Release gopenpgp v2.10.0

.github/workflows/go.yml

@@ -28,9 +28,9 @@ jobs:
     steps:
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23'
       - uses: actions/checkout@v4
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.54.2
+          version: v1.64.5

.github/workflows/ios.yml

@@ -12,10 +12,10 @@ jobs:
     runs-on: macos-latest
 
     steps:
-      - name: Set up xcode 14.3
+      - name: Set up xcode 16.0
         uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: 15.3.0
+          xcode-version: 16.0.0
         id: xcode
 
       - name: Set up Go 1.x

.golangci.yml

@@ -20,6 +20,11 @@ issues:
     - ST1003  # CamelCase variables; see constants/cipher.go
     - "SA1019: rsaPriv.Precomputed" # we don't use them but only clear them
     - "G101: Potential hardcoded credentials"
+    - "G115: integer overflow conversion int64 -> uint32"
+    - "Magic number:"
+    - param max has same name as predeclared identifier
+    - the methods of "SignatureCollector" use pointer receiver and non-pointer receiver
+    - the methods of "Callbacks" use pointer receiver and non-pointer receiver.
 
 linters:
   enable-all: true

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.10.0] 2026-03-18
+### Changed
+- Update go-crypto to `1.4.1`.
+- Fix linter issues.
+
 ## [2.9.0] 2025-05-23
 ### Changed
 - Update go-crypto to `1.3.0`.

constants/armor.go

@@ -3,7 +3,7 @@ package constants
 
 // Constants for armored data.
 const (
-	ArmorHeaderVersion = "GopenPGP 2.9.0"
+	ArmorHeaderVersion = "GopenPGP 2.10.0"
 	ArmorHeaderComment = "https://gopenpgp.org"
 	PGPMessageHeader   = "PGP MESSAGE"
 	PGPSignatureHeader = "PGP SIGNATURE"

constants/version.go

@@ -1,3 +1,3 @@
 package constants
 
-const Version = "2.9.0"
+const Version = "2.10.0"

crypto/key_test.go

@@ -204,8 +204,8 @@ func ExampleKey_PrintFingerprints() {
 }
 
 func TestIsExpired(t *testing.T) {
-	assert.Exactly(t, false, keyTestRSA.IsExpired())
-	assert.Exactly(t, false, keyTestEC.IsExpired())
+	assert.False(t, keyTestRSA.IsExpired())
+	assert.False(t, keyTestEC.IsExpired())
 
 	expiredKey, err := NewKeyFromArmored(readTestFile("key_expiredKey", false))
 	if err != nil {
@@ -217,8 +217,8 @@ func TestIsExpired(t *testing.T) {
 		t.Fatal("Cannot unarmor future key:", err)
 	}
 
-	assert.Exactly(t, true, expiredKey.IsExpired())
-	assert.Exactly(t, true, futureKey.IsExpired())
+	assert.True(t, expiredKey.IsExpired())
+	assert.True(t, futureKey.IsExpired())
 }
 
 func TestGenerateKeyWithPrimes(t *testing.T) {

crypto/keyring_test.go

@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/ProtonMail/go-crypto/openpgp/ecdh"
 	"github.com/ProtonMail/go-crypto/openpgp/eddsa"
@@ -124,11 +125,11 @@ func TestKeyIds(t *testing.T) {
 }
 
 func TestMultipleKeyRing(t *testing.T) {
-	assert.Exactly(t, 3, len(keyRingTestMultiple.entities))
+	assert.Len(t, keyRingTestMultiple.entities, 3)
 	assert.Exactly(t, 3, keyRingTestMultiple.CountEntities())
 	assert.Exactly(t, 3, keyRingTestMultiple.CountDecryptionEntities())
 
-	assert.Exactly(t, 3, len(keyRingTestMultiple.GetKeys()))
+	assert.Len(t, keyRingTestMultiple.GetKeys(), 3)
 
 	testKey, err := keyRingTestMultiple.GetKey(1)
 	if err != nil {
@@ -137,28 +138,28 @@ func TestMultipleKeyRing(t *testing.T) {
 	assert.Exactly(t, keyTestEC, testKey)
 
 	_, err = keyRingTestMultiple.GetKey(3)
-	assert.NotNil(t, err)
+	require.Error(t, err)
 
 	singleKeyRing, err := keyRingTestMultiple.FirstKey()
 	if err != nil {
 		t.Fatal("Expected no error while filtering the first key, got:", err)
 	}
-	assert.Exactly(t, 1, len(singleKeyRing.entities))
+	assert.Len(t, singleKeyRing.entities, 1)
 	assert.Exactly(t, 1, singleKeyRing.CountEntities())
 	assert.Exactly(t, 1, singleKeyRing.CountDecryptionEntities())
 }
 
 func TestSerializeParse(t *testing.T) {
 	serialized, err := keyRingTestMultiple.Serialize()
-	assert.Nil(t, err)
+	require.NoError(t, err)
 
 	parsed, err := NewKeyRingFromBinary(serialized)
-	assert.Nil(t, err)
+	require.NoError(t, err)
 
-	assert.Exactly(t, 3, len(parsed.GetKeys()))
+	assert.Len(t, parsed.GetKeys(), 3)
 	for i, parsedKey := range parsed.GetKeys() {
 		expectedKey, err := keyRingTestMultiple.GetKey(i)
-		assert.Nil(t, err)
+		require.NoError(t, err)
 		assert.Exactly(t, parsedKey.GetFingerprint(), expectedKey.GetFingerprint())
 	}
 }
@@ -170,7 +171,7 @@ func TestClearPrivateKey(t *testing.T) {
 	}
 
 	for _, key := range keyRingCopy.GetKeys() {
-		assert.Nil(t, clearPrivateKey(key.entity.PrivateKey.PrivateKey))
+		require.NoError(t, clearPrivateKey(key.entity.PrivateKey.PrivateKey))
 	}
 
 	keys := keyRingCopy.GetKeys()

crypto/message.go

@@ -258,7 +258,6 @@ func (msg *PGPMessage) GetEncryptionKeyIDs() ([]uint64, bool) {
 	packets := packet.NewReader(bytes.NewReader(msg.Data))
 	var err error
 	var ids []uint64
-	var encryptedKey *packet.EncryptedKey
 Loop:
 	for {
 		var p packet.Packet
@@ -267,7 +266,7 @@ Loop:
 		}
 		switch p := p.(type) {
 		case *packet.EncryptedKey:
-			encryptedKey = p
+			encryptedKey := p
 			ids = append(ids, encryptedKey.KeyId)
 		case *packet.SymmetricallyEncrypted,
 			*packet.AEADEncrypted,
@@ -473,9 +472,6 @@ func getSignatureKeyIDs(data []byte) ([]uint64, bool) {
 	packets := packet.NewReader(bytes.NewReader(data))
 	var err error
 	var ids []uint64
-	var onePassSignaturePacket *packet.OnePassSignature
-	var signaturePacket *packet.Signature
-
 Loop:
 	for {
 		var p packet.Packet
@@ -484,10 +480,10 @@ Loop:
 		}
 		switch p := p.(type) {
 		case *packet.OnePassSignature:
-			onePassSignaturePacket = p
+			onePassSignaturePacket := p
 			ids = append(ids, onePassSignaturePacket.KeyId)
 		case *packet.Signature:
-			signaturePacket = p
+			signaturePacket := p
 			if signaturePacket.IssuerKeyId != nil {
 				ids = append(ids, *signaturePacket.IssuerKeyId)
 			}

crypto/message_test.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestTextMessageEncryptionWithPassword(t *testing.T) {
@@ -31,7 +32,7 @@ func TestTextMessageEncryptionWithPassword(t *testing.T) {
 		}
 		sessionKey, ok := p.(*packet.SymmetricKeyEncrypted)
 		if ok {
-			assert.Equal(t, sessionKey.CipherFunc, packet.CipherAES256)
+			assert.Equal(t, packet.CipherAES256, sessionKey.CipherFunc)
 			foundSk = true
 			break
 		}
@@ -41,7 +42,7 @@ func TestTextMessageEncryptionWithPassword(t *testing.T) {
 	}
 	// Decrypt data with wrong password
 	_, err = DecryptMessageWithPassword(encrypted, []byte("Wrong password"))
-	assert.NotNil(t, err)
+	require.Error(t, err)
 
 	// Decrypt data with the good password
 	decrypted, err := DecryptMessageWithPassword(encrypted, testSymmetricKey)
@@ -62,7 +63,7 @@ func TestBinaryMessageEncryptionWithPassword(t *testing.T) {
 	}
 	// Decrypt data with wrong password
 	_, err = DecryptMessageWithPassword(encrypted, []byte("Wrong password"))
-	assert.NotNil(t, err)
+	require.Error(t, err)
 
 	// Decrypt data with the good password
 	decrypted, err := DecryptMessageWithPassword(encrypted, testSymmetricKey)
@@ -348,7 +349,7 @@ func TestSHA1SignedMessageDecryption(t *testing.T) {
 
 func TestMultipleKeyMessageEncryption(t *testing.T) {
 	var message = NewPlainMessageFromString("plain text")
-	assert.Exactly(t, 3, len(keyRingTestMultiple.entities))
+	assert.Len(t, keyRingTestMultiple.entities, 3)
 
 	ciphertext, err := keyRingTestMultiple.Encrypt(message, keyRingTestPrivate)
 	if err != nil {
@@ -359,7 +360,7 @@ func TestMultipleKeyMessageEncryption(t *testing.T) {
 	// followed by a single symmetrically encrypted data packet (tag 18)
 	var p packet.Packet
 	packets := packet.NewReader(bytes.NewReader(ciphertext.Data))
-	for i := 0; i < 3; i++ {
+	for range 3 {
 		if p, err = packets.Next(); err != nil {
 			t.Fatal(err.Error())
 		}
@@ -384,14 +385,14 @@ func TestMultipleKeyMessageEncryption(t *testing.T) {
 
 func TestMessageGetEncryptionKeyIDs(t *testing.T) {
 	var message = NewPlainMessageFromString("plain text")
-	assert.Exactly(t, 3, len(keyRingTestMultiple.entities))
+	assert.Len(t, keyRingTestMultiple.entities, 3)
 
 	ciphertext, err := keyRingTestMultiple.Encrypt(message, keyRingTestPrivate)
 	if err != nil {
 		t.Fatal("Expected no error when encrypting, got:", err)
 	}
 	ids, ok := ciphertext.GetEncryptionKeyIDs()
-	assert.Exactly(t, 3, len(ids))
+	assert.Len(t, ids, 3)
 	assert.True(t, ok)
 	encKey, ok := keyRingTestMultiple.entities[0].EncryptionKey(time.Now())
 	assert.True(t, ok)
@@ -405,7 +406,7 @@ func TestMessageGetHexGetEncryptionKeyIDs(t *testing.T) {
 	}
 
 	ids, ok := ciphertext.GetHexEncryptionKeyIDs()
-	assert.Exactly(t, 2, len(ids))
+	assert.Len(t, ids, 2)
 	assert.True(t, ok)
 
 	assert.Exactly(t, "76ad736fa7e0e83c", ids[0])
@@ -421,7 +422,7 @@ func TestMessageGetSignatureKeyIDs(t *testing.T) {
 	}
 
 	ids, ok := signature.GetSignatureKeyIDs()
-	assert.Exactly(t, 1, len(ids))
+	assert.Len(t, ids, 1)
 	assert.True(t, ok)
 	signingKey, ok := keyRingTestPrivate.entities[0].SigningKey(time.Now())
 	assert.True(t, ok)
@@ -435,7 +436,7 @@ func TestMessageGetHexSignatureKeyIDs(t *testing.T) {
 	}
 
 	ids, ok := ciphertext.GetHexSignatureKeyIDs()
-	assert.Exactly(t, 2, len(ids))
+	assert.Len(t, ids, 2)
 	assert.True(t, ok)
 
 	assert.Exactly(t, "3eb6259edf21df24", ids[0])

crypto/mime.go

@@ -51,7 +51,7 @@ func (keyRing *KeyRing) DecryptMIMEMessage(
 	bodyContent, bodyMimeType := body.GetBody()
 	bodyContentSanitized := sanitizeString(bodyContent)
 	callbacks.OnBody(bodyContentSanitized, bodyMimeType)
-	for i := 0; i < len(attachments); i++ {
+	for i := range attachments {
 		callbacks.OnAttachment(attachmentHeaders[i], []byte(attachments[i]))
 	}
 	callbacks.OnEncryptedHeaders("")

crypto/mime_test.go

@@ -80,7 +80,7 @@ func TestParse(t *testing.T) {
 	bodyData, _ := body.GetBody()
 	assert.Exactly(t, readTestFile("mime_decodedBody", true), bodyData)
 	assert.Exactly(t, readTestFile("mime_decodedBodyHeaders", false), body.GetHeaders())
-	assert.Exactly(t, 2, len(atts))
+	assert.Len(t, atts, 2)
 }
 
 type testMIMECallbacks struct {

crypto/sessionkey_test.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/ProtonMail/gopenpgp/v2/constants"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 var testSessionKey *SessionKey
@@ -71,12 +72,8 @@ func TestSymmetricKeyPacket(t *testing.T) {
 		t.Fatal("Expected no error while generating key packet, got:", err)
 	}
 
-	wrongSymmetricKey, err := DecryptSessionKeyWithPassword(keyPacket, []byte("Wrong password"))
-	if err != nil {
-		assert.EqualError(t, err, "gopenpgp: unable to decrypt any packet")
-	} else {
-		assert.NotEqual(t, testSessionKey, wrongSymmetricKey)
-	}
+	_, err = DecryptSessionKeyWithPassword(keyPacket, []byte("Wrong password"))
+	require.EqualError(t, err, "gopenpgp: unable to decrypt any packet")
 
 	outputSymmetricKey, err := DecryptSessionKeyWithPassword(keyPacket, password)
 	if err != nil {
@@ -123,7 +120,7 @@ func TestDataPacketEncryption(t *testing.T) {
 		Algo: constants.AES256,
 	}
 	_, err = wrongKey.Decrypt(dataPacket)
-	assert.NotNil(t, err)
+	require.Error(t, err)
 
 	// Decrypt data with the good session key
 	decrypted, err := testSessionKey.Decrypt(dataPacket)
@@ -133,7 +130,7 @@ func TestDataPacketEncryption(t *testing.T) {
 	assert.Exactly(t, message.GetString(), decrypted.GetString())
 
 	// Encrypt session key
-	assert.Exactly(t, 3, len(keyRingTestMultiple.entities))
+	assert.Len(t, keyRingTestMultiple.entities, 3)
 	keyPacket, err := keyRingTestMultiple.EncryptSessionKey(testSessionKey)
 	if err != nil {
 		t.Fatal("Unable to encrypt key packet, got:", err)
@@ -154,7 +151,7 @@ func TestDataPacketEncryption(t *testing.T) {
 	}
 	ids, ok := pgpMessage.GetEncryptionKeyIDs()
 	assert.True(t, ok)
-	assert.Exactly(t, 3, len(ids))
+	assert.Len(t, ids, 3)
 
 	// Test if final decryption succeeds
 	finalMessage, err := keyRingTestPrivate.Decrypt(pgpMessage, nil, 0)
@@ -182,7 +179,7 @@ func TestDataPacketEncryptionAndSignature(t *testing.T) {
 		Algo: constants.AES256,
 	}
 	_, err = wrongKey.Decrypt(dataPacket)
-	assert.NotNil(t, err)
+	require.Error(t, err)
 
 	// Decrypt data with the good session key
 	decrypted, err := testSessionKey.Decrypt(dataPacket)
@@ -211,7 +208,7 @@ func TestDataPacketEncryptionAndSignature(t *testing.T) {
 	assert.Exactly(t, message.GetString(), decrypted.GetString())
 
 	// Encrypt session key
-	assert.Exactly(t, 3, len(keyRingTestMultiple.entities))
+	assert.Len(t, keyRingTestMultiple.entities, 3)
 	keyPacket, err := keyRingTestMultiple.EncryptSessionKey(testSessionKey)
 	if err != nil {
 		t.Fatal("Unable to encrypt key packet, got:", err)
@@ -232,7 +229,7 @@ func TestDataPacketEncryptionAndSignature(t *testing.T) {
 	}
 	ids, ok := pgpMessage.GetEncryptionKeyIDs()
 	assert.True(t, ok)
-	assert.Exactly(t, 3, len(ids))
+	assert.Len(t, ids, 3)
 
 	// Test with bad verification key succeeds
 	_, err = keyRingTestPrivate.Decrypt(pgpMessage, ecKeyRing, GetUnixTime())
@@ -313,7 +310,7 @@ func TestMDCFailDecryption(t *testing.T) {
 	sessionKey := NewSessionKeyFromToken(sk, "aes256")
 
 	_, err = sessionKey.Decrypt(split.GetBinaryDataPacket())
-	assert.NotNil(t, err)
+	assert.Error(t, err)
 }
 
 func TestSessionKeyClear(t *testing.T) {