[英]Verify gpg signature in Go openpgp
I'm playing with writing a Go program that downloads and verifies files. 我正在玩写一个下载和验证文件的Go程序。 I am hoping to avoid forcing the user to install gnupg (if possible).
我希望避免强迫用户安装gnupg(如果可能的话)。
Is it possible to verify a downloaded file with a gpg signature (asc file) as described here or here using Go's openpgp lib or some other Go library? 是否可以使用Go的openpgp lib或其他Go库来验证带有gpg签名(asc文件)的下载文件,如此处或此处所述?
Any examples demonstrating how to use openpgp to verify a file with an asc signature would be appreciated. 任何演示如何使用openpgp来验证具有asc签名的文件的示例都将受到赞赏。
I was able to verify a gpg signature using the following code: 我能够使用以下代码验证gpg签名:
package main
import (
"fmt"
"golang.org/x/crypto/openpgp"
"os"
)
func main() {
keyRingReader, err := os.Open("signer-pubkey.asc")
if err != nil {
fmt.Println(err)
return
}
signature, err := os.Open("signature.asc")
if err != nil {
fmt.Println(err)
return
}
verification_target, err := os.Open("mysql-5.7.9-win32.zip")
if err != nil {
fmt.Println(err)
return
}
keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
if err != nil {
fmt.Println("Read Armored Key Ring: " + err.Error())
return
}
entity, err := openpgp.CheckArmoredDetachedSignature(keyring, verification_target, signature)
if err != nil {
fmt.Println("Check Detached Signature: " + err.Error())
return
}
fmt.Println(entity)
}
Full code: https://gist.github.com/lsowen/d420a64821414cd2adfb 完整代码: https : //gist.github.com/lsowen/d420a64821414cd2adfb
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.