This is an experimental repository of a client to the GPG agent. It was built out of a desire to have a somewhat friendly interface to GPG keys stored on a smart card by way of GPG.
At this point, the interface might be subject to change.
There are a couple things off about this Go package, namely:
- You can use PKCS1v15 and PSS for signing when your private keys are stored on disk, but when it's stored on a smart card you can only use PKCS1v15. The reason for this is, is that we can leverage the
PKDECRYPT
functionality for both decryption and signing when the keys are stored on disk, but most smart cards won't allow a decrypt operation on a signing key. Therefore, this package needs to leverage thePKSIGN
gpg-agent command, which only output PKCS1v15. - There is no way to know what type of key the GPG agent returns (signing, encryption or authentication), so in the case of subkeys the user has to make this distinction manually.
- It borrows code from
crypto/rsa
, because the interface of thersa
package expects a private key to be provided, which is not possible when the private key is stored on a smart card. Therefore, the relevant code fromcrypto/rsa
was copied to an internal package in this repository where thePrivateKey{}
was changed to add aDecryptFunc
field that gets called instead of the unexporteddecrypt()
function in the rsa package.
- There are possibly some unnecessary type conversions happening because
bufio.ReadString()
is used as opposed tobufio.ReadBytes()
.
This software is distributed under the BSD-style license found in the LICENSE file.