I have an app that uses gpg secret keys and prompts for a password to read it. Here's the way I do that (based on an example I found elsewhere:
func Decrypt(publicKeyring string, secretKeyring string, key string, password string) (string, error) {
var entity *openpgp.Entity
var entityList openpgp.EntityList
keyringFileBuffer, err := os.Open(secretKeyring)
if err != nil {
return "", err
}
defer keyringFileBuffer.Close()
entityList, err = openpgp.ReadKeyRing(keyringFileBuffer)
if err != nil {
return "", err
}
entity = entityList[0]
passphraseByte := []byte(password)
entity.PrivateKey.Decrypt(passphraseByte)
for _, subkey := range entity.Subkeys {
subkey.PrivateKey.Decrypt(passphraseByte)
}
dec, err := base64.StdEncoding.DecodeString(key)
if err != nil {
return "", err
}
// Decrypt it with the contents of the private key
md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), entityList, nil, nil)
if err != nil {
return "", err
}
bytes, err := ioutil.ReadAll(md.UnverifiedBody)
if err != nil {
return "", err
}
decStr := string(bytes)
return decStr, nil
}
The assumption made here is that the user has a KeyRin which is passed, and the default value for this is the secring, like so:
viper.SetDefault("gpgsecretkeyring", home+"/.gnupg/secring.gpg")
However,
I was getting reports that some users on macs were struggling to get the app working, and the reason was they didn't know how to define the secring.
It seems newer versions of GnuPG have deprecated the secring.
https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring
I have no idea how to read the secret key using golang.org/x/crypto/openpgp
at this point. Are there any examples of the best way to do this?
I got sick of dealing with this, so I've decided it's easier to just shell out to
gpg -dq
from theos.Exec
. Sample: