mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-09-20 13:05:57 +02:00
45341ee9ce
- We were previously using `github.com/keybase/go-crypto`, because the package for openpgp by Go itself is deprecated and no longer maintained. This library provided a maintained version of the openpgp package. However, it hasn't seen any activity for the last five years, and I would therefore consider this also unmaintained. - This patch switches the package to `github.com/ProtonMail/go-crypto` which provides a maintained version of the openpgp package and was already being used in the tests. - Adds unit tests, I've carefully checked the callstacks to ensure the OpenPGP-related code was covered under either a unit test or integration tests to avoid regression, as this can easily turn into security vulnerabilities if a regression happens here. - Small behavior update, revocations are now checked correctly instead of checking if they merely exist and the expiry time of a subkey is used if one is provided (this is just cosmetic and doesn't impact security). - One more dependency eliminated :D |
||
|---|---|---|
| .. | ||
| error.go | ||
| gpg_key.go | ||
| gpg_key_add.go | ||
| gpg_key_commit_verification.go | ||
| gpg_key_common.go | ||
| gpg_key_import.go | ||
| gpg_key_list.go | ||
| gpg_key_object_verification.go | ||
| gpg_key_tag_verification.go | ||
| gpg_key_test.go | ||
| gpg_key_verify.go | ||
| main_test.go | ||
| ssh_key.go | ||
| ssh_key_authorized_keys.go | ||
| ssh_key_authorized_principals.go | ||
| ssh_key_deploy.go | ||
| ssh_key_fingerprint.go | ||
| ssh_key_object_verification.go | ||
| ssh_key_object_verification_test.go | ||
| ssh_key_parse.go | ||
| ssh_key_principals.go | ||
| ssh_key_test.go | ||
| ssh_key_verify.go | ||