Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
golang gpg/openpgp encryption/decryption example
package main
import (
"bytes"
"code.google.com/p/go.crypto/openpgp"
"encoding/base64"
"io/ioutil"
"log"
"os"
)
// create gpg keys with
// $ gpg --gen-key
// ensure you correct paths and passphrase
const mySecretString = "this is so very secret!"
const prefix, passphrase = "/Users/stuart-warren/", "1234"
const secretKeyring = prefix + ".gnupg/secring.gpg"
const publicKeyring = prefix + ".gnupg/pubring.gpg"
func encTest(secretString string) (string, error) {
log.Println("Secret to hide:", secretString)
log.Println("Public Keyring:", publicKeyring)
// Read in public key
keyringFileBuffer, _ := os.Open(publicKeyring)
defer keyringFileBuffer.Close()
entityList, err := openpgp.ReadKeyRing(keyringFileBuffer)
if err != nil {
return "", err
}
// encrypt string
buf := new(bytes.Buffer)
w, err := openpgp.Encrypt(buf, entityList, nil, nil, nil)
if err != nil {
return "", err
}
_, err = w.Write([]byte(mySecretString))
if err != nil {
return "", err
}
err = w.Close()
if err != nil {
return "", err
}
// Encode to base64
bytes, err := ioutil.ReadAll(buf)
if err != nil {
return "", err
}
encStr := base64.StdEncoding.EncodeToString(bytes)
// Output encrypted/encoded string
log.Println("Encrypted Secret:", encStr)
return encStr, nil
}
func decTest(encString string) (string, error) {
log.Println("Secret Keyring:", secretKeyring)
log.Println("Passphrase:", passphrase)
// init some vars
var entity *openpgp.Entity
var entityList openpgp.EntityList
// Open the private key file
keyringFileBuffer, err := os.Open(secretKeyring)
if err != nil {
return "", err
}
defer keyringFileBuffer.Close()
entityList, err = openpgp.ReadKeyRing(keyringFileBuffer)
if err != nil {
return "", err
}
entity = entityList[0]
// Get the passphrase and read the private key.
// Have not touched the encrypted string yet
passphraseByte := []byte(passphrase)
log.Println("Decrypting private key using passphrase")
entity.PrivateKey.Decrypt(passphraseByte)
for _, subkey := range entity.Subkeys {
subkey.PrivateKey.Decrypt(passphraseByte)
}
log.Println("Finished decrypting private key using passphrase")
// Decode the base64 string
dec, err := base64.StdEncoding.DecodeString(encString)
if err != nil {
return "", err
}
// Decrypt it with the contents of the private key
md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), entityList, nil, nil)
if err != nil {
return "", err
}
bytes, err := ioutil.ReadAll(md.UnverifiedBody)
if err != nil {
return "", err
}
decStr := string(bytes)
return decStr, nil
}
func main() {
encStr, err := encTest(mySecretString)
if err != nil {
log.Fatal(err)
}
decStr, err := decTest(encStr)
if err != nil {
log.Fatal(err)
}
// should be done
log.Println("Decrypted Secret:", decStr)
}
@AmirSoleimani

This comment has been minimized.

Copy link

AmirSoleimani commented Jul 12, 2018

"code.google.com/p/go.crypto/openpgp"
changed to
"golang.org/x/crypto/openpgp"

@antonputra

This comment has been minimized.

Copy link

antonputra commented Jul 25, 2018

Keys should be in binary NOT in base64, otherwise you'll get tag byte does not have MSB set error.

@llakes

This comment has been minimized.

Copy link

llakes commented Oct 4, 2018

use openpgp.ReadArmoredKeyRing instead of openpgp.ReadKeyRing if you exported your gpg keys with --armor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.