func SetPGPTrustLevelById(kids []string, trustLevel string) error
func SyncKeyRingFromDirectory(basePath string) ([]string, []string, error)
func ValidatePGPKeys(keyFile string) (map[string]*appsv1.GnuPGPublicKey, error)
func ValidatePGPKeysFromString(keyData string) (map[string]*appsv1.GnuPGPublicKey, error)
type PGPKeyID
type PGPVerifyResult
- func ParseGitCommitVerification(signature string) PGPVerifyResult

Constants ¶

View Source

const (
	VerifyResultGood    = "Good"
	VerifyResultBad     = "Bad"
	VerifyResultInvalid = "Invalid"
	VerifyResultUnknown = "Unknown"
)

Signature verification results

View Source

const (
	TrustUnknown  = "unknown"
	TrustNone     = "never"
	TrustMarginal = "marginal"
	TrustFull     = "full"
	TrustUltimate = "ultimate"
)

Key trust values

View Source

const MaxVerificationLinesToParse = 40

Maximum number of lines to parse for a gpg verify-commit output

Variables ¶

This section is empty.

Functions ¶

func DeletePGPKey ¶

func DeletePGPKey(keyID string) error

DeletePGPKey deletes a key from our GnuPG key ring

func GetInstalledPGPKeys ¶

func GetInstalledPGPKeys(kids []string) ([]*appsv1.GnuPGPublicKey, error)

GetInstalledPGPKeys() runs gpg to retrieve public keys from our keyring. If kids is non-empty, limit result to those key IDs

func ImportPGPKeys ¶

func ImportPGPKeys(keyFile string) ([]*appsv1.GnuPGPublicKey, error)

ImportPGPKeys imports one or more keys from a file into the local keyring and optionally signs them with the transient private key for leveraging the trust DB.

func ImportPGPKeysFromString ¶

func ImportPGPKeysFromString(keyData string) ([]*appsv1.GnuPGPublicKey, error)

func InitializeGnuPG ¶

func InitializeGnuPG() error

InitializeGnuPG will initialize a GnuPG working directory and also create a transient private key so that the trust DB will work correctly.

func IsGPGEnabled ¶

func IsGPGEnabled() bool

IsGPGEnabled returns true if GPG feature is enabled

func IsLongKeyID ¶

func IsLongKeyID(k string) bool

IsLongKeyID returns true if the string represents a long key ID (aka fingerprint)

func IsSecretKey ¶

func IsSecretKey(keyID string) (bool, error)

IsSecretKey returns true if the keyID also has a private key in the keyring

func IsShortKeyID ¶

func IsShortKeyID(k string) bool

IsShortKeyID returns true if the string represents a short key ID

func KeyID ¶

func KeyID(k string) string

KeyID get the actual correct (short) key ID from either a fingerprint or the key ID. Returns the empty string if k seems not to be a PGP key ID.

func SetPGPTrustLevel ¶

func SetPGPTrustLevel(pgpKeys []*appsv1.GnuPGPublicKey, trustLevel string) error

SetPGPTrustLevel sets the given trust level on specified keys

func SetPGPTrustLevelById ¶

func SetPGPTrustLevelById(kids []string, trustLevel string) error

SetPGPTrustLevelById sets the given trust level on keys with specified key IDs

func SyncKeyRingFromDirectory ¶

func SyncKeyRingFromDirectory(basePath string) ([]string, []string, error)

SyncKeyRingFromDirectory will sync the GPG keyring with files in a directory. This is a one-way sync, with the configuration being the leading information. Files must have a file name matching their Key ID. Keys that are found in the directory but are not in the keyring will be installed to the keyring, files that exist in the keyring but do not exist in the directory will be deleted.

func ValidatePGPKeys ¶

func ValidatePGPKeys(keyFile string) (map[string]*appsv1.GnuPGPublicKey, error)

ValidatePGPKeys validates whether the keys in keyFile are valid PGP keys and can be imported It does so by importing them into a temporary keyring. The returned keys are complete, that is, they contain all relevant information

func ValidatePGPKeysFromString ¶

func ValidatePGPKeysFromString(keyData string) (map[string]*appsv1.GnuPGPublicKey, error)

Types ¶

type PGPKeyID ¶

type PGPKeyID string

type PGPVerifyResult ¶

type PGPVerifyResult struct {
	// Date the signature was made
	Date string
	// KeyID the signature was made with
	KeyID string
	// Identity
	Identity string
	// Trust level of the key
	Trust string
	// Cipher of the key the signature was made with
	Cipher string
	// Result of verification - "unknown", "good" or "bad"
	Result string
	// Additional informational message
	Message string
}

Result of a git commit verification

func ParseGitCommitVerification ¶

func ParseGitCommitVerification(signature string) PGPVerifyResult

ParseGitCommitVerification parses the output of "git verify-commit" and returns the result

Source Files ¶

View all Source files

gpg.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL