# README

keyctl/pgp

A "helper" package for use with the golang.org/x/crypto/openpgp package which can transparently cache private key passphrases using the linux kernel's secure keyring system. Such cached passphrases can automatically expire after a configurable duration.

Usage

To use, simply import the parent pkg keyctl, open the user session keyring, embed it in a static pgp.PassphraseKeyring struct and call ReadMessage on this struct instead of using goglang.org/x/crypto/openpgp.ReadMessage. To customize the passphrase prompt, either assign your own pgp.Prompter compatible interface to PassphraseKeyring or pass in an openpgp.PromptFunction in the ReadMessage() method call.

For convenience, an openpgp.PromptFunction compatible func named PassphrasePrompt is exposed in the package.

Example

package main

import (
  "io"
  "log"
  "golang.org/x/crypto/openpgp"
  "github.com/cobraqxx/keyctl"
  "github.com/cobraqxx/keyctl/pgp"
)

func decryptReader(r io.Reader, pgpKeyring openpgp.KeyRing) {
  kr, err := keyctl.UserSessionKeyring()
  if err != nil {
    log.Fatal(err)
  }
  
  pkr := pgp.PassphraseKeyring{Keyring:kr}
  // Discard passphrases after 10 minutes
  pkr.SetDefaultTimeout(600)

  msgDetails, err := pkr.ReadMessage(r, pgpKeyring, pgp.PassphrasePrompt, nil)
  if err != nil {
    log.Fatal(err)
  }
  log.Printf("%#v\n", msgDetails)
}

# Functions

NewPrompter

Create a new Prompter from an openpgp prompting function.

PassphrasePrompt

No description provided by the author

# Structs

PassphraseKeyring

A wrapper keyring that can automatically decrypt openpgp secret keys if the passphrase was previously used by the keyring (and the ttl has not expired) Such caching lives beyond the lifetime of the current process unless the process or thread keyring is used.

# Interfaces

Prompter

A standard passphrase prompting interface.