x/crypto/openpgp: Support non detached sign #20545
Description
Hi, I'm looking for an alternative to gpg -s, but it seems no api can be used directly.
I've implemented a Sign function for this, but it requires some private structures from the openpgp package which I don't want to copy outside. It would be nice if this can be provided by the library.
// Sign acts like gpg -s: it makes a signature with the private key (which must
// already have been decrypted) from signer and writes the signature with the
// original data to w.
// The resulting WriteCloser must be closed after the contents of the file have
// been written.
// If config is nil, sensible defaults will be used.
func Sign(w io.Writer, signer *openpgp.Entity, hints *openpgp.FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
if signer.PrivateKey == nil {
return nil, errors.InvalidArgumentError("signing key doesn't have a private key")
}
if signer.PrivateKey.Encrypted {
return nil, errors.InvalidArgumentError("signing key is encrypted")
}
hashType := config.Hash()
ops := &packet.OnePassSignature{
SigType: packet.SigTypeBinary,
Hash: hashType,
PubKeyAlgo: signer.PrivateKey.PubKeyAlgo,
KeyId: signer.PrivateKey.KeyId,
IsLast: true,
}
if err := ops.Serialize(w); err != nil {
return nil, err
}
if hints == nil {
hints = &openpgp.FileHints{}
}
var epochSeconds uint32
if !hints.ModTime.IsZero() {
epochSeconds = uint32(hints.ModTime.Unix())
}
encryptedData := noOpCloser{w: w}
literalData, err := packet.SerializeLiteral(encryptedData, hints.IsBinary, hints.FileName, epochSeconds)
if err != nil {
return nil, err
}
return signatureWriter{encryptedData, literalData, hashType, hashType.New(), signer.PrivateKey, config}, nil
}The signatureWriter and noOpCloser is private in the openpgp package.