forgejo/models/asymkey
Gusted 45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00
..
error.go
gpg_key.go [CHORE] Use github.com/ProtonMail/go-crypto 2024-07-15 17:27:37 +02:00
gpg_key_add.go [CHORE] Use github.com/ProtonMail/go-crypto 2024-07-15 17:27:37 +02:00
gpg_key_commit_verification.go
gpg_key_common.go [CHORE] Use github.com/ProtonMail/go-crypto 2024-07-15 17:27:37 +02:00
gpg_key_import.go
gpg_key_list.go
gpg_key_object_verification.go [CHORE] Use github.com/ProtonMail/go-crypto 2024-07-15 17:27:37 +02:00
gpg_key_tag_verification.go
gpg_key_test.go [CHORE] Use github.com/ProtonMail/go-crypto 2024-07-15 17:27:37 +02:00
gpg_key_verify.go
main_test.go
ssh_key.go
ssh_key_authorized_keys.go
ssh_key_authorized_principals.go
ssh_key_deploy.go
ssh_key_fingerprint.go
ssh_key_object_verification.go
ssh_key_object_verification_test.go
ssh_key_parse.go
ssh_key_principals.go
ssh_key_test.go
ssh_key_verify.go