emersion / go-pgpmail Goto Github PK

View Code? Open in Web Editor NEW

57.0 5.0 15.0 164 KB

:lock: PGP-encrypted email library for Go

License: MIT License

Go 100.00%

pgp email encrypted-messages pgp-mime openpgp

go-pgpmail's Introduction

go-pgpmail

A mail library that encrypts messages with PGP.

License

MIT

go-pgpmail's People

Contributors

Stargazers

Watchers

Forkers

faide goglue backwardn st-fresh brunnre8 chamatht threefx suryatmodulus bsmr gosgos11 mdosch rockorager izouxv nicejh iq-scm

go-pgpmail's Issues

RFC 1847 Encapsulation support

https://tools.ietf.org/html/rfc3156#section-6.1

Add support for inline PGP emails

Only for reading them.

example of PGP signature verification?

I want to use your library of a PGP signature, but I don't quite understand how to use it in conjunction with go-message. Can you add an example to the repository?

Figure out how to support PGP/MIME

Provide example usage of signing email

@jbjjbjjbj and I tried the snippet below and Evolution said the resulting signature was BAD (i.e. the signature did not match the message.

var h textproto.Header
h.Add("From", n.sender)
h.Add("To", recipient)
h.Add("Subject", subject)
var hEmpty textproto.Header
wcSigned, err := pgpmail.Sign(wc, h, hEmpty, n.secretSigningKey, nil)
if err != nil {
  return err
}
_, err = fmt.Fprintf(wcSigned, body)
if err != nil {
  return err
}

err = wcSigned.Close()
if err != nil {
  return err
}

Resulting email is attached (renamed from .eml to .txt), please let me know if you need more information, thank you :)

badsig.txt

Fix openpgp.MessageDetails footguns

Either populate SignatureError with an error before verification is complete, or switch to our own type.

writer creates multipart MIME messages without the MIME-Version header

MIME messages must specify the MIME-Version header at the top level of the message to be compliant with the rfc. However, the writer sets only the multipart MIME types, not the MIME-Version.

Users could set the MIME-Version in the header that is passed to pgpmail. But most are not aware of this. It would be helpful if pgpmail would set the MIME-Version directly.

Would it make sense to set the MIME-Version in the writer?

Sign makes it complicated to plug go-message writer

Sign takes headers and writes them to the output. It expects the caller to write the message body to the returned io.WriteCloser, but not the header. This doesn't play well with go-message.

Doesn't support newer protonmail/go-crypto

I want to update github.com/ProtonMail/go-crypto to version v0.0.0-20220407094043-a94812496cf5 in Debian but unfortunately this breaks go-pgpmail.

go test
go: downloading github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594
--- FAIL: TestEncrypt (0.00s)
    writer_test.go:46: Encrypt() = 
        Content-Type: multipart/encrypted; boundary=foo;
         protocol="application/pgp-encrypted"
        To: John Doe <[email protected]>
        From: John Doe <[email protected]>
        
        --foo
        Content-Type: application/pgp-encrypted
        
        Version: 1
        
        --foo
        Content-Type: application/octet-stream
        
        -----BEGIN PGP MESSAGE-----
        
        wcBMAxF0jxulHQ8+AQf+MKEqgZA3ZR6K79wGFa67rAxC9NudHUXFaXKAxOZqKmt9
        dSH+jIbVrnM/5+/noaHY+3/YbPcow/E0XIfb/G0TDfLI1y5NyLRN5u8ms293ONqL
        xbEBp1f/mert3UTvi3ewCd4V/bP7+s2XcwgpRFZE6wYV+iFHS1IgMdqNHR2lNhNW
        wszcVy6rRCdhiYsgz56YASPfJmGroPARzh1LIPoTKwXisLnAaM0JUb6f2E2/K2Jp
        Z6OMrPfiGPl/XGhr80B9UaQjSkMZx8cH3L7Av3Q+q7llRmBK2Y5Skgl96RDDX0Pr
        x/6tBxa96LXINovCGS/BZ1jbv9xL175G7x4iXH9VYNLA7wFm6UvU74osO4hM+lnK
        NCsu95V5R1HjltYjoQY7HR4k2KplLD7fqWrm/dj8IrwqSrSa6ZgHZCEpROx/goiQ
        oqyhtF3XXohwM0C6Mr+ojdmXbBNdOmv3sm+isdFGCIGgiYhcAyBRDMehx3sBLWLY
        8oeqR759MhzKztHC0sZaU8OMeAWpD7XVrVHX1JKxfVxHG8FEE2uKXI2YP5TJNv0N
        YZc/QtfY/+X4U70zER1DwZM8ZVIgJrFrhLhFjqYwE3CfKw14GqZxTxxL1VwI3VSJ
        /zTsUgrfGoG7JLb3z5sgobN2sNSCWuJMMLZq59vLbOph1/DwHe/E1IzlEb5fmKy8
        xqEZwkoLpGhfFKi5Db3l28sxeGqVWTz1INeX8A6yfGgLwXlp3+G/3XgdbU69frH2
        TjoTdGoJqOq4o6UMsFYuxXuFe6Z/ncXLHgsDiosBGPEsEbby2SEB3aJyCl5o/Z47
        eKc13ezboR8W88a2movSZhFVlGDDyvdgxL9rJPS4K5/sLjmFG9o3xgft9im1QAss
        c7eWsEhiiJjje6IIPFa+rYaiNUsy7n2syyFMCocLjAbq
        =eow+
        -----END PGP MESSAGE-----
        --foo--
        
         but want 
        Content-Type: multipart/encrypted; boundary=foo;
         protocol="application/pgp-encrypted"
        To: John Doe <[email protected]>
        From: John Doe <[email protected]>
        
        --foo
        Content-Type: application/pgp-encrypted
        
        Version: 1
        
        --foo
        Content-Type: application/octet-stream
        
        -----BEGIN PGP MESSAGE-----
        
        wcBMAxF0jxulHQ8+AQf+MKEqgZA3ZR6K79wGFa67rAxC9NudHUXFaXKAxOZqKmt9
        dSH+jIbVrnM/5+/noaHY+3/YbPcow/E0XIfb/G0TDfLI1y5NyLRN5u8ms293ONqL
        xbEBp1f/mert3UTvi3ewCd4V/bP7+s2XcwgpRFZE6wYV+iFHS1IgMdqNHR2lNhNW
        wszcVy6rRCdhiYsgz56YASPfJmGroPARzh1LIPoTKwXisLnAaM0JUb6f2E2/K2Jp
        Z6OMrPfiGPl/XGhr80B9UaQjSkMZx8cH3L7Av3Q+q7llRmBK2Y5Skgl96RDDX0Pr
        x/6tBxa96LXINovCGS/BZ1jbv9xL175G7x4iXH9VYNLA7wFm6UvU74osO4hM+lnK
        NCsu95V5R1HjltYjoQY7HR4k2KplLD7fqWrm/dj8IrwqSrSa6ZgHZCEpROx/goiQ
        oqyhtF3XXohwM0C6Mr+ojdmXbBNdOmv3sm+isdFGCIGgiYhcAyBRDMehx3sBLWLY
        8oeqR759MhzKztHC0sZa08OMeIpCEINy4eDEAQdbWDg1l+J9W9Bqd5vqx9FI82np
        FMueiumFwi+zjV17M/taOLeLGVJudwsH9eWcX2NdyHvTfNWRfx20Z50GB0nwkb9n
        4vTfow0vXbcT+1ajnOyrOljwBGfgvcpBG1/9WEQxMoA5tvH3i7y9T4SxpJ2+DjqG
        dxGdo+sj0PiQObhCj3sHVIoRHYSCLWid78VY8GUZrBdBA6NAlxj6Pk36Lkp66/55
        JaJo2G7ZVnezLkPlr9gFbdc4kkel5ABAD8/1zLIG4LcrCHBBgH5lIP7uv+dAwtsE
        jQfrJzA1FD4ZRprc7qhbcIq6NRBIj8amu/KHvBBi+zNOUW4QtrC23LHOGYldrcu1
        o3q42OYigPcRIYlmmqkyBmj16Kj5jPnjDry9iv68Z6ot
        =TtuG
        -----END PGP MESSAGE-----
        --foo--
--- FAIL: TestSign (0.00s)
    writer_test.go:78: Encrypt() = 
        Content-Type: multipart/signed; boundary=foo; micalg=pgp-sha256;
         protocol="application/pgp-signature"
        To: John Doe <[email protected]>
        From: John Doe <[email protected]>
        
        --foo
        Content-Type: text/plain
        
        This is a signed message!
        --foo
        Content-Type: application/pgp-signature
        
        -----BEGIN PGP MESSAGE-----
        
        wsBzBAEBCAAnBQJeTcwACZAwchXBPfepZBYhBLGoZpNUFTt5nyIXvzByFcE996lk
        AAA7mAgAmxg6jbnvME1ndnuI/O6ZF/tzz8iJDPnwMAyCvfyr8+oMwHMcjAIUOoID
        KcS8Q3+qcH7g7S9k2KJkXBC1mUUC0EpWO77UeC8JhAsMpnw021v0OnNJsY6YLBf3
        HwZzx9Zd960/AMuwtJGApwoKGraYXN8eRjg/8/qoR8qV3k0mSXy3NTg6+tO9UIZb
        iOk52p5B9uHbbrA9TAeKw6rWoyt9xn0TfY5xtk3m/jiMv/gbkDPWBqiL5I51bigY
        36kH4II2f3V4ddETwScIVEGNqG7NcV5za38DZwZIPyvcmZ0H3i2tw5ybvRUu2X5T
        zOT+98ChRnkuEUAH/Stiw2QSbLCMQg==
        =QtD4
        -----END PGP MESSAGE-----
        --foo--
        
         but want 
        Content-Type: multipart/signed; boundary=foo; micalg=pgp-sha256;
         protocol="application/pgp-signature"
        To: John Doe <[email protected]>
        From: John Doe <[email protected]>
        
        --foo
        Content-Type: text/plain
        
        This is a signed message!
        --foo
        Content-Type: application/pgp-signature
        
        -----BEGIN PGP MESSAGE-----
        
        wsBzBAEBCAAnBQJeTcwACZAwchXBPfepZBahBLGoZpNUFTt5nyIXvzByFcE996lk
        AACmXQgAiu/yJb2o3AX/GYt/GUSEWkYb1GI41ogLpoicrX6UPoUhuIwzNQHvSG62
        DDsMrNBKUZfymp6iYFRBEs9Au0o8WwqMFGWWgaDxvI2144gSDN4CDKtyCVRGNcIf
        PeL+vfpZIEV1JzzRKLl3nGlFbnSTfpxUg3EYNy51RHNmbvJGRzi43CTYJUp7Lh+/
        ibogULsL0ZH3M6QtGhUNcujjqUmVAvAqVxwf7BjBta/G2hOPPCQeVjFsOgcWuIQr
        GudsXpoK1FQ+NUrGcXJGgV+bq6r9IGEUafjGJ3087q9hz5drBoUgqlyl62wn7krB
        Ql3Afgbl74/eTZO7Mr5cx3us80F3AQ==
        =6GTz
        -----END PGP MESSAGE-----
        --foo--
FAIL
exit status 1
FAIL	github.com/emersion/go-pgpmail	0.011s

TestEncrypt nondeterministically fails

Sometimes the test TestEncrypt fails with the following message:

=== RUN   TestEncrypt
--- FAIL: TestEncrypt (0.00s)
    writer_test.go:82: Encrypt() =
        Content-Type: multipart/encrypted; boundary=foo;
         protocol="application/pgp-encrypted"
        To: John Doe <[email protected]>
        From: John Doe <[email protected]>

        --foo
        Content-Type: application/pgp-encrypted

        Version: 1

        --foo
        Content-Type: application/octet-stream

        -----BEGIN PGP MESSAGE-----

        wcBMAxF0jxulHQ8+AQgAl/xRyFjnmqOu46Hztqh5nIqAkZsDQ7UJJFEgeDW6YVB+
        /tYHeDLiO3yDDx5yTZwB2OUKtE2HJGLUa2zWt24taOVKF11crS+c0n+Avf8ZkFLG
        d2bMCVy1uGjjHrw8n09Xpoakg/yUN7QWmu/ck7Ai9rf1EM9ojVrnd8NO6mE7Nh4B
        wd1KJK850HXSFNYNaZ1XBjRYKfWFLRpfUfS5j3GtsM0P+FUC9qSCWepvuOHYMyUi
        lVEE9iCTylm/lnzG0F8LfMQ7BRp2RP2GztAbMnQMJgOKsTGo9OP+GUPfWC1YFFoc
        tIR7NuaAT+eoh9sx1EHWLjU6GtuxKjWlP0jdHoVFI9LgAeQN8+/e7kNNaZmve2uv
        5O5y4WSm4a9F4+vHuk9Zfl5M4spm+qDgBuAi4ALhUwngUOIE6Urt4MDkB32+GwYp
        1crJC8BYkehfvOA644vPFVo92sAP4F7hUXXgk+FexeCS5KggUWxBg1K1VPJYl/u1
        j2TgbeNIAeLWvG3cR+Am4i9CStvgc+Dr4BjhQCXgDeS4PKrqIfGSIKTj8pBBGP5g
        4ki0oS7hBjnhWbrhbS3hCYDouYmeskxgU/3mKsXfmCnL/XoR54VBeciQNdg6vzhX
        dpO+wA+4qBQUTrLHqOcIZ6wJgNVLDbd2Ekupw+BZmgQgpZ+6sDRtI1UP1NYdmhku
        EvydfGLcXBluEAzxTHMZpqrjlhemlG8hvj1tKoazzyHUhWQZq+/qAcwh4pQKjAvY
        RL625tZvr65wuXJMOwhjWZW06pZGulyQH9lpoBcvxTZ5Oli+/eP1nW7ojF+c3NMy
        nH9vCSIhBxkQhKlz/eKnFQQGT3gdc2GHv0JmqH1pIPtZIOBRt7ADT9kVsItF3+h2
        1S4LEyaiarJdZUSqn2mDPr83cO1oUj87L3JWHeqsACmJ8eSZulsKGtDe7VGYNVit
        HIlG4pb5cFXhDj0A
        =jQ8O
        -----END PGP MESSAGE-----
        --foo--

         but want
        Content-Type: multipart/encrypted; boundary=foo;
         protocol="application/pgp-encrypted"
        To: John Doe <[email protected]>
        From: John Doe <[email protected]>

        --foo
        Content-Type: application/pgp-encrypted

        Version: 1

        --foo
        Content-Type: application/octet-stream

        -----BEGIN PGP MESSAGE-----

        wcBMAxF0jxulHQ8+AQgAWezllQtm+CSyURcujyHC3bX7PkkhjSj0OHIleBgaeokO
        Fvl6FrOt/tWWll6hmeIRqG0w+9RHqELc6uIxRX4Z0kEE8mBVQm14XbD1pF89UcUm
        Dr+7aFN41qxITyfgpueVKK8NUdRqwEo+hCZuglWJvrP8886URjTGwZXZK8igAWPK
        nmh9Y9fh2gQu1uh8KS+xa1WmsP5k5rnVgxCalY8GKdQgxb+M4M53g/MsTZiax4zB
        LNXAtucrImDrgX3tbIg3DJMlJ6/OQOzxrTIz+kAsPYGYRAQmYn8Vl+7+MlwCAFGa
        2oL+hE3UvLzIcBKgLSrMPrHrW9AFqSCrZq3DS8n00tLgAeSLN8xZwb2Sx0IfQTK8
        Ov5C4crK4VN24+xe7AmNjvVn4gBISH3g4+AQ4MDhTNvgZ+IcsPyF4DLk5hS8mQLm
        aE9LD8sQmC6kxuBY42mTL8KEwV3o4MbhZtfgcOGDk+DB5HAWJTIXDlJQDPtMex5M
        RgPgjuOZnM9BWf8L2uCo4kD12hDgR+DU4IDhgMvg2uQGpFM3OxTxRhoYkASx2RIt
        4mHv4N/hnuPh9EPhnSjhb4joHJW0sFglMOqObXajFbKTrwUafDRbjaEQrCSX1d3l
        Gm6Z7B52z/3EAVeQhAnkPDy6AeDk6y7+1S5PK6BCe1xrmVGvnXew0oAOLbiVGpWK
        KzUMM1d2bOkdqECHEBKud1j1/dpn4fEz6WfM2w9lPl0hqgs/eMe0gtDA8rzAac+u
        uBGs+2cD3PE9eCHwuP6uUkh4ghNXvHrqZXlPPfkUXgpax3l9LwQUJvExcfHzoj14
        AGZcCp4vLtfeEptARBIotvcLMAxUhE7B8k5kW731EPex7vglmvqZeQVOTduxtY8w
        HOeQ5sDIkcuxainHiFQXGJgt6UXADLSWo/8qNX9QwNN9TuRo013UV/MVJlJdfm29
        ZULA4lZzQyjhfWYA
        =fWkt
        -----END PGP MESSAGE-----
        --foo--

The failure occurs nondeterministically, but is deterministic in nature (it is always the same wrong encryption).

affected go versions

Both go 1.13 and go 1.14 exhibit this behaviour - I have not tested other versions.