I've been looking through the documentation for Go's openpgp package, and I think I must be missing some obvious points. For example, there's a ReadKeyRing function, but no WriteKeyRing. I can, on the other hand, Serialize an Entity, but I have no way to read it back. What's going on here? Does anyone actually use this package?
An entity represents public+private GPG key information. The ReadKeyRing function allows you to read a list of GPG keys.
The Entity.Serialize function documentation states:
Serialize writes the public part of the given Entity to w. (No private key material will be output).
As it is only the public part of the entity, you can create a new entity with the serialized data as the public key.
A WriteKeyRing does indeed not exist. It would go through the list of entities and extract the public keys into an array.
I was also struggeling quite a lot with this - in the end I just learned it by example:
Encryption and Decryption example: https://gist.github.com/jyap808/8250124
Decryption Example: https://gist.github.com/jyap808/8250067
The thinking behind this is not made for a user, but seems to come strongly out of the actual way pgp is technically implemented.
I would suggest to generate the keys not via the package but just with a pgp command line tool.
Related
I was creating my first-ever rest API in golang with fiber and form. I wanted to create a model that had a slice of strings, but gorm does not allow me to do so. SO, the next thing I tried was to use a map, hoping that it will be easily converted to JSON and saved to my postgres instance. But the same, gorm does not support maps. So, I created another struct into which I put all the data in a not-so-elegant way, where I made a single string value for each possible string I can save, and then I embedded this struct into the other. But now the compiler's complaints that I have to save a primary key into it, and not raw json given from the request. I am a bit overwhelmed by now
If someone knows I way that I can use to save all the data I need into the way that respects my requirements (slice of string, easy to parse when I read from the database), and to finish this CRUD app, I would really be thankful for that. thank you a lot
Is it possible to mark fields as read only in a .proto file such that when the code is generated, these fields do not have setters?
Ultimately, I think the answer here will be "no". There's a good basic guidance rule that applies to DTOs:
DTOs should generally be as simple as possible to convey the data for serialization in a manner well-suited to the specific serializer.
if that basic model is sufficient for you to work with above that layer, then fine
but if not: do not fight the serializer; instead, create a separate domain model above the DTO layer, and simply map between the two models before serialization or after deserialization
Or put another way: the fact that the generator doesn't want to expose read-only members is irrelevant, because if you need something exotic, you shouldn't be using the generated type outside of the code that directly touches serialization. So: in your domain type that mirrors the DTO: make it read-only there.
As for why read-only fields aren't usually a thing in serialization tools: you presumably want to be able to give it a value. Serialization tools usually want to be able to write everything they can read, and read everything they can write.
Minor note for completeness since you mention C#: if you are using a code-first approach with protobuf-net, it'll work fine with {get;}-only auto-props, and with {get;}-only manual props if all public members trivially map to an obvious constructor.
I have a collection which has several array of objects. In one of the sub-objects there is a field called secret which has to be stored in encrypted format, the field is of type String.
What is the best way of achieving?
I don't think writing a custom writer for the entire document is feasible.
How to write a String convertor that will be only applied for this single field?
There are many answers to this questions and different approaches that depend on your actual requirements.
The first question that you want to ask is, whether MongoDB is a good place to store encrypted values at all or whether there is a better option that gives you features like rewrapping (re-encrypt), key rotation, audit logging, access control, key management, …
Another thing that comes into play is decryption: Every time you retrieve data from MongoDB, the secret is decrypted. Also, encrypting a lot of entries with the same key allows facilitates cryptanalysis so you need to ensure regular key rotation. Least, but not last, you're in charge of storing the crypto keys securely and making sure it's hard to get hold of these.
Having a dedicated data type makes it very convenient writing a with a signature of e.g. Converter<Secret, String> or Converter<Secret, Binary> as you get full control over serialization.
Alternatively, have a look at https://github.com/bolcom/spring-data-mongodb-encrypt or external crypto tools like HashiCorp Vault.
In Google reCaptcha, why two different key used e.g. Private Key and Public Key
My question is - What is the specific purpose for each keys ?
I know this is a relatively old question, but in the hope that it can still help you or someone else in the future..
Recapcha uses the standard public/private key cryptography implementation. To quote the link (Wikipedia)
..two separate keys, one of which is secret (or private) and one of
which is public. Although different, the two parts of this key pair
are mathematically linked. The public key is used to encrypt plaintext
or to verify a digital signature; whereas the private key is used to
decrypt ciphertext or to create a digital signature.
I have a scenario in which there are three parties: one user,one content provider and a proxy. The data is to be transferred between user and content provider anonymously though the proxy. I have two questions.
1. If the user has a pseudonym based on its public key, can it apply for another public key?
2. For data confidentiality between user and content provider such that proxy cannot read the transferred contents, Diffie-Hellman key exchange can be used. But can I use the public key obtained in part 1 to get the encrypted data between user and content provider?
Best Regards
Alexandera
Diffie-Hellman is a method for establishing a shared secret between two entities.
So, that's a part of secret key cryptography.
No number of public keys, unless you manage to generate the current shared secret, will get you the information shared between two parties using secret key crypto. A public key should be matched to, and used with, a private key. That's public key cryptography.
For part 1, I guess I don't understand what you want to do with the public key other than generate a pseudonym with it, I don't see why not.
Maybe I'm misunderstanding your question but I believe the answer for part 2 is no.