Verify gpg signature in Go openpgp

2018-06-10 09:41:18

I'm playing with writing a Go program that downloads and verifies files. I am hoping to avoid forcing the user to install gnupg (if possible).

Is it possible to verify a downloaded file with a gpg signature (asc file) as described here or here using Go's openpgp lib or some other Go library?

Any examples demonstrating how to use openpgp to verify a file with an asc signature would be appreciated.

I was able to verify a gpg signature using the following code:

package main

import (
        "fmt"
        "golang.org/x/crypto/openpgp"
        "os"
)

func main() {
        keyRingReader, err := os.Open("signer-pubkey.asc")
        if err != nil {
                fmt.Println(err)
                return
        }

        signature, err := os.Open("signature.asc")
        if err != nil {
                fmt.Println(err)
                return
        }

        verification_target, err := os.Open("mysql-5.7.9-win32.zip")
        if err != nil {
                fmt.Println(err)
                return
        }

        keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
        if err != nil {
                fmt.Println("Read Armored Key Ring: " + err.Error())
                return
        }
        entity, err := openpgp.CheckArmoredDetachedSignature(keyring, verification_target, signature)
        if err != nil {
                fmt.Println("Check Detached Signature: " + err.Error())
                return
        }

        fmt.Println(entity)
}

Full code: https://gist.github.com/lsowen/d420a64821414cd2adfb

链接地址: http://www.djcxy.com/p/30792.html

上一篇: 使用FFMpeg iOS解码相机流视频帧时出错

下一篇: 在Go openpgp中验证gpg签名