tenseleyflow/shithub / 04e0987

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package gpgkey

+

+import (

+	"errors"

+	"fmt"

+)

+

+// MinRSABits is the smallest accepted modulus length for OpenPGP RSA keys.

+const MinRSABits = 2048

+

+// MaxKeysPerUser bounds DB rows per user. Mirrors the SSH key cap.

+const MaxKeysPerUser = 100

+

+// Sentinel errors. The settings handler surfaces these verbatim as flash

+// messages, so each one is a self-contained one-line description from the

+// user's perspective.

+var (

+	// ErrPrivateKeyBlock fires when the uploaded armor is a private key

+	// block (BEGIN PGP PRIVATE KEY BLOCK). We never accept private

+	// material — the user almost certainly meant to upload the public

+	// half.

+	ErrPrivateKeyBlock = errors.New("gpgkey: that looks like a private key — please upload your public key (gpg --armor --export <id>)")

+

+	// ErrSignatureBlock fires when the uploaded armor is a detached

+	// signature (BEGIN PGP SIGNATURE).

+	ErrSignatureBlock = errors.New("gpgkey: that looks like a signature, not a public key")

+

+	// ErrUnparseable covers any other parse failure from the openpgp

+	// library. We deliberately don't surface library-internal error

+	// messages here; the user typically just needs to know it didn't

+	// parse and to try again.

+	ErrUnparseable = errors.New("gpgkey: could not parse key — please paste a public key armored block starting with -----BEGIN PGP PUBLIC KEY BLOCK-----")

+

+	// ErrNoIdentities fires for entities with zero UIDs. OpenPGP

+	// theoretically allows this but no real-world keyring would produce

+	// one; reject so the rest of the pipeline can assume at least one

+	// uid.

+	ErrNoIdentities = errors.New("gpgkey: key has no user IDs")

+

+	// ErrExpired fires for primary keys that are already expired at

+	// upload time. Past commits signed by the key remain verifiable

+	// (S52 territory); uploading a brand-new expired key has no

+	// consumer.

+	ErrExpired = errors.New("gpgkey: this key has expired")

+

+	// ErrUnsupportedAlgo gates DSA and Elgamal-only entities (neither

+	// has a sensible signing path on modern git workflows).

+	ErrUnsupportedAlgo = errors.New("gpgkey: unsupported key algorithm (accepted: ed25519, ecdsa-nistp256/384/521, RSA ≥ 2048)")

+

+	// ErrRSATooShort fires for RSA primary keys under MinRSABits.

+	ErrRSATooShort = fmt.Errorf("gpgkey: RSA keys must be at least %d bits", MinRSABits)

+

+	// ErrMultipleEntities fires when the armor contains more than one

+	// entity (key + key, vs key + subkeys-which-are-fine). We accept

+	// exactly one primary per upload.

+	ErrMultipleEntities = errors.New("gpgkey: please upload one public key at a time")

+

+	// ErrNameTooLong gates the optional user-given title.

+	ErrNameTooLong = errors.New("gpgkey: name may be at most 80 characters")

+

+	// ErrNameControl gates control characters in the name field.

+	ErrNameControl = errors.New("gpgkey: name contains control characters")

+)

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package gpgkey wraps OpenPGP public-key parsing, validation, and

+// fingerprinting. Every settings handler, REST endpoint, and future

+// import path that accepts user-supplied PGP keys goes through Parse

+// so the algorithm whitelist + capability extraction lives in exactly

+// one place.

+//

+// shithub mirrors GitHub's /user/gpg_keys response shape; the Parsed

+// type carries all the fields that response needs so callers don't

+// re-parse the armored block on read. Verification (S51 sub-PR 2) and

+// rendering (S51 sub-PR 5) consume the same Parsed type via the sqlc

+// row mapping.

+package gpgkey

+

+import (

+	"encoding/hex"

+	"fmt"

+	"strings"

+	"time"

+

+	"github.com/ProtonMail/go-crypto/openpgp"

+	"github.com/ProtonMail/go-crypto/openpgp/armor"

+	"github.com/ProtonMail/go-crypto/openpgp/packet"

+)

+

+// Armor block type constants per RFC 4880 §6.2.

+const (

+	armorTypePublicKey  = "PGP PUBLIC KEY BLOCK"

+	armorTypePrivateKey = "PGP PRIVATE KEY BLOCK"

+	armorTypeSignature  = "PGP SIGNATURE"

+)

+

+// Parsed is the validated, ready-to-store representation of a user-

+// supplied PGP public key. Mirrors the gh /user/gpg_keys response

+// shape; the sqlc Insert path consumes this struct directly.

+type Parsed struct {

+	// Name is the optional user-given title (gh's "name" field).

+	// Blank string when the user omitted it.

+	Name string

+

+	// Fingerprint is the canonical lowercase 40-hex SHA-1 fingerprint

+	// of the primary public key packet.

+	Fingerprint string

+

+	// KeyID is the lower 64 bits of the fingerprint, lowercase hex

+	// (16 chars). Stored denormalized for log-line lookups.

+	KeyID string

+

+	// Armored is the ASCII-armored block exactly as uploaded, round-

+	// trippable. Stored verbatim so the REST `public_key` / `raw_key`

+	// fields can be served without re-armoring.

+	Armored string

+

+	// Primary-key capability flags decoded from the primary identity's

+	// self-signature. Split per RFC 4880 §5.2.3.21 to match gh's

+	// can_encrypt_comms / can_encrypt_storage shape.

+	CanSign           bool

+	CanEncryptComms   bool

+	CanEncryptStorage bool

+	CanCertify        bool

+	CanAuthenticate   bool

+

+	// UIDs are the email addresses parsed from the entity's

+	// identities. May be empty strings for identities without an email

+	// component (gh tolerates these; we surface them as "" entries).

+	UIDs []string

+

+	// Subkeys is the per-subkey metadata used both for the user_gpg_

+	// subkeys table inserts and for the REST nested-subkeys response

+	// shape.

+	Subkeys []ParsedSubkey

+

+	// PrimaryAlgo is a short ASCII description like "ed25519" or

+	// "rsa4096". For UI display only.

+	PrimaryAlgo string

+

+	// ExpiresAt is the primary key's expiration timestamp, nil for

+	// keys that never expire.

+	ExpiresAt *time.Time

+}

+

+// ParsedSubkey carries per-subkey metadata for the user_gpg_subkeys

+// table + REST response.

+type ParsedSubkey struct {

+	Fingerprint       string

+	KeyID             string

+	CanSign           bool

+	CanEncryptComms   bool

+	CanEncryptStorage bool

+	CanCertify        bool

+	ExpiresAt         *time.Time

+}

+

+// Parse validates a user-supplied armored OpenPGP public-key block.

+// Returns ErrPrivateKeyBlock / ErrSignatureBlock when the user pasted

+// the wrong block type; ErrUnparseable for any other parse failure;

+// the algorithm / expiry / no-uids errors as appropriate; or *Parsed

+// on success.

+//

+// Encryption-only keys (no signing capability on the primary or any

+// subkey) are ACCEPTED — gh parity. Surface can_sign=false in the

+// REST response; clients can filter on the flag.

+func Parse(name, armored string) (*Parsed, error) {

+	trimmedName := strings.TrimSpace(name)

+	if len(trimmedName) > 80 {

+		return nil, ErrNameTooLong

+	}

+	if hasControlChars(trimmedName) {

+		return nil, ErrNameControl

+	}

+

+	// Peek at the armor block type so we can produce a precise error

+	// for the private-key / signature mistakes (the most common user

+	// errors). openpgp.ReadArmoredKeyRing rejects both with a generic

+	// "no public keys found" error otherwise.

+	armored = strings.TrimLeft(armored, "\r\n\t ")

+	block, err := armor.Decode(strings.NewReader(armored))

+	if err != nil {

+		return nil, ErrUnparseable

+	}

+	switch block.Type {

+	case armorTypePublicKey:

+		// OK; parse as a key block.

+	case armorTypePrivateKey:

+		return nil, ErrPrivateKeyBlock

+	case armorTypeSignature:

+		return nil, ErrSignatureBlock

+	default:

+		return nil, ErrUnparseable

+	}

+

+	// We've consumed the armor reader above. Reparse from the original

+	// string via ReadArmoredKeyRing so we get a populated EntityList

+	// without re-implementing the packet walker.

+	entities, err := openpgp.ReadArmoredKeyRing(strings.NewReader(armored))

+	if err != nil || len(entities) == 0 {

+		return nil, ErrUnparseable

+	}

+	if len(entities) > 1 {

+		return nil, ErrMultipleEntities

+	}

+	e := entities[0]

+

+	if e.PrimaryKey == nil {

+		return nil, ErrUnparseable

+	}

+	if len(e.Identities) == 0 {

+		return nil, ErrNoIdentities

+	}

+

+	primaryAlgo, ok := algoLabel(e.PrimaryKey)

+	if !ok {

+		return nil, ErrUnsupportedAlgo

+	}

+	if e.PrimaryKey.PubKeyAlgo == packet.PubKeyAlgoRSA ||

+		e.PrimaryKey.PubKeyAlgo == packet.PubKeyAlgoRSASignOnly ||

+		e.PrimaryKey.PubKeyAlgo == packet.PubKeyAlgoRSAEncryptOnly {

+		bits, err := e.PrimaryKey.BitLength()

+		if err != nil {

+			return nil, ErrUnparseable

+		}

+		if int(bits) < MinRSABits {

+			return nil, ErrRSATooShort

+		}

+	}

+

+	primaryID := e.PrimaryIdentity()

+	if primaryID == nil || primaryID.SelfSignature == nil {

+		return nil, ErrUnparseable

+	}

+

+	// Expiry: a primary's KeyLifetimeSecs lives on the primary

+	// identity's self-signature. nil => never expires.

+	primaryExpires := keyExpiry(e.PrimaryKey.CreationTime, primaryID.SelfSignature.KeyLifetimeSecs)

+	if primaryExpires != nil && primaryExpires.Before(time.Now()) {

+		return nil, ErrExpired

+	}

+

+	// Capability flags decoded from the primary self-sig. When the

+	// flags subpacket is absent (some very old keys), the boolean

+	// fields on the signature default to false — gh interprets the

+	// same way so we don't need to special-case.

+	canSign, canEncComms, canEncStorage, canCertify, canAuth := capabilityFlags(primaryID.SelfSignature)

+

+	parsed := &Parsed{

+		Name:              trimmedName,

+		Fingerprint:       hex.EncodeToString(e.PrimaryKey.Fingerprint),

+		KeyID:             fmt.Sprintf("%016x", e.PrimaryKey.KeyId),

+		Armored:           strings.TrimRight(armored, "\r\n\t ") + "\n",

+		CanSign:           canSign,

+		CanEncryptComms:   canEncComms,

+		CanEncryptStorage: canEncStorage,

+		CanCertify:        canCertify,

+		CanAuthenticate:   canAuth,

+		PrimaryAlgo:       primaryAlgo,

+		ExpiresAt:         primaryExpires,

+	}

+

+	for uidKey := range e.Identities {

+		email := e.Identities[uidKey].UserId.Email

+		parsed.UIDs = append(parsed.UIDs, email)

+	}

+	if parsed.UIDs == nil {

+		parsed.UIDs = []string{}

+	}

+

+	for i := range e.Subkeys {

+		sk := &e.Subkeys[i]

+		if sk.PublicKey == nil || sk.Sig == nil {

+			continue

+		}

+		skCanSign, skCanEncComms, skCanEncStorage, skCanCertify, _ := capabilityFlags(sk.Sig)

+		parsed.Subkeys = append(parsed.Subkeys, ParsedSubkey{

+			Fingerprint:       hex.EncodeToString(sk.PublicKey.Fingerprint),

+			KeyID:             fmt.Sprintf("%016x", sk.PublicKey.KeyId),

+			CanSign:           skCanSign,

+			CanEncryptComms:   skCanEncComms,

+			CanEncryptStorage: skCanEncStorage,

+			CanCertify:        skCanCertify,

+			ExpiresAt:         keyExpiry(sk.PublicKey.CreationTime, sk.Sig.KeyLifetimeSecs),

+		})

+	}

+	if parsed.Subkeys == nil {

+		parsed.Subkeys = []ParsedSubkey{}

+	}

+

+	return parsed, nil

+}

+

+// algoLabel returns a short UI-friendly label for the key algorithm.

+// Returns (label, true) when the algorithm is accepted; ("", false)

+// to reject (DSA, Elgamal-only).

+func algoLabel(pk *packet.PublicKey) (string, bool) {

+	switch pk.PubKeyAlgo {

+	case packet.PubKeyAlgoRSA, packet.PubKeyAlgoRSASignOnly, packet.PubKeyAlgoRSAEncryptOnly:

+		bits, _ := pk.BitLength()

+		return fmt.Sprintf("rsa%d", bits), true

+	case packet.PubKeyAlgoEdDSA:

+		return "ed25519", true

+	case packet.PubKeyAlgoECDSA:

+		return "ecdsa", true

+	case packet.PubKeyAlgoECDH:

+		// Encryption-capable elliptic. Accept; surface honestly.

+		return "ecdh", true

+	case packet.PubKeyAlgoDSA:

+		return "", false

+	case packet.PubKeyAlgoElGamal:

+		return "", false

+	}

+	return "", false

+}

+

+// capabilityFlags decodes the can_sign / can_encrypt_* / can_certify /

+// can_authenticate flags from a self-signature or subkey-binding

+// signature. The ProtonMail/go-crypto package surfaces these as

+// individual booleans on the Signature struct.

+func capabilityFlags(sig *packet.Signature) (canSign, canEncComms, canEncStorage, canCertify, canAuth bool) {

+	if sig == nil {

+		return

+	}

+	// When FlagsValid is false the flag subpacket was absent. RFC 4880

+	// then says implementations should infer capabilities from the key

+	// algorithm; we follow gh's behavior of treating absent flags as

+	// "no explicit capabilities asserted" and surfacing all false.

+	if !sig.FlagsValid {

+		return

+	}

+	return sig.FlagSign, sig.FlagEncryptCommunications, sig.FlagEncryptStorage, sig.FlagCertify, sig.FlagAuthenticate

+}

+

+// keyExpiry computes an absolute expiration time from a creation time

+// plus an optional lifetime-in-seconds (the self-sig subpacket).

+// Returns nil for keys that never expire.

+func keyExpiry(creation time.Time, lifetimeSecs *uint32) *time.Time {

+	if lifetimeSecs == nil || *lifetimeSecs == 0 {

+		return nil

+	}

+	t := creation.Add(time.Duration(*lifetimeSecs) * time.Second)

+	return &t

+}

+

+func hasControlChars(s string) bool {

+	for _, r := range s {

+		if r < 0x20 || r == 0x7f {

+			return true

+		}

+	}

+	return false

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package gpgkey

+

+import (

+	"bytes"

+	"errors"

+	"strings"

+	"testing"

+	"time"

+

+	"github.com/ProtonMail/go-crypto/openpgp"

+	"github.com/ProtonMail/go-crypto/openpgp/armor"

+	"github.com/ProtonMail/go-crypto/openpgp/packet"

+)

+

+// ─── fixture helpers ────────────────────────────────────────────────

+//

+// We synthesize all test fixtures in-memory via ProtonMail/go-crypto

+// rather than shipping committed .asc files. Tests then exercise the

+// real codec end-to-end (serialize → parse → assert) without depending

+// on a system gpg binary.

+

+// newEd25519 returns a freshly-generated ed25519 entity with a single

+// UID. ProtonMail's nil-config default is RSA-2048; we have to ask

+// for EdDSA explicitly.

+func newEd25519(t *testing.T, email string) *openpgp.Entity {

+	t.Helper()

+	e, err := openpgp.NewEntity("shithub-test", "", email, &packet.Config{

+		Algorithm: packet.PubKeyAlgoEdDSA,

+	})

+	if err != nil {

+		t.Fatalf("NewEntity ed25519: %v", err)

+	}

+	return e

+}

+

+// newRSA returns an RSA entity at the requested bit size.

+func newRSA(t *testing.T, email string, bits int) *openpgp.Entity {

+	t.Helper()

+	e, err := openpgp.NewEntity("shithub-test", "", email, &packet.Config{

+		Algorithm: packet.PubKeyAlgoRSA,

+		RSABits:   bits,

+	})

+	if err != nil {

+		t.Fatalf("NewEntity rsa%d: %v", bits, err)

+	}

+	return e

+}

+

+// armoredPublic serializes an entity's public-key block as ASCII armor.

+func armoredPublic(t *testing.T, e *openpgp.Entity) string {

+	t.Helper()

+	var buf bytes.Buffer

+	w, err := armor.Encode(&buf, "PGP PUBLIC KEY BLOCK", nil)

+	if err != nil {

+		t.Fatalf("armor.Encode: %v", err)

+	}

+	if err := e.Serialize(w); err != nil {

+		t.Fatalf("entity.Serialize: %v", err)

+	}

+	if err := w.Close(); err != nil {

+		t.Fatalf("armor close: %v", err)

+	}

+	return buf.String()

+}

+

+// armoredPrivate serializes the SECRET key block — the "user uploaded

+// their private key by mistake" fixture.

+func armoredPrivate(t *testing.T, e *openpgp.Entity) string {

+	t.Helper()

+	var buf bytes.Buffer

+	w, err := armor.Encode(&buf, "PGP PRIVATE KEY BLOCK", nil)

+	if err != nil {

+		t.Fatalf("armor.Encode private: %v", err)

+	}

+	if err := e.SerializePrivate(w, nil); err != nil {

+		t.Fatalf("entity.SerializePrivate: %v", err)

+	}

+	if err := w.Close(); err != nil {

+		t.Fatalf("armor close: %v", err)

+	}

+	return buf.String()

+}

+

+// armoredDetachedSig returns an armored detached signature over a

+// small payload — the "user uploaded a signature by mistake" fixture.

+func armoredDetachedSig(t *testing.T, e *openpgp.Entity) string {

+	t.Helper()

+	var buf bytes.Buffer

+	w, err := armor.Encode(&buf, "PGP SIGNATURE", nil)

+	if err != nil {

+		t.Fatalf("armor.Encode sig: %v", err)

+	}

+	if err := openpgp.DetachSign(w, e, strings.NewReader("hello"), nil); err != nil {

+		t.Fatalf("DetachSign: %v", err)

+	}

+	if err := w.Close(); err != nil {

+		t.Fatalf("armor close: %v", err)

+	}

+	return buf.String()

+}

+

+// ─── happy-path tests ───────────────────────────────────────────────

+

+func TestParse_Ed25519(t *testing.T) {

+	e := newEd25519(t, "alice@shithub.test")

+	armored := armoredPublic(t, e)

+

+	got, err := Parse("My laptop", armored)

+	if err != nil {

+		t.Fatalf("Parse: %v", err)

+	}

+

+	if got.Name != "My laptop" {

+		t.Errorf("Name: got %q, want %q", got.Name, "My laptop")

+	}

+	if len(got.Fingerprint) != 40 {

+		t.Errorf("Fingerprint length: got %d, want 40", len(got.Fingerprint))

+	}

+	if !isHex(got.Fingerprint) {

+		t.Errorf("Fingerprint not hex: %q", got.Fingerprint)

+	}

+	if len(got.KeyID) != 16 || !isHex(got.KeyID) {

+		t.Errorf("KeyID malformed: %q", got.KeyID)

+	}

+	if !strings.HasSuffix(got.Fingerprint, got.KeyID) {

+		t.Errorf("KeyID should be lower 16 of fingerprint: fp=%s key_id=%s", got.Fingerprint, got.KeyID)

+	}

+	if got.PrimaryAlgo != "ed25519" {

+		t.Errorf("PrimaryAlgo: got %q, want ed25519", got.PrimaryAlgo)

+	}

+	if !got.CanSign {

+		t.Error("expected CanSign=true for default ed25519 primary")

+	}

+	if !got.CanCertify {

+		t.Error("expected CanCertify=true for default ed25519 primary")

+	}

+	if got.ExpiresAt != nil {

+		t.Errorf("expected ExpiresAt=nil for default no-expiry key; got %v", got.ExpiresAt)

+	}

+	if len(got.UIDs) != 1 || got.UIDs[0] != "alice@shithub.test" {

+		t.Errorf("UIDs: got %v, want [alice@shithub.test]", got.UIDs)

+	}

+	// Default openpgp.NewEntity creates one encryption subkey.

+	if len(got.Subkeys) < 1 {

+		t.Errorf("expected at least one subkey; got %d", len(got.Subkeys))

+	}

+}

+

+func TestParse_RSA4096(t *testing.T) {

+	e := newRSA(t, "bob@shithub.test", 4096)

+	armored := armoredPublic(t, e)

+	got, err := Parse("", armored)

+	if err != nil {

+		t.Fatalf("Parse: %v", err)

+	}

+	if got.PrimaryAlgo != "rsa4096" {

+		t.Errorf("PrimaryAlgo: got %q, want rsa4096", got.PrimaryAlgo)

+	}

+	if !got.CanSign || !got.CanCertify {

+		t.Errorf("expected sign+certify on RSA primary; got sign=%t certify=%t", got.CanSign, got.CanCertify)

+	}

+}

+

+func TestParse_EncryptOnly_Accepted(t *testing.T) {

+	// Build an entity, then strip its primary's sign+certify flags so

+	// it's encrypt-only. Re-issue the self-signature so the modified

+	// flags persist through Serialize.

+	e := newRSA(t, "encryptonly@shithub.test", 2048)

+	for _, id := range e.Identities {

+		id.SelfSignature.FlagSign = false

+		id.SelfSignature.FlagCertify = false

+		id.SelfSignature.FlagEncryptCommunications = true

+		id.SelfSignature.FlagEncryptStorage = true

+		// Re-sign with the modified flags.

+		if err := id.SelfSignature.SignUserId(id.UserId.Id, e.PrimaryKey, e.PrivateKey, nil); err != nil {

+			t.Fatalf("re-sign identity: %v", err)

+		}

+	}

+	armored := armoredPublic(t, e)

+

+	got, err := Parse("encryption only key", armored)

+	if err != nil {

+		t.Fatalf("Parse should accept encryption-only keys (gh parity); got: %v", err)

+	}

+	if got.CanSign {

+		t.Error("CanSign: got true, want false on encryption-only primary")

+	}

+	if !got.CanEncryptComms && !got.CanEncryptStorage {

+		t.Error("expected at least one encrypt-* flag true")

+	}

+}

+

+func TestParse_MultiSubkey(t *testing.T) {

+	e := newEd25519(t, "multi@shithub.test")

+	// Add an extra signing subkey. ProtonMail/go-crypto's AddSigningSubkey

+	// requires a Config to specify the algorithm.

+	if err := e.AddSigningSubkey(nil); err != nil {

+		t.Fatalf("AddSigningSubkey: %v", err)

+	}

+	armored := armoredPublic(t, e)

+	got, err := Parse("", armored)

+	if err != nil {

+		t.Fatalf("Parse: %v", err)

+	}

+	if len(got.Subkeys) < 2 {

+		t.Errorf("expected >=2 subkeys (one encryption from default, one we added); got %d", len(got.Subkeys))

+	}

+	// At least one subkey should have can_sign.

+	anySigning := false

+	for _, sk := range got.Subkeys {

+		if sk.CanSign {

+			anySigning = true

+			break

+		}

+	}

+	if !anySigning {

+		t.Error("expected at least one signing subkey")

+	}

+}

+

+// ─── rejection tests ────────────────────────────────────────────────

+

+func TestParse_PrivateKeyBlock(t *testing.T) {

+	e := newEd25519(t, "private@shithub.test")

+	armored := armoredPrivate(t, e)

+	_, err := Parse("", armored)

+	if !errors.Is(err, ErrPrivateKeyBlock) {

+		t.Errorf("err: got %v, want ErrPrivateKeyBlock", err)

+	}

+}

+

+func TestParse_SignatureBlock(t *testing.T) {

+	e := newEd25519(t, "sig@shithub.test")

+	armored := armoredDetachedSig(t, e)

+	_, err := Parse("", armored)

+	if !errors.Is(err, ErrSignatureBlock) {

+		t.Errorf("err: got %v, want ErrSignatureBlock", err)

+	}

+}

+

+func TestParse_Expired(t *testing.T) {

+	// Create an entity with a backdated creation time + a short lifetime

+	// so the key is already expired by `time.Now()`.

+	past := time.Now().Add(-48 * time.Hour)

+	cfg := &packet.Config{

+		Time: func() time.Time { return past },

+	}

+	e, err := openpgp.NewEntity("shithub-expired", "", "expired@shithub.test", cfg)

+	if err != nil {

+		t.Fatalf("NewEntity: %v", err)

+	}

+	// 1-hour lifetime from "past" → expired ~47 hours ago.

+	oneHour := uint32(3600)

+	for _, id := range e.Identities {

+		id.SelfSignature.KeyLifetimeSecs = &oneHour

+		if err := id.SelfSignature.SignUserId(id.UserId.Id, e.PrimaryKey, e.PrivateKey, cfg); err != nil {

+			t.Fatalf("re-sign for expiry: %v", err)

+		}

+	}

+	armored := armoredPublic(t, e)

+	_, err = Parse("", armored)

+	if !errors.Is(err, ErrExpired) {

+		t.Errorf("err: got %v, want ErrExpired", err)

+	}

+}

+

+func TestParse_RSATooShort(t *testing.T) {

+	e := newRSA(t, "short@shithub.test", 1024)

+	armored := armoredPublic(t, e)

+	_, err := Parse("", armored)

+	if !errors.Is(err, ErrRSATooShort) {

+		t.Errorf("err: got %v, want ErrRSATooShort", err)

+	}

+}

+

+func TestParse_Garbage(t *testing.T) {

+	_, err := Parse("", "not a key at all, just garbage")

+	if !errors.Is(err, ErrUnparseable) {

+		t.Errorf("err: got %v, want ErrUnparseable", err)

+	}

+}

+

+func TestParse_Empty(t *testing.T) {

+	_, err := Parse("", "")

+	if !errors.Is(err, ErrUnparseable) {

+		t.Errorf("err: got %v, want ErrUnparseable", err)

+	}

+}

+

+func TestParse_LeadingWhitespaceTolerated(t *testing.T) {

+	e := newEd25519(t, "ws@shithub.test")

+	armored := "\n\n  \t" + armoredPublic(t, e)

+	if _, err := Parse("", armored); err != nil {

+		t.Errorf("Parse should trim leading whitespace; got %v", err)

+	}

+}

+

+// ─── name-validation tests ──────────────────────────────────────────

+

+func TestParse_NameTooLong(t *testing.T) {

+	e := newEd25519(t, "n@shithub.test")

+	armored := armoredPublic(t, e)

+	long := strings.Repeat("x", 81)

+	_, err := Parse(long, armored)

+	if !errors.Is(err, ErrNameTooLong) {

+		t.Errorf("err: got %v, want ErrNameTooLong", err)

+	}

+}

+

+func TestParse_NameControlChars(t *testing.T) {

+	e := newEd25519(t, "n@shithub.test")

+	armored := armoredPublic(t, e)

+	_, err := Parse("bad\x00name", armored)

+	if !errors.Is(err, ErrNameControl) {

+		t.Errorf("err: got %v, want ErrNameControl", err)

+	}

+}

+

+// ─── helpers ────────────────────────────────────────────────────────

+

+func isHex(s string) bool {

+	for _, r := range s {

+		switch {

+		case r >= '0' && r <= '9':

+		case r >= 'a' && r <= 'f':

+		default:

+			return false

+		}

+	}

+	return true

+}

+# gpgkey testdata

+

+This directory exists for future committed fixtures (real-world

+`gpg`-produced ASCII-armored blocks that might be useful as

+regression-test inputs). It is **empty by default**.

+

+The current `parse_test.go` synthesizes its fixtures in-memory via

+`github.com/ProtonMail/go-crypto/openpgp` so:

+

+- Tests run without `gpg` installed (CI portability).

+- Fixtures are deterministic (no time-bomb expiry races).

+- The `private` and `signature` armor-block fixtures don't have to

+  be committed as files (they're constructed on demand from synthesized

+  entities).

+

+If a future bug surfaces from a specific real-world key shape, drop the

+producing key here as `<shape>.asc` and reference it from

+`parse_test.go` via `os.ReadFile`. Keep keys throwaway; never commit

+material from a real user.

+-----BEGIN PGP PUBLIC KEY BLOCK-----

+

+mDMEagPLfhYJKwYBBAHaRw8BAQdAVj/hc1vXftWBoMvUEPwB2oI4Vd51xiEd2jtL

+btgy0i20K3NoaXRodWItdGVzdC1lZDI1NTE5IDxlZDI1NTE5QHNoaXRodWIudGVz

+dD6IrwQTFgoAVxYhBCswJYfZ3oj3rIq6s8U8DyTWGhWlBQJqA8t+GxSAAAAAAAQA

+Dm1hbnUyLDIuNSsxLjEyLDAsMwIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIX

+gAAKCRDFPA8k1hoVpQSyAQCJ1WMxpz6fV1sBUNfbY5RpZZOSC+btOm0pFNROLBTu

+PgEAwu6vV5F8/YghPGWmO3yyVkPWpoPUeMeV4xTvY7+0xQm4OARqA8t+EgorBgEE

+AZdVAQUBAQdAKn8usSXuiOSST+96jvzEJP0ihW5Nc7voTI4vuCqMgE4DAQgHiJQE

+GBYKADwWIQQrMCWH2d6I96yKurPFPA8k1hoVpQUCagPLfhsUgAAAAAAEAA5tYW51

+MiwyLjUrMS4xMiwwLDMCGwwACgkQxTwPJNYaFaWwrwD/YqZPs31x20o2GhRw55n2

+TnuhizfSzrSYDHtQdQbGJKAA/j5aIqbfo2PezrW06ZzX2X4AhigSh3IuhIrBYFh9

+DWsI

+=FcHX

+-----END PGP PUBLIC KEY BLOCK-----

+-----BEGIN PGP PUBLIC KEY BLOCK-----

+

+mQINBGoDy34BEACktKtAYW2Zajz0BnHRNcrdCb2oAP9cDxlBrdY/CpQi/81m2CAX

+GE/NvopEMUgtaPiNX6JymNxvwumVqpT3V37bbX3h0rYPRzt4TJfuASleMRsoBjSe

+KRXOZdlqxp8YB9HObcqi8U+tB7WpktI1rx/XJP5d38Ac+wBJSxPzjo97XchpgeiK

+rRps49BI2Jz7ibH0pjsBUqboSTV6sYbMOOXD2FajGvQTIqgQ7eTpQKAW3F0/dvIW

+wOAegfXi+gTh5veSsNFxx+uVo5WSVDM6jkH2FMV9s4gMtOXBurGemunRpw9qSoeS

+0s7wXgKUhdcANEGApM8CxGKqatWs3zye/oyA2ClVwc7Jayyv+HRlIKW40ool42jL

+i/r7hX7aVbKh88TFK687Yc1ekj54nWF0ETvjgbNGZdlnYaOVwpDZHIpgLuA7ewCa

+Ec5/EsUx4xANcoScLodXo+HilRDhVd8r+DgSceKKN9L0YgrZShrUxsndusoHUYin

+U+a4IAPAbQVpc8BpyAcSKNaMuuQdiAEOXssj78hSU2A7qvBxrQyMvpSil3F/pHAe

+98bn7cHuqgHi3NwhMGNkR17nOKd4LkgjL40fjdiXqYyTI7FBNShhaZRL8vl3tShw

+Iw9ctIcFzMUKYmwYIR41tly+HJ023ADaQQCWBgXhN5ZBg6ErkRqbl1EtaQARAQAB

+tCNzaGl0aHViLXRlc3QtcnNhIDxyc2FAc2hpdGh1Yi50ZXN0PokCbQQTAQgAVxYh

+BP28SI2aLcvPiEd2b+jLR2GotNCDBQJqA8t+GxSAAAAAAAQADm1hbnUyLDIuNSsx

+LjEyLDAsMwIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRDoy0dhqLTQ

+g+hzD/9+oGz9Vdu2H4DCj+n9liJ/lPs53OeVU0P9CD+ghlUiE2OtgXj2jzHYySKR

+XJtcyypphhuobWUSSHZhoYlFc/XiJeMrnbhWB9gIbV5+UCnjucS8ycVIN9n/s2b7

+vBdT3BkOmq0qJDmFKoolR4vwtyO3ZDbEThB2UfWhBvC7QZ+yjBiqLHxQ7xQvqJJH

+a0LTTPMotsBLOWQUFxLLo66KYYwlrwj/YvR/V4COm7q2hs7jPYS4WUpD2wQ3b986

+JLqOELKNAn1ZxFhPzGW+CqiAzPmeBDr/tltGp+/MdHjvaJy6Mtr2kWNLfgjRwYkY

+FK6Z1z4An2Lf+IvnQgaaVa4C5AiPWCWBcMCvwBy+Sp3gN+0kHc2YTS6Bd9A6pMMR

+mrCGZoX6CK8L8iIIxg90OB85ThPlXXnl7ENcgWNJAkQiEwA7/U+nAzKOMWxPvrpz

+WTVcHiHpg7YSuuEBNss3Lu1oVx6LVh89jCuffkYMvHnXd3xTOUznCxUwBsVs25JO

+fAS3OsYF9htSyiDQwzFQ6ebAwqtFIjiBEMraSMOodhyklyxFDP+yFPjaefxFI0KK

+b7QZkMgw1FkrYwsVeTU6CXtER+k+i2qEsuq+xjirgs6d4T25p1ZKTv3JJP0cv7vs

+W7WYe1ZElP6M2qZwyrmXFvZ0mLSh5XDLnuD5Zt9XmVC7ojEvZA==

+=1tm2

+-----END PGP PUBLIC KEY BLOCK-----