x/crypto/openpgp: unsupported feature: nested signatures

[cmuCoppelia]

What version of Go are you using (go version)?

$ go version
1.12.7

Does this issue reproduce with the latest release?

Y

What operating system and processor architecture are you using (go env)?

go env mac OS

$ go env

What did you do?

0

I'm trying decrypting a encrypted file in Go using openpgp. This file can be decrypted by

gpg --decrypt -o

However, when I try to decrypt it in Go, it says that

unsupported feature: nested signatures

This file is not generated in my computer.

I'm using newest openpgp package. The public key and private key file are correct for sure because I have tested encrypting and decrypting.

The error happenes at:
md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), entityList, nil, nil)

What did you expect to see?

Decrypted file

What did you see instead?

unsupported feature: nested signatures

[agnivade]

@FiloSottile

[cmuCoppelia]

Anyone knows it?

[FiloSottile]

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email security@golang.org and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.