x/crypto/openpgp: Support signing of pre-computed hashes

[jvehent]

This is a perhaps unusual feature request: the autograph service provides an API that clients can use to request signatures. Most of the time, clients call /sign/data with a raw message to sign, and that works fine with openpgp. But in some cases, we want to just accept a pre-computed hash to reduce the bandwidth usage between a client and the autograph service.

Trying to implement this with the openpgp package seems rather challenging. From what I can tell, the packet#Signature.Sign() function takes an initialized hash, appends a suffix and finishes the computation of the digest, then signs. There's no obvious way to provide the function with a hash that's already computed. I'm also failing to think of a way to hack around this without touching the openpgp/packet package directly.

Would it be possible to implement a SignHash function in the packet package that takes a pre-computed hash? It might also be useful to export buildHashSuffix for client to assemble the hash themselves.

[FiloSottile]

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email security@golang.org and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.