diff --git a/go.mod b/go.mod index b0e69654a..9eaede17a 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/Azure/azure-sdk-for-go v63.3.0+incompatible github.com/Azure/go-autorest/autorest v0.11.26 github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 + github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5 github.com/aws/aws-sdk-go v1.43.43 github.com/blang/semver v3.5.1+incompatible github.com/fatih/color v1.13.0 diff --git a/go.sum b/go.sum index 65970890a..7d988976f 100644 --- a/go.sum +++ b/go.sum @@ -95,6 +95,8 @@ github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5 h1:cSHEbLj0GZeHM1mWG84qEnGFojNEQ83W7cwaPRjcwXU= +github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -550,6 +552,7 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= diff --git a/pgp/keysource.go b/pgp/keysource.go index f025c66a2..cb901b7fc 100644 --- a/pgp/keysource.go +++ b/pgp/keysource.go @@ -1,6 +1,6 @@ /* Package pgp contains an implementation of the go.mozilla.org/sops/v3.MasterKey interface that encrypts and decrypts the -data key by first trying with the golang.org/x/crypto/openpgp package and if that fails, by calling the "gpg" binary. +data key by first trying with the github.com/ProtonMail/go-crypto/openpgp package and if that fails, by calling the "gpg" binary. */ package pgp //import "go.mozilla.org/sops/v3/pgp" @@ -11,19 +11,18 @@ import ( "io/ioutil" "net/http" "os" + "os/exec" "os/user" "path" "strings" "time" - "os/exec" - + "github.com/ProtonMail/go-crypto/openpgp" + "github.com/ProtonMail/go-crypto/openpgp/armor" "github.com/howeyc/gopass" "github.com/sirupsen/logrus" gpgagent "go.mozilla.org/gopgagent" "go.mozilla.org/sops/v3/logging" - "golang.org/x/crypto/openpgp" - "golang.org/x/crypto/openpgp/armor" ) var log *logrus.Logger @@ -171,7 +170,7 @@ func (key *MasterKey) Encrypt(dataKey []byte) error { } log.WithField("fingerprint", key.Fingerprint).Info("Encryption failed") return fmt.Errorf( - `could not encrypt data key with PGP key: golang.org/x/crypto/openpgp error: %v; GPG binary error: %v`, + `could not encrypt data key with PGP key: github.com/ProtonMail/go-crypto/openpgp error: %v; GPG binary error: %v`, openpgpErr, binaryErr) } @@ -233,7 +232,7 @@ func (key *MasterKey) Decrypt() ([]byte, error) { } log.WithField("fingerprint", key.Fingerprint).Info("Decryption failed") return nil, fmt.Errorf( - `could not decrypt data key with PGP key: golang.org/x/crypto/openpgp error: %v; GPG binary error: %v`, + `could not decrypt data key with PGP key: github.com/ProtonMail/go-crypto/openpgp error: %v; GPG binary error: %v`, openpgpErr, binaryErr) }