Golang "OpenPGP" implementation...

Phil Pennock gnupg-devel at spodhuis.org
Mon Jun 8 02:49:37 CEST 2015

On 2015-06-05 at 16:39 +0200, Low Eel wrote:
> As you probably (?) know, Google launched their language, golang, and it ships
> with something they call "OpenPGP" libraries:

OpenPGP is the IETF name for the specification.  The Internet
Engineering Task Force defines the protocol.  GnuPG is one
implementation of the OpenPGP specification, and today is very probably
the dominant implementation.

> https://godoc.org/golang.org/x/crypto/openpgp
> I know because I am going to write some server using GPG and I was looking for
> some library. Now the name "OpenPGP" Google is using seems promising, but.
> - Are that libraries a port/endorsed/written together with the gpg dev?
> - Does anyone knows if they are 100% compatible or a "google flavour"?

They are Google's implementation of the IETF standard.  Compatibility is
a complex issue but in general anything claiming "100% compatible"
should be viewed with suspicion.  Most products aren't even fully 100%
compatible with themselves across versions; in good projects, such
breakages then lead to additions to regression tests to try to avoid
repeating such embarrassments.

Casey Marshall wrote a PGP keyserver, Hockeypuck, designed to interop
with SKS (the dominant PGP keyserver); Hockeypuck is written in Go and
Casey tried to use the Google-provided x package, but ran into some
limitations and forked off something which he could adapt to work for
his use-case:


(see also: https://hockeypuck.github.io/contributing.html )

I recommend evaluating both Google's package and Casey's, to see which
is a better fit for your needs.  Figure out why you choose one, and use
the differences as inspiration so that you know when and how to fork
yourself, to get closer to the level of compatibility which you need.

Good luck!

More information about the Gnupg-devel mailing list