go-sequoia-plugin is a Go plugin wrapping OpenPGP signature operations backed by sequoia-pgp, to be used as an alternative signing mechanism for container signing.
The deliverable of this project is a Go plugin sequoia.so
, which is
a shared library module accompanying Go type information. The plugin
is implemented using sequoia-pgp through Rust FFI and then CGO.
Applications can dynamically load the plugin with
plugin.Open
. That way, it is
possible to decouple the complicated build process involving both Rust
and Go toolchain out of the application package.
- Rust toolchain
- Go toolchain
- sequoia-sq package for key manipulation
- Dependencies: capnproto, openssl-devel, sqlite3-devel, and bzip2-devel
- Run
make
ormake RELEASE=1
- Generate an OpenPGP keypair for testing, e.g.,
gpg2 --gen-key
, without passphrase - Export the secret key, with
gpg2 --export-secret-key KEYID > KEYID.pgp
- Import the secret key to sequoia-keystore, with
sq key import --cert-store=$HOME/.local/share/sequoia/certs KEYID.pgp
cd cmd/sign
go build
./sign KEYID somefile
cd cmd/verify
go build
./verify somefile.sig somefile
Apache-2.0