This is an experimental repository of a client to the GPG agent. It was built out of a desire to have a somewhat friendly interface to GPG keys stored on a smart card by way of GPG.
At this point, the interface might be subject to change.
There are a couple things off about this Go package, namely:
- You can use PKCS1v15 and PSS for signing when your private keys are stored on disk, but when it's stored on a smart card you can only use PKCS1v15. The reason for this is that we can leverage the
PKDECRYPTfunctionality for both decryption and signing when the keys are stored on disk, but most smart cards won't allow a decrypt operation on a signing key. Therefore, this package needs to leverage thePKSIGNgpg-agent command, which only returns a signature in the PKCS1v15 format. - There is no way to know what type of key the GPG agent returns (signing, encryption or authentication), so in the case of subkeys the user has to make this distinction manually.
- It borrows code from
crypto/rsa, because the interface of thersapackage expects a private key to be provided, which is not possible when the private key is stored on a smart card. Therefore, the relevant code fromcrypto/rsawas copied to an internal package in this repository where thePrivateKey{}was changed to add aDecryptFuncfield that gets called instead of the unexporteddecrypt()function in the rsa package itself.
- There are possibly some unnecessary type conversions happening because
bufio.ReadString()is used as opposed tobufio.ReadBytes().
This software is distributed under the BSD-style license found in the LICENSE file.