Gopass: Remove external dependencies - gpg
It would be nice if we could get rid of our external dependencies some day.
This would allow for a nicer workflow, better error and cross platform support.
This issue is meant to track any progress / discussions on that matter for gpg.
dominikschulz
All 5 comments
- https://godoc.org/golang.org/x/crypto/openpgp - The "official" PGP package by the Go authors, seems to be a little neglected and has some outstanding bugs, e.g. Secret Keyring parsing is flaky at best
- https://github.com/golang/go/issues/9312 - Problemes reading certain secret keys from the keyring
- https://github.com/mozilla/sops/blob/master/pgp/keysource.go - Working (?) implementation using it, including example of agent interaction
dominikschulz
on 20 Jun 2017
I did exactly this in my own password management lib but now I am in dead end since golang openpgp does not support modern version of gnupg version above 2.1.
yml
on 26 Jun 2017
For Gitea we use https://github.com/keybase/go-crypto/tree/master/openpgp as a drop-in replacement for x/crypto/openpgp since we wanted support for new and shiny keys 馃檪
bkcsoft
on 12 Jul 2017
@bkcsoft do you have an example on how to make it work with gpg agent ?
Since no one has responded to my ticket : https://github.com/keybase/go-crypto/issues/56
I am not yet sure how to implement this.
yml
on 12 Jul 2017
It would still be an external dependency, but it's much more of a lightweight dependency:
https://github.com/tarsnap/scrypt
jungle-boogie
on 7 Nov 2017
Related issues
aperum
路
4Comments
blaggacao
路
5Comments
nilskuhn
路
6Comments
sevenmaxis
路
4Comments
stevesbrain
路
6Comments
Most helpful comment
For Gitea we use https://github.com/keybase/go-crypto/tree/master/openpgp as a drop-in replacement for
x/crypto/openpgpsince we wanted support for new and shiny keys 馃檪