clj-pgp.signature

The functions in this namespace generate and verify PGP signatures.

sign

(sign data provider & opts)

Signs data with the given provider and options. The provider must either be coerceable into a private key or implement the SignatureProvider protocol.

  • :hash-algo digest algorithm to hash the data with
  • :key-id identifier of the desired signature key

SignatureProvider

protocol

This protocol provides a generic way to provide signature creation.

The simple approach is to use unlocked private keys directly, but this allows for more nuanced approaches such as interfacing with gpg-agent, TPMs, or other secret-holding services.

members

create-signature

(create-signature provider data opts)

Produces a PGP signature by hashing the data with a digest algorithm and encrypting the digest with a private key.

If the :key-id option is not specified, some default signing key should be used. Throws an exception if a matching key cannot be used.

verify

(verify data signature pubkey)

Verifies a PGP signature. Returns true if the data was signed by the private key matching the given public key.