bump version

Merge pull request #46 from deblasis/fix/gitea_oauth2_app_confidential_client
Support `gitea_oauth2_app` `confidential_client` flag
2023-07-20 09:12:14 +02:00 · 2023-07-20 09:09:50 +02:00 · 2023-07-19 19:56:50 +00:00 · 2023-07-19 20:54:36 +02:00 · 2023-07-19 20:52:36 +02:00 · 2023-07-19 19:47:43 +02:00
1115 changed files with 87944 additions and 19942 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -30,6 +30,7 @@ steps:
  - name: build
    image: goreleaser/goreleaser
    commands:
      - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v0.64.0
      - goreleaser build --snapshot
    when:
      event:
@ -59,6 +60,7 @@ steps:
      GPG_PRIVATE_KEY_BASE64:
        from_secret: GPG_PRIVATE_KEY_BASE64
    commands:
      - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v0.64.0
      - apk add gpg-agent
      - gpg-agent --daemon --default-cache-ttl 7200
      - echo $GPG_PRIVATE_KEY_BASE64 | base64 -d | gpg --import --batch --no-tty
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -18,30 +18,29 @@ jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
-      -
+      - name: Checkout
        name: Checkout
        uses: actions/checkout@v3
-      -
+      - name: Unshallow
        name: Unshallow
        run: git fetch --prune --unshallow
-      -
+      - name: Set up Go
-        name: Set up Go
+        uses: actions/setup-go@v4
        uses: actions/setup-go@v3
        with:
          go-version: 1.18
-      -
+      - name: Import GPG key
        name: Import GPG key
        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5.2.0
+        uses: crazy-max/ghaction-import-gpg@v5.3.0
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
-      -
+      - name: setup-syft
-        name: Run GoReleaser
+        run: |
-        uses: goreleaser/goreleaser-action@v4.1.0
+          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | \
          sh -s -- -b /usr/local/bin v0.64.0
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v4.3.0
        with:
          version: latest
-          args: release --rm-dist
+          args: release --clean
        env:
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
          # GitHub sets this automatically
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -41,6 +41,8 @@ checksum:
      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
  algorithm: sha256
 sboms:
  - artifacts: archive
 signs:
  - artifacts: checksum
    args:
--- a/10
+++ b/10
@ -1,9 +1,11 @@
 TEST?=./gitea
 GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 ARCH?=$$(uname -m)
 KERNEL?=$$(uname -s | tr '[:upper:]' '[:lower:]')
 GOFMT ?= gofmt -s
-VERSION = 0.11.2
+VERSION = 0.16.0
 test: fmt-check
 	go test -i $(TEST) || exit 1
@ -34,8 +36,8 @@ build:
 	go build -ldflags="-X 'main.Version=${VERSION}'" -o terraform-provider-gitea_${VERSION}
 install: build 
 	@echo installing to 
-	@echo ~/.terraform.d/plugins/terraform.local/lerentis/gitea/${VERSION}/linux_amd64/terraform-provider-gitea_${VERSION}
+	@echo ~/.terraform.d/plugins/terraform.local/lerentis/gitea/${VERSION}/${KERNEL}_${ARCH}/terraform-provider-gitea_${VERSION}
-	@mkdir -p ~/.terraform.d/plugins/terraform.local/lerentis/gitea/${VERSION}/linux_amd64
+	@mkdir -p ~/.terraform.d/plugins/terraform.local/lerentis/gitea/${VERSION}/${KERNEL}_${ARCH}
-	@mv terraform-provider-gitea_${VERSION} ~/.terraform.d/plugins/terraform.local/lerentis/gitea/${VERSION}/linux_amd64/terraform-provider-gitea_${VERSION}
+	@mv terraform-provider-gitea_${VERSION} ~/.terraform.d/plugins/terraform.local/lerentis/gitea/${VERSION}/${KERNEL}_${ARCH}/terraform-provider-gitea_${VERSION}
 doc:
 	tfplugindocs
--- a/README.md
+++ b/README.md
@ -17,7 +17,7 @@ terraform {
  required_providers {
    gitea = {
      source = "Lerentis/gitea"
-      version = "0.11.2"
+      version = "0.16.0"
    }
  }
 }
--- a/docs/index.md
+++ b/docs/index.md
@ -17,7 +17,7 @@ terraform {
  required_providers {
    gitea = {
      source = "Lerentis/gitea"
-      version = "0.11.1"
+      version = "0.16.0"
    }
  }
 }
--- a/docs/resources/oauth2_app.md
+++ b/docs/resources/oauth2_app.md
@ -20,6 +20,10 @@ Handling [gitea oauth application](https://docs.gitea.io/en-us/oauth2-provider/)
 - `name` (String) OAuth Application name
 - `redirect_uris` (Set of String) Accepted redirect URIs
 ### Optional
 - `confidential_client` (Boolean) If set to false, it will be a public client (PKCE will be required)
 ### Read-Only
 - `client_id` (String) OAuth2 Application client id
--- a/docs/resources/org.md
+++ b/docs/resources/org.md
@ -46,5 +46,6 @@ resource "gitea_repository" "org_repo" {
 - `avatar_url` (String)
 - `id` (String) The ID of this resource.
 - `repos` (List of String) List of all Repositories that are part of this organisation
--- a/docs/resources/repository.md
+++ b/docs/resources/repository.md
@ -7,6 +7,7 @@ description: |-
  Per default this repository will be initializiled with the provided configuration (gitignore, License etc.).
  If the username property is set to a organisation name, the provider will try to look if this organisation exists and create the repository under the organisation scope.
  Repository migrations have some properties that are not available to regular repositories. These are all prefixed with migration_.
  Codeberg.org does currently not allow mirrors to be created. See FAQ Section of CodeBerg for more information: https://docs.codeberg.org/getting-started/faq/#why-am-i-not-allowed-to-set-up-an-automatic-mirror
 ---
 # gitea_repository (Resource)
@ -17,6 +18,7 @@ Per default this repository will be initializiled with the provided configuratio
 If the `username` property is set to a organisation name, the provider will try to look if this organisation exists and create the repository under the organisation scope.
 Repository migrations have some properties that are not available to regular repositories. These are all prefixed with `migration_`.
 Codeberg.org does currently not allow mirrors to be created. See FAQ Section of CodeBerg for more information: https://docs.codeberg.org/getting-started/faq/#why-am-i-not-allowed-to-set-up-an-automatic-mirror
 ## Example Usage
@ -39,6 +41,16 @@ resource "gitea_repository" "mirror" {
  migration_service            = "gitea"
  migration_service_auth_token = var.gitea_mirror_token
 }
 resource "gitea_repository" "clone" {
  username                     = "lerentis"
  name                         = "terraform-provider-gitea-clone"
  description                  = "Clone of Terraform Provider"
  mirror                       = false
  migration_clone_address      = "https://git.uploadfilter24.eu/lerentis/terraform-provider-gitea.git"
  migration_service            = "gitea"
  migration_service_auth_token = var.gitea_clone_token
 }
 ```
 <!-- schema generated by tfplugindocs -->
--- a/docs/resources/repository_key.md
+++ b/docs/resources/repository_key.md
@ -0,0 +1,63 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "gitea_repository_key Resource - terraform-provider-gitea"
 subcategory: ""
 description: |-
  gitea_repository_key manages a deploy key for a single gitea_repository.
  Every key needs a unique name and unique key, i.e. no key can be added twice to the same repo
 ---
 # gitea_repository_key (Resource)
 `gitea_repository_key` manages a deploy key for a single gitea_repository.
 Every key needs a unique name and unique key, i.e. no key can be added twice to the same repo
 ## Example Usage
 ```terraform
 terraform {
  required_providers {
    tls = {
      source = "hashicorp/tls"
      version = "4.0.4"
    }
  }
 }
 resource "tls_private_key" "example" {
  type = "RSA"
  rsa_bits = 4096
 }
 resource "gitea_repository" "example" {
  name = "example"
  private = true
 }
 resource "gitea_repository_key" "example" {
  repository = gitea_repository.example.id
  title = "Example Deploy Key"
  read_only = true
  key = tls_private_key.example.public_key_openssh
 }
 ```
 <!-- schema generated by tfplugindocs -->
 ## Schema
 ### Required
 - `key` (String) Armored SSH key to add
 - `repository` (Number) The ID of the repository where the deploy key belongs to
 - `title` (String) Name of the deploy key
 ### Optional
 - `read_only` (Boolean) Whether this key has read or read/write access
 ### Read-Only
 - `id` (String) The ID of this resource.
--- a/docs/resources/team.md
+++ b/docs/resources/team.md
@ -34,6 +34,26 @@ resource "gitea_team" "test_team" {
  permission   = "write"
  members      = [gitea_user.test.username]
 }
 resource "gitea_repository" "test" {
  username     = gitea_org.test_org.name
  name         = "test"
  private      = true
  issue_labels = "Default"
  license      = "MIT"
  gitignores   = "Go"
 }
 resource "gitea_team" "test_team_restricted" {
  name                     = "Restricted Devs"
  organisation             = gitea_org.test_org.name
  description              = "Restricted Devs of Test Org"
  permission               = "write"
  members                  = [gitea_user.test.username]
  include_all_repositories = false
  repositories             = [gitea_repository.test.name]
 }
 ```
 <!-- schema generated by tfplugindocs -->
@ -52,6 +72,7 @@ resource "gitea_team" "test_team" {
 - `members` (List of String) List of Users that should be part of this team
 - `permission` (String) Permissions associated with this Team
 Can be `none`, `read`, `write`, `admin` or `owner`
 - `repositories` (List of String) List of Repositories that should be part of this team
 - `units` (String) List of types of Repositories that should be allowed to be created from Team members.
 Can be `repo.code`, `repo.issues`, `repo.ext_issues`, `repo.wiki`, `repo.pulls`, `repo.releases`, `repo.projects` and/or `repo.ext_wiki`
--- a/examples/main.tf
+++ b/examples/main.tf
@ -101,7 +101,37 @@ resource "gitea_token" "test_token" {
  name     = "test-token"
 }
 resource "gitea_repository" "test_existing_user" {
  username     = "testuser2"
  name         = "testExistingUser"
  private      = true
  issue_labels = "Default"
  license      = "MIT"
  gitignores   = "Go"
 }
 //resource "gitea_repository" "test_bs_user" {
 //  username     = "manualTest"
 //  name         = "testBullshitUser"
 //  private      = true
 //  issue_labels = "Default"
 //  license      = "MIT"
 //  gitignores   = "Go"
 //}
 output "token" {
  value = resource.gitea_token.test_token.token
  sensitive = true
 }
 data "gitea_repo" "org_repos" {
  name = each.key
  username = gitea_org.org1.name
  for_each = {
    for repo in resource.gitea_org.org1.repos : repo => repo
  }
 }
 output "repos" {
  value = data.gitea_repo.org_repos["repo1-in-org1"].clone_url
 }
--- a/examples/provider.tf
+++ b/examples/provider.tf
@ -2,7 +2,7 @@ terraform {
  required_providers {
    gitea = {
      source = "terraform.local/lerentis/gitea"
-      version = "0.11.2"
+      version = "0.16.0"
    }
  }
 }
--- a/examples/provider/provider.tf
+++ b/examples/provider/provider.tf
@ -2,7 +2,7 @@ terraform {
  required_providers {
    gitea = {
      source = "Lerentis/gitea"
-      version = "0.11.1"
+      version = "0.16.0"
    }
  }
 }
--- a/examples/resources/gitea_repository/resource.tf
+++ b/examples/resources/gitea_repository/resource.tf
@ -16,3 +16,13 @@ resource "gitea_repository" "mirror" {
  migration_service            = "gitea"
  migration_service_auth_token = var.gitea_mirror_token
 }
 resource "gitea_repository" "clone" {
  username                     = "lerentis"
  name                         = "terraform-provider-gitea-clone"
  description                  = "Clone of Terraform Provider"
  mirror                       = false
  migration_clone_address      = "https://git.uploadfilter24.eu/lerentis/terraform-provider-gitea.git"
  migration_service            = "gitea"
  migration_service_auth_token = var.gitea_clone_token
 }
--- a/examples/resources/gitea_repository_key/resource.tf
+++ b/examples/resources/gitea_repository_key/resource.tf
@ -0,0 +1,25 @@
 terraform {
  required_providers {
    tls = {
      source = "hashicorp/tls"
      version = "4.0.4"
    }
  }
 }
 resource "tls_private_key" "example" {
  type = "RSA"
  rsa_bits = 4096
 }
 resource "gitea_repository" "example" {
  name = "example"
  private = true
 }
 resource "gitea_repository_key" "example" {
  repository = gitea_repository.example.id
  title = "Example Deploy Key"
  read_only = true
  key = tls_private_key.example.public_key_openssh
 }
--- a/examples/resources/gitea_team/resource.tf
+++ b/examples/resources/gitea_team/resource.tf
@ -19,3 +19,23 @@ resource "gitea_team" "test_team" {
  permission   = "write"
  members      = [gitea_user.test.username]
 }
 resource "gitea_repository" "test" {
  username     = gitea_org.test_org.name
  name         = "test"
  private      = true
  issue_labels = "Default"
  license      = "MIT"
  gitignores   = "Go"
 }
 resource "gitea_team" "test_team_restricted" {
  name                     = "Restricted Devs"
  organisation             = gitea_org.test_org.name
  description              = "Restricted Devs of Test Org"
  permission               = "write"
  members                  = [gitea_user.test.username]
  include_all_repositories = false
  repositories             = [gitea_repository.test.name]
 }
--- a/gitea/data_source_gitea_repo.go
+++ b/gitea/data_source_gitea_repo.go
@ -116,7 +116,7 @@ func dataSourceGiteaRepoRead(d *schema.ResourceData, meta interface{}) error {
 	}
 	username := strings.ToLower(usernameData.(string))
-	nameData, nameOk := d.GetOk("username")
+	nameData, nameOk := d.GetOk("name")
 	if !nameOk {
 		return fmt.Errorf("name of repo must be passed")
 	}
--- a/gitea/provider.go
+++ b/gitea/provider.go
@ -75,14 +75,15 @@ func Provider() *schema.Provider {
 			"gitea_org": resourceGiteaOrg(),
 			// "gitea_team":       resourceGiteaTeam(),
 			// "gitea_repo":       resourceGiteaRepo(),
-			"gitea_user":       resourceGiteaUser(),
+			"gitea_user":           resourceGiteaUser(),
-			"gitea_oauth2_app": resourceGiteaOauthApp(),
+			"gitea_oauth2_app":     resourceGiteaOauthApp(),
-			"gitea_repository": resourceGiteaRepository(),
+			"gitea_repository":     resourceGiteaRepository(),
-			"gitea_fork":       resourceGiteaFork(),
+			"gitea_fork":           resourceGiteaFork(),
-			"gitea_public_key": resourceGiteaPublicKey(),
+			"gitea_public_key":     resourceGiteaPublicKey(),
-			"gitea_team":       resourceGiteaTeam(),
+			"gitea_team":           resourceGiteaTeam(),
-			"gitea_git_hook":   resourceGiteaGitHook(),
+			"gitea_git_hook":       resourceGiteaGitHook(),
-			"gitea_token":      resourceGiteaToken(),
+			"gitea_token":          resourceGiteaToken(),
 			"gitea_repository_key": resourceGiteaRepositoryKey(),
 		},
 		ConfigureFunc: providerConfigure,
--- a/gitea/resource_gitea_oauth_app.go
+++ b/gitea/resource_gitea_oauth_app.go
@ -8,10 +8,11 @@ import (
 )
 const (
-	oauth2KeyName         string = "name"
+	oauth2KeyName               string = "name"
-	oauth2KeyRedirectURIs string = "redirect_uris"
+	oauth2KeyConfidentialClient string = "confidential_client"
-	oauth2KeyClientId     string = "client_id"
+	oauth2KeyRedirectURIs       string = "redirect_uris"
-	oauth2KeyClientSecret string = "client_secret"
+	oauth2KeyClientId           string = "client_id"
 	oauth2KeyClientSecret       string = "client_secret"
 )
 func resourceGiteaOauthApp() *schema.Resource {
@ -37,6 +38,12 @@ func resourceGiteaOauthApp() *schema.Resource {
 				},
 				Description: "Accepted redirect URIs",
 			},
 			oauth2KeyConfidentialClient: {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Default:     false,
 				Description: "If set to false, it will be a public client (PKCE will be required)",
 			},
 			oauth2KeyClientId: {
 				Type:        schema.TypeString,
 				Computed:    true,
@ -89,9 +96,16 @@ func resourceOauth2AppUpcreate(d *schema.ResourceData, meta interface{}) (err er
 		return fmt.Errorf("attribute %s must be set and must be a string", oauth2KeyName)
 	}
 	confidentialClient, confidentialClientOk := d.Get(oauth2KeyConfidentialClient).(bool)
 	if !confidentialClientOk {
 		return fmt.Errorf("attribute %s must be set and must be a bool", oauth2KeyConfidentialClient)
 	}
 	opts := gitea.CreateOauth2Option{
-		Name:         name,
+		Name:               name,
-		RedirectURIs: redirectURIs,
+		ConfidentialClient: confidentialClient,
 		RedirectURIs:       redirectURIs,
 	}
 	var oauth2 *gitea.Oauth2
@ -99,7 +113,7 @@ func resourceOauth2AppUpcreate(d *schema.ResourceData, meta interface{}) (err er
 	if d.IsNewResource() {
 		oauth2, _, err = client.CreateOauth2(opts)
 	} else {
-		oauth2, err := searchOauth2AppByClientId(client, d.Id())
+		oauth2, err = searchOauth2AppByClientId(client, d.Id())
 		if err != nil {
 			return err
@ -176,9 +190,10 @@ func setOAuth2ResourceData(app *gitea.Oauth2, d *schema.ResourceData) (err error
 	d.SetId(app.ClientID)
 	for k, v := range map[string]interface{}{
-		oauth2KeyName:         app.Name,
+		oauth2KeyName:               app.Name,
-		oauth2KeyRedirectURIs: schema.NewSet(schema.HashString, CollapseStringList(app.RedirectURIs)),
+		oauth2KeyConfidentialClient: app.ConfidentialClient,
-		oauth2KeyClientId:     app.ClientID,
+		oauth2KeyRedirectURIs:       schema.NewSet(schema.HashString, CollapseStringList(app.RedirectURIs)),
 		oauth2KeyClientId:           app.ClientID,
 	} {
 		err = d.Set(k, v)
 		if err != nil {
--- a/gitea/resource_gitea_organisation.go
+++ b/gitea/resource_gitea_organisation.go
@ -16,6 +16,7 @@ const (
 	orgLocation               string = "location"
 	orgVisibility             string = "visibility"
 	RepoAdminChangeTeamAccess string = "repo_admin_change_team_access"
 	orgRepos                  string = "org_repos"
 )
 // might come in handy if we want to stick to numeric IDs
@ -48,6 +49,32 @@ func searchOrgByClientId(c *gitea.Client, id int64) (res *gitea.Organization, er
 	}
 }
 func getAllOrgRepos(c *gitea.Client, orgName string) (repos []string, err error) {
 	page := 1
 	for {
 		repoBuffer, _, err := c.ListOrgRepos(orgName, gitea.ListOrgReposOptions{
 			ListOptions: gitea.ListOptions{
 				Page:     page,
 				PageSize: 50,
 			},
 		})
 		if err != nil {
 			return nil, err
 		}
 		if len(repoBuffer) == 0 {
 			return repos, nil
 		}
 		for _, repo := range repoBuffer {
 			repos = append(repos, repo.Name)
 		}
 		page += 1
 	}
 }
 func resourceOrgRead(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
@ -58,10 +85,12 @@ func resourceOrgRead(d *schema.ResourceData, meta interface{}) (err error) {
 	org, err = searchOrgByClientId(client, id)
 	if err != nil {
-		return err
+		d.SetId("")
 		return nil
 	}
-	err = setOrgResourceData(org, d)
+	repos, _ := getAllOrgRepos(client, org.UserName)
 	err = setOrgResourceData(org, d, &repos)
 	return
 }
@ -84,7 +113,8 @@ func resourceOrgCreate(d *schema.ResourceData, meta interface{}) (err error) {
 		return
 	}
-	err = setOrgResourceData(org, d)
+	repos, _ := getAllOrgRepos(client, org.UserName)
 	err = setOrgResourceData(org, d, &repos)
 	return
 }
@ -117,7 +147,8 @@ func resourceOrgUpdate(d *schema.ResourceData, meta interface{}) (err error) {
 	org, resp, err = client.GetOrg(d.Get(orgName).(string))
-	err = setOrgResourceData(org, d)
+	repos, _ := getAllOrgRepos(client, org.UserName)
 	err = setOrgResourceData(org, d, &repos)
 	return
 }
@ -140,7 +171,7 @@ func resourceOrgDelete(d *schema.ResourceData, meta interface{}) (err error) {
 	return
 }
-func setOrgResourceData(org *gitea.Organization, d *schema.ResourceData) (err error) {
+func setOrgResourceData(org *gitea.Organization, d *schema.ResourceData, repos *[]string) (err error) {
 	d.SetId(fmt.Sprintf("%d", org.ID))
 	d.Set("name", org.UserName)
 	d.Set("full_name", org.FullName)
@ -149,6 +180,7 @@ func setOrgResourceData(org *gitea.Organization, d *schema.ResourceData) (err er
 	d.Set("website", org.Website)
 	d.Set("location", org.Location)
 	d.Set("visibility", org.Visibility)
 	d.Set("repos", repos)
 	return
 }
@ -210,6 +242,13 @@ func resourceGiteaOrg() *schema.Resource {
 				Default:     "public",
 				Description: "Flag is this organisation should be publicly visible or not.",
 			},
 			"repos": {
 				Type:        schema.TypeList,
 				Required:    false,
 				Computed:    true,
 				Description: "List of all Repositories that are part of this organisation",
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 		},
 		Description: "`gitea_org` manages a gitea organisation.\n\n" +
 			"Organisations are a way to group repositories and abstract permission management in a gitea instance.",
--- a/gitea/resource_gitea_repository.go
+++ b/gitea/resource_gitea_repository.go
@ -1,10 +1,14 @@
 package gitea
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
 	"code.gitea.io/sdk/gitea"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
@ -48,6 +52,34 @@ const (
 	migrationLFSEndpoint         string = "migration_lfs_endpoint"
 )
 func searchUserByName(c *gitea.Client, name string) (res *gitea.User, err error) {
 	page := 1
 	for {
 		users, _, err := c.AdminListUsers(gitea.AdminListUsersOptions{
 			ListOptions: gitea.ListOptions{
 				Page:     page,
 				PageSize: 50,
 			},
 		})
 		if err != nil {
 			return nil, err
 		}
 		if len(users) == 0 {
 			return nil, fmt.Errorf("User with name %s could not be found", name)
 		}
 		for _, user := range users {
 			if user.UserName == name {
 				return user, nil
 			}
 		}
 		page += 1
 	}
 }
 func resourceRepoRead(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
@ -78,15 +110,35 @@ func resourceRepoCreate(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
 	var repo *gitea.Repository
 	var resp *gitea.Response
 	var orgRepo, hasAdmin bool
-	if (d.Get(repoMirror)).(bool) {
+	_, resp, err = client.GetOrg(d.Get(repoOwner).(string))
-		var cloneAddr string
+	if resp.StatusCode == 404 {
-		if d.Get(migrationCloneAddresse).(string) != "" {
+		_, err := searchUserByName(client, d.Get(repoOwner).(string))
-			cloneAddr = d.Get(migrationCloneAddresse).(string)
+		if err != nil {
 			if strings.Contains(err.Error(), "could not be found") {
 				return errors.New(fmt.Sprintf("Creation of repository cound not proceed as owner %s is not present in gitea", d.Get(repoOwner).(string)))
 			}
 			tflog.Warn(context.Background(), "Error query for users. Assuming missing permissions and proceding with user permissions")
 			hasAdmin = false
 		} else {
-			cloneAddr = d.Get(migrationCloneAddress).(string)
+			hasAdmin = true
 		}
 		orgRepo = false
 	} else {
 		orgRepo = true
 	}
 	var cloneAddr string
 	if d.Get(migrationCloneAddresse).(string) != "" {
 		cloneAddr = d.Get(migrationCloneAddresse).(string)
 	} else {
 		cloneAddr = d.Get(migrationCloneAddress).(string)
 	}
 	if cloneAddr != "" {
 		opts := gitea.MigrateRepoOption{
 			RepoName:       d.Get(repoName).(string),
@ -134,7 +186,15 @@ func resourceRepoCreate(d *schema.ResourceData, meta interface{}) (err error) {
 			TrustModel:    "default",
 		}
-		repo, _, err = client.CreateOrgRepo(d.Get(repoOwner).(string), opts)
+		if orgRepo {
 			repo, _, err = client.CreateOrgRepo(d.Get(repoOwner).(string), opts)
 		} else {
 			if hasAdmin {
 				repo, _, err = client.AdminCreateRepo(d.Get(repoOwner).(string), opts)
 			} else {
 				repo, _, err = client.CreateRepo(opts)
 			}
 		}
 	}
 	if err != nil {
@ -533,6 +593,8 @@ func resourceGiteaRepository() *schema.Resource {
 			"Per default this repository will be initializiled with the provided configuration (gitignore, License etc.).\n" +
 			"If the `username` property is set to a organisation name, the provider will try to look if this organisation exists " +
 			"and create the repository under the organisation scope.\n\n" +
-			"Repository migrations have some properties that are not available to regular repositories. These are all prefixed with `migration_`.",
+			"Repository migrations have some properties that are not available to regular repositories. These are all prefixed with `migration_`.\n" +
 			"Codeberg.org does currently not allow mirrors to be created. See FAQ Section of CodeBerg for more information: " +
 			"https://docs.codeberg.org/getting-started/faq/#why-am-i-not-allowed-to-set-up-an-automatic-mirror",
 	}
 }
--- a/gitea/resource_gitea_repository_key.go
+++ b/gitea/resource_gitea_repository_key.go
@ -0,0 +1,169 @@
 package gitea
 import (
 	"fmt"
 	"strconv"
 	"strings"
 	"code.gitea.io/sdk/gitea"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 const (
 	deployKeyRepoId   string = "repository"
 	deployKeyName     string = "title"
 	deployKeyKey      string = "key"
 	deployKeyReadOnly string = "read_only"
 )
 func resourceRepoKeyIdParts(d *schema.ResourceData) (bool, int64, int64, error) {
 	parts := strings.Split(d.Id(), "/")
 	if len(parts) != 2 {
 		return false, 0, 0, nil
 	}
 	repoId, err := strconv.ParseInt(parts[0], 10, 64)
 	if err != nil {
 		return false, 0, 0, err
 	}
 	keyId, err := strconv.ParseInt(parts[1], 10, 64)
 	if err != nil {
 		return false, 0, 0, err
 	}
 	return true, repoId, keyId, err
 }
 func resourceRepoKeyRead(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
 	hasId, repoId, keyId, err := resourceRepoKeyIdParts(d)
 	if err != nil {
 		return err
 	}
 	if !hasId {
 		d.SetId("")
 		return nil
 	}
 	repo, resp, err := client.GetRepoByID(repoId)
 	if err != nil {
 		if resp.StatusCode == 404 {
 			d.SetId("")
 			return nil
 		} else {
 			return err
 		}
 	}
 	key, resp, err := client.GetDeployKey(repo.Owner.UserName, repo.Name, keyId)
 	if err != nil {
 		if resp.StatusCode == 404 {
 			d.SetId("")
 			return nil
 		} else {
 			return err
 		}
 	}
 	err = setRepoKeyResourceData(key, repoId, d)
 	return
 }
 func resourceRepoKeyCreate(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
 	repo, _, err := client.GetRepoByID(int64(d.Get(deployKeyRepoId).(int)))
 	if err != nil {
 		return err
 	}
 	dk, _, err := client.CreateDeployKey(repo.Owner.UserName, repo.Name, gitea.CreateKeyOption{
 		Title:    d.Get(deployKeyName).(string),
 		ReadOnly: d.Get(deployKeyReadOnly).(bool),
 		Key:      d.Get(deployKeyKey).(string),
 	})
 	if err != nil {
 		return err
 	}
 	setRepoKeyResourceData(dk, repo.ID, d)
 	return nil
 }
 func respurceRepoKeyDelete(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
 	hasId, repoId, keyId, err := resourceRepoKeyIdParts(d)
 	if err != nil {
 		return err
 	}
 	if !hasId {
 		d.SetId("")
 		return nil
 	}
 	repo, resp, err := client.GetRepoByID(repoId)
 	if err != nil {
 		if resp.StatusCode == 404 {
 			d.SetId("")
 			return nil
 		}
 		return err
 	}
 	client.DeleteDeployKey(repo.Owner.UserName, repo.Name, keyId)
 	return nil
 }
 func setRepoKeyResourceData(dk *gitea.DeployKey, repoId int64, d *schema.ResourceData) (err error) {
 	d.SetId(fmt.Sprintf("%d/%d", repoId, dk.ID))
 	d.Set(deployKeyRepoId, repoId)
 	d.Set(deployKeyReadOnly, dk.ReadOnly)
 	d.Set(deployKeyKey, dk.Key)
 	d.Set(deployKeyName, dk.Title)
 	return
 }
 func resourceGiteaRepositoryKey() *schema.Resource {
 	return &schema.Resource{
 		Read:   resourceRepoKeyRead,
 		Create: resourceRepoKeyCreate,
 		Delete: respurceRepoKeyDelete,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},
 		Schema: map[string]*schema.Schema{
 			deployKeyRepoId: {
 				Type:        schema.TypeInt,
 				Required:    true,
 				ForceNew:    true,
 				Description: "The ID of the repository where the deploy key belongs to",
 			},
 			deployKeyKey: {
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,
 				Description: "Armored SSH key to add",
 			},
 			deployKeyReadOnly: {
 				Type:        schema.TypeBool,
 				Required:    false,
 				Optional:    true,
 				Default:     true,
 				ForceNew:    true,
 				Description: "Whether this key has read or read/write access",
 			},
 			deployKeyName: {
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,
 				Description: "Name of the deploy key",
 			},
 		},
 		Description: "`gitea_repository_key` manages a deploy key for a single gitea_repository.\n\n" +
 			"Every key needs a unique name and unique key, i.e. no key can be added twice to the same repo",
 	}
 }
--- a/gitea/resource_gitea_team.go
+++ b/gitea/resource_gitea_team.go
@ -1,6 +1,7 @@
 package gitea
 import (
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@ -18,6 +19,7 @@ const (
 	TeamIncludeAllReposFlag string = "include_all_repositories"
 	TeamUnits               string = "units"
 	TeamMembers             string = "members"
 	TeamRepositories        string = "repositories"
 )
 func resourceTeamRead(d *schema.ResourceData, meta interface{}) (err error) {
@ -39,7 +41,7 @@ func resourceTeamRead(d *schema.ResourceData, meta interface{}) (err error) {
 		}
 	}
-	err = setTeamResourceData(team, d)
+	err = setTeamResourceData(team, d, meta)
 	return
 }
@ -75,12 +77,14 @@ func resourceTeamCreate(d *schema.ResourceData, meta interface{}) (err error) {
 		units = append(units, gitea.RepoUnitProjects)
 	}
 	includeAllRepos := d.Get(TeamIncludeAllReposFlag).(bool)
 	opts := gitea.CreateTeamOption{
 		Name:                    d.Get(TeamName).(string),
 		Description:             d.Get(TeamDescription).(string),
 		Permission:              gitea.AccessMode(d.Get(TeamPermissions).(string)),
 		CanCreateOrgRepo:        d.Get(TeamCreateRepoFlag).(bool),
-		IncludesAllRepositories: d.Get(TeamIncludeAllReposFlag).(bool),
+		IncludesAllRepositories: includeAllRepos,
 		Units:                   units,
 	}
@ -101,7 +105,14 @@ func resourceTeamCreate(d *schema.ResourceData, meta interface{}) (err error) {
 		}
 	}
-	err = setTeamResourceData(team, d)
+	if !includeAllRepos {
 		err = setTeamRepositories(team, d, meta, false)
 		if err != nil {
 			return err
 		}
 	}
 	err = setTeamResourceData(team, d, meta)
 	return
 }
@ -181,9 +192,16 @@ func resourceTeamUpdate(d *schema.ResourceData, meta interface{}) (err error) {
 		}
 	}
 	if !includeAllRepos {
 		err = setTeamRepositories(team, d, meta, true)
 		if err != nil {
 			return err
 		}
 	}
 	team, _, _ = client.GetTeam(id)
-	err = setTeamResourceData(team, d)
+	err = setTeamResourceData(team, d, meta)
 	return
 }
@ -208,7 +226,13 @@ func resourceTeamDelete(d *schema.ResourceData, meta interface{}) (err error) {
 	return
 }
-func setTeamResourceData(team *gitea.Team, d *schema.ResourceData) (err error) {
+func setTeamResourceData(team *gitea.Team, d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
 	if err := client.CheckServerVersionConstraint(">= 1.19.4"); err != nil {
 		d.Set(TeamOrg, d.Get(TeamOrg).(string))
 	} else {
 		d.Set(TeamOrg, team.Organization.UserName)
 	}
 	d.SetId(fmt.Sprintf("%d", team.ID))
 	d.Set(TeamCreateRepoFlag, team.CanCreateOrgRepo)
 	d.Set(TeamDescription, team.Description)
@ -216,8 +240,8 @@ func setTeamResourceData(team *gitea.Team, d *schema.ResourceData) (err error) {
 	d.Set(TeamPermissions, string(team.Permission))
 	d.Set(TeamIncludeAllReposFlag, team.IncludesAllRepositories)
 	d.Set(TeamUnits, d.Get(TeamUnits).(string))
 	d.Set(TeamOrg, d.Get(TeamOrg).(string))
 	d.Set(TeamMembers, d.Get(TeamMembers))
 	d.Set(TeamRepositories, d.Get(TeamRepositories))
 	return
 }
@ -228,7 +252,7 @@ func resourceGiteaTeam() *schema.Resource {
 		Update: resourceTeamUpdate,
 		Delete: resourceTeamDelete,
 		Importer: &schema.ResourceImporter{
-			State: schema.ImportStatePassthrough,
+			StateContext: schema.ImportStatePassthroughContext,
 		},
 		Schema: map[string]*schema.Schema{
 			"name": {
@ -290,7 +314,75 @@ func resourceGiteaTeam() *schema.Resource {
 				Computed:    true,
 				Description: "List of Users that should be part of this team",
 			},
 			"repositories": {
 				Type: schema.TypeList,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
 				Optional:    true,
 				Required:    false,
 				Computed:    true,
 				Description: "List of Repositories that should be part of this team",
 			},
 		},
 		Description: "`gitea_team` manages Team that are part of an organisation.",
 	}
 }
 func setTeamRepositories(team *gitea.Team, d *schema.ResourceData, meta interface{}, update bool) (err error) {
 	client := meta.(*gitea.Client)
 	org := d.Get(TeamOrg).(string)
 	repositories := make(map[string]bool)
 	for _, repo := range d.Get(TeamRepositories).([]interface{}) {
 		if repo != "" {
 			repositories[repo.(string)] = true
 		}
 	}
 	if update {
 		page := 1
 		for {
 			var existingRepositories []*gitea.Repository
 			existingRepositories, _, err = client.ListTeamRepositories(team.ID, gitea.ListTeamRepositoriesOptions{
 				ListOptions: gitea.ListOptions{
 					Page:     page,
 					PageSize: 50,
 				},
 			})
 			if err != nil {
 				return errors.New(fmt.Sprintf("[ERROR] Error listeng team repositories: %s", err))
 			}
 			if len(existingRepositories) == 0 {
 				break
 			}
 			for _, exr := range existingRepositories {
 				_, exists := repositories[exr.Name]
 				if exists {
 					repositories[exr.Name] = false
 				} else {
 					_, err = client.RemoveTeamRepository(team.ID, org, exr.Name)
 					if err != nil {
 						return errors.New(fmt.Sprintf("[ERROR] Error removing team repository %q: %s", exr.Name, err))
 					}
 				}
 			}
 			page += 1
 		}
 	}
 	for repo, flag := range repositories {
 		if flag {
 			_, err = client.AddTeamRepository(team.ID, org, repo)
 			if err != nil {
 				return errors.New(fmt.Sprintf("[ERROR] Error adding team repository %q: %s", repo, err))
 			}
 		}
 	}
 	return
 }
--- a/go.mod
+++ b/go.mod
@ -4,47 +4,48 @@ go 1.18
 require (
 	code.gitea.io/sdk/gitea v0.15.1
-	github.com/hashicorp/terraform-plugin-docs v0.13.0
+	github.com/hashicorp/terraform-plugin-docs v0.16.0
-	github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1
+	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0
 )
 require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
 	github.com/agext/levenshtein v1.2.2 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
-	github.com/hashicorp/go-hclog v1.2.1 // indirect
+	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.6 // indirect
+	github.com/hashicorp/go-plugin v1.4.10 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/hc-install v0.4.0 // indirect
+	github.com/hashicorp/hc-install v0.5.2 // indirect
-	github.com/hashicorp/hcl/v2 v2.15.0 // indirect
+	github.com/hashicorp/hcl/v2 v2.17.0 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
-	github.com/hashicorp/terraform-exec v0.17.3 // indirect
+	github.com/hashicorp/terraform-exec v0.18.1 // indirect
-	github.com/hashicorp/terraform-json v0.14.0 // indirect
+	github.com/hashicorp/terraform-json v0.17.1 // indirect
-	github.com/hashicorp/terraform-plugin-go v0.14.1 // indirect
+	github.com/hashicorp/terraform-plugin-go v0.16.0 // indirect
-	github.com/hashicorp/terraform-plugin-log v0.7.0 // indirect
+	github.com/hashicorp/terraform-registry-address v0.2.1 // indirect
-	github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c // indirect
+	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
 	github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect
 	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
-	github.com/mitchellh/cli v1.1.4 // indirect
+	github.com/mitchellh/cli v1.1.5 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
@ -56,15 +57,17 @@ require (
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
-	github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
+	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
-	github.com/vmihailenco/tagparser v0.1.1 // indirect
+	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
-	github.com/zclconf/go-cty v1.12.1 // indirect
+	github.com/zclconf/go-cty v1.13.2 // indirect
-	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
+	golang.org/x/crypto v0.10.0 // indirect
-	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
+	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
-	golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b // indirect
+	golang.org/x/mod v0.11.0 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/net v0.11.0 // indirect
-	google.golang.org/appengine v1.6.6 // indirect
+	golang.org/x/sys v0.9.0 // indirect
-	google.golang.org/genproto v0.0.0-20200711021454-869866162049 // indirect
+	golang.org/x/text v0.11.0 // indirect
-	google.golang.org/grpc v1.50.1 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.56.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,85 +1,50 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
 code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M=
 code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
+github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
+github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
-github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
+github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
+github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ=
+github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE=
 github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I=
 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
 github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
 github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
+github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
-github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
+github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
-github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
 github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
 github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
 github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
 github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4=
 github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
 github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@ -92,89 +57,77 @@ github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
 github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
 github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI=
 github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs=
-github.com/hashicorp/go-hclog v1.2.1 h1:YQsLlGDJgwhXFpucSPyVbCBviQtjlHv3jLTlp8YmtEw=
+github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
-github.com/hashicorp/go-hclog v1.2.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.6 h1:MDV3UrKQBM3du3G7MApDGvOsMYy3JQJ4exhSoKBAeVA=
+github.com/hashicorp/go-plugin v1.4.10 h1:xUbmA4jC6Dq163/fWcp8P3JuHilrHHMLNRxzGQJ9hNk=
-github.com/hashicorp/go-plugin v1.4.6/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
+github.com/hashicorp/go-plugin v1.4.10/go.mod h1:6/1TEzT0eQznvI/gV2CM29DLSkAK/e58mUWKVsPaph0=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/hc-install v0.4.0 h1:cZkRFr1WVa0Ty6x5fTvL1TuO1flul231rWkGH92oYYk=
+github.com/hashicorp/hc-install v0.5.2 h1:SfwMFnEXVVirpwkDuSF5kymUOhrUxrTq3udEseZdOD0=
-github.com/hashicorp/hc-install v0.4.0/go.mod h1:5d155H8EC5ewegao9A4PUTMNPZaq+TbOzkJJZ4vrXeI=
+github.com/hashicorp/hc-install v0.5.2/go.mod h1:9QISwe6newMWIfEiXpzuu1k9HAGtQYgnSH8H9T8wmoI=
-github.com/hashicorp/hcl/v2 v2.15.0 h1:CPDXO6+uORPjKflkWCCwoWc9uRp+zSIPcCQ+BrxV7m8=
+github.com/hashicorp/hcl/v2 v2.17.0 h1:z1XvSUyXd1HP10U4lrLg5e0JMVz6CPaJvAgxM0KNZVY=
-github.com/hashicorp/hcl/v2 v2.15.0/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng=
+github.com/hashicorp/hcl/v2 v2.17.0/go.mod h1:gJyW2PTShkJqQBKpAmPO3yxMxIuoXkOF2TpqXzrQyx4=
 github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/terraform-exec v0.17.3 h1:MX14Kvnka/oWGmIkyuyvL6POx25ZmKrjlaclkx3eErU=
+github.com/hashicorp/terraform-exec v0.18.1 h1:LAbfDvNQU1l0NOQlTuudjczVhHj061fNX5H8XZxHlH4=
-github.com/hashicorp/terraform-exec v0.17.3/go.mod h1:+NELG0EqQekJzhvikkeQsOAZpsw0cv/03rbeQJqscAI=
+github.com/hashicorp/terraform-exec v0.18.1/go.mod h1:58wg4IeuAJ6LVsLUeD2DWZZoc/bYi6dzhLHzxM41980=
-github.com/hashicorp/terraform-json v0.14.0 h1:sh9iZ1Y8IFJLx+xQiKHGud6/TSUCM0N8e17dKDpqV7s=
+github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA=
-github.com/hashicorp/terraform-json v0.14.0/go.mod h1:5A9HIWPkk4e5aeeXIBbkcOvaZbIYnAIkEyqP2pNSckM=
+github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o=
-github.com/hashicorp/terraform-plugin-docs v0.13.0 h1:6e+VIWsVGb6jYJewfzq2ok2smPzZrt1Wlm9koLeKazY=
+github.com/hashicorp/terraform-plugin-docs v0.16.0 h1:UmxFr3AScl6Wged84jndJIfFccGyBZn52KtMNsS12dI=
-github.com/hashicorp/terraform-plugin-docs v0.13.0/go.mod h1:W0oCmHAjIlTHBbvtppWHe8fLfZ2BznQbuv8+UD8OucQ=
+github.com/hashicorp/terraform-plugin-docs v0.16.0/go.mod h1:M3ZrlKBJAbPMtNOPwHicGi1c+hZUh7/g0ifT/z7TVfA=
-github.com/hashicorp/terraform-plugin-go v0.14.1 h1:cwZzPYla82XwAqpLhSzdVsOMU+6H29tczAwrB0z9Zek=
+github.com/hashicorp/terraform-plugin-go v0.16.0 h1:DSOQ0rz5FUiVO4NUzMs8ln9gsPgHMTsfns7Nk+6gPuE=
-github.com/hashicorp/terraform-plugin-go v0.14.1/go.mod h1:Bc/K6K26BQ2FHqIELPbpKtt2CzzbQou+0UQF3/0NsCQ=
+github.com/hashicorp/terraform-plugin-go v0.16.0/go.mod h1:4sn8bFuDbt+2+Yztt35IbOrvZc0zyEi87gJzsTgCES8=
-github.com/hashicorp/terraform-plugin-log v0.7.0 h1:SDxJUyT8TwN4l5b5/VkiTIaQgY6R+Y2BQ0sRZftGKQs=
+github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0=
-github.com/hashicorp/terraform-plugin-log v0.7.0/go.mod h1:p4R1jWBXRTvL4odmEkFfDdhUjHf9zcs/BCoNHAc7IK4=
+github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow=
-github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1 h1:zHcMbxY0+rFO9gY99elV/XC/UnQVg7FhRCbj1i5b7vM=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0 h1:I8efBnjuDrgPjNF1MEypHy48VgcTIUY4X6rOFunrR3Y=
-github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1/go.mod h1:+tNlb0wkfdsDJ7JEiERLz4HzM19HyiuIoGzTsM7rPpw=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0/go.mod h1:cUEP4ly/nxlHy5HzD6YRrHydtlheGvGRJDhiWqqVik4=
-github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c h1:D8aRO6+mTqHfLsK/BC3j5OAoogv1WLRWzY1AaTo3rBg=
+github.com/hashicorp/terraform-registry-address v0.2.1 h1:QuTf6oJ1+WSflJw6WYOHhLgwUiQ0FrROpHPYFtwTYWM=
-github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c/go.mod h1:Wn3Na71knbXc1G8Lh+yu/dQWWJeFQEpDeJMtWMtlmNI=
+github.com/hashicorp/terraform-registry-address v0.2.1/go.mod h1:BSE9fIFzp0qWsJUUyGquo4ldV9k2n+psif6NYkBRS3Y=
-github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0=
+github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=
-github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg=
+github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck=
+github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mitchellh/cli v1.1.4 h1:qj8czE26AU4PbiaPXK5uVmMSM+V5BYsFBiM9HhGRLUA=
+github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
-github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mitchellh/cli v1.1.5 h1:OxRIeJXpAMztws/XHlN2vu6imG5Dpq+j61AzAX5fLng=
 github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2cLtRR4=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
 github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
 github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
@ -184,173 +137,108 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758=
 github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
 github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U=
+github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
-github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
-github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY=
+github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
-github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
-github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
+github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
+github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0=
-github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
+github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0=
 github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
 github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY=
 github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
-golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY=
+golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df h1:UA2aFVmmsIlefxMk29Dp2juaUSth8Pyn3Tq5Y5mJGME=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
+golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
+golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b h1:2n253B2r0pYSmEV+UNCQoPfU/FiaizQEK5Gu4Bq4JE8=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200711021454-869866162049 h1:YFTFpQhgvrLrmxtiIncJxFXeCyq84ixuKWVCaCAi9Oc=
 google.golang.org/genproto v0.0.0-20200711021454-869866162049/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
 google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/scripts/docker-compose.yaml
+++ b/scripts/docker-compose.yaml
@ -6,7 +6,7 @@ networks:
 services:
  server:
-    image: gitea/gitea:1.17.1
+    image: gitea/gitea:1.19.3
    container_name: gitea
    environment:
      - USER_UID=1000
--- a/vendor/code.gitea.io/sdk/gitea/oauth2.go
+++ b/vendor/code.gitea.io/sdk/gitea/oauth2.go
@ -13,12 +13,13 @@ import (
 // Oauth2 represents an Oauth2 Application
 type Oauth2 struct {
-	ID           int64     `json:"id"`
+	ID                 int64     `json:"id"`
-	Name         string    `json:"name"`
+	Name               string    `json:"name"`
-	ClientID     string    `json:"client_id"`
+	ClientID           string    `json:"client_id"`
-	ClientSecret string    `json:"client_secret"`
+	ClientSecret       string    `json:"client_secret"`
-	RedirectURIs []string  `json:"redirect_uris"`
+	RedirectURIs       []string  `json:"redirect_uris"`
-	Created      time.Time `json:"created"`
+	ConfidentialClient bool      `json:"confidential_client"`
 	Created            time.Time `json:"created"`
 }
 // ListOauth2Option for listing Oauth2 Applications
@ -28,8 +29,9 @@ type ListOauth2Option struct {
 // CreateOauth2Option required options for creating an Application
 type CreateOauth2Option struct {
-	Name         string   `json:"name"`
+	Name               string   `json:"name"`
-	RedirectURIs []string `json:"redirect_uris"`
+	ConfidentialClient bool     `json:"confidential_client"`
 	RedirectURIs       []string `json:"redirect_uris"`
 }
 // CreateOauth2 create an Oauth2 Application and returns a completed Oauth2 object.
--- a/vendor/github.com/ProtonMail/go-crypto/AUTHORS
+++ b/vendor/github.com/ProtonMail/go-crypto/AUTHORS
--- a/vendor/github.com/ProtonMail/go-crypto/CONTRIBUTORS
+++ b/vendor/github.com/ProtonMail/go-crypto/CONTRIBUTORS
--- a/vendor/github.com/ProtonMail/go-crypto/LICENSE
+++ b/vendor/github.com/ProtonMail/go-crypto/LICENSE
@ -0,0 +1,27 @@
 Copyright (c) 2009 The Go Authors. All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
 met:
   * Redistributions of source code must retain the above copyright
 notice, this list of conditions and the following disclaimer.
   * Redistributions in binary form must reproduce the above
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
   * Neither the name of Google Inc. nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/vendor/github.com/ProtonMail/go-crypto/PATENTS
+++ b/vendor/github.com/ProtonMail/go-crypto/PATENTS
@ -0,0 +1,22 @@
 Additional IP Rights Grant (Patents)
 "This implementation" means the copyrightable works distributed by
 Google as part of the Go project.
 Google hereby grants to You a perpetual, worldwide, non-exclusive,
 no-charge, royalty-free, irrevocable (except as stated in this section)
 patent license to make, have made, use, offer to sell, sell, import,
 transfer and otherwise run, modify and propagate the contents of this
 implementation of Go, where such license applies only to those patent
 claims, both currently owned or controlled by Google and acquired in
 the future, licensable by Google that are necessarily infringed by this
 implementation of Go.  This grant does not include claims that would be
 infringed only as a consequence of further modification of this
 implementation.  If you or your agent or exclusive licensee institute or
 order or agree to the institution of patent litigation against any
 entity (including a cross-claim or counterclaim in a lawsuit) alleging
 that this implementation of Go or any code incorporated within this
 implementation of Go constitutes direct or contributory patent
 infringement, or inducement of patent infringement, then any patent
 rights granted to you under this License for this implementation of Go
 shall terminate as of the date such litigation is filed.
--- a/vendor/github.com/ProtonMail/go-crypto/bitcurves/bitcurve.go
+++ b/vendor/github.com/ProtonMail/go-crypto/bitcurves/bitcurve.go
@ -0,0 +1,381 @@
 package bitcurves
 // Copyright 2010 The Go Authors. All rights reserved.
 // Copyright 2011 ThePiachu. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // Package bitelliptic implements several Koblitz elliptic curves over prime
 // fields.
 // This package operates, internally, on Jacobian coordinates. For a given
 // (x, y) position on the curve, the Jacobian coordinates are (x1, y1, z1)
 // where x = x1/z1² and y = y1/z1³. The greatest speedups come when the whole
 // calculation can be performed within the transform (as in ScalarMult and
 // ScalarBaseMult). But even for Add and Double, it's faster to apply and
 // reverse the transform than to operate in affine coordinates.
 import (
 	"crypto/elliptic"
 	"io"
 	"math/big"
 	"sync"
 )
 // A BitCurve represents a Koblitz Curve with a=0.
 // See http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html
 type BitCurve struct {
 	Name    string
 	P       *big.Int // the order of the underlying field
 	N       *big.Int // the order of the base point
 	B       *big.Int // the constant of the BitCurve equation
 	Gx, Gy  *big.Int // (x,y) of the base point
 	BitSize int      // the size of the underlying field
 }
 // Params returns the parameters of the given BitCurve (see BitCurve struct)
 func (bitCurve *BitCurve) Params() (cp *elliptic.CurveParams) {
 	cp = new(elliptic.CurveParams)
 	cp.Name = bitCurve.Name
 	cp.P = bitCurve.P
 	cp.N = bitCurve.N
 	cp.Gx = bitCurve.Gx
 	cp.Gy = bitCurve.Gy
 	cp.BitSize = bitCurve.BitSize
 	return cp
 }
 // IsOnCurve returns true if the given (x,y) lies on the BitCurve.
 func (bitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool {
 	// y² = x³ + b
 	y2 := new(big.Int).Mul(y, y) //y²
 	y2.Mod(y2, bitCurve.P)       //y²%P
 	x3 := new(big.Int).Mul(x, x) //x²
 	x3.Mul(x3, x)                //x³
 	x3.Add(x3, bitCurve.B) //x³+B
 	x3.Mod(x3, bitCurve.P) //(x³+B)%P
 	return x3.Cmp(y2) == 0
 }
 // affineFromJacobian reverses the Jacobian transform. See the comment at the
 // top of the file.
 func (bitCurve *BitCurve) affineFromJacobian(x, y, z *big.Int) (xOut, yOut *big.Int) {
 	if z.Cmp(big.NewInt(0)) == 0 {
 		panic("bitcurve: Can't convert to affine with Jacobian Z = 0")
 	}
 	// x = YZ^2 mod P
 	zinv := new(big.Int).ModInverse(z, bitCurve.P)
 	zinvsq := new(big.Int).Mul(zinv, zinv)
 	xOut = new(big.Int).Mul(x, zinvsq)
 	xOut.Mod(xOut, bitCurve.P)
 	// y = YZ^3 mod P
 	zinvsq.Mul(zinvsq, zinv)
 	yOut = new(big.Int).Mul(y, zinvsq)
 	yOut.Mod(yOut, bitCurve.P)
 	return xOut, yOut
 }
 // Add returns the sum of (x1,y1) and (x2,y2)
 func (bitCurve *BitCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int) {
 	z := new(big.Int).SetInt64(1)
 	x, y, z := bitCurve.addJacobian(x1, y1, z, x2, y2, z)
 	return bitCurve.affineFromJacobian(x, y, z)
 }
 // addJacobian takes two points in Jacobian coordinates, (x1, y1, z1) and
 // (x2, y2, z2) and returns their sum, also in Jacobian form.
 func (bitCurve *BitCurve) addJacobian(x1, y1, z1, x2, y2, z2 *big.Int) (*big.Int, *big.Int, *big.Int) {
 	// See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl
 	z1z1 := new(big.Int).Mul(z1, z1)
 	z1z1.Mod(z1z1, bitCurve.P)
 	z2z2 := new(big.Int).Mul(z2, z2)
 	z2z2.Mod(z2z2, bitCurve.P)
 	u1 := new(big.Int).Mul(x1, z2z2)
 	u1.Mod(u1, bitCurve.P)
 	u2 := new(big.Int).Mul(x2, z1z1)
 	u2.Mod(u2, bitCurve.P)
 	h := new(big.Int).Sub(u2, u1)
 	if h.Sign() == -1 {
 		h.Add(h, bitCurve.P)
 	}
 	i := new(big.Int).Lsh(h, 1)
 	i.Mul(i, i)
 	j := new(big.Int).Mul(h, i)
 	s1 := new(big.Int).Mul(y1, z2)
 	s1.Mul(s1, z2z2)
 	s1.Mod(s1, bitCurve.P)
 	s2 := new(big.Int).Mul(y2, z1)
 	s2.Mul(s2, z1z1)
 	s2.Mod(s2, bitCurve.P)
 	r := new(big.Int).Sub(s2, s1)
 	if r.Sign() == -1 {
 		r.Add(r, bitCurve.P)
 	}
 	r.Lsh(r, 1)
 	v := new(big.Int).Mul(u1, i)
 	x3 := new(big.Int).Set(r)
 	x3.Mul(x3, x3)
 	x3.Sub(x3, j)
 	x3.Sub(x3, v)
 	x3.Sub(x3, v)
 	x3.Mod(x3, bitCurve.P)
 	y3 := new(big.Int).Set(r)
 	v.Sub(v, x3)
 	y3.Mul(y3, v)
 	s1.Mul(s1, j)
 	s1.Lsh(s1, 1)
 	y3.Sub(y3, s1)
 	y3.Mod(y3, bitCurve.P)
 	z3 := new(big.Int).Add(z1, z2)
 	z3.Mul(z3, z3)
 	z3.Sub(z3, z1z1)
 	if z3.Sign() == -1 {
 		z3.Add(z3, bitCurve.P)
 	}
 	z3.Sub(z3, z2z2)
 	if z3.Sign() == -1 {
 		z3.Add(z3, bitCurve.P)
 	}
 	z3.Mul(z3, h)
 	z3.Mod(z3, bitCurve.P)
 	return x3, y3, z3
 }
 // Double returns 2*(x,y)
 func (bitCurve *BitCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int) {
 	z1 := new(big.Int).SetInt64(1)
 	return bitCurve.affineFromJacobian(bitCurve.doubleJacobian(x1, y1, z1))
 }
 // doubleJacobian takes a point in Jacobian coordinates, (x, y, z), and
 // returns its double, also in Jacobian form.
 func (bitCurve *BitCurve) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int, *big.Int) {
 	// See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
 	a := new(big.Int).Mul(x, x) //X1²
 	b := new(big.Int).Mul(y, y) //Y1²
 	c := new(big.Int).Mul(b, b) //B²
 	d := new(big.Int).Add(x, b) //X1+B
 	d.Mul(d, d)                 //(X1+B)²
 	d.Sub(d, a)                 //(X1+B)²-A
 	d.Sub(d, c)                 //(X1+B)²-A-C
 	d.Mul(d, big.NewInt(2))     //2*((X1+B)²-A-C)
 	e := new(big.Int).Mul(big.NewInt(3), a) //3*A
 	f := new(big.Int).Mul(e, e)             //E²
 	x3 := new(big.Int).Mul(big.NewInt(2), d) //2*D
 	x3.Sub(f, x3)                            //F-2*D
 	x3.Mod(x3, bitCurve.P)
 	y3 := new(big.Int).Sub(d, x3)                  //D-X3
 	y3.Mul(e, y3)                                  //E*(D-X3)
 	y3.Sub(y3, new(big.Int).Mul(big.NewInt(8), c)) //E*(D-X3)-8*C
 	y3.Mod(y3, bitCurve.P)
 	z3 := new(big.Int).Mul(y, z) //Y1*Z1
 	z3.Mul(big.NewInt(2), z3)    //3*Y1*Z1
 	z3.Mod(z3, bitCurve.P)
 	return x3, y3, z3
 }
 //TODO: double check if it is okay
 // ScalarMult returns k*(Bx,By) where k is a number in big-endian form.
 func (bitCurve *BitCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
 	// We have a slight problem in that the identity of the group (the
 	// point at infinity) cannot be represented in (x, y) form on a finite
 	// machine. Thus the standard add/double algorithm has to be tweaked
 	// slightly: our initial state is not the identity, but x, and we
 	// ignore the first true bit in |k|.  If we don't find any true bits in
 	// |k|, then we return nil, nil, because we cannot return the identity
 	// element.
 	Bz := new(big.Int).SetInt64(1)
 	x := Bx
 	y := By
 	z := Bz
 	seenFirstTrue := false
 	for _, byte := range k {
 		for bitNum := 0; bitNum < 8; bitNum++ {
 			if seenFirstTrue {
 				x, y, z = bitCurve.doubleJacobian(x, y, z)
 			}
 			if byte&0x80 == 0x80 {
 				if !seenFirstTrue {
 					seenFirstTrue = true
 				} else {
 					x, y, z = bitCurve.addJacobian(Bx, By, Bz, x, y, z)
 				}
 			}
 			byte <<= 1
 		}
 	}
 	if !seenFirstTrue {
 		return nil, nil
 	}
 	return bitCurve.affineFromJacobian(x, y, z)
 }
 // ScalarBaseMult returns k*G, where G is the base point of the group and k is
 // an integer in big-endian form.
 func (bitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
 	return bitCurve.ScalarMult(bitCurve.Gx, bitCurve.Gy, k)
 }
 var mask = []byte{0xff, 0x1, 0x3, 0x7, 0xf, 0x1f, 0x3f, 0x7f}
 //TODO: double check if it is okay
 // GenerateKey returns a public/private key pair. The private key is generated
 // using the given reader, which must return random data.
 func (bitCurve *BitCurve) GenerateKey(rand io.Reader) (priv []byte, x, y *big.Int, err error) {
 	byteLen := (bitCurve.BitSize + 7) >> 3
 	priv = make([]byte, byteLen)
 	for x == nil {
 		_, err = io.ReadFull(rand, priv)
 		if err != nil {
 			return
 		}
 		// We have to mask off any excess bits in the case that the size of the
 		// underlying field is not a whole number of bytes.
 		priv[0] &= mask[bitCurve.BitSize%8]
 		// This is because, in tests, rand will return all zeros and we don't
 		// want to get the point at infinity and loop forever.
 		priv[1] ^= 0x42
 		x, y = bitCurve.ScalarBaseMult(priv)
 	}
 	return
 }
 // Marshal converts a point into the form specified in section 4.3.6 of ANSI
 // X9.62.
 func (bitCurve *BitCurve) Marshal(x, y *big.Int) []byte {
 	byteLen := (bitCurve.BitSize + 7) >> 3
 	ret := make([]byte, 1+2*byteLen)
 	ret[0] = 4 // uncompressed point
 	xBytes := x.Bytes()
 	copy(ret[1+byteLen-len(xBytes):], xBytes)
 	yBytes := y.Bytes()
 	copy(ret[1+2*byteLen-len(yBytes):], yBytes)
 	return ret
 }
 // Unmarshal converts a point, serialised by Marshal, into an x, y pair. On
 // error, x = nil.
 func (bitCurve *BitCurve) Unmarshal(data []byte) (x, y *big.Int) {
 	byteLen := (bitCurve.BitSize + 7) >> 3
 	if len(data) != 1+2*byteLen {
 		return
 	}
 	if data[0] != 4 { // uncompressed form
 		return
 	}
 	x = new(big.Int).SetBytes(data[1 : 1+byteLen])
 	y = new(big.Int).SetBytes(data[1+byteLen:])
 	return
 }
 //curve parameters taken from:
 //http://www.secg.org/collateral/sec2_final.pdf
 var initonce sync.Once
 var secp160k1 *BitCurve
 var secp192k1 *BitCurve
 var secp224k1 *BitCurve
 var secp256k1 *BitCurve
 func initAll() {
 	initS160()
 	initS192()
 	initS224()
 	initS256()
 }
 func initS160() {
 	// See SEC 2 section 2.4.1
 	secp160k1 = new(BitCurve)
 	secp160k1.Name = "secp160k1"
 	secp160k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16)
 	secp160k1.N, _ = new(big.Int).SetString("0100000000000000000001B8FA16DFAB9ACA16B6B3", 16)
 	secp160k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000007", 16)
 	secp160k1.Gx, _ = new(big.Int).SetString("3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", 16)
 	secp160k1.Gy, _ = new(big.Int).SetString("938CF935318FDCED6BC28286531733C3F03C4FEE", 16)
 	secp160k1.BitSize = 160
 }
 func initS192() {
 	// See SEC 2 section 2.5.1
 	secp192k1 = new(BitCurve)
 	secp192k1.Name = "secp192k1"
 	secp192k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 16)
 	secp192k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 16)
 	secp192k1.B, _ = new(big.Int).SetString("000000000000000000000000000000000000000000000003", 16)
 	secp192k1.Gx, _ = new(big.Int).SetString("DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", 16)
 	secp192k1.Gy, _ = new(big.Int).SetString("9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 16)
 	secp192k1.BitSize = 192
 }
 func initS224() {
 	// See SEC 2 section 2.6.1
 	secp224k1 = new(BitCurve)
 	secp224k1.Name = "secp224k1"
 	secp224k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 16)
 	secp224k1.N, _ = new(big.Int).SetString("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 16)
 	secp224k1.B, _ = new(big.Int).SetString("00000000000000000000000000000000000000000000000000000005", 16)
 	secp224k1.Gx, _ = new(big.Int).SetString("A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", 16)
 	secp224k1.Gy, _ = new(big.Int).SetString("7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 16)
 	secp224k1.BitSize = 224
 }
 func initS256() {
 	// See SEC 2 section 2.7.1
 	secp256k1 = new(BitCurve)
 	secp256k1.Name = "secp256k1"
 	secp256k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16)
 	secp256k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 16)
 	secp256k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000000000000000000000000000007", 16)
 	secp256k1.Gx, _ = new(big.Int).SetString("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 16)
 	secp256k1.Gy, _ = new(big.Int).SetString("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 16)
 	secp256k1.BitSize = 256
 }
 // S160 returns a BitCurve which implements secp160k1 (see SEC 2 section 2.4.1)
 func S160() *BitCurve {
 	initonce.Do(initAll)
 	return secp160k1
 }
 // S192 returns a BitCurve which implements secp192k1 (see SEC 2 section 2.5.1)
 func S192() *BitCurve {
 	initonce.Do(initAll)
 	return secp192k1
 }
 // S224 returns a BitCurve which implements secp224k1 (see SEC 2 section 2.6.1)
 func S224() *BitCurve {
 	initonce.Do(initAll)
 	return secp224k1
 }
 // S256 returns a BitCurve which implements bitcurves (see SEC 2 section 2.7.1)
 func S256() *BitCurve {
 	initonce.Do(initAll)
 	return secp256k1
 }
--- a/vendor/github.com/ProtonMail/go-crypto/brainpool/brainpool.go
+++ b/vendor/github.com/ProtonMail/go-crypto/brainpool/brainpool.go
@ -0,0 +1,134 @@
 // Package brainpool implements Brainpool elliptic curves.
 // Implementation of rcurves is from github.com/ebfe/brainpool
 // Note that these curves are implemented with naive, non-constant time operations
 // and are likely not suitable for environments where timing attacks are a concern.
 package brainpool
 import (
 	"crypto/elliptic"
 	"math/big"
 	"sync"
 )
 var (
 	once                   sync.Once
 	p256t1, p384t1, p512t1 *elliptic.CurveParams
 	p256r1, p384r1, p512r1 *rcurve
 )
 func initAll() {
 	initP256t1()
 	initP384t1()
 	initP512t1()
 	initP256r1()
 	initP384r1()
 	initP512r1()
 }
 func initP256t1() {
 	p256t1 = &elliptic.CurveParams{Name: "brainpoolP256t1"}
 	p256t1.P, _ = new(big.Int).SetString("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16)
 	p256t1.N, _ = new(big.Int).SetString("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16)
 	p256t1.B, _ = new(big.Int).SetString("662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04", 16)
 	p256t1.Gx, _ = new(big.Int).SetString("A3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F4", 16)
 	p256t1.Gy, _ = new(big.Int).SetString("2D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE", 16)
 	p256t1.BitSize = 256
 }
 func initP256r1() {
 	twisted := p256t1
 	params := &elliptic.CurveParams{
 		Name:    "brainpoolP256r1",
 		P:       twisted.P,
 		N:       twisted.N,
 		BitSize: twisted.BitSize,
 	}
 	params.Gx, _ = new(big.Int).SetString("8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", 16)
 	params.Gy, _ = new(big.Int).SetString("547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", 16)
 	z, _ := new(big.Int).SetString("3E2D4BD9597B58639AE7AA669CAB9837CF5CF20A2C852D10F655668DFC150EF0", 16)
 	p256r1 = newrcurve(twisted, params, z)
 }
 func initP384t1() {
 	p384t1 = &elliptic.CurveParams{Name: "brainpoolP384t1"}
 	p384t1.P, _ = new(big.Int).SetString("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 16)
 	p384t1.N, _ = new(big.Int).SetString("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16)
 	p384t1.B, _ = new(big.Int).SetString("7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B88805CED70355A33B471EE", 16)
 	p384t1.Gx, _ = new(big.Int).SetString("18DE98B02DB9A306F2AFCD7235F72A819B80AB12EBD653172476FECD462AABFFC4FF191B946A5F54D8D0AA2F418808CC", 16)
 	p384t1.Gy, _ = new(big.Int).SetString("25AB056962D30651A114AFD2755AD336747F93475B7A1FCA3B88F2B6A208CCFE469408584DC2B2912675BF5B9E582928", 16)
 	p384t1.BitSize = 384
 }
 func initP384r1() {
 	twisted := p384t1
 	params := &elliptic.CurveParams{
 		Name:    "brainpoolP384r1",
 		P:       twisted.P,
 		N:       twisted.N,
 		BitSize: twisted.BitSize,
 	}
 	params.Gx, _ = new(big.Int).SetString("1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", 16)
 	params.Gy, _ = new(big.Int).SetString("8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", 16)
 	z, _ := new(big.Int).SetString("41DFE8DD399331F7166A66076734A89CD0D2BCDB7D068E44E1F378F41ECBAE97D2D63DBC87BCCDDCCC5DA39E8589291C", 16)
 	p384r1 = newrcurve(twisted, params, z)
 }
 func initP512t1() {
 	p512t1 = &elliptic.CurveParams{Name: "brainpoolP512t1"}
 	p512t1.P, _ = new(big.Int).SetString("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 16)
 	p512t1.N, _ = new(big.Int).SetString("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16)
 	p512t1.B, _ = new(big.Int).SetString("7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E", 16)
 	p512t1.Gx, _ = new(big.Int).SetString("640ECE5C12788717B9C1BA06CBC2A6FEBA85842458C56DDE9DB1758D39C0313D82BA51735CDB3EA499AA77A7D6943A64F7A3F25FE26F06B51BAA2696FA9035DA", 16)
 	p512t1.Gy, _ = new(big.Int).SetString("5B534BD595F5AF0FA2C892376C84ACE1BB4E3019B71634C01131159CAE03CEE9D9932184BEEF216BD71DF2DADF86A627306ECFF96DBB8BACE198B61E00F8B332", 16)
 	p512t1.BitSize = 512
 }
 func initP512r1() {
 	twisted := p512t1
 	params := &elliptic.CurveParams{
 		Name:    "brainpoolP512r1",
 		P:       twisted.P,
 		N:       twisted.N,
 		BitSize: twisted.BitSize,
 	}
 	params.Gx, _ = new(big.Int).SetString("81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", 16)
 	params.Gy, _ = new(big.Int).SetString("7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", 16)
 	z, _ := new(big.Int).SetString("12EE58E6764838B69782136F0F2D3BA06E27695716054092E60A80BEDB212B64E585D90BCE13761F85C3F1D2A64E3BE8FEA2220F01EBA5EEB0F35DBD29D922AB", 16)
 	p512r1 = newrcurve(twisted, params, z)
 }
 // P256t1 returns a Curve which implements Brainpool P256t1 (see RFC 5639, section 3.4)
 func P256t1() elliptic.Curve {
 	once.Do(initAll)
 	return p256t1
 }
 // P256r1 returns a Curve which implements Brainpool P256r1 (see RFC 5639, section 3.4)
 func P256r1() elliptic.Curve {
 	once.Do(initAll)
 	return p256r1
 }
 // P384t1 returns a Curve which implements Brainpool P384t1 (see RFC 5639, section 3.6)
 func P384t1() elliptic.Curve {
 	once.Do(initAll)
 	return p384t1
 }
 // P384r1 returns a Curve which implements Brainpool P384r1 (see RFC 5639, section 3.6)
 func P384r1() elliptic.Curve {
 	once.Do(initAll)
 	return p384r1
 }
 // P512t1 returns a Curve which implements Brainpool P512t1 (see RFC 5639, section 3.7)
 func P512t1() elliptic.Curve {
 	once.Do(initAll)
 	return p512t1
 }
 // P512r1 returns a Curve which implements Brainpool P512r1 (see RFC 5639, section 3.7)
 func P512r1() elliptic.Curve {
 	once.Do(initAll)
 	return p512r1
 }
--- a/vendor/github.com/ProtonMail/go-crypto/brainpool/rcurve.go
+++ b/vendor/github.com/ProtonMail/go-crypto/brainpool/rcurve.go
@ -0,0 +1,83 @@
 package brainpool
 import (
 	"crypto/elliptic"
 	"math/big"
 )
 var _ elliptic.Curve = (*rcurve)(nil)
 type rcurve struct {
 	twisted elliptic.Curve
 	params  *elliptic.CurveParams
 	z       *big.Int
 	zinv    *big.Int
 	z2      *big.Int
 	z3      *big.Int
 	zinv2   *big.Int
 	zinv3   *big.Int
 }
 var (
 	two   = big.NewInt(2)
 	three = big.NewInt(3)
 )
 func newrcurve(twisted elliptic.Curve, params *elliptic.CurveParams, z *big.Int) *rcurve {
 	zinv := new(big.Int).ModInverse(z, params.P)
 	return &rcurve{
 		twisted: twisted,
 		params:  params,
 		z:       z,
 		zinv:    zinv,
 		z2:      new(big.Int).Exp(z, two, params.P),
 		z3:      new(big.Int).Exp(z, three, params.P),
 		zinv2:   new(big.Int).Exp(zinv, two, params.P),
 		zinv3:   new(big.Int).Exp(zinv, three, params.P),
 	}
 }
 func (curve *rcurve) toTwisted(x, y *big.Int) (*big.Int, *big.Int) {
 	var tx, ty big.Int
 	tx.Mul(x, curve.z2)
 	tx.Mod(&tx, curve.params.P)
 	ty.Mul(y, curve.z3)
 	ty.Mod(&ty, curve.params.P)
 	return &tx, &ty
 }
 func (curve *rcurve) fromTwisted(tx, ty *big.Int) (*big.Int, *big.Int) {
 	var x, y big.Int
 	x.Mul(tx, curve.zinv2)
 	x.Mod(&x, curve.params.P)
 	y.Mul(ty, curve.zinv3)
 	y.Mod(&y, curve.params.P)
 	return &x, &y
 }
 func (curve *rcurve) Params() *elliptic.CurveParams {
 	return curve.params
 }
 func (curve *rcurve) IsOnCurve(x, y *big.Int) bool {
 	return curve.twisted.IsOnCurve(curve.toTwisted(x, y))
 }
 func (curve *rcurve) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) {
 	tx1, ty1 := curve.toTwisted(x1, y1)
 	tx2, ty2 := curve.toTwisted(x2, y2)
 	return curve.fromTwisted(curve.twisted.Add(tx1, ty1, tx2, ty2))
 }
 func (curve *rcurve) Double(x1, y1 *big.Int) (x, y *big.Int) {
 	return curve.fromTwisted(curve.twisted.Double(curve.toTwisted(x1, y1)))
 }
 func (curve *rcurve) ScalarMult(x1, y1 *big.Int, scalar []byte) (x, y *big.Int) {
 	tx1, ty1 := curve.toTwisted(x1, y1)
 	return curve.fromTwisted(curve.twisted.ScalarMult(tx1, ty1, scalar))
 }
 func (curve *rcurve) ScalarBaseMult(scalar []byte) (x, y *big.Int) {
 	return curve.fromTwisted(curve.twisted.ScalarBaseMult(scalar))
 }
--- a/vendor/github.com/ProtonMail/go-crypto/eax/eax.go
+++ b/vendor/github.com/ProtonMail/go-crypto/eax/eax.go
@ -0,0 +1,162 @@
 // Copyright (C) 2019 ProtonTech AG
 // Package eax provides an implementation of the EAX
 // (encrypt-authenticate-translate) mode of operation, as described in
 // Bellare, Rogaway, and Wagner "THE EAX MODE OF OPERATION: A TWO-PASS
 // AUTHENTICATED-ENCRYPTION SCHEME OPTIMIZED FOR SIMPLICITY AND EFFICIENCY."
 // In FSE'04, volume 3017 of LNCS, 2004
 package eax
 import (
 	"crypto/cipher"
 	"crypto/subtle"
 	"errors"
 	"github.com/ProtonMail/go-crypto/internal/byteutil"
 )
 const (
 	defaultTagSize   = 16
 	defaultNonceSize = 16
 )
 type eax struct {
 	block     cipher.Block // Only AES-{128, 192, 256} supported
 	tagSize   int          // At least 12 bytes recommended
 	nonceSize int
 }
 func (e *eax) NonceSize() int {
 	return e.nonceSize
 }
 func (e *eax) Overhead() int {
 	return e.tagSize
 }
 // NewEAX returns an EAX instance with AES-{KEYLENGTH} and default nonce and
 // tag lengths. Supports {128, 192, 256}- bit key length.
 func NewEAX(block cipher.Block) (cipher.AEAD, error) {
 	return NewEAXWithNonceAndTagSize(block, defaultNonceSize, defaultTagSize)
 }
 // NewEAXWithNonceAndTagSize returns an EAX instance with AES-{keyLength} and
 // given nonce and tag lengths in bytes. Panics on zero nonceSize and
 // exceedingly long tags.
 //
 // It is recommended to use at least 12 bytes as tag length (see, for instance,
 // NIST SP 800-38D).
 //
 // Only to be used for compatibility with existing cryptosystems with
 // non-standard parameters. For all other cases, prefer NewEAX.
 func NewEAXWithNonceAndTagSize(
 	block cipher.Block, nonceSize, tagSize int) (cipher.AEAD, error) {
 	if nonceSize < 1 {
 		return nil, eaxError("Cannot initialize EAX with nonceSize = 0")
 	}
 	if tagSize > block.BlockSize() {
 		return nil, eaxError("Custom tag length exceeds blocksize")
 	}
 	return &eax{
 		block:     block,
 		tagSize:   tagSize,
 		nonceSize: nonceSize,
 	}, nil
 }
 func (e *eax) Seal(dst, nonce, plaintext, adata []byte) []byte {
 	if len(nonce) > e.nonceSize {
 		panic("crypto/eax: Nonce too long for this instance")
 	}
 	ret, out := byteutil.SliceForAppend(dst, len(plaintext) + e.tagSize)
 	omacNonce := e.omacT(0, nonce)
 	omacAdata := e.omacT(1, adata)
 	// Encrypt message using CTR mode and omacNonce as IV
 	ctr := cipher.NewCTR(e.block, omacNonce)
 	ciphertextData := out[:len(plaintext)]
 	ctr.XORKeyStream(ciphertextData, plaintext)
 	omacCiphertext := e.omacT(2, ciphertextData)
 	tag := out[len(plaintext):]
 	for i := 0; i < e.tagSize; i++ {
 		tag[i] = omacCiphertext[i] ^ omacNonce[i] ^ omacAdata[i]
 	}
 	return ret
 }
 func (e* eax) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) {
 	if len(nonce) > e.nonceSize {
 		panic("crypto/eax: Nonce too long for this instance")
 	}
 	if len(ciphertext) < e.tagSize {
 		return nil, eaxError("Ciphertext shorter than tag length")
 	}
 	sep := len(ciphertext) - e.tagSize
 	// Compute tag
 	omacNonce := e.omacT(0, nonce)
 	omacAdata := e.omacT(1, adata)
 	omacCiphertext := e.omacT(2, ciphertext[:sep])
 	tag := make([]byte, e.tagSize)
 	for i := 0; i < e.tagSize; i++ {
 		tag[i] = omacCiphertext[i] ^ omacNonce[i] ^ omacAdata[i]
 	}
 	// Compare tags
 	if subtle.ConstantTimeCompare(ciphertext[sep:], tag) != 1 {
 		return nil, eaxError("Tag authentication failed")
 	}
 	// Decrypt ciphertext
 	ret, out := byteutil.SliceForAppend(dst, len(ciphertext))
 	ctr := cipher.NewCTR(e.block, omacNonce)
 	ctr.XORKeyStream(out, ciphertext[:sep])
 	return ret[:sep], nil
 }
 // Tweakable OMAC - Calls OMAC_K([t]_n || plaintext)
 func (e *eax) omacT(t byte, plaintext []byte) []byte {
 	blockSize := e.block.BlockSize()
 	byteT := make([]byte, blockSize)
 	byteT[blockSize-1] = t
 	concat := append(byteT, plaintext...)
 	return e.omac(concat)
 }
 func (e *eax) omac(plaintext []byte) []byte {
 	blockSize := e.block.BlockSize()
 	// L ← E_K(0^n); B ← 2L; P ← 4L
 	L := make([]byte, blockSize)
 	e.block.Encrypt(L, L)
 	B := byteutil.GfnDouble(L)
 	P := byteutil.GfnDouble(B)
 	// CBC with IV = 0
 	cbc := cipher.NewCBCEncrypter(e.block, make([]byte, blockSize))
 	padded := e.pad(plaintext, B, P)
 	cbcCiphertext := make([]byte, len(padded))
 	cbc.CryptBlocks(cbcCiphertext, padded)
 	return cbcCiphertext[len(cbcCiphertext)-blockSize:]
 }
 func (e *eax) pad(plaintext, B, P []byte) []byte {
 	// if |M| in {n, 2n, 3n, ...}
 	blockSize := e.block.BlockSize()
 	if len(plaintext) != 0 && len(plaintext)%blockSize == 0 {
 		return byteutil.RightXor(plaintext, B)
 	}
 	// else return (M || 1 || 0^(n−1−(|M| % n))) xor→ P
 	ending := make([]byte, blockSize-len(plaintext)%blockSize)
 	ending[0] = 0x80
 	padded := append(plaintext, ending...)
 	return byteutil.RightXor(padded, P)
 }
 func eaxError(err string) error {
 	return errors.New("crypto/eax: " + err)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/eax/eax_test_vectors.go
+++ b/vendor/github.com/ProtonMail/go-crypto/eax/eax_test_vectors.go
@ -0,0 +1,58 @@
 package eax
 // Test vectors from
 // https://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf
 var testVectors = []struct {
 	msg, key, nonce, header, ciphertext string
 }{
 	{"",
 		"233952DEE4D5ED5F9B9C6D6FF80FF478",
 		"62EC67F9C3A4A407FCB2A8C49031A8B3",
 		"6BFB914FD07EAE6B",
 		"E037830E8389F27B025A2D6527E79D01"},
 	{"F7FB",
 		"91945D3F4DCBEE0BF45EF52255F095A4",
 		"BECAF043B0A23D843194BA972C66DEBD",
 		"FA3BFD4806EB53FA",
 		"19DD5C4C9331049D0BDAB0277408F67967E5"},
 	{"1A47CB4933",
 		"01F74AD64077F2E704C0F60ADA3DD523",
 		"70C3DB4F0D26368400A10ED05D2BFF5E",
 		"234A3463C1264AC6",
 		"D851D5BAE03A59F238A23E39199DC9266626C40F80"},
 	{"481C9E39B1",
 		"D07CF6CBB7F313BDDE66B727AFD3C5E8",
 		"8408DFFF3C1A2B1292DC199E46B7D617",
 		"33CCE2EABFF5A79D",
 		"632A9D131AD4C168A4225D8E1FF755939974A7BEDE"},
 	{"40D0C07DA5E4",
 		"35B6D0580005BBC12B0587124557D2C2",
 		"FDB6B06676EEDC5C61D74276E1F8E816",
 		"AEB96EAEBE2970E9",
 		"071DFE16C675CB0677E536F73AFE6A14B74EE49844DD"},
 	{"4DE3B35C3FC039245BD1FB7D",
 		"BD8E6E11475E60B268784C38C62FEB22",
 		"6EAC5C93072D8E8513F750935E46DA1B",
 		"D4482D1CA78DCE0F",
 		"835BB4F15D743E350E728414ABB8644FD6CCB86947C5E10590210A4F"},
 	{"8B0A79306C9CE7ED99DAE4F87F8DD61636",
 		"7C77D6E813BED5AC98BAA417477A2E7D",
 		"1A8C98DCD73D38393B2BF1569DEEFC19",
 		"65D2017990D62528",
 		"02083E3979DA014812F59F11D52630DA30137327D10649B0AA6E1C181DB617D7F2"},
 	{"1BDA122BCE8A8DBAF1877D962B8592DD2D56",
 		"5FFF20CAFAB119CA2FC73549E20F5B0D",
 		"DDE59B97D722156D4D9AFF2BC7559826",
 		"54B9F04E6A09189A",
 		"2EC47B2C4954A489AFC7BA4897EDCDAE8CC33B60450599BD02C96382902AEF7F832A"},
 	{"6CF36720872B8513F6EAB1A8A44438D5EF11",
 		"A4A4782BCFFD3EC5E7EF6D8C34A56123",
 		"B781FCF2F75FA5A8DE97A9CA48E522EC",
 		"899A175897561D7E",
 		"0DE18FD0FDD91E7AF19F1D8EE8733938B1E8E7F6D2231618102FDB7FE55FF1991700"},
 	{"CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7",
 		"8395FCF1E95BEBD697BD010BC766AAC3",
 		"22E7ADD93CFC6393C57EC0B3C17D6B44",
 		"126735FCC320D25A",
 		"CB8920F87A6C75CFF39627B56E3ED197C552D295A7CFC46AFC253B4652B1AF3795B124AB6E"},
 }
--- a/vendor/github.com/ProtonMail/go-crypto/eax/random_vectors.go
+++ b/vendor/github.com/ProtonMail/go-crypto/eax/random_vectors.go
@ -0,0 +1,131 @@
 // These vectors include key length in {128, 192, 256}, tag size 128, and
 // random nonce, header, and plaintext lengths.
 // This file was automatically generated.
 package eax
 var randomVectors = []struct {
 	key, nonce, header, plaintext, ciphertext string
 }{
 	{"DFDE093F36B0356E5A81F609786982E3",
 		"1D8AC604419001816905BA72B14CED7E",
 		"152A1517A998D7A24163FCDD146DE81AC347C8B97088F502093C1ABB8F6E33D9A219C34D7603A18B1F5ABE02E56661B7D7F67E81EC08C1302EF38D80A859486D450E94A4F26AD9E68EEBBC0C857A0FC5CF9E641D63D565A7E361BC8908F5A8DC8FD6",
 		"1C8EAAB71077FE18B39730A3156ADE29C5EE824C7EE86ED2A253B775603FB237116E654F6FEC588DD27F523A0E01246FE73FE348491F2A8E9ABC6CA58D663F71CDBCF4AD798BE46C42AE6EE8B599DB44A1A48D7BBBBA0F7D2750181E1C5E66967F7D57CBD30AFBDA5727",
 		"79E7E150934BBEBF7013F61C60462A14D8B15AF7A248AFB8A344EF021C1500E16666891D6E973D8BB56B71A371F12CA34660C4410C016982B20F547E3762A58B7BF4F20236CADCF559E2BE7D783B13723B2741FC7CDC8997D839E39A3DDD2BADB96743DD7049F1BDB0516A262869915B3F70498AFB7B191BF960"},
 	{"F10619EF02E5D94D7550EB84ED364A21",
 		"8DC0D4F2F745BBAE835CC5574B942D20",
 		"FE561358F2E8DF7E1024FF1AE9A8D36EBD01352214505CB99D644777A8A1F6027FA2BDBFC529A9B91136D5F2416CFC5F0F4EC3A1AFD32BDDA23CA504C5A5CB451785FABF4DFE4CD50D817491991A60615B30286361C100A95D1712F2A45F8E374461F4CA2B",
 		"D7B5A971FC219631D30EFC3664AE3127D9CF3097DAD9C24AC7905D15E8D9B25B026B31D68CAE00975CDB81EB1FD96FD5E1A12E2BB83FA25F1B1D91363457657FC03875C27F2946C5",
 		"2F336ED42D3CC38FC61660C4CD60BA4BD438B05F5965D8B7B399D2E7167F5D34F792D318F94DB15D67463AC449E13D568CC09BFCE32A35EE3EE96A041927680AE329811811E27F2D1E8E657707AF99BA96D13A478D695D59"},
 	{"429F514EFC64D98A698A9247274CFF45",
 		"976AA5EB072F912D126ACEBC954FEC38",
 		"A71D89DC5B6CEDBB7451A27C3C2CAE09126DB4C421",
 		"5632FE62AB1DC549D54D3BC3FC868ACCEDEFD9ECF5E9F8",
 		"848AE4306CA8C7F416F8707625B7F55881C0AB430353A5C967CDA2DA787F581A70E34DBEBB2385"},
 	{"398138F309085F47F8457CDF53895A63",
 		"F8A8A7F2D28E5FFF7BBC2F24353F7A36",
 		"5D633C21BA7764B8855CAB586F3746E236AD486039C83C6B56EFA9C651D38A41D6B20DAEE3418BFEA44B8BD6",
 		"A3BBAA91920AF5E10659818B1B3B300AC79BFC129C8329E75251F73A66D3AE0128EB91D5031E0A65C329DB7D1E9C0493E268",
 		"D078097267606E5FB07CFB7E2B4B718172A82C6A4CEE65D549A4DFB9838003BD2FBF64A7A66988AC1A632FD88F9E9FBB57C5A78AD2E086EACBA3DB68511D81C2970A"},
 	{"7A4151EBD3901B42CBA45DAFB2E931BA",
 		"0FC88ACEE74DD538040321C330974EB8",
 		"250464FB04733BAB934C59E6AD2D6AE8D662CBCFEFBE61E5A308D4211E58C4C25935B72C69107722E946BFCBF416796600542D76AEB73F2B25BF53BAF97BDEB36ED3A7A51C31E7F170EB897457E7C17571D1BA0A908954E9",
 		"88C41F3EBEC23FAB8A362D969CAC810FAD4F7CA6A7F7D0D44F060F92E37E1183768DD4A8C733F71C96058D362A39876D183B86C103DE",
 		"74A25B2182C51096D48A870D80F18E1CE15867778E34FCBA6BD7BFB3739FDCD42AD0F2D9F4EBA29085285C6048C15BCE5E5166F1F962D3337AA88E6062F05523029D0A7F0BF9"},
 	{"BFB147E1CD5459424F8C0271FC0E0DC5",
 		"EABCC126442BF373969EA3015988CC45",
 		"4C0880E1D71AA2C7",
 		"BE1B5EC78FBF73E7A6682B21BA7E0E5D2D1C7ABE",
 		"5660D7C1380E2F306895B1402CB2D6C37876504276B414D120F4CF92FDDDBB293A238EA0"},
 	{"595DD6F52D18BC2CA8EB4EDAA18D9FA3",
 		"0F84B5D36CF4BC3B863313AF3B4D2E97",
 		"30AE6CC5F99580F12A779D98BD379A60948020C0B6FBD5746B30BA3A15C6CD33DAF376C70A9F15B6C0EB410A93161F7958AE23",
 		"8EF3687A1642B070970B0B91462229D1D76ABC154D18211F7152AA9FF368",
 		"317C1DDB11417E5A9CC4DDE7FDFF6659A5AC4B31DE025212580A05CDAC6024D3E4AE7C2966E52B9129E9ECDBED86"},
 	{"44E6F2DC8FDC778AD007137D11410F50",
 		"270A237AD977F7187AA6C158A0BAB24F",
 		"509B0F0EB12E2AA5C5BA2DE553C07FAF4CE0C9E926531AA709A3D6224FCB783ACCF1559E10B1123EBB7D52E8AB54E6B5352A9ED0D04124BF0E9D9BACFD7E32B817B2E625F5EE94A64EDE9E470DE7FE6886C19B294F9F828209FE257A78",
 		"8B3D7815DF25618A5D0C55A601711881483878F113A12EC36CF64900549A3199555528559DC118F789788A55FAFD944E6E99A9CA3F72F238CD3F4D88223F7A745992B3FAED1848",
 		"1CC00D79F7AD82FDA71B58D286E5F34D0CC4CEF30704E771CC1E50746BDF83E182B078DB27149A42BAE619DF0F85B0B1090AD55D3B4471B0D6F6ECCD09C8F876B30081F0E7537A9624F8AAF29DA85E324122EFB4D68A56"},
 	{"BB7BC352A03044B4428D8DBB4B0701FDEC4649FD17B81452",
 		"8B4BBE26CCD9859DCD84884159D6B0A4",
 		"2212BEB0E78E0F044A86944CF33C8D5C80D9DBE1034BF3BCF73611835C7D3A52F5BD2D81B68FD681B68540A496EE5DA16FD8AC8824E60E1EC2042BE28FB0BFAD4E4B03596446BDD8C37D936D9B3D5295BE19F19CF5ACE1D33A46C952CE4DE5C12F92C1DD051E04AEED",
 		"9037234CC44FFF828FABED3A7084AF40FA7ABFF8E0C0EFB57A1CC361E18FC4FAC1AB54F3ABFE9FF77263ACE16C3A",
 		"A9391B805CCD956081E0B63D282BEA46E7025126F1C1631239C33E92AA6F92CD56E5A4C56F00FF9658E93D48AF4EF0EF81628E34AD4DB0CDAEDCD2A17EE7"},
 	{"99C0AD703196D2F60A74E6B378B838B31F82EA861F06FC4E",
 		"92745C018AA708ECFEB1667E9F3F1B01",
 		"828C69F376C0C0EC651C67749C69577D589EE39E51404D80EBF70C8660A8F5FD375473F4A7C611D59CB546A605D67446CE2AA844135FCD78BB5FBC90222A00D42920BB1D7EEDFB0C4672554F583EF23184F89063CDECBE482367B5F9AF3ACBC3AF61392BD94CBCD9B64677",
 		"A879214658FD0A5B0E09836639BF82E05EC7A5EF71D4701934BDA228435C68AC3D5CEB54997878B06A655EEACEFB1345C15867E7FE6C6423660C8B88DF128EBD6BCD85118DBAE16E9252FFB204324E5C8F38CA97759BDBF3CB0083",
 		"51FE87996F194A2585E438B023B345439EA60D1AEBED4650CDAF48A4D4EEC4FC77DC71CC4B09D3BEEF8B7B7AF716CE2B4EFFB3AC9E6323C18AC35E0AA6E2BBBC8889490EB6226C896B0D105EAB42BFE7053CCF00ED66BA94C1BA09A792AA873F0C3B26C5C5F9A936E57B25"},
 	{"7086816D00D648FB8304AA8C9E552E1B69A9955FB59B25D1",
 		"0F45CF7F0BF31CCEB85D9DA10F4D749F",
 		"93F27C60A417D9F0669E86ACC784FC8917B502DAF30A6338F11B30B94D74FEFE2F8BE1BBE2EAD10FAB7EED3C6F72B7C3ECEE1937C32ED4970A6404E139209C05",
 		"877F046601F3CBE4FB1491943FA29487E738F94B99AF206262A1D6FF856C9AA0B8D4D08A54370C98F8E88FA3DCC2B14C1F76D71B2A4C7963AEE8AF960464C5BEC8357AD00DC8",
 		"FE96906B895CE6A8E72BC72344E2C8BB3C63113D70EAFA26C299BAFE77A8A6568172EB447FB3E86648A0AF3512DEB1AAC0819F3EC553903BF28A9FB0F43411237A774BF9EE03E445D280FBB9CD12B9BAAB6EF5E52691"},
 	{"062F65A896D5BF1401BADFF70E91B458E1F9BD4888CB2E4D",
 		"5B11EA1D6008EBB41CF892FCA5B943D1",
 		"BAF4FF5C8242",
 		"A8870E091238355984EB2F7D61A865B9170F440BFF999A5993DD41A10F4440D21FF948DDA2BF663B2E03AC3324492DC5E40262ECC6A65C07672353BE23E7FB3A9D79FF6AA38D97960905A38DECC312CB6A59E5467ECF06C311CD43ADC0B543EDF34FE8BE611F176460D5627CA51F8F8D9FED71F55C",
 		"B10E127A632172CF8AA7539B140D2C9C2590E6F28C3CB892FC498FCE56A34F732FBFF32E79C7B9747D9094E8635A0C084D6F0247F9768FB5FF83493799A9BEC6C39572120C40E9292C8C947AE8573462A9108C36D9D7112E6995AE5867E6C8BB387D1C5D4BEF524F391B9FD9F0A3B4BFA079E915BCD920185CFD38D114C558928BD7D47877"},
 	{"38A8E45D6D705A11AF58AED5A1344896998EACF359F2E26A",
 		"FD82B5B31804FF47D44199B533D0CF84",
 		"DE454D4E62FE879F2050EE3E25853623D3E9AC52EEC1A1779A48CFAF5ECA0BFDE44749391866D1",
 		"B804",
 		"164BB965C05EBE0931A1A63293EDF9C38C27"},
 	{"34C33C97C6D7A0850DA94D78A58DC61EC717CD7574833068",
 		"343BE00DA9483F05C14F2E9EB8EA6AE8",
 		"78312A43EFDE3CAE34A65796FF059A3FE15304EEA5CF1D9306949FE5BF3349D4977D4EBE76C040FE894C5949E4E4D6681153DA87FB9AC5062063CA2EA183566343362370944CE0362D25FC195E124FD60E8682E665D13F2229DDA3E4B2CB1DCA",
 		"CC11BB284B1153578E4A5ED9D937B869DAF00F5B1960C23455CA9CC43F486A3BE0B66254F1041F04FDF459C8640465B6E1D2CF899A381451E8E7FCB50CF87823BE77E24B132BBEEDC72E53369B275E1D8F49ECE59F4F215230AC4FE133FC80E4F634EE80BA4682B62C86",
 		"E7F703DC31A95E3A4919FF957836CB76C063D81702AEA4703E1C2BF30831E58C4609D626EC6810E12EAA5B930F049FF9EFC22C3E3F1EBD4A1FB285CB02A1AC5AD46B425199FC0A85670A5C4E3DAA9636C8F64C199F42F18AAC8EA7457FD377F322DD7752D7D01B946C8F0A97E6113F0D50106F319AFD291AAACE"},
 	{"C6ECF7F053573E403E61B83052A343D93CBCC179D1E835BE",
 		"E280E13D7367042E3AA09A80111B6184",
 		"21486C9D7A9647",
 		"5F2639AFA6F17931853791CD8C92382BBB677FD72D0AB1A080D0E49BFAA21810E963E4FACD422E92F65CBFAD5884A60CD94740DF31AF02F95AA57DA0C4401B0ED906",
 		"5C51DB20755302070C45F52E50128A67C8B2E4ED0EACB7E29998CCE2E8C289DD5655913EC1A51CC3AABE5CDC2402B2BE7D6D4BF6945F266FBD70BA9F37109067157AE7530678B45F64475D4EBFCB5FFF46A5"},
 	{"5EC6CF7401BC57B18EF154E8C38ACCA8959E57D2F3975FF5",
 		"656B41CB3F9CF8C08BAD7EBFC80BD225",
 		"6B817C2906E2AF425861A7EF59BA5801F143EE2A139EE72697CDE168B4",
 		"2C0E1DDC9B1E5389BA63845B18B1F8A1DB062037151BCC56EF7C21C0BB4DAE366636BBA975685D7CC5A94AFBE89C769016388C56FB7B57CE750A12B718A8BDCF70E80E8659A8330EFC8F86640F21735E8C80E23FE43ABF23507CE3F964AE4EC99D",
 		"ED780CF911E6D1AA8C979B889B0B9DC1ABE261832980BDBFB576901D9EF5AB8048998E31A15BE54B3E5845A4D136AD24D0BDA1C3006168DF2F8AC06729CB0818867398150020131D8F04EDF1923758C9EABB5F735DE5EA1758D4BC0ACFCA98AFD202E9839B8720253693B874C65586C6F0"},
 	{"C92F678EB2208662F5BCF3403EC05F5961E957908A3E79421E1D25FC19054153",
 		"DA0F3A40983D92F2D4C01FED33C7A192",
 		"2B6E9D26DB406A0FAB47608657AA10EFC2B4AA5F459B29FF85AC9A40BFFE7AEB04F77E9A11FAAA116D7F6D4DA417671A9AB02C588E0EF59CB1BFB4B1CC931B63A3B3A159FCEC97A04D1E6F0C7E6A9CEF6B0ABB04758A69F1FE754DF4C2610E8C46B6CF413BDB31351D55BEDCB7B4A13A1C98E10984475E0F2F957853",
 		"F37326A80E08",
 		"83519E53E321D334F7C10B568183775C0E9AAE55F806"},
 	{"6847E0491BE57E72995D186D50094B0B3593957A5146798FCE68B287B2FB37B5",
 		"3EE1182AEBB19A02B128F28E1D5F7F99",
 		"D9F35ABB16D776CE",
 		"DB7566ED8EA95BDF837F23DB277BAFBC5E70D1105ADFD0D9EF15475051B1EF94709C67DCA9F8D5",
 		"2CDCED0C9EBD6E2A508822A685F7DCD1CDD99E7A5FCA786C234E7F7F1D27EC49751AD5DCFA30C5EDA87C43CAE3B919B6BBCFE34C8EDA59"},
 	{"82B019673642C08388D3E42075A4D5D587558C229E4AB8F660E37650C4C41A0A",
 		"336F5D681E0410FAE7B607246092C6DC",
 		"D430CBD8FE435B64214E9E9CDC5DE99D31CFCFB8C10AA0587A49DF276611",
 		"998404153AD77003E1737EDE93ED79859EE6DCCA93CB40C4363AA817ABF2DBBD46E42A14A7183B6CC01E12A577888141363D0AE011EB6E8D28C0B235",
 		"9BEF69EEB60BD3D6065707B7557F25292A8872857CFBD24F2F3C088E4450995333088DA50FD9121221C504DF1D0CD5EFE6A12666C5D5BB12282CF4C19906E9CFAB97E9BDF7F49DC17CFC384B"},
 	{"747B2E269B1859F0622C15C8BAD6A725028B1F94B8DB7326948D1E6ED663A8BC",
 		"AB91F7245DDCE3F1C747872D47BE0A8A",
 		"3B03F786EF1DDD76E1D42646DA4CD2A5165DC5383CE86D1A0B5F13F910DC278A4E451EE0192CBA178E13B3BA27FDC7840DF73D2E104B",
 		"6B803F4701114F3E5FE21718845F8416F70F626303F545BE197189E0A2BA396F37CE06D389EB2658BC7D56D67868708F6D0D32",
 		"1570DDB0BCE75AA25D1957A287A2C36B1A5F2270186DA81BA6112B7F43B0F3D1D0ED072591DCF1F1C99BBB25621FC39B896FF9BD9413A2845363A9DCD310C32CF98E57"},
 	{"02E59853FB29AEDA0FE1C5F19180AD99A12FF2F144670BB2B8BADF09AD812E0A",
 		"C691294EF67CD04D1B9242AF83DD1421",
 		"879334DAE3",
 		"1E17F46A98FEF5CBB40759D95354",
 		"FED8C3FF27DDF6313AED444A2985B36CBA268AAD6AAC563C0BA28F6DB5DB"},
 	{"F6C1FB9B4188F2288FF03BD716023198C3582CF2A037FC2F29760916C2B7FCDB",
 		"4228DA0678CA3534588859E77DFF014C",
 		"D8153CAF35539A61DD8D05B3C9B44F01E564FB9348BCD09A1C23B84195171308861058F0A3CD2A55B912A3AAEE06FF4D356C77275828F2157C2FC7C115DA39E443210CCC56BEDB0CC99BBFB227ABD5CC454F4E7F547C7378A659EEB6A7E809101A84F866503CB18D4484E1FA09B3EC7FC75EB2E35270800AA7",
 		"23B660A779AD285704B12EC1C580387A47BEC7B00D452C6570",
 		"5AA642BBABA8E49849002A2FAF31DB8FC7773EFDD656E469CEC19B3206D4174C9A263D0A05484261F6"},
 	{"8FF6086F1FADB9A3FBE245EAC52640C43B39D43F89526BB5A6EBA47710931446",
 		"943188480C99437495958B0AE4831AA9",
 		"AD5CD0BDA426F6EBA23C8EB23DC73FF9FEC173355EDBD6C9344C4C4383F211888F7CE6B29899A6801DF6B38651A7C77150941A",
 		"80CD5EA8D7F81DDF5070B934937912E8F541A5301877528EB41AB60C020968D459960ED8FB73083329841A",
 		"ABAE8EB7F36FCA2362551E72DAC890BA1BB6794797E0FC3B67426EC9372726ED4725D379EA0AC9147E48DCD0005C502863C2C5358A38817C8264B5"},
 	{"A083B54E6B1FE01B65D42FCD248F97BB477A41462BBFE6FD591006C022C8FD84",
 		"B0490F5BD68A52459556B3749ACDF40E",
 		"8892E047DA5CFBBDF7F3CFCBD1BD21C6D4C80774B1826999234394BD3E513CC7C222BB40E1E3140A152F19B3802F0D036C24A590512AD0E8",
 		"D7B15752789DC94ED0F36778A5C7BBB207BEC32BAC66E702B39966F06E381E090C6757653C3D26A81EC6AD6C364D66867A334C91BB0B8A8A4B6EACDF0783D09010AEBA2DD2062308FE99CC1F",
 		"C071280A732ADC93DF272BF1E613B2BB7D46FC6665EF2DC1671F3E211D6BDE1D6ADDD28DF3AA2E47053FC8BB8AE9271EC8BC8B2CFFA320D225B451685B6D23ACEFDD241FE284F8ADC8DB07F456985B14330BBB66E0FB212213E05B3E"},
 }
--- a/vendor/github.com/ProtonMail/go-crypto/internal/byteutil/byteutil.go
+++ b/vendor/github.com/ProtonMail/go-crypto/internal/byteutil/byteutil.go
@ -0,0 +1,92 @@
 // Copyright (C) 2019 ProtonTech AG
 // This file contains necessary tools for the aex and ocb packages.
 //
 // These functions SHOULD NOT be used elsewhere, since they are optimized for
 // specific input nature in the EAX and OCB modes of operation.
 package byteutil
 // GfnDouble computes 2 * input in the field of 2^n elements.
 // The irreducible polynomial in the finite field for n=128 is
 // x^128 + x^7 + x^2 + x + 1 (equals 0x87)
 // Constant-time execution in order to avoid side-channel attacks
 func GfnDouble(input []byte) []byte {
 	if len(input) != 16 {
 		panic("Doubling in GFn only implemented for n = 128")
 	}
 	// If the first bit is zero, return 2L = L << 1
 	// Else return (L << 1) xor 0^120 10000111
 	shifted := ShiftBytesLeft(input)
 	shifted[15] ^= ((input[0] >> 7) * 0x87)
 	return shifted
 }
 // ShiftBytesLeft outputs the byte array corresponding to x << 1 in binary.
 func ShiftBytesLeft(x []byte) []byte {
 	l := len(x)
 	dst := make([]byte, l)
 	for i := 0; i < l-1; i++ {
 		dst[i] = (x[i] << 1) | (x[i+1] >> 7)
 	}
 	dst[l-1] = x[l-1] << 1
 	return dst
 }
 // ShiftNBytesLeft puts in dst the byte array corresponding to x << n in binary.
 func ShiftNBytesLeft(dst, x []byte, n int) {
 	// Erase first n / 8 bytes
 	copy(dst, x[n/8:])
 	// Shift the remaining n % 8 bits
 	bits := uint(n % 8)
 	l := len(dst)
 	for i := 0; i < l-1; i++ {
 		dst[i] = (dst[i] << bits) | (dst[i+1] >> uint(8 - bits))
 	}
 	dst[l-1] = dst[l-1] << bits
 	// Append trailing zeroes
 	dst = append(dst, make([]byte, n/8)...)
 }
 // XorBytesMut assumes equal input length, replaces X with X XOR Y
 func XorBytesMut(X, Y []byte) {
 	for i := 0; i < len(X); i++ {
 		X[i] ^= Y[i]
 	}
 }
 // XorBytes assumes equal input length, puts X XOR Y into Z
 func XorBytes(Z, X, Y []byte) {
 	for i := 0; i < len(X); i++ {
 		Z[i] = X[i] ^ Y[i]
 	}
 }
 // RightXor XORs smaller input (assumed Y) at the right of the larger input (assumed X)
 func RightXor(X, Y []byte) []byte {
 	offset := len(X) - len(Y)
 	xored := make([]byte, len(X));
 	copy(xored, X)
 	for i := 0; i < len(Y); i++ {
 		xored[offset + i] ^= Y[i]
 	}
 	return xored
 }
 // SliceForAppend takes a slice and a requested number of bytes. It returns a
 // slice with the contents of the given slice followed by that many bytes and a
 // second slice that aliases into it and contains only the extra bytes. If the
 // original slice has sufficient capacity then no allocation is performed.
 func SliceForAppend(in []byte, n int) (head, tail []byte) {
 	if total := len(in) + n; cap(in) >= total {
 		head = in[:total]
 	} else {
 		head = make([]byte, total)
 		copy(head, in)
 	}
 	tail = head[len(in):]
 	return
 }
--- a/vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go
+++ b/vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go
@ -0,0 +1,317 @@
 // Copyright (C) 2019 ProtonTech AG
 // Package ocb provides an implementation of the OCB (offset codebook) mode of
 // operation, as described in RFC-7253 of the IRTF and in Rogaway, Bellare,
 // Black and Krovetz - OCB: A BLOCK-CIPHER MODE OF OPERATION FOR EFFICIENT
 // AUTHENTICATED ENCRYPTION (2003).
 // Security considerations (from RFC-7253): A private key MUST NOT be used to
 // encrypt more than 2^48 blocks. Tag length should be at least 12 bytes (a
 // brute-force forging adversary succeeds after 2^{tag length} attempts). A
 // single key SHOULD NOT be used to decrypt ciphertext with different tag
 // lengths. Nonces need not be secret, but MUST NOT be reused.
 // This package only supports underlying block ciphers with 128-bit blocks,
 // such as AES-{128, 192, 256}, but may be extended to other sizes.
 package ocb
 import (
 	"bytes"
 	"crypto/cipher"
 	"crypto/subtle"
 	"errors"
 	"github.com/ProtonMail/go-crypto/internal/byteutil"
 	"math/bits"
 )
 type ocb struct {
 	block     cipher.Block
 	tagSize   int
 	nonceSize int
 	mask      mask
 	// Optimized en/decrypt: For each nonce N used to en/decrypt, the 'Ktop'
 	// internal variable can be reused for en/decrypting with nonces sharing
 	// all but the last 6 bits with N. The prefix of the first nonce used to
 	// compute the new Ktop, and the Ktop value itself, are stored in
 	// reusableKtop. If using incremental nonces, this saves one block cipher
 	// call every 63 out of 64 OCB encryptions, and stores one nonce and one
 	// output of the block cipher in memory only.
 	reusableKtop reusableKtop
 }
 type mask struct {
 	// L_*, L_$, (L_i)_{i ∈ N}
 	lAst []byte
 	lDol []byte
 	L    [][]byte
 }
 type reusableKtop struct {
 	noncePrefix []byte
 	Ktop        []byte
 }
 const (
 	defaultTagSize   = 16
 	defaultNonceSize = 15
 )
 const (
 	enc = iota
 	dec
 )
 func (o *ocb) NonceSize() int {
 	return o.nonceSize
 }
 func (o *ocb) Overhead() int {
 	return o.tagSize
 }
 // NewOCB returns an OCB instance with the given block cipher and default
 // tag and nonce sizes.
 func NewOCB(block cipher.Block) (cipher.AEAD, error) {
 	return NewOCBWithNonceAndTagSize(block, defaultNonceSize, defaultTagSize)
 }
 // NewOCBWithNonceAndTagSize returns an OCB instance with the given block
 // cipher, nonce length, and tag length. Panics on zero nonceSize and
 // exceedingly long tag size.
 //
 // It is recommended to use at least 12 bytes as tag length.
 func NewOCBWithNonceAndTagSize(
 	block cipher.Block, nonceSize, tagSize int) (cipher.AEAD, error) {
 	if block.BlockSize() != 16 {
 		return nil, ocbError("Block cipher must have 128-bit blocks")
 	}
 	if nonceSize < 1 {
 		return nil, ocbError("Incorrect nonce length")
 	}
 	if nonceSize >= block.BlockSize() {
 		return nil, ocbError("Nonce length exceeds blocksize - 1")
 	}
 	if tagSize > block.BlockSize() {
 		return nil, ocbError("Custom tag length exceeds blocksize")
 	}
 	return &ocb{
 		block:        block,
 		tagSize:      tagSize,
 		nonceSize:    nonceSize,
 		mask:         initializeMaskTable(block),
 		reusableKtop: reusableKtop{
 			noncePrefix: nil,
 			Ktop: nil,
 		},
 	}, nil
 }
 func (o *ocb) Seal(dst, nonce, plaintext, adata []byte) []byte {
 	if len(nonce) > o.nonceSize {
 		panic("crypto/ocb: Incorrect nonce length given to OCB")
 	}
 	ret, out := byteutil.SliceForAppend(dst, len(plaintext)+o.tagSize)
 	o.crypt(enc, out, nonce, adata, plaintext)
 	return ret
 }
 func (o *ocb) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) {
 	if len(nonce) > o.nonceSize {
 		panic("Nonce too long for this instance")
 	}
 	if len(ciphertext) < o.tagSize {
 		return nil, ocbError("Ciphertext shorter than tag length")
 	}
 	sep := len(ciphertext) - o.tagSize
 	ret, out := byteutil.SliceForAppend(dst, len(ciphertext))
 	ciphertextData := ciphertext[:sep]
 	tag := ciphertext[sep:]
 	o.crypt(dec, out, nonce, adata, ciphertextData)
 	if subtle.ConstantTimeCompare(ret[sep:], tag) == 1 {
 		ret = ret[:sep]
 		return ret, nil
 	}
 	for i := range out {
 		out[i] = 0
 	}
 	return nil, ocbError("Tag authentication failed")
 }
 // On instruction enc (resp. dec), crypt is the encrypt (resp. decrypt)
 // function. It returns the resulting plain/ciphertext with the tag appended.
 func (o *ocb) crypt(instruction int, Y, nonce, adata, X []byte) []byte {
 	//
 	// Consider X as a sequence of 128-bit blocks
 	//
 	// Note: For encryption (resp. decryption), X is the plaintext (resp., the
 	// ciphertext without the tag).
 	blockSize := o.block.BlockSize()
 	//
 	// Nonce-dependent and per-encryption variables
 	//
 	// Zero out the last 6 bits of the nonce into truncatedNonce to see if Ktop
 	// is already computed.
 	truncatedNonce := make([]byte, len(nonce))
 	copy(truncatedNonce, nonce)
 	truncatedNonce[len(truncatedNonce)-1] &= 192
 	Ktop := make([]byte, blockSize)
 	if bytes.Equal(truncatedNonce, o.reusableKtop.noncePrefix) {
 		Ktop = o.reusableKtop.Ktop
 	} else {
 		// Nonce = num2str(TAGLEN mod 128, 7) || zeros(120 - bitlen(N)) || 1 || N
 		paddedNonce := append(make([]byte, blockSize-1-len(nonce)), 1)
 		paddedNonce = append(paddedNonce, truncatedNonce...)
 		paddedNonce[0] |= byte(((8 * o.tagSize) % (8 * blockSize)) << 1)
 		// Last 6 bits of paddedNonce are already zero. Encrypt into Ktop
 		paddedNonce[blockSize-1] &= 192
 		Ktop = paddedNonce
 		o.block.Encrypt(Ktop, Ktop)
 		o.reusableKtop.noncePrefix = truncatedNonce
 		o.reusableKtop.Ktop = Ktop
 	}
 	// Stretch = Ktop || ((lower half of Ktop) XOR (lower half of Ktop << 8))
 	xorHalves := make([]byte, blockSize/2)
 	byteutil.XorBytes(xorHalves, Ktop[:blockSize/2], Ktop[1:1+blockSize/2])
 	stretch := append(Ktop, xorHalves...)
 	bottom := int(nonce[len(nonce)-1] & 63)
 	offset := make([]byte, len(stretch))
 	byteutil.ShiftNBytesLeft(offset, stretch, bottom)
 	offset = offset[:blockSize]
 	//
 	// Process any whole blocks
 	//
 	// Note: For encryption Y is ciphertext || tag, for decryption Y is
 	// plaintext || tag.
 	checksum := make([]byte, blockSize)
 	m := len(X) / blockSize
 	for i := 0; i < m; i++ {
 		index := bits.TrailingZeros(uint(i + 1))
 		if len(o.mask.L)-1 < index {
 			o.mask.extendTable(index)
 		}
 		byteutil.XorBytesMut(offset, o.mask.L[bits.TrailingZeros(uint(i+1))])
 		blockX := X[i*blockSize : (i+1)*blockSize]
 		blockY := Y[i*blockSize : (i+1)*blockSize]
 		byteutil.XorBytes(blockY, blockX, offset)
 		switch instruction {
 		case enc:
 			o.block.Encrypt(blockY, blockY)
 			byteutil.XorBytesMut(blockY, offset)
 			byteutil.XorBytesMut(checksum, blockX)
 		case dec:
 			o.block.Decrypt(blockY, blockY)
 			byteutil.XorBytesMut(blockY, offset)
 			byteutil.XorBytesMut(checksum, blockY)
 		}
 	}
 	//
 	// Process any final partial block and compute raw tag
 	//
 	tag := make([]byte, blockSize)
 	if len(X)%blockSize != 0 {
 		byteutil.XorBytesMut(offset, o.mask.lAst)
 		pad := make([]byte, blockSize)
 		o.block.Encrypt(pad, offset)
 		chunkX := X[blockSize*m:]
 		chunkY := Y[blockSize*m : len(X)]
 		byteutil.XorBytes(chunkY, chunkX, pad[:len(chunkX)])
 		// P_* || bit(1) || zeroes(127) - len(P_*)
 		switch instruction {
 		case enc:
 			paddedY := append(chunkX, byte(128))
 			paddedY = append(paddedY, make([]byte, blockSize-len(chunkX)-1)...)
 			byteutil.XorBytesMut(checksum, paddedY)
 		case dec:
 			paddedX := append(chunkY, byte(128))
 			paddedX = append(paddedX, make([]byte, blockSize-len(chunkY)-1)...)
 			byteutil.XorBytesMut(checksum, paddedX)
 		}
 		byteutil.XorBytes(tag, checksum, offset)
 		byteutil.XorBytesMut(tag, o.mask.lDol)
 		o.block.Encrypt(tag, tag)
 		byteutil.XorBytesMut(tag, o.hash(adata))
 		copy(Y[blockSize*m+len(chunkY):], tag[:o.tagSize])
 	} else {
 		byteutil.XorBytes(tag, checksum, offset)
 		byteutil.XorBytesMut(tag, o.mask.lDol)
 		o.block.Encrypt(tag, tag)
 		byteutil.XorBytesMut(tag, o.hash(adata))
 		copy(Y[blockSize*m:], tag[:o.tagSize])
 	}
 	return Y
 }
 // This hash function is used to compute the tag. Per design, on empty input it
 // returns a slice of zeros, of the same length as the underlying block cipher
 // block size.
 func (o *ocb) hash(adata []byte) []byte {
 	//
 	// Consider A as a sequence of 128-bit blocks
 	//
 	A := make([]byte, len(adata))
 	copy(A, adata)
 	blockSize := o.block.BlockSize()
 	//
 	// Process any whole blocks
 	//
 	sum := make([]byte, blockSize)
 	offset := make([]byte, blockSize)
 	m := len(A) / blockSize
 	for i := 0; i < m; i++ {
 		chunk := A[blockSize*i : blockSize*(i+1)]
 		index := bits.TrailingZeros(uint(i + 1))
 		// If the mask table is too short
 		if len(o.mask.L)-1 < index {
 			o.mask.extendTable(index)
 		}
 		byteutil.XorBytesMut(offset, o.mask.L[index])
 		byteutil.XorBytesMut(chunk, offset)
 		o.block.Encrypt(chunk, chunk)
 		byteutil.XorBytesMut(sum, chunk)
 	}
 	//
 	// Process any final partial block; compute final hash value
 	//
 	if len(A)%blockSize != 0 {
 		byteutil.XorBytesMut(offset, o.mask.lAst)
 		// Pad block with 1 || 0 ^ 127 - bitlength(a)
 		ending := make([]byte, blockSize-len(A)%blockSize)
 		ending[0] = 0x80
 		encrypted := append(A[blockSize*m:], ending...)
 		byteutil.XorBytesMut(encrypted, offset)
 		o.block.Encrypt(encrypted, encrypted)
 		byteutil.XorBytesMut(sum, encrypted)
 	}
 	return sum
 }
 func initializeMaskTable(block cipher.Block) mask {
 	//
 	// Key-dependent variables
 	//
 	lAst := make([]byte, block.BlockSize())
 	block.Encrypt(lAst, lAst)
 	lDol := byteutil.GfnDouble(lAst)
 	L := make([][]byte, 1)
 	L[0] = byteutil.GfnDouble(lDol)
 	return mask{
 		lAst: lAst,
 		lDol: lDol,
 		L:    L,
 	}
 }
 // Extends the L array of mask m up to L[limit], with L[i] = GfnDouble(L[i-1])
 func (m *mask) extendTable(limit int) {
 	for i := len(m.L); i <= limit; i++ {
 		m.L = append(m.L, byteutil.GfnDouble(m.L[i-1]))
 	}
 }
 func ocbError(err string) error {
 	return errors.New("crypto/ocb: " + err)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/ocb/random_vectors.go
+++ b/vendor/github.com/ProtonMail/go-crypto/ocb/random_vectors.go
@ -0,0 +1,136 @@
 // In the test vectors provided by RFC 7253, the "bottom"
 // internal variable, which defines "offset" for the first time, does not
 // exceed 15. However, it can attain values up to 63.
 // These vectors include key length in {128, 192, 256}, tag size 128, and
 // random nonce, header, and plaintext lengths.
 // This file was automatically generated.
 package ocb
 var randomVectors = []struct {
 	key, nonce, header, plaintext, ciphertext string
 }{
 	{"9438C5D599308EAF13F800D2D31EA7F0",
 		"C38EE4801BEBFFA1CD8635BE",
 		"0E507B7DADD8A98CDFE272D3CB6B3E8332B56AE583FB049C0874D4200BED16BD1A044182434E9DA0E841F182DFD5B3016B34641CED0784F1745F63AB3D0DA22D3351C9EF9A658B8081E24498EBF61FCE40DA6D8E184536",
 		"962D227786FB8913A8BAD5DC3250",
 		"EEDEF5FFA5986D1E3BF86DDD33EF9ADC79DCA06E215FA772CCBA814F63AD"},
 	{"BA7DE631C7D6712167C6724F5B9A2B1D",
 		"35263EBDA05765DC0E71F1F5",
 		"0103257B4224507C0242FEFE821EA7FA42E0A82863E5F8B68F7D881B4B44FA428A2B6B21D2F591260802D8AB6D83",
 		"9D6D1FC93AE8A64E7889B7B2E3521EFA9B920A8DDB692E6F833DDC4A38AFA535E5E2A3ED82CB7E26404AB86C54D01C4668F28398C2DF33D5D561CBA1C8DCFA7A912F5048E545B59483C0E3221F54B14DAA2E4EB657B3BEF9554F34CAD69B2724AE962D3D8A",
 		"E93852D1985C5E775655E937FA79CE5BF28A585F2AF53A5018853B9634BE3C84499AC0081918FDCE0624494D60E25F76ACD6853AC7576E3C350F332249BFCABD4E73CEABC36BE4EDDA40914E598AE74174A0D7442149B26990899491BDDFE8FC54D6C18E83AE9E9A6FFBF5D376565633862EEAD88D"},
 	{"2E74B25289F6FD3E578C24866E9C72A5",
 		"FD912F15025AF8414642BA1D1D",
 		"FB5FB8C26F365EEDAB5FE260C6E3CCD27806729C8335F146063A7F9EA93290E56CF84576EB446350D22AD730547C267B1F0BBB97EB34E1E2C41A",
 		"6C092EBF78F76EE8C1C6E592277D9545BA16EDB67BC7D8480B9827702DC2F8A129E2B08A2CE710CA7E1DA45CE162BB6CD4B512E632116E2211D3C90871EFB06B8D4B902681C7FB",
 		"6AC0A77F26531BF4F354A1737F99E49BE32ECD909A7A71AD69352906F54B08A9CE9B8CA5D724CBFFC5673437F23F630697F3B84117A1431D6FA8CC13A974FB4AD360300522E09511B99E71065D5AC4BBCB1D791E864EF4"},
 	{"E7EC507C802528F790AFF5303A017B17",
 		"4B97A7A568940A9E3CE7A99E93031E",
 		"28349BDC5A09390C480F9B8AA3EDEA3DDB8B9D64BCA322C570B8225DF0E31190DAB25A4014BA39519E02ABFB12B89AA28BBFD29E486E7FB28734258C817B63CED9912DBAFEBB93E2798AB2890DE3B0ACFCFF906AB15563EF7823CE83D27CDB251195E22BD1337BCBDE65E7C2C427321C463C2777BFE5AEAA",
 		"9455B3EA706B74",
 		"7F33BA3EA848D48A96B9530E26888F43EBD4463C9399B6"},
 	{"6C928AA3224736F28EE7378DE0090191",
 		"8936138E2E4C6A13280017A1622D",
 		"6202717F2631565BDCDC57C6584543E72A7C8BD444D0D108ED35069819633C",
 		"DA0691439E5F035F3E455269D14FE5C201C8C9B0A3FE2D3F86BCC59387C868FE65733D388360B31E3CE28B4BF6A8BE636706B536D5720DB66B47CF1C7A5AFD6F61E0EF90F1726D6B0E169F9A768B2B7AE4EE00A17F630AC905FCAAA1B707FFF25B3A1AAE83B504837C64A5639B2A34002B300EC035C9B43654DA55",
 		"B8804D182AB0F0EEB464FA7BD1329AD6154F982013F3765FEDFE09E26DAC078C9C1439BFC1159D6C02A25E3FF83EF852570117B315852AD5EE20E0FA3AA0A626B0E43BC0CEA38B44579DD36803455FB46989B90E6D229F513FD727AF8372517E9488384C515D6067704119C931299A0982EDDFB9C2E86A90C450C077EB222511EC9CCABC9FCFDB19F70088"},
 	{"ECEA315CA4B3F425B0C9957A17805EA4",
 		"664CDAE18403F4F9BA13015A44FC",
 		"642AFB090D6C6DB46783F08B01A3EF2A8FEB5736B531EAC226E7888FCC8505F396818F83105065FACB3267485B9E5E4A0261F621041C08FCCB2A809A49AB5252A91D0971BCC620B9D614BD77E57A0EED2FA5",
 		"6852C31F8083E20E364CEA21BB7854D67CEE812FE1C9ED2425C0932A90D3780728D1BB",
 		"2ECEF962A9695A463ADABB275BDA9FF8B2BA57AEC2F52EFFB700CD9271A74D2A011C24AEA946051BD6291776429B7E681BA33E"},
 	{"4EE616C4A58AAA380878F71A373461F6",
 		"91B8C9C176D9C385E9C47E52",
 		"CDA440B7F9762C572A718AC754EDEECC119E5EE0CCB9FEA4FFB22EEE75087C032EBF3DA9CDD8A28CC010B99ED45143B41A4BA50EA2A005473F89639237838867A57F23B0F0ED3BF22490E4501DAC9C658A9B9F",
 		"D6E645FA9AE410D15B8123FD757FA356A8DBE9258DDB5BE88832E615910993F497EC",
 		"B70ED7BF959FB2AAED4F36174A2A99BFB16992C8CDF369C782C4DB9C73DE78C5DB8E0615F647243B97ACDB24503BC9CADC48"},
 	{"DCD475773136C830D5E3D0C5FE05B7FF",
 		"BB8E1FBB483BE7616A922C4A",
 		"36FEF2E1CB29E76A6EA663FC3AF66ECD7404F466382F7B040AABED62293302B56E8783EF7EBC21B4A16C3E78A7483A0A403F253A2CDC5BBF79DC3DAE6C73F39A961D8FBBE8D41B",
 		"441E886EA38322B2437ECA7DEB5282518865A66780A454E510878E61BFEC3106A3CD93D2A02052E6F9E1832F9791053E3B76BF4C07EFDD6D4106E3027FABB752E60C1AA425416A87D53938163817A1051EBA1D1DEEB4B9B25C7E97368B52E5911A31810B0EC5AF547559B6142D9F4C4A6EF24A4CF75271BF9D48F62B",
 		"1BE4DD2F4E25A6512C2CC71D24BBB07368589A94C2714962CD0ACE5605688F06342587521E75F0ACAFFD86212FB5C34327D238DB36CF2B787794B9A4412E7CD1410EA5DDD2450C265F29CF96013CD213FD2880657694D718558964BC189B4A84AFCF47EB012935483052399DBA5B088B0A0477F20DFE0E85DCB735E21F22A439FB837DD365A93116D063E607"},
 	{"3FBA2B3D30177FFE15C1C59ED2148BB2C091F5615FBA7C07",
 		"FACF804A4BEBF998505FF9DE",
 		"8213B9263B2971A5BDA18DBD02208EE1",
 		"15B323926993B326EA19F892D704439FC478828322AF72118748284A1FD8A6D814E641F70512FD706980337379F31DC63355974738D7FEA87AD2858C0C2EBBFBE74371C21450072373C7B651B334D7C4D43260B9D7CCD3AF9EDB",
 		"6D35DC1469B26E6AAB26272A41B46916397C24C485B61162E640A062D9275BC33DDCFD3D9E1A53B6C8F51AC89B66A41D59B3574197A40D9B6DCF8A4E2A001409C8112F16B9C389E0096179DB914E05D6D11ED0005AD17E1CE105A2F0BAB8F6B1540DEB968B7A5428FF44"},
 	{"53B52B8D4D748BCDF1DDE68857832FA46227FA6E2F32EFA1",
 		"0B0EF53D4606B28D1398355F",
 		"F23882436349094AF98BCACA8218E81581A043B19009E28EFBF2DE37883E04864148CC01D240552CA8844EC1456F42034653067DA67E80F87105FD06E14FF771246C9612867BE4D215F6D761",
 		"F15030679BD4088D42CAC9BF2E9606EAD4798782FA3ED8C57EBE7F84A53236F51B25967C6489D0CD20C9EEA752F9BC",
 		"67B96E2D67C3729C96DAEAEDF821D61C17E648643A2134C5621FEC621186915AD80864BFD1EB5B238BF526A679385E012A457F583AFA78134242E9D9C1B4E4"},
 	{"0272DD80F23399F49BFC320381A5CD8225867245A49A7D41",
 		"5C83F4896D0738E1366B1836",
 		"69B0337289B19F73A12BAEEA857CCAF396C11113715D9500CCCF48BA08CFF12BC8B4BADB3084E63B85719DB5058FA7C2C11DEB096D7943CFA7CAF5",
 		"C01AD10FC8B562CD17C7BC2FAB3E26CBDFF8D7F4DEA816794BBCC12336991712972F52816AABAB244EB43B0137E2BAC1DD413CE79531E78BEF782E6B439612BB3AEF154DE3502784F287958EBC159419F9EBA27916A28D6307324129F506B1DE80C1755A929F87",
 		"FEFE52DD7159C8DD6E8EC2D3D3C0F37AB6CB471A75A071D17EC4ACDD8F3AA4D7D4F7BB559F3C09099E3D9003E5E8AA1F556B79CECDE66F85B08FA5955E6976BF2695EA076388A62D2AD5BAB7CBF1A7F3F4C8D5CDF37CDE99BD3E30B685D9E5EEE48C7C89118EF4878EB89747F28271FA2CC45F8E9E7601"},
 	{"3EEAED04A455D6E5E5AB53CFD5AFD2F2BC625C7BF4BE49A5",
 		"36B88F63ADBB5668588181D774",
 		"D367E3CB3703E762D23C6533188EF7028EFF9D935A3977150361997EC9DEAF1E4794BDE26AA8B53C124980B1362EC86FCDDFC7A90073171C1BAEE351A53234B86C66E8AB92FAE99EC6967A6D3428892D80",
 		"573454C719A9A55E04437BF7CBAAF27563CCCD92ADD5E515CD63305DFF0687E5EEF790C5DCA5C0033E9AB129505E2775438D92B38F08F3B0356BA142C6F694",
 		"E9F79A5B432D9E682C9AAA5661CFC2E49A0FCB81A431E54B42EB73DD3BED3F377FEC556ABA81624BA64A5D739AD41467460088F8D4F442180A9382CA635745473794C382FCDDC49BA4EB6D8A44AE3C"},
 	{"B695C691538F8CBD60F039D0E28894E3693CC7C36D92D79D",
 		"BC099AEB637361BAC536B57618",
 		"BFFF1A65AE38D1DC142C71637319F5F6508E2CB33C9DCB94202B359ED5A5ED8042E7F4F09231D32A7242976677E6F4C549BF65FADC99E5AF43F7A46FD95E16C2",
 		"081DF3FD85B415D803F0BE5AC58CFF0023FDDED99788296C3731D8",
 		"E50C64E3614D94FE69C47092E46ACC9957C6FEA2CCBF96BC62FBABE7424753C75F9C147C42AE26FE171531"},
 	{"C9ACBD2718F0689A1BE9802A551B6B8D9CF5614DAF5E65ED",
 		"B1B0AAF373B8B026EB80422051D8",
 		"6648C0E61AC733C76119D23FB24548D637751387AA2EAE9D80E912B7BD486CAAD9EAF4D7A5FE2B54AAD481E8EC94BB4D558000896E2010462B70C9FED1E7273080D1",
 		"189F591F6CB6D59AFEDD14C341741A8F1037DC0DF00FC57CE65C30F49E860255CEA5DC6019380CC0FE8880BC1A9E685F41C239C38F36E3F2A1388865C5C311059C0A",
 		"922A5E949B61D03BE34AB5F4E58607D4504EA14017BB363DAE3C873059EA7A1C77A746FB78981671D26C2CF6D9F24952D510044CE02A10177E9DB42D0145211DFE6E84369C5E3BC2669EAB4147B2822895F9"},
 	{"7A832BD2CF5BF4919F353CE2A8C86A5E406DA2D52BE16A72",
 		"2F2F17CECF7E5A756D10785A3CB9DB",
 		"61DA05E3788CC2D8405DBA70C7A28E5AF699863C9F72E6C6770126929F5D6FA267F005EBCF49495CB46400958A3AE80D1289D1C671",
 		"44E91121195A41AF14E8CFDBD39A4B517BE0DF1A72977ED8A3EEF8EEDA1166B2EB6DB2C4AE2E74FA0F0C74537F659BFBD141E5DDEC67E64EDA85AABD3F52C85A785B9FB3CECD70E7DF",
 		"BEDF596EA21288D2B84901E188F6EE1468B14D5161D3802DBFE00D60203A24E2AB62714BF272A45551489838C3A7FEAADC177B591836E73684867CCF4E12901DCF2064058726BBA554E84ADC5136F507E961188D4AF06943D3"},
 	{"1508E8AE9079AA15F1CEC4F776B4D11BCCB061B58AA56C18",
 		"BCA625674F41D1E3AB47672DC0C3",
 		"8B12CF84F16360F0EAD2A41BC021530FFCEC7F3579CAE658E10E2D3D81870F65AFCED0C77C6C4C6E6BA424FF23088C796BA6195ABA35094BF1829E089662E7A95FC90750AE16D0C8AFA55DAC789D7735B970B58D4BE7CEC7341DA82A0179A01929C27A59C5063215B859EA43",
 		"E525422519ECE070E82C",
 		"B47BC07C3ED1C0A43BA52C43CBACBCDBB29CAF1001E09FDF7107"},
 	{"7550C2761644E911FE9ADD119BAC07376BEA442845FEAD876D7E7AC1B713E464",
 		"36D2EC25ADD33CDEDF495205BBC923",
 		"7FCFE81A3790DE97FFC3DE160C470847EA7E841177C2F759571CBD837EA004A6CA8C6F4AEBFF2E9FD552D73EB8A30705D58D70C0B67AEEA280CBBF0A477358ACEF1E7508F2735CD9A0E4F9AC92B8C008F575D3B6278F1C18BD01227E3502E5255F3AB1893632AD00C717C588EF652A51A43209E7EE90",
 		"2B1A62F8FDFAA3C16470A21AD307C9A7D03ADE8EF72C69B06F8D738CDE578D7AEFD0D40BD9C022FB9F580DF5394C998ACCCEFC5471A3996FB8F1045A81FDC6F32D13502EA65A211390C8D882B8E0BEFD8DD8CBEF51D1597B124E9F7F",
 		"C873E02A22DB89EB0787DB6A60B99F7E4A0A085D5C4232A81ADCE2D60AA36F92DDC33F93DD8640AC0E08416B187FB382B3EC3EE85A64B0E6EE41C1366A5AD2A282F66605E87031CCBA2FA7B2DA201D975994AADE3DD1EE122AE09604AD489B84BF0C1AB7129EE16C6934850E"},
 	{"A51300285E554FDBDE7F771A9A9A80955639DD87129FAEF74987C91FB9687C71",
 		"81691D5D20EC818FCFF24B33DECC",
 		"C948093218AA9EB2A8E44A87EEA73FC8B6B75A196819A14BD83709EA323E8DF8B491045220E1D88729A38DBCFFB60D3056DAD4564498FD6574F74512945DEB34B69329ACED9FFC05D5D59DFCD5B973E2ACAFE6AD1EF8BBBC49351A2DD12508ED89ED",
 		"EB861165DAF7625F827C6B574ED703F03215",
 		"C6CD1CE76D2B3679C1B5AA1CFD67CCB55444B6BFD3E22C81CBC9BB738796B83E54E3"},
 	{"8CE0156D26FAEB7E0B9B800BBB2E9D4075B5EAC5C62358B0E7F6FCE610223282",
 		"D2A7B94DD12CDACA909D3AD7",
 		"E021A78F374FC271389AB9A3E97077D755",
 		"7C26000B58929F5095E1CEE154F76C2A299248E299F9B5ADE6C403AA1FD4A67FD4E0232F214CE7B919EE7A1027D2B76C57475715CD078461",
 		"C556FB38DF069B56F337B5FF5775CE6EAA16824DFA754F20B78819028EA635C3BB7AA731DE8776B2DCB67DCA2D33EEDF3C7E52EA450013722A41755A0752433ED17BDD5991AAE77A"},
 	{"1E8000A2CE00A561C9920A30BF0D7B983FEF8A1014C8F04C35CA6970E6BA02BD",
 		"65ED3D63F79F90BBFD19775E",
 		"336A8C0B7243582A46B221AA677647FCAE91",
 		"134A8B34824A290E7B",
 		"914FBEF80D0E6E17F8BDBB6097EBF5FBB0554952DC2B9E5151"},
 	{"53D5607BBE690B6E8D8F6D97F3DF2BA853B682597A214B8AA0EA6E598650AF15",
 		"C391A856B9FE234E14BA1AC7BB40FF",
 		"479682BC21349C4BE1641D5E78FE2C79EC1B9CF5470936DCAD9967A4DCD7C4EFADA593BC9EDE71E6A08829B8580901B61E274227E9D918502DE3",
 		"EAD154DC09C5E26C5D26FF33ED148B27120C7F2C23225CC0D0631B03E1F6C6D96FEB88C1A4052ACB4CE746B884B6502931F407021126C6AAB8C514C077A5A38438AE88EE",
 		"938821286EBB671D999B87C032E1D6055392EB564E57970D55E545FC5E8BAB90E6E3E3C0913F6320995FC636D72CD9919657CC38BD51552F4A502D8D1FE56DB33EBAC5092630E69EBB986F0E15CEE9FC8C052501"},
 	{"294362FCC984F440CEA3E9F7D2C06AF20C53AAC1B3738CA2186C914A6E193ABB",
 		"B15B61C8BB39261A8F55AB178EC3",
 		"D0729B6B75BB",
 		"2BD089ADCE9F334BAE3B065996C7D616DD0C27DF4218DCEEA0FBCA0F968837CE26B0876083327E25681FDDD620A32EC0DA12F73FAE826CC94BFF2B90A54D2651",
 		"AC94B25E4E21DE2437B806966CCD5D9385EF0CD4A51AB9FA6DE675C7B8952D67802E9FEC1FDE9F5D1EAB06057498BC0EEA454804FC9D2068982A3E24182D9AC2E7AB9994DDC899A604264583F63D066B"},
 	{"959DBFEB039B1A5B8CE6A44649B602AAA5F98A906DB96143D202CD2024F749D9",
 		"01D7BDB1133E9C347486C1EFA6",
 		"F3843955BD741F379DD750585EDC55E2CDA05CCBA8C1F4622AC2FE35214BC3A019B8BD12C4CC42D9213D1E1556941E8D8450830287FFB3B763A13722DD4140ED9846FB5FFF745D7B0B967D810A068222E10B259AF1D392035B0D83DC1498A6830B11B2418A840212599171E0258A1C203B05362978",
 		"A21811232C950FA8B12237C2EBD6A7CD2C3A155905E9E0C7C120",
 		"63C1CE397B22F1A03F1FA549B43178BC405B152D3C95E977426D519B3DFCA28498823240592B6EEE7A14"},
 	{"096AE499F5294173F34FF2B375F0E5D5AB79D0D03B33B1A74D7D576826345DF4",
 		"0C52B3D11D636E5910A4DD76D32C",
 		"229E9ECA3053789E937447BC719467075B6138A142DA528DA8F0CF8DDF022FD9AF8E74779BA3AC306609",
 		"8B7A00038783E8BAF6EDEAE0C4EAB48FC8FD501A588C7E4A4DB71E3604F2155A97687D3D2FFF8569261375A513CF4398CE0F87CA1658A1050F6EF6C4EA3E25",
 		"C20B6CF8D3C8241825FD90B2EDAC7593600646E579A8D8DAAE9E2E40C3835FE801B2BE4379131452BC5182C90307B176DFBE2049544222FE7783147B690774F6D9D7CEF52A91E61E298E9AA15464AC"},
 }
--- a/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_a.go
+++ b/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_a.go
@ -0,0 +1,78 @@
 package ocb
 import (
 	"encoding/hex"
 )
 // Test vectors from https://tools.ietf.org/html/rfc7253. Note that key is
 // shared across tests.
 var testKey, _ = hex.DecodeString("000102030405060708090A0B0C0D0E0F")
 var rfc7253testVectors = []struct {
 	nonce, header, plaintext, ciphertext string
 }{
 	{"BBAA99887766554433221100",
 		"",
 		"",
 		"785407BFFFC8AD9EDCC5520AC9111EE6"},
 	{"BBAA99887766554433221101",
 		"0001020304050607",
 		"0001020304050607",
 		"6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009"},
 	{"BBAA99887766554433221102",
 		"0001020304050607",
 		"",
 		"81017F8203F081277152FADE694A0A00"},
 	{"BBAA99887766554433221103",
 		"",
 		"0001020304050607",
 		"45DD69F8F5AAE72414054CD1F35D82760B2CD00D2F99BFA9"},
 	{"BBAA99887766554433221104",
 		"000102030405060708090A0B0C0D0E0F",
 		"000102030405060708090A0B0C0D0E0F",
 		"571D535B60B277188BE5147170A9A22C3AD7A4FF3835B8C5701C1CCEC8FC3358"},
 	{"BBAA99887766554433221105",
 		"000102030405060708090A0B0C0D0E0F",
 		"",
 		"8CF761B6902EF764462AD86498CA6B97"},
 	{"BBAA99887766554433221106",
 		"",
 		"000102030405060708090A0B0C0D0E0F",
 		"5CE88EC2E0692706A915C00AEB8B2396F40E1C743F52436BDF06D8FA1ECA343D"},
 	{"BBAA99887766554433221107",
 		"000102030405060708090A0B0C0D0E0F1011121314151617",
 		"000102030405060708090A0B0C0D0E0F1011121314151617",
 		"1CA2207308C87C010756104D8840CE1952F09673A448A122C92C62241051F57356D7F3C90BB0E07F"},
 	{"BBAA99887766554433221108",
 		"000102030405060708090A0B0C0D0E0F1011121314151617",
 		"",
 		"6DC225A071FC1B9F7C69F93B0F1E10DE"},
 	{"BBAA99887766554433221109",
 		"",
 		"000102030405060708090A0B0C0D0E0F1011121314151617",
 		"221BD0DE7FA6FE993ECCD769460A0AF2D6CDED0C395B1C3CE725F32494B9F914D85C0B1EB38357FF"},
 	{"BBAA9988776655443322110A",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
 		"BD6F6C496201C69296C11EFD138A467ABD3C707924B964DEAFFC40319AF5A48540FBBA186C5553C68AD9F592A79A4240"},
 	{"BBAA9988776655443322110B",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
 		"",
 		"FE80690BEE8A485D11F32965BC9D2A32"},
 	{"BBAA9988776655443322110C",
 		"",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
 		"2942BFC773BDA23CABC6ACFD9BFD5835BD300F0973792EF46040C53F1432BCDFB5E1DDE3BC18A5F840B52E653444D5DF"},
 	{"BBAA9988776655443322110D",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
 		"D5CA91748410C1751FF8A2F618255B68A0A12E093FF454606E59F9C1D0DDC54B65E8628E568BAD7AED07BA06A4A69483A7035490C5769E60"},
 	{"BBAA9988776655443322110E",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
 		"",
 		"C5CD9D1850C141E358649994EE701B68"},
 	{"BBAA9988776655443322110F",
 		"",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
 		"4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15A5DDBFC5787E50B5CC55EE507BCB084E479AD363AC366B95A98CA5F3000B1479"},
 }
--- a/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_b.go
+++ b/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_b.go
@ -0,0 +1,24 @@
 package ocb
 // Second set of test vectors from https://tools.ietf.org/html/rfc7253
 var rfc7253TestVectorTaglen96 = struct {
 	key, nonce, header, plaintext, ciphertext string
 }{"0F0E0D0C0B0A09080706050403020100",
 		"BBAA9988776655443322110D",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
 		"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
 		"1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FDAC4F02AA"}
 var rfc7253AlgorithmTest = []struct {
 	KEYLEN, TAGLEN int
 	OUTPUT string }{
 		{128, 128, "67E944D23256C5E0B6C61FA22FDF1EA2"},
 		{192, 128, "F673F2C3E7174AAE7BAE986CA9F29E17"},
 		{256, 128, "D90EB8E9C977C88B79DD793D7FFA161C"},
 		{128, 96, "77A3D8E73589158D25D01209"},
 		{192, 96, "05D56EAD2752C86BE6932C5E"},
 		{256, 96, "5458359AC23B0CBA9E6330DD"},
 		{128, 64, "192C9B7BD90BA06A"},
 		{192, 64, "0066BC6E0EF34E24"},
 		{256, 64, "7D4EA5D445501CBE"},
 	}
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap/keywrap.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap/keywrap.go
@ -0,0 +1,153 @@
 // Copyright 2014 Matthew Endsley
 // All rights reserved
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted providing that the following conditions
 // are met:
 // 1. Redistributions of source code must retain the above copyright
 //    notice, this list of conditions and the following disclaimer.
 // 2. Redistributions in binary form must reproduce the above copyright
 //    notice, this list of conditions and the following disclaimer in the
 //    documentation and/or other materials provided with the distribution.
 //
 // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 // IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 // ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 // DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 // IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 // POSSIBILITY OF SUCH DAMAGE.
 // Package keywrap is an implementation of the RFC 3394 AES key wrapping
 // algorithm. This is used in OpenPGP with elliptic curve keys.
 package keywrap
 import (
 	"crypto/aes"
 	"encoding/binary"
 	"errors"
 )
 var (
 	// ErrWrapPlaintext is returned if the plaintext is not a multiple
 	// of 64 bits.
 	ErrWrapPlaintext = errors.New("keywrap: plainText must be a multiple of 64 bits")
 	// ErrUnwrapCiphertext is returned if the ciphertext is not a
 	// multiple of 64 bits.
 	ErrUnwrapCiphertext = errors.New("keywrap: cipherText must by a multiple of 64 bits")
 	// ErrUnwrapFailed is returned if unwrapping a key fails.
 	ErrUnwrapFailed = errors.New("keywrap: failed to unwrap key")
 	// NB: the AES NewCipher call only fails if the key is an invalid length.
 	// ErrInvalidKey is returned when the AES key is invalid.
 	ErrInvalidKey = errors.New("keywrap: invalid AES key")
 )
 // Wrap a key using the RFC 3394 AES Key Wrap Algorithm.
 func Wrap(key, plainText []byte) ([]byte, error) {
 	if len(plainText)%8 != 0 {
 		return nil, ErrWrapPlaintext
 	}
 	c, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, ErrInvalidKey
 	}
 	nblocks := len(plainText) / 8
 	// 1) Initialize variables.
 	var block [aes.BlockSize]byte
 	// - Set A = IV, an initial value (see 2.2.3)
 	for ii := 0; ii < 8; ii++ {
 		block[ii] = 0xA6
 	}
 	// - For i = 1 to n
 	// -   Set R[i] = P[i]
 	intermediate := make([]byte, len(plainText))
 	copy(intermediate, plainText)
 	// 2) Calculate intermediate values.
 	for ii := 0; ii < 6; ii++ {
 		for jj := 0; jj < nblocks; jj++ {
 			// - B = AES(K, A | R[i])
 			copy(block[8:], intermediate[jj*8:jj*8+8])
 			c.Encrypt(block[:], block[:])
 			// - A = MSB(64, B) ^ t where t = (n*j)+1
 			t := uint64(ii*nblocks + jj + 1)
 			val := binary.BigEndian.Uint64(block[:8]) ^ t
 			binary.BigEndian.PutUint64(block[:8], val)
 			// - R[i] = LSB(64, B)
 			copy(intermediate[jj*8:jj*8+8], block[8:])
 		}
 	}
 	// 3) Output results.
 	// - Set C[0] = A
 	// - For i = 1 to n
 	// -   C[i] = R[i]
 	return append(block[:8], intermediate...), nil
 }
 // Unwrap a key using the RFC 3394 AES Key Wrap Algorithm.
 func Unwrap(key, cipherText []byte) ([]byte, error) {
 	if len(cipherText)%8 != 0 {
 		return nil, ErrUnwrapCiphertext
 	}
 	c, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, ErrInvalidKey
 	}
 	nblocks := len(cipherText)/8 - 1
 	// 1) Initialize variables.
 	var block [aes.BlockSize]byte
 	// - Set A = C[0]
 	copy(block[:8], cipherText[:8])
 	// - For i = 1 to n
 	// -   Set R[i] = C[i]
 	intermediate := make([]byte, len(cipherText)-8)
 	copy(intermediate, cipherText[8:])
 	// 2) Compute intermediate values.
 	for jj := 5; jj >= 0; jj-- {
 		for ii := nblocks - 1; ii >= 0; ii-- {
 			// - B = AES-1(K, (A ^ t) | R[i]) where t = n*j+1
 			// - A = MSB(64, B)
 			t := uint64(jj*nblocks + ii + 1)
 			val := binary.BigEndian.Uint64(block[:8]) ^ t
 			binary.BigEndian.PutUint64(block[:8], val)
 			copy(block[8:], intermediate[ii*8:ii*8+8])
 			c.Decrypt(block[:], block[:])
 			// - R[i] = LSB(B, 64)
 			copy(intermediate[ii*8:ii*8+8], block[8:])
 		}
 	}
 	// 3) Output results.
 	// - If A is an appropriate initial value (see 2.2.3),
 	for ii := 0; ii < 8; ii++ {
 		if block[ii] != 0xA6 {
 			return nil, ErrUnwrapFailed
 		}
 	}
 	// - For i = 1 to n
 	// -   P[i] = R[i]
 	return intermediate, nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go
@ -4,33 +4,25 @@
 // Package armor implements OpenPGP ASCII Armor, see RFC 4880. OpenPGP Armor is
 // very similar to PEM except that it has an additional CRC checksum.
-//
+package armor // import "github.com/ProtonMail/go-crypto/openpgp/armor"
 // Deprecated: this package is unmaintained except for security fixes. New
 // applications should consider a more focused, modern alternative to OpenPGP
 // for their specific task. If you are required to interoperate with OpenPGP
 // systems and need a maintained package, consider a community fork.
 // See https://golang.org/issue/44226.
 package armor // import "golang.org/x/crypto/openpgp/armor"
 import (
 	"bufio"
 	"bytes"
 	"encoding/base64"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"io"
 )
 // A Block represents an OpenPGP armored structure.
 //
 // The encoded form is:
 //    -----BEGIN Type-----
 //    Headers
 //
-//	-----BEGIN Type-----
+//    base64-encoded Bytes
-//	Headers
+//    '=' base64 encoded checksum
-//
+//    -----END Type-----
 //	base64-encoded Bytes
 //	'=' base64 encoded checksum
 //	-----END Type-----
 //
 // where Headers is a possibly empty sequence of Key: Value lines.
 //
 // Since the armored data can be very large, this package presents a streaming
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go
@ -96,8 +96,7 @@ func (l *lineBreaker) Close() (err error) {
 // trailer.
 //
 // It's built into a stack of io.Writers:
-//
+//    encoding -> base64 encoder -> lineBreaker -> out
 //	encoding -> base64 encoder -> lineBreaker -> out
 type encoding struct {
 	out       io.Writer
 	breaker   *lineBreaker
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go
@ -4,7 +4,10 @@
 package openpgp
-import "hash"
+import (
 	"hash"
 	"io"
 )
 // NewCanonicalTextHash reformats text written to it into the canonical
 // form and then applies the hash h.  See RFC 4880, section 5.2.1.
@ -19,28 +22,31 @@ type canonicalTextHash struct {
 var newline = []byte{'\r', '\n'}
-func (cth *canonicalTextHash) Write(buf []byte) (int, error) {
+func writeCanonical(cw io.Writer, buf []byte, s *int) (int, error) {
 	start := 0
 	for i, c := range buf {
-		switch cth.s {
+		switch *s {
 		case 0:
 			if c == '\r' {
-				cth.s = 1
+				*s = 1
 			} else if c == '\n' {
-				cth.h.Write(buf[start:i])
+				cw.Write(buf[start:i])
-				cth.h.Write(newline)
+				cw.Write(newline)
 				start = i + 1
 			}
 		case 1:
-			cth.s = 0
+			*s = 0
 		}
 	}
-	cth.h.Write(buf[start:])
+	cw.Write(buf[start:])
 	return len(buf), nil
 }
 func (cth *canonicalTextHash) Write(buf []byte) (int, error) {
 	return writeCanonical(cth.h, buf, &cth.s)
 }
 func (cth *canonicalTextHash) Sum(in []byte) []byte {
 	return cth.h.Sum(in)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go
@ -0,0 +1,206 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // Package ecdh implements ECDH encryption, suitable for OpenPGP,
 // as specified in RFC 6637, section 8.
 package ecdh
 import (
 	"bytes"
 	"errors"
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/aes/keywrap"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
 )
 type KDF struct {
 	Hash   algorithm.Hash
 	Cipher algorithm.Cipher
 }
 type PublicKey struct {
 	curve ecc.ECDHCurve
 	Point []byte
 	KDF
 }
 type PrivateKey struct {
 	PublicKey
 	D []byte
 }
 func NewPublicKey(curve ecc.ECDHCurve, kdfHash algorithm.Hash, kdfCipher algorithm.Cipher) *PublicKey {
 	return &PublicKey{
 		curve:     curve,
 		KDF: KDF{
 			Hash:   kdfHash,
 			Cipher: kdfCipher,
 		},
 	}
 }
 func NewPrivateKey(key PublicKey) *PrivateKey {
 	return &PrivateKey{
 		PublicKey: key,
 	}
 }
 func (pk *PublicKey) GetCurve() ecc.ECDHCurve {
 	return pk.curve
 }
 func (pk *PublicKey) MarshalPoint() []byte {
 	return pk.curve.MarshalBytePoint(pk.Point)
 }
 func (pk *PublicKey) UnmarshalPoint(p []byte) error {
 	pk.Point = pk.curve.UnmarshalBytePoint(p)
 	if pk.Point == nil {
 		return errors.New("ecdh: failed to parse EC point")
 	}
 	return nil
 }
 func (sk *PrivateKey) MarshalByteSecret() []byte {
 	return sk.curve.MarshalByteSecret(sk.D)
 }
 func (sk *PrivateKey) UnmarshalByteSecret(d []byte) error {
 	sk.D = sk.curve.UnmarshalByteSecret(d)
 	if sk.D == nil {
 		return errors.New("ecdh: failed to parse scalar")
 	}
 	return nil
 }
 func GenerateKey(rand io.Reader, c ecc.ECDHCurve, kdf KDF) (priv *PrivateKey, err error) {
 	priv = new(PrivateKey)
 	priv.PublicKey.curve = c
 	priv.PublicKey.KDF = kdf
 	priv.PublicKey.Point, priv.D, err = c.GenerateECDH(rand)
 	return
 }
 func Encrypt(random io.Reader, pub *PublicKey, msg, curveOID, fingerprint []byte) (vsG, c []byte, err error) {
 	if len(msg) > 40 {
 		return nil, nil, errors.New("ecdh: message too long")
 	}
 	// the sender MAY use 21, 13, and 5 bytes of padding for AES-128,
 	// AES-192, and AES-256, respectively, to provide the same number of
 	// octets, 40 total, as an input to the key wrapping method.
 	padding := make([]byte, 40-len(msg))
 	for i := range padding {
 		padding[i] = byte(40 - len(msg))
 	}
 	m := append(msg, padding...)
 	ephemeral, zb, err := pub.curve.Encaps(random, pub.Point)
 	if err != nil {
 		return nil, nil, err
 	}
 	vsG = pub.curve.MarshalBytePoint(ephemeral)
 	z, err := buildKey(pub, zb, curveOID, fingerprint, false, false)
 	if err != nil {
 		return nil, nil, err
 	}
 	if c, err = keywrap.Wrap(z, m); err != nil {
 		return nil, nil, err
 	}
 	return vsG, c, nil
 }
 func Decrypt(priv *PrivateKey, vsG, c, curveOID, fingerprint []byte) (msg []byte, err error) {
 	var m []byte
 	zb, err := priv.PublicKey.curve.Decaps(priv.curve.UnmarshalBytePoint(vsG), priv.D)
 	// Try buildKey three times to workaround an old bug, see comments in buildKey.
 	for i := 0; i < 3; i++ {
 		var z []byte
 		// RFC6637 §8: "Compute Z = KDF( S, Z_len, Param );"
 		z, err = buildKey(&priv.PublicKey, zb, curveOID, fingerprint, i == 1, i == 2)
 		if err != nil {
 			return nil, err
 		}
 		// RFC6637 §8: "Compute C = AESKeyWrap( Z, c ) as per [RFC3394]"
 		m, err = keywrap.Unwrap(z, c)
 		if err == nil {
 			break
 		}
 	}
 	// Only return an error after we've tried all (required) variants of buildKey.
 	if err != nil {
 		return nil, err
 	}
 	// RFC6637 §8: "m = symm_alg_ID || session key || checksum || pkcs5_padding"
 	// The last byte should be the length of the padding, as per PKCS5; strip it off.
 	return m[:len(m)-int(m[len(m)-1])], nil
 }
 func buildKey(pub *PublicKey, zb []byte, curveOID, fingerprint []byte, stripLeading, stripTrailing bool) ([]byte, error) {
 	// Param = curve_OID_len || curve_OID || public_key_alg_ID || 03
 	//         || 01 || KDF_hash_ID || KEK_alg_ID for AESKeyWrap
 	//         || "Anonymous Sender    " || recipient_fingerprint;
 	param := new(bytes.Buffer)
 	if _, err := param.Write(curveOID); err != nil {
 		return nil, err
 	}
 	algKDF := []byte{18, 3, 1, pub.KDF.Hash.Id(), pub.KDF.Cipher.Id()}
 	if _, err := param.Write(algKDF); err != nil {
 		return nil, err
 	}
 	if _, err := param.Write([]byte("Anonymous Sender    ")); err != nil {
 		return nil, err
 	}
 	// For v5 keys, the 20 leftmost octets of the fingerprint are used.
 	if _, err := param.Write(fingerprint[:20]); err != nil {
 		return nil, err
 	}
 	if param.Len() - len(curveOID) != 45 {
 		return nil, errors.New("ecdh: malformed KDF Param")
 	}
 	// MB = Hash ( 00 || 00 || 00 || 01 || ZB || Param );
 	h := pub.KDF.Hash.New()
 	if _, err := h.Write([]byte{0x0, 0x0, 0x0, 0x1}); err != nil {
 		return nil, err
 	}
 	zbLen := len(zb)
 	i := 0
 	j := zbLen - 1
 	if stripLeading {
 		// Work around old go crypto bug where the leading zeros are missing.
 		for ; i < zbLen && zb[i] == 0; i++ {}
 	}
 	if stripTrailing {
 		// Work around old OpenPGP.js bug where insignificant trailing zeros in
 		// this little-endian number are missing.
 		// (See https://github.com/openpgpjs/openpgpjs/pull/853.)
 		for ; j >= 0 && zb[j] == 0; j-- {}
 	}
 	if _, err := h.Write(zb[i:j+1]); err != nil {
 		return nil, err
 	}
 	if _, err := h.Write(param.Bytes()); err != nil {
 		return nil, err
 	}
 	mb := h.Sum(nil)
 	return mb[:pub.KDF.Cipher.KeySize()], nil // return oBits leftmost bits of MB.
 }
 func Validate(priv *PrivateKey) error {
 	return priv.curve.ValidateECDH(priv.Point, priv.D)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdsa/ecdsa.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdsa/ecdsa.go
@ -0,0 +1,80 @@
 // Package ecdsa implements ECDSA signature, suitable for OpenPGP,
 // as specified in RFC 6637, section 5.
 package ecdsa
 import (
 	"errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
 	"io"
 	"math/big"
 )
 type PublicKey struct {
 	X, Y *big.Int
 	curve ecc.ECDSACurve
 }
 type PrivateKey struct {
 	PublicKey
 	D *big.Int
 }
 func NewPublicKey(curve ecc.ECDSACurve) *PublicKey {
 	return &PublicKey{
 		curve: curve,
 	}
 }
 func NewPrivateKey(key PublicKey) *PrivateKey {
 	return &PrivateKey{
 		PublicKey: key,
 	}
 }
 func (pk *PublicKey) GetCurve() ecc.ECDSACurve {
 	return pk.curve
 }
 func (pk *PublicKey) MarshalPoint() []byte {
 	return pk.curve.MarshalIntegerPoint(pk.X, pk.Y)
 }
 func (pk *PublicKey) UnmarshalPoint(p []byte) error {
 	pk.X, pk.Y = pk.curve.UnmarshalIntegerPoint(p)
 	if pk.X == nil {
 		return errors.New("ecdsa: failed to parse EC point")
 	}
 	return nil
 }
 func (sk *PrivateKey) MarshalIntegerSecret() []byte {
 	return sk.curve.MarshalIntegerSecret(sk.D)
 }
 func (sk *PrivateKey) UnmarshalIntegerSecret(d []byte) error {
 	sk.D = sk.curve.UnmarshalIntegerSecret(d)
 	if sk.D == nil {
 		return errors.New("ecdsa: failed to parse scalar")
 	}
 	return nil
 }
 func GenerateKey(rand io.Reader, c ecc.ECDSACurve) (priv *PrivateKey, err error) {
 	priv = new(PrivateKey)
 	priv.PublicKey.curve = c
 	priv.PublicKey.X, priv.PublicKey.Y, priv.D, err = c.GenerateECDSA(rand)
 	return
 }
 func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) {
 	return priv.PublicKey.curve.Sign(rand, priv.X, priv.Y, priv.D, hash)
 }
 func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
 	return pub.curve.Verify(pub.X, pub.Y, hash, r, s)
 }
 func Validate(priv *PrivateKey) error {
 	return priv.curve.ValidateECDSA(priv.X, priv.Y, priv.D.Bytes())
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/eddsa/eddsa.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/eddsa/eddsa.go
@ -0,0 +1,91 @@
 // Package eddsa implements EdDSA signature, suitable for OpenPGP, as specified in
 // https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7
 package eddsa
 import (
 	"errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
 	"io"
 )
 type PublicKey struct {
 	X []byte
 	curve ecc.EdDSACurve
 }
 type PrivateKey struct {
 	PublicKey
 	D []byte
 }
 func NewPublicKey(curve ecc.EdDSACurve) *PublicKey {
 	return &PublicKey{
 		curve: curve,
 	}
 }
 func NewPrivateKey(key PublicKey) *PrivateKey {
 	return &PrivateKey{
 		PublicKey: key,
 	}
 }
 func (pk *PublicKey) GetCurve() ecc.EdDSACurve {
 	return pk.curve
 }
 func (pk *PublicKey) MarshalPoint() []byte {
 	return pk.curve.MarshalBytePoint(pk.X)
 }
 func (pk *PublicKey) UnmarshalPoint(x []byte) error {
 	pk.X = pk.curve.UnmarshalBytePoint(x)
 	if pk.X == nil {
 		return errors.New("eddsa: failed to parse EC point")
 	}
 	return nil
 }
 func (sk *PrivateKey) MarshalByteSecret() []byte {
 	return sk.curve.MarshalByteSecret(sk.D)
 }
 func (sk *PrivateKey) UnmarshalByteSecret(d []byte) error {
 	sk.D = sk.curve.UnmarshalByteSecret(d)
 	if sk.D == nil {
 		return errors.New("eddsa: failed to parse scalar")
 	}
 	return nil
 }
 func GenerateKey(rand io.Reader, c ecc.EdDSACurve) (priv *PrivateKey, err error) {
 	priv = new(PrivateKey)
 	priv.PublicKey.curve = c
 	priv.PublicKey.X, priv.D, err = c.GenerateEdDSA(rand)
 	return
 }
 func Sign(priv *PrivateKey, message []byte) (r, s []byte, err error) {
 	sig, err := priv.PublicKey.curve.Sign(priv.PublicKey.X, priv.D, message)
 	if err != nil {
 		return nil, nil, err
 	}
 	r, s = priv.PublicKey.curve.MarshalSignature(sig)
 	return
 }
 func Verify(pub *PublicKey, message, r, s []byte) bool {
 	sig := pub.curve.UnmarshalSignature(r, s)
 	if sig == nil {
 		return false
 	}
 	return pub.curve.Verify(pub.X, message, sig)
 }
 func Validate(priv *PrivateKey) error {
 	return priv.curve.ValidateEdDSA(priv.PublicKey.X, priv.D)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/elgamal/elgamal.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/elgamal/elgamal.go
@ -10,13 +10,7 @@
 // This form of ElGamal embeds PKCS#1 v1.5 padding, which may make it
 // unsuitable for other protocols. RSA should be used in preference in any
 // case.
-//
+package elgamal // import "github.com/ProtonMail/go-crypto/openpgp/elgamal"
 // Deprecated: this package was only provided to support ElGamal encryption in
 // OpenPGP. The golang.org/x/crypto/openpgp package is now deprecated (see
 // https://golang.org/issue/44226), and ElGamal in the OpenPGP ecosystem has
 // compatibility and security issues (see https://eprint.iacr.org/2021/923).
 // Moreover, this package doesn't protect against side-channel attacks.
 package elgamal // import "golang.org/x/crypto/openpgp/elgamal"
 import (
 	"crypto/rand"
@ -77,8 +71,8 @@ func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err
 // returns the plaintext of the message. An error can result only if the
 // ciphertext is invalid. Users should keep in mind that this is a padding
 // oracle and thus, if exposed to an adaptive chosen ciphertext attack, can
-// be used to break the cryptosystem.  See “Chosen Ciphertext Attacks
+// be used to break the cryptosystem.  See ``Chosen Ciphertext Attacks
-// Against Protocols Based on the RSA Encryption Standard PKCS #1”, Daniel
+// Against Protocols Based on the RSA Encryption Standard PKCS #1'', Daniel
 // Bleichenbacher, Advances in Cryptology (Crypto '98),
 func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
 	s := new(big.Int).Exp(c1, priv.X, priv.P)
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
@ -3,13 +3,7 @@
 // license that can be found in the LICENSE file.
 // Package errors contains common error types for the OpenPGP packages.
-//
+package errors // import "github.com/ProtonMail/go-crypto/openpgp/errors"
 // Deprecated: this package is unmaintained except for security fixes. New
 // applications should consider a more focused, modern alternative to OpenPGP
 // for their specific task. If you are required to interoperate with OpenPGP
 // systems and need a maintained package, consider a community fork.
 // See https://golang.org/issue/44226.
 package errors // import "golang.org/x/crypto/openpgp/errors"
 import (
 	"strconv"
@ -47,6 +41,25 @@ func (b SignatureError) Error() string {
 	return "openpgp: invalid signature: " + string(b)
 }
 var ErrMDCHashMismatch error = SignatureError("MDC hash mismatch")
 var ErrMDCMissing error = SignatureError("MDC packet not found")
 type signatureExpiredError int
 func (se signatureExpiredError) Error() string {
 	return "openpgp: signature expired"
 }
 var ErrSignatureExpired error = signatureExpiredError(0)
 type keyExpiredError int
 func (ke keyExpiredError) Error() string {
 	return "openpgp: key expired"
 }
 var ErrKeyExpired error = keyExpiredError(0)
 type keyIncorrectError int
 func (ki keyIncorrectError) Error() string {
@ -55,6 +68,14 @@ func (ki keyIncorrectError) Error() string {
 var ErrKeyIncorrect error = keyIncorrectError(0)
 // KeyInvalidError indicates that the public key parameters are invalid
 // as they do not match the private ones
 type KeyInvalidError string
 func (e KeyInvalidError) Error() string {
 	return "openpgp: invalid key: " + string(e)
 }
 type unknownIssuerError int
 func (unknownIssuerError) Error() string {
@ -76,3 +97,20 @@ type UnknownPacketTypeError uint8
 func (upte UnknownPacketTypeError) Error() string {
 	return "openpgp: unknown packet type: " + strconv.Itoa(int(upte))
 }
 // AEADError indicates that there is a problem when initializing or using a
 // AEAD instance, configuration struct, nonces or index values.
 type AEADError string
 func (ae AEADError) Error() string {
 	return "openpgp: aead error: " + string(ae)
 }
 // ErrDummyPrivateKey results when operations are attempted on a private key
 // that is just a dummy key. See
 // https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109
 type ErrDummyPrivateKey string
 func (dke ErrDummyPrivateKey) Error() string {
 	return "openpgp: s2k GNU dummy key: " + string(dke)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go
@ -0,0 +1,65 @@
 // Copyright (C) 2019 ProtonTech AG
 package algorithm
 import (
 	"crypto/cipher"
 	"github.com/ProtonMail/go-crypto/eax"
 	"github.com/ProtonMail/go-crypto/ocb"
 )
 // AEADMode defines the Authenticated Encryption with Associated Data mode of
 // operation.
 type AEADMode uint8
 // Supported modes of operation (see RFC4880bis [EAX] and RFC7253)
 const (
 	AEADModeEAX = AEADMode(1)
 	AEADModeOCB = AEADMode(2)
 	AEADModeGCM = AEADMode(3)
 )
 // TagLength returns the length in bytes of authentication tags.
 func (mode AEADMode) TagLength() int {
 	switch mode {
 	case AEADModeEAX:
 		return 16
 	case AEADModeOCB:
 		return 16
 	case AEADModeGCM:
 		return 16
 	default:
 		return 0
 	}
 }
 // NonceLength returns the length in bytes of nonces.
 func (mode AEADMode) NonceLength() int {
 	switch mode {
 	case AEADModeEAX:
 		return 16
 	case AEADModeOCB:
 		return 15
 	case AEADModeGCM:
 		return 12
 	default:
 		return 0
 	}
 }
 // New returns a fresh instance of the given mode
 func (mode AEADMode) New(block cipher.Block) (alg cipher.AEAD) {
 	var err error
 	switch mode {
 	case AEADModeEAX:
 		alg, err = eax.NewEAX(block)
 	case AEADModeOCB:
 		alg, err = ocb.NewOCB(block)
 	case AEADModeGCM:
 		alg, err = cipher.NewGCM(block)
 	}
 	if err != nil {
 		panic(err.Error())
 	}
 	return alg
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go
@ -0,0 +1,107 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package algorithm
 import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/des"
 	"golang.org/x/crypto/cast5"
 )
 // Cipher is an official symmetric key cipher algorithm. See RFC 4880,
 // section 9.2.
 type Cipher interface {
 	// Id returns the algorithm ID, as a byte, of the cipher.
 	Id() uint8
 	// KeySize returns the key size, in bytes, of the cipher.
 	KeySize() int
 	// BlockSize returns the block size, in bytes, of the cipher.
 	BlockSize() int
 	// New returns a fresh instance of the given cipher.
 	New(key []byte) cipher.Block
 }
 // The following constants mirror the OpenPGP standard (RFC 4880).
 const (
 	TripleDES = CipherFunction(2)
 	CAST5     = CipherFunction(3)
 	AES128    = CipherFunction(7)
 	AES192    = CipherFunction(8)
 	AES256    = CipherFunction(9)
 )
 // CipherById represents the different block ciphers specified for OpenPGP. See
 // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13
 var CipherById = map[uint8]Cipher{
 	TripleDES.Id(): TripleDES,
 	CAST5.Id():     CAST5,
 	AES128.Id():    AES128,
 	AES192.Id():    AES192,
 	AES256.Id():    AES256,
 }
 type CipherFunction uint8
 // ID returns the algorithm Id, as a byte, of cipher.
 func (sk CipherFunction) Id() uint8 {
 	return uint8(sk)
 }
 var keySizeByID = map[uint8]int{
 	TripleDES.Id(): 24,
 	CAST5.Id():     cast5.KeySize,
 	AES128.Id():    16,
 	AES192.Id():    24,
 	AES256.Id():    32,
 }
 // KeySize returns the key size, in bytes, of cipher.
 func (cipher CipherFunction) KeySize() int {
 	switch cipher {
 	case TripleDES:
 		return 24
 	case CAST5:
 		return cast5.KeySize
 	case AES128:
 		return 16
 	case AES192:
 		return 24
 	case AES256:
 		return 32
 	}
 	return 0
 }
 // BlockSize returns the block size, in bytes, of cipher.
 func (cipher CipherFunction) BlockSize() int {
 	switch cipher {
 	case TripleDES:
 		return des.BlockSize
 	case CAST5:
 		return 8
 	case AES128, AES192, AES256:
 		return 16
 	}
 	return 0
 }
 // New returns a fresh instance of the given cipher.
 func (cipher CipherFunction) New(key []byte) (block cipher.Block) {
 	var err error
 	switch cipher {
 	case TripleDES:
 		block, err = des.NewTripleDESCipher(key)
 	case CAST5:
 		block, err = cast5.NewCipher(key)
 	case AES128, AES192, AES256:
 		block, err = aes.NewCipher(key)
 	}
 	if err != nil {
 		panic(err.Error())
 	}
 	return
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go
@ -0,0 +1,143 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package algorithm
 import (
 	"crypto"
 	"fmt"
 	"hash"
 )
 // Hash is an official hash function algorithm. See RFC 4880, section 9.4.
 type Hash interface {
 	// Id returns the algorithm ID, as a byte, of Hash.
 	Id() uint8
 	// Available reports whether the given hash function is linked into the binary.
 	Available() bool
 	// HashFunc simply returns the value of h so that Hash implements SignerOpts.
 	HashFunc() crypto.Hash
 	// New returns a new hash.Hash calculating the given hash function. New
 	// panics if the hash function is not linked into the binary.
 	New() hash.Hash
 	// Size returns the length, in bytes, of a digest resulting from the given
 	// hash function. It doesn't require that the hash function in question be
 	// linked into the program.
 	Size() int
 	// String is the name of the hash function corresponding to the given
 	// OpenPGP hash id.
 	String() string
 }
 // The following vars mirror the crypto/Hash supported hash functions.
 var (
 	SHA1      Hash = cryptoHash{2, crypto.SHA1}
 	SHA256    Hash = cryptoHash{8, crypto.SHA256}
 	SHA384    Hash = cryptoHash{9, crypto.SHA384}
 	SHA512    Hash = cryptoHash{10, crypto.SHA512}
 	SHA224    Hash = cryptoHash{11, crypto.SHA224}
 	SHA3_256  Hash = cryptoHash{12, crypto.SHA3_256}
 	SHA3_512  Hash = cryptoHash{14, crypto.SHA3_512}
 )
 // HashById represents the different hash functions specified for OpenPGP. See
 // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-14
 var (
 	HashById = map[uint8]Hash{
 		SHA256.Id():    SHA256,
 		SHA384.Id():    SHA384,
 		SHA512.Id():    SHA512,
 		SHA224.Id():    SHA224,
 		SHA3_256.Id():  SHA3_256,
 		SHA3_512.Id():  SHA3_512,
 	}
 )
 // cryptoHash contains pairs relating OpenPGP's hash identifier with
 // Go's crypto.Hash type. See RFC 4880, section 9.4.
 type cryptoHash struct {
 	id uint8
 	crypto.Hash
 }
 // Id returns the algorithm ID, as a byte, of cryptoHash.
 func (h cryptoHash) Id() uint8 {
 	return h.id
 }
 var hashNames = map[uint8]string{
 	SHA256.Id():    "SHA256",
 	SHA384.Id():    "SHA384",
 	SHA512.Id():    "SHA512",
 	SHA224.Id():    "SHA224",
 	SHA3_256.Id():  "SHA3-256",
 	SHA3_512.Id():  "SHA3-512",
 }
 func (h cryptoHash) String() string {
 	s, ok := hashNames[h.id]
 	if !ok {
 		panic(fmt.Sprintf("Unsupported hash function %d", h.id))
 	}
 	return s
 }
 // HashIdToHash returns a crypto.Hash which corresponds to the given OpenPGP
 // hash id.
 func HashIdToHash(id byte) (h crypto.Hash, ok bool) {
 	if hash, ok := HashById[id]; ok {
 		return hash.HashFunc(), true
 	}
 	return 0, false
 }
 // HashIdToHashWithSha1 returns a crypto.Hash which corresponds to the given OpenPGP
 // hash id, allowing sha1.
 func HashIdToHashWithSha1(id byte) (h crypto.Hash, ok bool) {
 	if hash, ok := HashById[id]; ok {
 		return hash.HashFunc(), true
 	}
 	if id == SHA1.Id() {
 		return SHA1.HashFunc(), true
 	}
 	return 0, false
 }
 // HashIdToString returns the name of the hash function corresponding to the
 // given OpenPGP hash id.
 func HashIdToString(id byte) (name string, ok bool) {
 	if hash, ok := HashById[id]; ok {
 		return hash.String(), true
 	}
 	return "", false
 }
 // HashToHashId returns an OpenPGP hash id which corresponds the given Hash.
 func HashToHashId(h crypto.Hash) (id byte, ok bool) {
 	for id, hash := range HashById {
 		if hash.HashFunc() == h {
 			return id, true
 		}
 	}
 	return 0, false
 }
 // HashToHashIdWithSha1 returns an OpenPGP hash id which corresponds the given Hash,
 // allowing instances of SHA1
 func HashToHashIdWithSha1(h crypto.Hash) (id byte, ok bool) {
 	for id, hash := range HashById {
 		if hash.HashFunc() == h {
 			return id, true
 		}
 	}
 	if h == SHA1.HashFunc() {
 		return SHA1.Id(), true
 	}
 	return 0, false
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.go
@ -0,0 +1,171 @@
 // Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
 package ecc
 import (
 	"crypto/subtle"
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	x25519lib "github.com/cloudflare/circl/dh/x25519"
 )
 type curve25519 struct {}
 func NewCurve25519() *curve25519 {
 	return &curve25519{}
 }
 func (c *curve25519) GetCurveName() string {
 	return "curve25519"
 }
 // MarshalBytePoint encodes the public point from native format, adding the prefix.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6
 func (c *curve25519) MarshalBytePoint(point [] byte) []byte {
 	return append([]byte{0x40}, point...)
 }
 // UnmarshalBytePoint decodes the public point to native format, removing the prefix.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6
 func (c *curve25519) UnmarshalBytePoint(point []byte) []byte {
 	if len(point) != x25519lib.Size + 1 {
 		return nil
 	}
 	// Remove prefix
 	return point[1:]
 }
 // MarshalByteSecret encodes the secret scalar from native format.
 // Note that the EC secret scalar differs from the definition of public keys in
 // [Curve25519] in two ways: (1) the byte-ordering is big-endian, which is
 // more uniform with how big integers are represented in OpenPGP, and (2) the
 // leading zeros are truncated.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.1
 // Note that leading zero bytes are stripped later when encoding as an MPI.
 func (c *curve25519) MarshalByteSecret(secret []byte) []byte {
 	d := make([]byte, x25519lib.Size)
 	copyReversed(d, secret)
 	// The following ensures that the private key is a number of the form
 	// 2^{254} + 8 * [0, 2^{251}), in order to avoid the small subgroup of
 	// the curve.
 	//
 	// This masking is done internally in the underlying lib and so is unnecessary
 	// for security, but OpenPGP implementations require that private keys be
 	// pre-masked.
 	d[0] &= 127
 	d[0] |= 64
 	d[31] &= 248
 	return d
 }
 // UnmarshalByteSecret decodes the secret scalar from native format.
 // Note that the EC secret scalar differs from the definition of public keys in
 // [Curve25519] in two ways: (1) the byte-ordering is big-endian, which is
 // more uniform with how big integers are represented in OpenPGP, and (2) the
 // leading zeros are truncated.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.1
 func (c *curve25519) UnmarshalByteSecret(d []byte) []byte {
 	if len(d) > x25519lib.Size {
 		return nil
 	}
 	// Ensure truncated leading bytes are re-added
 	secret := make([]byte, x25519lib.Size)
 	copyReversed(secret, d)
 	return secret
 }
 // generateKeyPairBytes Generates a private-public key-pair.
 // 'priv' is a private key; a little-endian scalar belonging to the set
 // 2^{254} + 8 * [0, 2^{251}), in order to avoid the small subgroup of the
 // curve. 'pub' is simply 'priv' * G where G is the base point.
 // See https://cr.yp.to/ecdh.html and RFC7748, sec 5.
 func (c *curve25519) generateKeyPairBytes(rand io.Reader) (priv, pub x25519lib.Key, err error) {
 	_, err = io.ReadFull(rand, priv[:])
 	if err != nil {
 		return
 	}
 	x25519lib.KeyGen(&pub, &priv)
 	return
 }
 func (c *curve25519) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err error) {
 	priv, pub, err := c.generateKeyPairBytes(rand)
 	if err != nil {
 		return
 	}
 	return pub[:], priv[:], nil
 }
 func (c *genericCurve) MaskSecret(secret []byte) []byte {
 	return secret
 }
 func (c *curve25519) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
 	// RFC6637 §8: "Generate an ephemeral key pair {v, V=vG}"
 	// ephemeralPrivate corresponds to `v`.
 	// ephemeralPublic corresponds to `V`.
 	ephemeralPrivate, ephemeralPublic, err := c.generateKeyPairBytes(rand)
 	if err != nil {
 		return nil, nil, err
 	}
 	// RFC6637 §8: "Obtain the authenticated recipient public key R"
 	// pubKey corresponds to `R`.
 	var pubKey x25519lib.Key
 	copy(pubKey[:], point)
 	// RFC6637 §8: "Compute the shared point S = vR"
 	//	"VB = convert point V to the octet string"
 	// sharedPoint corresponds to `VB`.
 	var sharedPoint x25519lib.Key
 	x25519lib.Shared(&sharedPoint, &ephemeralPrivate, &pubKey)
 	return ephemeralPublic[:], sharedPoint[:], nil
 }
 func (c *curve25519) Decaps(vsG, secret []byte) (sharedSecret []byte, err error) {
 	var ephemeralPublic, decodedPrivate, sharedPoint x25519lib.Key
 	// RFC6637 §8: "The decryption is the inverse of the method given."
 	// All quoted descriptions in comments below describe encryption, and
 	// the reverse is performed.
 	// vsG corresponds to `VB` in RFC6637 §8 .
 	// RFC6637 §8: "VB = convert point V to the octet string"
 	copy(ephemeralPublic[:], vsG)
 	// decodedPrivate corresponds to `r` in RFC6637 §8 .
 	copy(decodedPrivate[:], secret)
 	// RFC6637 §8: "Note that the recipient obtains the shared secret by calculating
 	//   S = rV = rvG, where (r,R) is the recipient's key pair."
 	// sharedPoint corresponds to `S`.
 	x25519lib.Shared(&sharedPoint, &decodedPrivate, &ephemeralPublic)
 	return sharedPoint[:], nil
 }
 func (c *curve25519) ValidateECDH(point []byte, secret []byte) (err error) {
 	var pk, sk x25519lib.Key
 	copy(sk[:], secret)
 	x25519lib.KeyGen(&pk, &sk)
 	if subtle.ConstantTimeCompare(point, pk[:]) == 0 {
 		return errors.KeyInvalidError("ecc: invalid curve25519 public point")
 	}
 	return nil
 }
 func copyReversed(out []byte, in []byte) {
 	l := len(in)
 	for i := 0; i < l; i++ {
 		out[i] = in[l-i-1]
 	}
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go
@ -0,0 +1,140 @@
 // Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
 package ecc
 import (
 	"bytes"
 	"crypto/elliptic"
 	"github.com/ProtonMail/go-crypto/bitcurves"
 	"github.com/ProtonMail/go-crypto/brainpool"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
 )
 type CurveInfo struct {
 	GenName string
 	Oid *encoding.OID
 	Curve Curve
 }
 var Curves = []CurveInfo{
 	{
 		// NIST P-256
 		GenName: "P256",
 		Oid: encoding.NewOID([]byte{0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07}),
 		Curve: NewGenericCurve(elliptic.P256()),
 	},
 	{
 		// NIST P-384
 		GenName: "P384",
 		Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x22}),
 		Curve: NewGenericCurve(elliptic.P384()),
 	},
 	{
 		// NIST P-521
 		GenName: "P521",
 		Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x23}),
 		Curve: NewGenericCurve(elliptic.P521()),
 	},
 	{
 		// SecP256k1
 		GenName: "SecP256k1",
 		Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x0A}),
 		Curve: NewGenericCurve(bitcurves.S256()),
 	},
 	{
 		// Curve25519
 		GenName: "Curve25519",
 		Oid: encoding.NewOID([]byte{0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01}),
 		Curve: NewCurve25519(),
 	},
 	{
 		// X448
 		GenName: "Curve448",
 		Oid: encoding.NewOID([]byte{0x2B, 0x65, 0x6F}),
 		Curve: NewX448(),
 	},
 	{
 		// Ed25519
 		GenName: "Curve25519",
 		Oid: encoding.NewOID([]byte{0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01}),
 		Curve: NewEd25519(),
 	},
 	{
 		// Ed448
 		GenName: "Curve448",
 		Oid: encoding.NewOID([]byte{0x2B, 0x65, 0x71}),
 		Curve: NewEd448(),
 	},
 	{
 		// BrainpoolP256r1
 		GenName: "BrainpoolP256",
 		Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07}),
 		Curve: NewGenericCurve(brainpool.P256r1()),
 	},
 	{
 		// BrainpoolP384r1
 		GenName: "BrainpoolP384",
 		Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B}),
 		Curve: NewGenericCurve(brainpool.P384r1()),
 	},
 	{
 		// BrainpoolP512r1
 		GenName: "BrainpoolP512",
 		Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D}),
 		Curve: NewGenericCurve(brainpool.P512r1()),
 	},
 }
 func FindByCurve(curve Curve) *CurveInfo {
 	for _, curveInfo := range Curves {
 		if curveInfo.Curve.GetCurveName() == curve.GetCurveName() {
 			return &curveInfo
 		}
 	}
 	return nil
 }
 func FindByOid(oid encoding.Field) *CurveInfo {
 	var rawBytes = oid.Bytes()
 	for _, curveInfo := range Curves {
 		if bytes.Equal(curveInfo.Oid.Bytes(), rawBytes) {
 			return &curveInfo
 		}
 	}
 	return nil
 }
 func FindEdDSAByGenName(curveGenName string) EdDSACurve {
 	for _, curveInfo := range Curves {
 		if curveInfo.GenName == curveGenName {
 			curve, ok := curveInfo.Curve.(EdDSACurve)
 			if ok {
 				return curve
 			}
 		}
 	}
 	return nil
 }
 func FindECDSAByGenName(curveGenName string) ECDSACurve {
 	for _, curveInfo := range Curves {
 		if curveInfo.GenName == curveGenName {
 			curve, ok := curveInfo.Curve.(ECDSACurve)
 			if ok {
 				return curve
 			}
 		}
 	}
 	return nil
 }
 func FindECDHByGenName(curveGenName string) ECDHCurve {
 	for _, curveInfo := range Curves {
 		if curveInfo.GenName == curveGenName {
 			curve, ok := curveInfo.Curve.(ECDHCurve)
 			if ok {
 				return curve
 			}
 		}
 	}
 	return nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curves.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curves.go
@ -0,0 +1,48 @@
 // Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
 package ecc
 import (
 	"io"
 	"math/big"
 )
 type Curve interface {
 	GetCurveName() string
 }
 type ECDSACurve interface {
 	Curve
 	MarshalIntegerPoint(x, y *big.Int) []byte
 	UnmarshalIntegerPoint([]byte) (x, y *big.Int)
 	MarshalIntegerSecret(d *big.Int) []byte
 	UnmarshalIntegerSecret(d []byte) *big.Int
 	GenerateECDSA(rand io.Reader) (x, y, secret *big.Int, err error)
 	Sign(rand io.Reader, x, y, d *big.Int, hash []byte) (r, s *big.Int, err error)
 	Verify(x, y *big.Int, hash []byte, r, s *big.Int) bool
 	ValidateECDSA(x, y *big.Int, secret []byte) error
 }
 type EdDSACurve interface {
 	Curve
 	MarshalBytePoint(x []byte) []byte
 	UnmarshalBytePoint([]byte) (x []byte)
 	MarshalByteSecret(d []byte) []byte
 	UnmarshalByteSecret(d []byte) []byte
 	MarshalSignature(sig []byte) (r, s []byte)
 	UnmarshalSignature(r, s []byte) (sig []byte)
 	GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error)
 	Sign(publicKey, privateKey, message []byte) (sig []byte, err error)
 	Verify(publicKey, message, sig []byte) bool
 	ValidateEdDSA(publicKey, privateKey []byte) (err error)
 }
 type ECDHCurve interface {
 	Curve
 	MarshalBytePoint([]byte) (encoded []byte)
 	UnmarshalBytePoint(encoded []byte) ([]byte)
 	MarshalByteSecret(d []byte) []byte
 	UnmarshalByteSecret(d []byte) []byte
 	GenerateECDH(rand io.Reader) (point []byte, secret []byte, err error)
 	Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error)
 	Decaps(ephemeral, secret []byte) (sharedSecret []byte, err error)
 	ValidateECDH(public []byte, secret []byte) error
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go
@ -0,0 +1,111 @@
 // Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
 package ecc
 import (
 	"crypto/subtle"
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	ed25519lib "github.com/cloudflare/circl/sign/ed25519"
 )
 const ed25519Size = 32
 type ed25519 struct {}
 func NewEd25519() *ed25519 {
 	return &ed25519{}
 }
 func (c *ed25519) GetCurveName() string {
 	return "ed25519"
 }
 // MarshalBytePoint encodes the public point from native format, adding the prefix.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
 func (c *ed25519) MarshalBytePoint(x []byte) []byte {
 	return append([]byte{0x40}, x...)
 }
 // UnmarshalBytePoint decodes a point from prefixed format to native.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
 func (c *ed25519) UnmarshalBytePoint(point []byte) (x []byte) {
 	if len(point) != ed25519lib.PublicKeySize + 1 {
 		return nil
 	}
 	// Return unprefixed
 	return point[1:]
 }
 // MarshalByteSecret encodes a scalar in native format.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
 func (c *ed25519) MarshalByteSecret(d []byte) []byte {
 	return d
 }
 // UnmarshalByteSecret decodes a scalar in native format and re-adds the stripped leading zeroes
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
 func (c *ed25519) UnmarshalByteSecret(s []byte) (d []byte) {
 	if len(s) > ed25519lib.SeedSize {
 		return nil
 	}
 	// Handle stripped leading zeroes
 	d = make([]byte, ed25519lib.SeedSize)
 	copy(d[ed25519lib.SeedSize - len(s):], s)
 	return
 }
 // MarshalSignature splits a signature in R and S.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1
 func (c *ed25519) MarshalSignature(sig []byte) (r, s []byte) {
 	return sig[:ed25519Size], sig[ed25519Size:]
 }
 // UnmarshalSignature decodes R and S in the native format, re-adding the stripped leading zeroes
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1
 func (c *ed25519) UnmarshalSignature(r, s []byte) (sig []byte) {
 	// Check size
 	if len(r) > 32 || len(s) > 32 {
 		return nil
 	}
 	sig = make([]byte, ed25519lib.SignatureSize)
 	// Handle stripped leading zeroes
 	copy(sig[ed25519Size-len(r):ed25519Size], r)
 	copy(sig[ed25519lib.SignatureSize-len(s):], s)
 	return sig
 }
 func (c *ed25519) GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error) {
 	pk, sk, err := ed25519lib.GenerateKey(rand)
 	if err != nil {
 		return nil, nil, err
 	}
 	return pk, sk[:ed25519lib.SeedSize], nil
 }
 func getEd25519Sk(publicKey, privateKey []byte) ed25519lib.PrivateKey {
 	return append(privateKey, publicKey...)
 }
 func (c *ed25519) Sign(publicKey, privateKey, message []byte) (sig []byte, err error) {
 	sig = ed25519lib.Sign(getEd25519Sk(publicKey, privateKey), message)
 	return sig, nil
 }
 func (c *ed25519) Verify(publicKey, message, sig []byte) bool {
 	return ed25519lib.Verify(publicKey, message, sig)
 }
 func (c *ed25519) ValidateEdDSA(publicKey, privateKey []byte) (err error) {
 	priv := getEd25519Sk(publicKey, privateKey)
 	expectedPriv := ed25519lib.NewKeyFromSeed(priv.Seed())
 	if subtle.ConstantTimeCompare(priv, expectedPriv) == 0 {
 		return errors.KeyInvalidError("ecc: invalid ed25519 secret")
 	}
 	return nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go
@ -0,0 +1,111 @@
 // Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
 package ecc
 import (
 	"crypto/subtle"
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	ed448lib "github.com/cloudflare/circl/sign/ed448"
 )
 type ed448 struct {}
 func NewEd448() *ed448 {
 	return &ed448{}
 }
 func (c *ed448) GetCurveName() string {
 	return "ed448"
 }
 // MarshalBytePoint encodes the public point from native format, adding the prefix.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
 func (c *ed448) MarshalBytePoint(x []byte) []byte {
 	// Return prefixed
 	return append([]byte{0x40}, x...)
 }
 // UnmarshalBytePoint decodes a point from prefixed format to native.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
 func (c *ed448) UnmarshalBytePoint(point []byte) (x []byte) {
 	if len(point) != ed448lib.PublicKeySize + 1 {
 		return nil
 	}
 	// Strip prefix
 	return point[1:]
 }
 // MarshalByteSecret encoded a scalar from native format to prefixed.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
 func (c *ed448) MarshalByteSecret(d []byte) []byte {
 	// Return prefixed
 	return append([]byte{0x40}, d...)
 }
 // UnmarshalByteSecret decodes a scalar from prefixed format to native.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
 func (c *ed448) UnmarshalByteSecret(s []byte) (d []byte) {
 	// Check prefixed size
 	if len(s) != ed448lib.SeedSize + 1 {
 		return nil
 	}
 	// Strip prefix
 	return s[1:]
 }
 // MarshalSignature splits a signature in R and S, where R is in prefixed native format and
 // S is an MPI with value zero.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.2
 func (c *ed448) MarshalSignature(sig []byte) (r, s []byte) {
 	return append([]byte{0x40}, sig...), []byte{}
 }
 // UnmarshalSignature decodes R and S in the native format. Only R is used, in prefixed native format.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.2
 func (c *ed448) UnmarshalSignature(r, s []byte) (sig []byte) {
 	if len(r) != ed448lib.SignatureSize + 1 {
 		return nil
 	}
 	return r[1:]
 }
 func (c *ed448) GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error) {
 	pk, sk, err := ed448lib.GenerateKey(rand)
 	if err != nil {
 		return nil, nil, err
 	}
 	return pk, sk[:ed448lib.SeedSize], nil
 }
 func getEd448Sk(publicKey, privateKey []byte) ed448lib.PrivateKey {
 	return append(privateKey, publicKey...)
 }
 func (c *ed448) Sign(publicKey, privateKey, message []byte) (sig []byte, err error) {
 	// Ed448 is used with the empty string as a context string.
 	// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7
 	sig = ed448lib.Sign(getEd448Sk(publicKey, privateKey), message, "")
 	return sig, nil
 }
 func (c *ed448) Verify(publicKey, message, sig []byte) bool {
 	// Ed448 is used with the empty string as a context string.
 	// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7
 	return ed448lib.Verify(publicKey, message, sig, "")
 }
 func (c *ed448) ValidateEdDSA(publicKey, privateKey []byte) (err error) {
 	priv := getEd448Sk(publicKey, privateKey)
 	expectedPriv := ed448lib.NewKeyFromSeed(priv.Seed())
 	if subtle.ConstantTimeCompare(priv, expectedPriv) == 0 {
 		return errors.KeyInvalidError("ecc: invalid ed448 secret")
 	}
 	return nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/generic.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/generic.go
@ -0,0 +1,149 @@
 // Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
 package ecc
 import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"fmt"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"io"
 	"math/big"
 )
 type genericCurve struct {
 	Curve elliptic.Curve
 }
 func NewGenericCurve(c elliptic.Curve) *genericCurve {
 	return &genericCurve{
 		Curve: c,
 	}
 }
 func (c *genericCurve) GetCurveName() string {
 	return c.Curve.Params().Name
 }
 func (c *genericCurve) MarshalBytePoint(point []byte) []byte {
 	return point
 }
 func (c *genericCurve) UnmarshalBytePoint(point []byte) []byte {
 	return point
 }
 func (c *genericCurve) MarshalIntegerPoint(x, y *big.Int) []byte {
 	return elliptic.Marshal(c.Curve, x, y)
 }
 func (c *genericCurve) UnmarshalIntegerPoint(point []byte) (x, y *big.Int) {
 	return elliptic.Unmarshal(c.Curve, point)
 }
 func (c *genericCurve) MarshalByteSecret(d []byte) []byte {
 	return d
 }
 func (c *genericCurve) UnmarshalByteSecret(d []byte) []byte {
 	return d
 }
 func (c *genericCurve) MarshalIntegerSecret(d *big.Int) []byte {
 	return d.Bytes()
 }
 func (c *genericCurve) UnmarshalIntegerSecret(d []byte) *big.Int {
 	return new(big.Int).SetBytes(d)
 }
 func (c *genericCurve) GenerateECDH(rand io.Reader) (point, secret []byte, err error) {
 	secret, x, y, err := elliptic.GenerateKey(c.Curve, rand)
 	if err != nil {
 		return nil, nil, err
 	}
 	point = elliptic.Marshal(c.Curve, x, y)
 	return point, secret, nil
 }
 func (c *genericCurve) GenerateECDSA(rand io.Reader) (x, y, secret *big.Int, err error) {
 	priv, err := ecdsa.GenerateKey(c.Curve, rand)
 	if err != nil {
 		return
 	}
 	return priv.X, priv.Y, priv.D, nil
 }
 func (c *genericCurve) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
 	xP, yP := elliptic.Unmarshal(c.Curve, point)
 	if xP == nil {
 		panic("invalid point")
 	}
 	d, x, y, err := elliptic.GenerateKey(c.Curve, rand)
 	if err != nil {
 		return nil, nil, err
 	}
 	vsG := elliptic.Marshal(c.Curve, x, y)
 	zbBig, _ := c.Curve.ScalarMult(xP, yP, d)
 	byteLen := (c.Curve.Params().BitSize + 7) >> 3
 	zb := make([]byte, byteLen)
 	zbBytes := zbBig.Bytes()
 	copy(zb[byteLen-len(zbBytes):], zbBytes)
 	return vsG, zb, nil
 }
 func (c *genericCurve) Decaps(ephemeral, secret []byte) (sharedSecret []byte, err error) {
 	x, y := elliptic.Unmarshal(c.Curve, ephemeral)
 	zbBig, _ := c.Curve.ScalarMult(x, y, secret)
 	byteLen := (c.Curve.Params().BitSize + 7) >> 3
 	zb := make([]byte, byteLen)
 	zbBytes := zbBig.Bytes()
 	copy(zb[byteLen-len(zbBytes):], zbBytes)
 	return zb, nil
 }
 func (c *genericCurve) Sign(rand io.Reader, x, y, d *big.Int, hash []byte) (r, s *big.Int, err error) {
 	priv := &ecdsa.PrivateKey{D: d, PublicKey: ecdsa.PublicKey{X: x, Y: y, Curve: c.Curve}}
 	return ecdsa.Sign(rand, priv, hash)
 }
 func (c *genericCurve) Verify(x, y *big.Int, hash []byte, r, s *big.Int) bool {
 	pub := &ecdsa.PublicKey{X: x, Y: y, Curve: c.Curve}
 	return ecdsa.Verify(pub, hash, r, s)
 }
 func (c *genericCurve) validate(xP, yP *big.Int, secret []byte) error {
 	// the public point should not be at infinity (0,0)
 	zero := new(big.Int)
 	if xP.Cmp(zero) == 0 && yP.Cmp(zero) == 0 {
 		return errors.KeyInvalidError(fmt.Sprintf("ecc (%s): infinity point", c.Curve.Params().Name))
 	}
 	// re-derive the public point Q' = (X,Y) = dG
 	// to compare to declared Q in public key
 	expectedX, expectedY := c.Curve.ScalarBaseMult(secret)
 	if xP.Cmp(expectedX) != 0 || yP.Cmp(expectedY) != 0 {
 		return errors.KeyInvalidError(fmt.Sprintf("ecc (%s): invalid point", c.Curve.Params().Name))
 	}
 	return nil
 }
 func (c *genericCurve) ValidateECDSA(xP, yP *big.Int, secret []byte) error {
 	return c.validate(xP, yP, secret)
 }
 func (c *genericCurve) ValidateECDH(point []byte, secret []byte) error {
 	xP, yP := elliptic.Unmarshal(c.Curve, point)
 	if xP == nil {
 		return errors.KeyInvalidError(fmt.Sprintf("ecc (%s): invalid point", c.Curve.Params().Name))
 	}
 	return c.validate(xP, yP, secret)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
@ -0,0 +1,105 @@
 // Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
 package ecc
 import (
 	"crypto/subtle"
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	x448lib "github.com/cloudflare/circl/dh/x448"
 )
 type x448 struct {}
 func NewX448() *x448 {
 	return &x448{}
 }
 func (c *x448) GetCurveName() string {
 	return "x448"
 }
 // MarshalBytePoint encodes the public point from native format, adding the prefix.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6
 func (c *x448) MarshalBytePoint(point []byte) []byte {
 	return append([]byte{0x40}, point...)
 }
 // UnmarshalBytePoint decodes a point from prefixed format to native.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6
 func (c *x448) UnmarshalBytePoint(point []byte) []byte {
 	if len(point) != x448lib.Size + 1 {
 		return nil
 	}
 	return point[1:]
 }
 // MarshalByteSecret encoded a scalar from native format to prefixed.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.2
 func (c *x448) MarshalByteSecret(d []byte) []byte {
 	return append([]byte{0x40}, d...)
 }
 // UnmarshalByteSecret decodes a scalar from prefixed format to native.
 // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.2
 func (c *x448) UnmarshalByteSecret(d []byte) []byte {
 	if len(d) != x448lib.Size + 1 {
 		return nil
 	}
 	// Store without prefix
 	return d[1:]
 }
 func (c *x448) generateKeyPairBytes(rand io.Reader) (sk, pk x448lib.Key, err error) {
 	if _, err = rand.Read(sk[:]); err != nil {
 		return
 	}
 	x448lib.KeyGen(&pk, &sk)
 	return
 }
 func (c *x448) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err error) {
 	priv, pub, err := c.generateKeyPairBytes(rand)
 	if err != nil {
 		return
 	}
 	return pub[:], priv[:], nil
 }
 func (c *x448) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
 	var pk, ss x448lib.Key
 	seed, e, err := c.generateKeyPairBytes(rand)
 	copy(pk[:], point)
 	x448lib.Shared(&ss, &seed, &pk)
 	return e[:], ss[:], nil
 }
 func (c *x448) Decaps(ephemeral, secret []byte) (sharedSecret []byte, err error) {
 	var ss, sk, e x448lib.Key
 	copy(sk[:], secret)
 	copy(e[:], ephemeral)
 	x448lib.Shared(&ss, &sk, &e)
 	return ss[:], nil
 }
 func (c *x448) ValidateECDH(point []byte, secret []byte) error {
 	var sk, pk, expectedPk x448lib.Key
 	copy(pk[:], point)
 	copy(sk[:], secret)
 	x448lib.KeyGen(&expectedPk, &sk)
 	if subtle.ConstantTimeCompare(expectedPk[:], pk[:]) == 0 {
 		return errors.KeyInvalidError("ecc: invalid curve25519 public point")
 	}
 	return nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go
@ -0,0 +1,27 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // Package encoding implements openpgp packet field encodings as specified in
 // RFC 4880 and 6637.
 package encoding
 import "io"
 // Field is an encoded field of an openpgp packet.
 type Field interface {
 	// Bytes returns the decoded data.
 	Bytes() []byte
 	// BitLength is the size in bits of the decoded data.
 	BitLength() uint16
 	// EncodedBytes returns the encoded data.
 	EncodedBytes() []byte
 	// EncodedLength is the size in bytes of the encoded data.
 	EncodedLength() uint16
 	// ReadFrom reads the next Field from r.
 	ReadFrom(r io.Reader) (int64, error)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go
@ -0,0 +1,91 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package encoding
 import (
 	"io"
 	"math/big"
 	"math/bits"
 )
 // An MPI is used to store the contents of a big integer, along with the bit
 // length that was specified in the original input. This allows the MPI to be
 // reserialized exactly.
 type MPI struct {
 	bytes     []byte
 	bitLength uint16
 }
 // NewMPI returns a MPI initialized with bytes.
 func NewMPI(bytes []byte) *MPI {
 	for len(bytes) != 0 && bytes[0] == 0 {
 		bytes = bytes[1:]
 	}
 	if len(bytes) == 0 {
 		bitLength := uint16(0)
 		return &MPI{bytes, bitLength}
 	}
 	bitLength := 8*uint16(len(bytes)-1) + uint16(bits.Len8(bytes[0]))
 	return &MPI{bytes, bitLength}
 }
 // Bytes returns the decoded data.
 func (m *MPI) Bytes() []byte {
 	return m.bytes
 }
 // BitLength is the size in bits of the decoded data.
 func (m *MPI) BitLength() uint16 {
 	return m.bitLength
 }
 // EncodedBytes returns the encoded data.
 func (m *MPI) EncodedBytes() []byte {
 	return append([]byte{byte(m.bitLength >> 8), byte(m.bitLength)}, m.bytes...)
 }
 // EncodedLength is the size in bytes of the encoded data.
 func (m *MPI) EncodedLength() uint16 {
 	return uint16(2 + len(m.bytes))
 }
 // ReadFrom reads into m the next MPI from r.
 func (m *MPI) ReadFrom(r io.Reader) (int64, error) {
 	var buf [2]byte
 	n, err := io.ReadFull(r, buf[0:])
 	if err != nil {
 		if err == io.EOF {
 			err = io.ErrUnexpectedEOF
 		}
 		return int64(n), err
 	}
 	m.bitLength = uint16(buf[0])<<8 | uint16(buf[1])
 	m.bytes = make([]byte, (int(m.bitLength)+7)/8)
 	nn, err := io.ReadFull(r, m.bytes)
 	if err == io.EOF {
 		err = io.ErrUnexpectedEOF
 	}
 	// remove leading zero bytes from malformed GnuPG encoded MPIs:
 	// https://bugs.gnupg.org/gnupg/issue1853
 	// for _, b := range m.bytes {
 	// 	if b != 0 {
 	// 		break
 	// 	}
 	// 	m.bytes = m.bytes[1:]
 	// 	m.bitLength -= 8
 	// }
 	return int64(n) + int64(nn), err
 }
 // SetBig initializes m with the bits from n.
 func (m *MPI) SetBig(n *big.Int) *MPI {
 	m.bytes = n.Bytes()
 	m.bitLength = uint16(n.BitLen())
 	return m
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go
@ -0,0 +1,88 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package encoding
 import (
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 )
 // OID is used to store a variable-length field with a one-octet size
 // prefix. See https://tools.ietf.org/html/rfc6637#section-9.
 type OID struct {
 	bytes []byte
 }
 const (
 	// maxOID is the maximum number of bytes in a OID.
 	maxOID = 254
 	// reservedOIDLength1 and reservedOIDLength2 are OID lengths that the RFC
 	// specifies are reserved.
 	reservedOIDLength1 = 0
 	reservedOIDLength2 = 0xff
 )
 // NewOID returns a OID initialized with bytes.
 func NewOID(bytes []byte) *OID {
 	switch len(bytes) {
 	case reservedOIDLength1, reservedOIDLength2:
 		panic("encoding: NewOID argument length is reserved")
 	default:
 		if len(bytes) > maxOID {
 			panic("encoding: NewOID argument too large")
 		}
 	}
 	return &OID{
 		bytes: bytes,
 	}
 }
 // Bytes returns the decoded data.
 func (o *OID) Bytes() []byte {
 	return o.bytes
 }
 // BitLength is the size in bits of the decoded data.
 func (o *OID) BitLength() uint16 {
 	return uint16(len(o.bytes) * 8)
 }
 // EncodedBytes returns the encoded data.
 func (o *OID) EncodedBytes() []byte {
 	return append([]byte{byte(len(o.bytes))}, o.bytes...)
 }
 // EncodedLength is the size in bytes of the encoded data.
 func (o *OID) EncodedLength() uint16 {
 	return uint16(1 + len(o.bytes))
 }
 // ReadFrom reads into b the next OID from r.
 func (o *OID) ReadFrom(r io.Reader) (int64, error) {
 	var buf [1]byte
 	n, err := io.ReadFull(r, buf[:])
 	if err != nil {
 		if err == io.EOF {
 			err = io.ErrUnexpectedEOF
 		}
 		return int64(n), err
 	}
 	switch buf[0] {
 	case reservedOIDLength1, reservedOIDLength2:
 		return int64(n), errors.UnsupportedError("reserved for future extensions")
 	}
 	o.bytes = make([]byte, buf[0])
 	nn, err := io.ReadFull(r, o.bytes)
 	if err == io.EOF {
 		err = io.ErrUnexpectedEOF
 	}
 	return int64(n) + int64(nn), err
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go
@ -0,0 +1,389 @@
 // Copyright 2011 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package openpgp
 import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
 	goerrors "errors"
 	"io"
 	"math/big"
 	"time"
 	"github.com/ProtonMail/go-crypto/openpgp/ecdh"
 	"github.com/ProtonMail/go-crypto/openpgp/ecdsa"
 	"github.com/ProtonMail/go-crypto/openpgp/eddsa"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 )
 // NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a
 // single identity composed of the given full name, comment and email, any of
 // which may be empty but must not contain any of "()<>\x00".
 // If config is nil, sensible defaults will be used.
 func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error) {
 	creationTime := config.Now()
 	keyLifetimeSecs := config.KeyLifetime()
 	// Generate a primary signing key
 	primaryPrivRaw, err := newSigner(config)
 	if err != nil {
 		return nil, err
 	}
 	primary := packet.NewSignerPrivateKey(creationTime, primaryPrivRaw)
 	if config != nil && config.V5Keys {
 		primary.UpgradeToV5()
 	}
 	e := &Entity{
 		PrimaryKey: &primary.PublicKey,
 		PrivateKey: primary,
 		Identities: make(map[string]*Identity),
 		Subkeys:    []Subkey{},
 	}
 	err = e.addUserId(name, comment, email, config, creationTime, keyLifetimeSecs)
 	if err != nil {
 		return nil, err
 	}
 	// NOTE: No key expiry here, but we will not return this subkey in EncryptionKey()
 	// if the primary/master key has expired.
 	err = e.addEncryptionSubkey(config, creationTime, 0)
 	if err != nil {
 		return nil, err
 	}
 	return e, nil
 }
 func (t *Entity) AddUserId(name, comment, email string, config *packet.Config) error {
 	creationTime := config.Now()
 	keyLifetimeSecs := config.KeyLifetime()
 	return t.addUserId(name, comment, email, config, creationTime, keyLifetimeSecs)
 }
 func (t *Entity) addUserId(name, comment, email string, config *packet.Config, creationTime time.Time, keyLifetimeSecs uint32) error {
 	uid := packet.NewUserId(name, comment, email)
 	if uid == nil {
 		return errors.InvalidArgumentError("user id field contained invalid characters")
 	}
 	if _, ok := t.Identities[uid.Id]; ok {
 		return errors.InvalidArgumentError("user id exist")
 	}
 	primary := t.PrivateKey
 	isPrimaryId := len(t.Identities) == 0
 	selfSignature := createSignaturePacket(&primary.PublicKey, packet.SigTypePositiveCert, config)
 	selfSignature.CreationTime = creationTime
 	selfSignature.KeyLifetimeSecs = &keyLifetimeSecs
 	selfSignature.IsPrimaryId = &isPrimaryId
 	selfSignature.FlagsValid = true
 	selfSignature.FlagSign = true
 	selfSignature.FlagCertify = true
 	selfSignature.SEIPDv1 = true // true by default, see 5.8 vs. 5.14
 	selfSignature.SEIPDv2 = config.AEAD() != nil
 	// Set the PreferredHash for the SelfSignature from the packet.Config.
 	// If it is not the must-implement algorithm from rfc4880bis, append that.
 	hash, ok := algorithm.HashToHashId(config.Hash())
 	if !ok {
 		return errors.UnsupportedError("unsupported preferred hash function")
 	}
 	selfSignature.PreferredHash = []uint8{hash}
 	if config.Hash() != crypto.SHA256 {
 		selfSignature.PreferredHash = append(selfSignature.PreferredHash, hashToHashId(crypto.SHA256))
 	}
 	// Likewise for DefaultCipher.
 	selfSignature.PreferredSymmetric = []uint8{uint8(config.Cipher())}
 	if config.Cipher() != packet.CipherAES128 {
 		selfSignature.PreferredSymmetric = append(selfSignature.PreferredSymmetric, uint8(packet.CipherAES128))
 	}
 	// We set CompressionNone as the preferred compression algorithm because
 	// of compression side channel attacks, then append the configured
 	// DefaultCompressionAlgo if any is set (to signal support for cases
 	// where the application knows that using compression is safe).
 	selfSignature.PreferredCompression = []uint8{uint8(packet.CompressionNone)}
 	if config.Compression() != packet.CompressionNone {
 		selfSignature.PreferredCompression = append(selfSignature.PreferredCompression, uint8(config.Compression()))
 	}
 	// And for DefaultMode.
 	modes := []uint8{uint8(config.AEAD().Mode())}
 	if config.AEAD().Mode() != packet.AEADModeOCB {
 		modes = append(modes, uint8(packet.AEADModeOCB))
 	}
 	// For preferred (AES256, GCM), we'll generate (AES256, GCM), (AES256, OCB), (AES128, GCM), (AES128, OCB)
 	for _, cipher := range selfSignature.PreferredSymmetric {
 		for _, mode := range modes {
 			selfSignature.PreferredCipherSuites = append(selfSignature.PreferredCipherSuites, [2]uint8{cipher, mode})
 		}
 	}
 	// User ID binding signature
 	err := selfSignature.SignUserId(uid.Id, &primary.PublicKey, primary, config)
 	if err != nil {
 		return err
 	}
 	t.Identities[uid.Id] = &Identity{
 		Name:          uid.Id,
 		UserId:        uid,
 		SelfSignature: selfSignature,
 		Signatures:    []*packet.Signature{selfSignature},
 	}
 	return nil
 }
 // AddSigningSubkey adds a signing keypair as a subkey to the Entity.
 // If config is nil, sensible defaults will be used.
 func (e *Entity) AddSigningSubkey(config *packet.Config) error {
 	creationTime := config.Now()
 	keyLifetimeSecs := config.KeyLifetime()
 	subPrivRaw, err := newSigner(config)
 	if err != nil {
 		return err
 	}
 	sub := packet.NewSignerPrivateKey(creationTime, subPrivRaw)
 	sub.IsSubkey = true
 	if config != nil && config.V5Keys {
 		sub.UpgradeToV5()
 	}
 	subkey := Subkey{
 		PublicKey:  &sub.PublicKey,
 		PrivateKey: sub,
 	}
 	subkey.Sig = createSignaturePacket(e.PrimaryKey, packet.SigTypeSubkeyBinding, config)
 	subkey.Sig.CreationTime = creationTime
 	subkey.Sig.KeyLifetimeSecs = &keyLifetimeSecs
 	subkey.Sig.FlagsValid = true
 	subkey.Sig.FlagSign = true
 	subkey.Sig.EmbeddedSignature = createSignaturePacket(subkey.PublicKey, packet.SigTypePrimaryKeyBinding, config)
 	subkey.Sig.EmbeddedSignature.CreationTime = creationTime
 	err = subkey.Sig.EmbeddedSignature.CrossSignKey(subkey.PublicKey, e.PrimaryKey, subkey.PrivateKey, config)
 	if err != nil {
 		return err
 	}
 	err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config)
 	if err != nil {
 		return err
 	}
 	e.Subkeys = append(e.Subkeys, subkey)
 	return nil
 }
 // AddEncryptionSubkey adds an encryption keypair as a subkey to the Entity.
 // If config is nil, sensible defaults will be used.
 func (e *Entity) AddEncryptionSubkey(config *packet.Config) error {
 	creationTime := config.Now()
 	keyLifetimeSecs := config.KeyLifetime()
 	return e.addEncryptionSubkey(config, creationTime, keyLifetimeSecs)
 }
 func (e *Entity) addEncryptionSubkey(config *packet.Config, creationTime time.Time, keyLifetimeSecs uint32) error {
 	subPrivRaw, err := newDecrypter(config)
 	if err != nil {
 		return err
 	}
 	sub := packet.NewDecrypterPrivateKey(creationTime, subPrivRaw)
 	sub.IsSubkey = true
 	if config != nil && config.V5Keys {
 		sub.UpgradeToV5()
 	}
 	subkey := Subkey{
 		PublicKey:  &sub.PublicKey,
 		PrivateKey: sub,
 	}
 	subkey.Sig = createSignaturePacket(e.PrimaryKey, packet.SigTypeSubkeyBinding, config)
 	subkey.Sig.CreationTime = creationTime
 	subkey.Sig.KeyLifetimeSecs = &keyLifetimeSecs
 	subkey.Sig.FlagsValid = true
 	subkey.Sig.FlagEncryptStorage = true
 	subkey.Sig.FlagEncryptCommunications = true
 	err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config)
 	if err != nil {
 		return err
 	}
 	e.Subkeys = append(e.Subkeys, subkey)
 	return nil
 }
 // Generates a signing key
 func newSigner(config *packet.Config) (signer interface{}, err error) {
 	switch config.PublicKeyAlgorithm() {
 	case packet.PubKeyAlgoRSA:
 		bits := config.RSAModulusBits()
 		if bits < 1024 {
 			return nil, errors.InvalidArgumentError("bits must be >= 1024")
 		}
 		if config != nil && len(config.RSAPrimes) >= 2 {
 			primes := config.RSAPrimes[0:2]
 			config.RSAPrimes = config.RSAPrimes[2:]
 			return generateRSAKeyWithPrimes(config.Random(), 2, bits, primes)
 		}
 		return rsa.GenerateKey(config.Random(), bits)
 	case packet.PubKeyAlgoEdDSA:
 		curve := ecc.FindEdDSAByGenName(string(config.CurveName()))
 		if curve == nil {
 			return nil, errors.InvalidArgumentError("unsupported curve")
 		}
 		priv, err := eddsa.GenerateKey(config.Random(), curve)
 		if err != nil {
 			return nil, err
 		}
 		return priv, nil
 	case packet.PubKeyAlgoECDSA:
 		curve := ecc.FindECDSAByGenName(string(config.CurveName()))
 		if curve == nil {
 			return nil, errors.InvalidArgumentError("unsupported curve")
 		}
 		priv, err := ecdsa.GenerateKey(config.Random(), curve)
 		if err != nil {
 			return nil, err
 		}
 		return priv, nil
 	default:
 		return nil, errors.InvalidArgumentError("unsupported public key algorithm")
 	}
 }
 // Generates an encryption/decryption key
 func newDecrypter(config *packet.Config) (decrypter interface{}, err error) {
 	switch config.PublicKeyAlgorithm() {
 	case packet.PubKeyAlgoRSA:
 		bits := config.RSAModulusBits()
 		if bits < 1024 {
 			return nil, errors.InvalidArgumentError("bits must be >= 1024")
 		}
 		if config != nil && len(config.RSAPrimes) >= 2 {
 			primes := config.RSAPrimes[0:2]
 			config.RSAPrimes = config.RSAPrimes[2:]
 			return generateRSAKeyWithPrimes(config.Random(), 2, bits, primes)
 		}
 		return rsa.GenerateKey(config.Random(), bits)
 	case packet.PubKeyAlgoEdDSA, packet.PubKeyAlgoECDSA:
 		fallthrough // When passing EdDSA or ECDSA, we generate an ECDH subkey
 	case packet.PubKeyAlgoECDH:
 		var kdf = ecdh.KDF{
 			Hash:   algorithm.SHA512,
 			Cipher: algorithm.AES256,
 		}
 		curve := ecc.FindECDHByGenName(string(config.CurveName()))
 		if curve == nil {
 			return nil, errors.InvalidArgumentError("unsupported curve")
 		}
 		return ecdh.GenerateKey(config.Random(), curve, kdf)
 	default:
 		return nil, errors.InvalidArgumentError("unsupported public key algorithm")
 	}
 }
 var bigOne = big.NewInt(1)
 // generateRSAKeyWithPrimes generates a multi-prime RSA keypair of the
 // given bit size, using the given random source and prepopulated primes.
 func generateRSAKeyWithPrimes(random io.Reader, nprimes int, bits int, prepopulatedPrimes []*big.Int) (*rsa.PrivateKey, error) {
 	priv := new(rsa.PrivateKey)
 	priv.E = 65537
 	if nprimes < 2 {
 		return nil, goerrors.New("generateRSAKeyWithPrimes: nprimes must be >= 2")
 	}
 	if bits < 1024 {
 		return nil, goerrors.New("generateRSAKeyWithPrimes: bits must be >= 1024")
 	}
 	primes := make([]*big.Int, nprimes)
 NextSetOfPrimes:
 	for {
 		todo := bits
 		// crypto/rand should set the top two bits in each prime.
 		// Thus each prime has the form
 		//   p_i = 2^bitlen(p_i) × 0.11... (in base 2).
 		// And the product is:
 		//   P = 2^todo × α
 		// where α is the product of nprimes numbers of the form 0.11...
 		//
 		// If α < 1/2 (which can happen for nprimes > 2), we need to
 		// shift todo to compensate for lost bits: the mean value of 0.11...
 		// is 7/8, so todo + shift - nprimes * log2(7/8) ~= bits - 1/2
 		// will give good results.
 		if nprimes >= 7 {
 			todo += (nprimes - 2) / 5
 		}
 		for i := 0; i < nprimes; i++ {
 			var err error
 			if len(prepopulatedPrimes) == 0 {
 				primes[i], err = rand.Prime(random, todo/(nprimes-i))
 				if err != nil {
 					return nil, err
 				}
 			} else {
 				primes[i] = prepopulatedPrimes[0]
 				prepopulatedPrimes = prepopulatedPrimes[1:]
 			}
 			todo -= primes[i].BitLen()
 		}
 		// Make sure that primes is pairwise unequal.
 		for i, prime := range primes {
 			for j := 0; j < i; j++ {
 				if prime.Cmp(primes[j]) == 0 {
 					continue NextSetOfPrimes
 				}
 			}
 		}
 		n := new(big.Int).Set(bigOne)
 		totient := new(big.Int).Set(bigOne)
 		pminus1 := new(big.Int)
 		for _, prime := range primes {
 			n.Mul(n, prime)
 			pminus1.Sub(prime, bigOne)
 			totient.Mul(totient, pminus1)
 		}
 		if n.BitLen() != bits {
 			// This should never happen for nprimes == 2 because
 			// crypto/rand should set the top two bits in each prime.
 			// For nprimes > 2 we hope it does not happen often.
 			continue NextSetOfPrimes
 		}
 		priv.D = new(big.Int)
 		e := big.NewInt(int64(priv.E))
 		ok := priv.D.ModInverse(e, totient)
 		if ok != nil {
 			priv.Primes = primes
 			priv.N = n
 			break
 		}
 	}
 	priv.Precompute()
 	return priv, nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go
@ -5,13 +5,13 @@
 package openpgp
 import (
-	"crypto/rsa"
+	goerrors "errors"
 	"io"
 	"time"
-	"golang.org/x/crypto/openpgp/armor"
+	"github.com/ProtonMail/go-crypto/openpgp/armor"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
-	"golang.org/x/crypto/openpgp/packet"
+	"github.com/ProtonMail/go-crypto/openpgp/packet"
 )
 // PublicKeyType is the armor type for a PGP public key.
@ -37,15 +37,17 @@ type Identity struct {
 	Name          string // by convention, has the form "Full Name (comment) <email@example.com>"
 	UserId        *packet.UserId
 	SelfSignature *packet.Signature
-	Signatures    []*packet.Signature
+	Revocations   []*packet.Signature
 	Signatures    []*packet.Signature // all (potentially unverified) self-signatures, revocations, and third-party signatures
 }
 // A Subkey is an additional public key in an Entity. Subkeys can be used for
 // encryption.
 type Subkey struct {
-	PublicKey  *packet.PublicKey
+	PublicKey   *packet.PublicKey
-	PrivateKey *packet.PrivateKey
+	PrivateKey  *packet.PrivateKey
-	Sig        *packet.Signature
+	Sig         *packet.Signature
 	Revocations []*packet.Signature
 }
 // A Key identifies a specific public key in an Entity. This is either the
@ -55,6 +57,7 @@ type Key struct {
 	PublicKey     *packet.PublicKey
 	PrivateKey    *packet.PrivateKey
 	SelfSignature *packet.Signature
 	Revocations   []*packet.Signature
 }
 // A KeyRing provides access to public and private keys.
@ -71,33 +74,71 @@ type KeyRing interface {
 	DecryptionKeys() []Key
 }
-// primaryIdentity returns the Identity marked as primary or the first identity
+// PrimaryIdentity returns an Identity, preferring non-revoked identities,
-// if none are so marked.
+// identities marked as primary, or the latest-created identity, in that order.
-func (e *Entity) primaryIdentity() *Identity {
+func (e *Entity) PrimaryIdentity() *Identity {
-	var firstIdentity *Identity
+	var primaryIdentity *Identity
 	for _, ident := range e.Identities {
-		if firstIdentity == nil {
+		if shouldPreferIdentity(primaryIdentity, ident) {
-			firstIdentity = ident
+			primaryIdentity = ident
 		}
 		if ident.SelfSignature.IsPrimaryId != nil && *ident.SelfSignature.IsPrimaryId {
 			return ident
 		}
 	}
-	return firstIdentity
+	return primaryIdentity
 }
-// encryptionKey returns the best candidate Key for encrypting a message to the
+func shouldPreferIdentity(existingId, potentialNewId *Identity) bool {
-// given Entity.
+	if existingId == nil {
-func (e *Entity) encryptionKey(now time.Time) (Key, bool) {
+		return true
-	candidateSubkey := -1
+	}
-	// Iterate the keys to find the newest key
+	if len(existingId.Revocations) > len(potentialNewId.Revocations) {
 		return true
 	}
 	if len(existingId.Revocations) < len(potentialNewId.Revocations) {
 		return false
 	}
 	if existingId.SelfSignature == nil {
 		return true
 	}
 	if existingId.SelfSignature.IsPrimaryId != nil && *existingId.SelfSignature.IsPrimaryId &&
 		!(potentialNewId.SelfSignature.IsPrimaryId != nil && *potentialNewId.SelfSignature.IsPrimaryId) {
 		return false
 	}
 	if !(existingId.SelfSignature.IsPrimaryId != nil && *existingId.SelfSignature.IsPrimaryId) &&
 		potentialNewId.SelfSignature.IsPrimaryId != nil && *potentialNewId.SelfSignature.IsPrimaryId {
 		return true
 	}
 	return potentialNewId.SelfSignature.CreationTime.After(existingId.SelfSignature.CreationTime)
 }
 // EncryptionKey returns the best candidate Key for encrypting a message to the
 // given Entity.
 func (e *Entity) EncryptionKey(now time.Time) (Key, bool) {
 	// Fail to find any encryption key if the...
 	i := e.PrimaryIdentity()
 	if e.PrimaryKey.KeyExpired(i.SelfSignature, now) || // primary key has expired
 		i.SelfSignature == nil || // user ID has no self-signature
 		i.SelfSignature.SigExpired(now) || // user ID self-signature has expired
 		e.Revoked(now) || // primary key has been revoked
 		i.Revoked(now) { // user ID has been revoked
 		return Key{}, false
 	}
 	// Iterate the keys to find the newest, unexpired one
 	candidateSubkey := -1
 	var maxTime time.Time
 	for i, subkey := range e.Subkeys {
 		if subkey.Sig.FlagsValid &&
 			subkey.Sig.FlagEncryptCommunications &&
 			subkey.PublicKey.PubKeyAlgo.CanEncrypt() &&
-			!subkey.Sig.KeyExpired(now) &&
+			!subkey.PublicKey.KeyExpired(subkey.Sig, now) &&
 			!subkey.Sig.SigExpired(now) &&
 			!subkey.Revoked(now) &&
 			(maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) {
 			candidateSubkey = i
 			maxTime = subkey.Sig.CreationTime
@ -106,55 +147,136 @@ func (e *Entity) encryptionKey(now time.Time) (Key, bool) {
 	if candidateSubkey != -1 {
 		subkey := e.Subkeys[candidateSubkey]
-		return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig}, true
+		return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig, subkey.Revocations}, true
 	}
 	// If we don't have any candidate subkeys for encryption and
 	// the primary key doesn't have any usage metadata then we
 	// assume that the primary key is ok. Or, if the primary key is
-	// marked as ok to encrypt to, then we can obviously use it.
+	// marked as ok to encrypt with, then we can obviously use it.
 	i := e.primaryIdentity()
 	if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagEncryptCommunications &&
-		e.PrimaryKey.PubKeyAlgo.CanEncrypt() &&
+		e.PrimaryKey.PubKeyAlgo.CanEncrypt() {
-		!i.SelfSignature.KeyExpired(now) {
+		return Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature, e.Revocations}, true
 		return Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true
 	}
 	// This Entity appears to be signing only.
 	return Key{}, false
 }
 // signingKey return the best candidate Key for signing a message with this
 // Entity.
 func (e *Entity) signingKey(now time.Time) (Key, bool) {
 	candidateSubkey := -1
-	for i, subkey := range e.Subkeys {
+// CertificationKey return the best candidate Key for certifying a key with this
 // Entity.
 func (e *Entity) CertificationKey(now time.Time) (Key, bool) {
 	return e.CertificationKeyById(now, 0)
 }
 // CertificationKeyById return the Key for key certification with this
 // Entity and keyID.
 func (e *Entity) CertificationKeyById(now time.Time, id uint64) (Key, bool) {
 	return e.signingKeyByIdUsage(now, id, packet.KeyFlagCertify)
 }
 // SigningKey return the best candidate Key for signing a message with this
 // Entity.
 func (e *Entity) SigningKey(now time.Time) (Key, bool) {
 	return e.SigningKeyById(now, 0)
 }
 // SigningKeyById return the Key for signing a message with this
 // Entity and keyID.
 func (e *Entity) SigningKeyById(now time.Time, id uint64) (Key, bool) {
 	return e.signingKeyByIdUsage(now, id, packet.KeyFlagSign)
 }
 func (e *Entity) signingKeyByIdUsage(now time.Time, id uint64, flags int) (Key, bool) {
 	// Fail to find any signing key if the...
 	i := e.PrimaryIdentity()
 	if e.PrimaryKey.KeyExpired(i.SelfSignature, now) || // primary key has expired
 		i.SelfSignature == nil || // user ID has no self-signature
 		i.SelfSignature.SigExpired(now) || // user ID self-signature has expired
 		e.Revoked(now) || // primary key has been revoked
 		i.Revoked(now) { // user ID has been revoked
 		return Key{}, false
 	}
 	// Iterate the keys to find the newest, unexpired one
 	candidateSubkey := -1
 	var maxTime time.Time
 	for idx, subkey := range e.Subkeys {
 		if subkey.Sig.FlagsValid &&
-			subkey.Sig.FlagSign &&
+			(flags & packet.KeyFlagCertify == 0 || subkey.Sig.FlagCertify) &&
 			(flags & packet.KeyFlagSign == 0 || subkey.Sig.FlagSign) &&
 			subkey.PublicKey.PubKeyAlgo.CanSign() &&
-			!subkey.Sig.KeyExpired(now) {
+			!subkey.PublicKey.KeyExpired(subkey.Sig, now) &&
-			candidateSubkey = i
+			!subkey.Sig.SigExpired(now) &&
-			break
+			!subkey.Revoked(now) &&
 			(maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) &&
 			(id == 0 || subkey.PublicKey.KeyId == id) {
 			candidateSubkey = idx
 			maxTime = subkey.Sig.CreationTime
 		}
 	}
 	if candidateSubkey != -1 {
 		subkey := e.Subkeys[candidateSubkey]
-		return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig}, true
+		return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig, subkey.Revocations}, true
 	}
 	// If we have no candidate subkey then we assume that it's ok to sign
-	// with the primary key.
+	// with the primary key.  Or, if the primary key is marked as ok to
-	i := e.primaryIdentity()
+	// sign with, then we can use it.
-	if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagSign &&
+	if !i.SelfSignature.FlagsValid || (
-		!i.SelfSignature.KeyExpired(now) {
+			(flags & packet.KeyFlagCertify == 0 || i.SelfSignature.FlagCertify) &&
-		return Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true
+			(flags & packet.KeyFlagSign == 0 || i.SelfSignature.FlagSign)) &&
 		e.PrimaryKey.PubKeyAlgo.CanSign() &&
 		(id == 0 || e.PrimaryKey.KeyId == id) {
 		return Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature, e.Revocations}, true
 	}
 	// No keys with a valid Signing Flag or no keys matched the id passed in
 	return Key{}, false
 }
 func revoked(revocations []*packet.Signature, now time.Time) bool {
 	for _, revocation := range revocations {
 		if revocation.RevocationReason != nil && *revocation.RevocationReason == packet.KeyCompromised {
 			// If the key is compromised, the key is considered revoked even before the revocation date.
 			return true
 		}
 		if !revocation.SigExpired(now) {
 			return true
 		}
 	}
 	return false
 }
 // Revoked returns whether the entity has any direct key revocation signatures.
 // Note that third-party revocation signatures are not supported.
 // Note also that Identity and Subkey revocation should be checked separately.
 func (e *Entity) Revoked(now time.Time) bool {
 	return revoked(e.Revocations, now)
 }
 // Revoked returns whether the identity has been revoked by a self-signature.
 // Note that third-party revocation signatures are not supported.
 func (i *Identity) Revoked(now time.Time) bool {
 	return revoked(i.Revocations, now)
 }
 // Revoked returns whether the subkey has been revoked by a self-signature.
 // Note that third-party revocation signatures are not supported.
 func (s *Subkey) Revoked(now time.Time) bool {
 	return revoked(s.Revocations, now)
 }
 // Revoked returns whether the key or subkey has been revoked by a self-signature.
 // Note that third-party revocation signatures are not supported.
 // Note also that Identity revocation should be checked separately.
 // Normally, it's not necessary to call this function, except on keys returned by
 // KeysById or KeysByIdUsage.
 func (key *Key) Revoked(now time.Time) bool {
 	return revoked(key.Revocations, now)
 }
 // An EntityList contains one or more Entities.
 type EntityList []*Entity
@ -162,21 +284,14 @@ type EntityList []*Entity
 func (el EntityList) KeysById(id uint64) (keys []Key) {
 	for _, e := range el {
 		if e.PrimaryKey.KeyId == id {
-			var selfSig *packet.Signature
+			ident := e.PrimaryIdentity()
-			for _, ident := range e.Identities {
+			selfSig := ident.SelfSignature
-				if selfSig == nil {
+			keys = append(keys, Key{e, e.PrimaryKey, e.PrivateKey, selfSig, e.Revocations})
 					selfSig = ident.SelfSignature
 				} else if ident.SelfSignature.IsPrimaryId != nil && *ident.SelfSignature.IsPrimaryId {
 					selfSig = ident.SelfSignature
 					break
 				}
 			}
 			keys = append(keys, Key{e, e.PrimaryKey, e.PrivateKey, selfSig})
 		}
 		for _, subKey := range e.Subkeys {
 			if subKey.PublicKey.KeyId == id {
-				keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig})
+				keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig, subKey.Revocations})
 			}
 		}
 	}
@ -188,15 +303,7 @@ func (el EntityList) KeysById(id uint64) (keys []Key) {
 // the bitwise-OR of packet.KeyFlag* values.
 func (el EntityList) KeysByIdUsage(id uint64, requiredUsage byte) (keys []Key) {
 	for _, key := range el.KeysById(id) {
-		if len(key.Entity.Revocations) > 0 {
+		if key.SelfSignature != nil && key.SelfSignature.FlagsValid && requiredUsage != 0 {
 			continue
 		}
 		if key.SelfSignature.RevocationReason != nil {
 			continue
 		}
 		if key.SelfSignature.FlagsValid && requiredUsage != 0 {
 			var usage byte
 			if key.SelfSignature.FlagCertify {
 				usage |= packet.KeyFlagCertify
@ -225,7 +332,7 @@ func (el EntityList) DecryptionKeys() (keys []Key) {
 	for _, e := range el {
 		for _, subKey := range e.Subkeys {
 			if subKey.PrivateKey != nil && (!subKey.Sig.FlagsValid || subKey.Sig.FlagEncryptStorage || subKey.Sig.FlagEncryptCommunications) {
-				keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig})
+				keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig, subKey.Revocations})
 			}
 		}
 	}
@ -420,11 +527,24 @@ func addUserID(e *Entity, packets *packet.Reader, pkt *packet.UserId) error {
 			break
 		}
-		if (sig.SigType == packet.SigTypePositiveCert || sig.SigType == packet.SigTypeGenericCert) && sig.IssuerKeyId != nil && *sig.IssuerKeyId == e.PrimaryKey.KeyId {
+		if sig.SigType != packet.SigTypeGenericCert &&
 			sig.SigType != packet.SigTypePersonaCert &&
 			sig.SigType != packet.SigTypeCasualCert &&
 			sig.SigType != packet.SigTypePositiveCert &&
 			sig.SigType != packet.SigTypeCertificationRevocation {
 			return errors.StructuralError("user ID signature with wrong type")
 		}
 		if sig.CheckKeyIdOrFingerprint(e.PrimaryKey) {
 			if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil {
 				return errors.StructuralError("user ID self-signature invalid: " + err.Error())
 			}
-			identity.SelfSignature = sig
+			if sig.SigType == packet.SigTypeCertificationRevocation {
 				identity.Revocations = append(identity.Revocations, sig)
 			} else if identity.SelfSignature == nil || sig.CreationTime.After(identity.SelfSignature.CreationTime) {
 				identity.SelfSignature = sig
 			}
 			identity.Signatures = append(identity.Signatures, sig)
 			e.Identities[pkt.Id] = identity
 		} else {
 			identity.Signatures = append(identity.Signatures, sig)
@ -463,10 +583,9 @@ func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *p
 		switch sig.SigType {
 		case packet.SigTypeSubkeyRevocation:
-			subKey.Sig = sig
+			subKey.Revocations = append(subKey.Revocations, sig)
 		case packet.SigTypeSubkeyBinding:
-
+			if subKey.Sig == nil || sig.CreationTime.After(subKey.Sig.CreationTime) {
 			if shouldReplaceSubkeySig(subKey.Sig, sig) {
 				subKey.Sig = sig
 			}
 		}
@ -481,131 +600,59 @@ func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *p
 	return nil
 }
 func shouldReplaceSubkeySig(existingSig, potentialNewSig *packet.Signature) bool {
 	if potentialNewSig == nil {
 		return false
 	}
 	if existingSig == nil {
 		return true
 	}
 	if existingSig.SigType == packet.SigTypeSubkeyRevocation {
 		return false // never override a revocation signature
 	}
 	return potentialNewSig.CreationTime.After(existingSig.CreationTime)
 }
 const defaultRSAKeyBits = 2048
 // NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a
 // single identity composed of the given full name, comment and email, any of
 // which may be empty but must not contain any of "()<>\x00".
 // If config is nil, sensible defaults will be used.
 func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error) {
 	creationTime := config.Now()
 	bits := defaultRSAKeyBits
 	if config != nil && config.RSABits != 0 {
 		bits = config.RSABits
 	}
 	uid := packet.NewUserId(name, comment, email)
 	if uid == nil {
 		return nil, errors.InvalidArgumentError("user id field contained invalid characters")
 	}
 	signingPriv, err := rsa.GenerateKey(config.Random(), bits)
 	if err != nil {
 		return nil, err
 	}
 	encryptingPriv, err := rsa.GenerateKey(config.Random(), bits)
 	if err != nil {
 		return nil, err
 	}
 	e := &Entity{
 		PrimaryKey: packet.NewRSAPublicKey(creationTime, &signingPriv.PublicKey),
 		PrivateKey: packet.NewRSAPrivateKey(creationTime, signingPriv),
 		Identities: make(map[string]*Identity),
 	}
 	isPrimaryId := true
 	e.Identities[uid.Id] = &Identity{
 		Name:   uid.Id,
 		UserId: uid,
 		SelfSignature: &packet.Signature{
 			CreationTime: creationTime,
 			SigType:      packet.SigTypePositiveCert,
 			PubKeyAlgo:   packet.PubKeyAlgoRSA,
 			Hash:         config.Hash(),
 			IsPrimaryId:  &isPrimaryId,
 			FlagsValid:   true,
 			FlagSign:     true,
 			FlagCertify:  true,
 			IssuerKeyId:  &e.PrimaryKey.KeyId,
 		},
 	}
 	err = e.Identities[uid.Id].SelfSignature.SignUserId(uid.Id, e.PrimaryKey, e.PrivateKey, config)
 	if err != nil {
 		return nil, err
 	}
 	// If the user passes in a DefaultHash via packet.Config,
 	// set the PreferredHash for the SelfSignature.
 	if config != nil && config.DefaultHash != 0 {
 		e.Identities[uid.Id].SelfSignature.PreferredHash = []uint8{hashToHashId(config.DefaultHash)}
 	}
 	// Likewise for DefaultCipher.
 	if config != nil && config.DefaultCipher != 0 {
 		e.Identities[uid.Id].SelfSignature.PreferredSymmetric = []uint8{uint8(config.DefaultCipher)}
 	}
 	e.Subkeys = make([]Subkey, 1)
 	e.Subkeys[0] = Subkey{
 		PublicKey:  packet.NewRSAPublicKey(creationTime, &encryptingPriv.PublicKey),
 		PrivateKey: packet.NewRSAPrivateKey(creationTime, encryptingPriv),
 		Sig: &packet.Signature{
 			CreationTime:              creationTime,
 			SigType:                   packet.SigTypeSubkeyBinding,
 			PubKeyAlgo:                packet.PubKeyAlgoRSA,
 			Hash:                      config.Hash(),
 			FlagsValid:                true,
 			FlagEncryptStorage:        true,
 			FlagEncryptCommunications: true,
 			IssuerKeyId:               &e.PrimaryKey.KeyId,
 		},
 	}
 	e.Subkeys[0].PublicKey.IsSubkey = true
 	e.Subkeys[0].PrivateKey.IsSubkey = true
 	err = e.Subkeys[0].Sig.SignKey(e.Subkeys[0].PublicKey, e.PrivateKey, config)
 	if err != nil {
 		return nil, err
 	}
 	return e, nil
 }
 // SerializePrivate serializes an Entity, including private key material, but
 // excluding signatures from other entities, to the given Writer.
 // Identities and subkeys are re-signed in case they changed since NewEntry.
 // If config is nil, sensible defaults will be used.
 func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error) {
 	if e.PrivateKey.Dummy() {
 		return errors.ErrDummyPrivateKey("dummy private key cannot re-sign identities")
 	}
 	return e.serializePrivate(w, config, true)
 }
 // SerializePrivateWithoutSigning serializes an Entity, including private key
 // material, but excluding signatures from other entities, to the given Writer.
 // Self-signatures of identities and subkeys are not re-signed. This is useful
 // when serializing GNU dummy keys, among other things.
 // If config is nil, sensible defaults will be used.
 func (e *Entity) SerializePrivateWithoutSigning(w io.Writer, config *packet.Config) (err error) {
 	return e.serializePrivate(w, config, false)
 }
 func (e *Entity) serializePrivate(w io.Writer, config *packet.Config, reSign bool) (err error) {
 	if e.PrivateKey == nil {
 		return goerrors.New("openpgp: private key is missing")
 	}
 	err = e.PrivateKey.Serialize(w)
 	if err != nil {
 		return
 	}
 	for _, revocation := range e.Revocations {
 		err := revocation.Serialize(w)
 		if err != nil {
 			return err
 		}
 	}
 	for _, ident := range e.Identities {
 		err = ident.UserId.Serialize(w)
 		if err != nil {
 			return
 		}
-		err = ident.SelfSignature.SignUserId(ident.UserId.Id, e.PrimaryKey, e.PrivateKey, config)
+		if reSign {
-		if err != nil {
+			if ident.SelfSignature == nil {
-			return
+				return goerrors.New("openpgp: can't re-sign identity without valid self-signature")
 			}
 			err = ident.SelfSignature.SignUserId(ident.UserId.Id, e.PrimaryKey, e.PrivateKey, config)
 			if err != nil {
 				return
 			}
 		}
-		err = ident.SelfSignature.Serialize(w)
+		for _, sig := range ident.Signatures {
-		if err != nil {
+			err = sig.Serialize(w)
-			return
+			if err != nil {
 				return err
 			}
 		}
 	}
 	for _, subkey := range e.Subkeys {
@ -613,9 +660,24 @@ func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error
 		if err != nil {
 			return
 		}
-		err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config)
+		if reSign {
-		if err != nil {
+			err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config)
-			return
+			if err != nil {
 				return
 			}
 			if subkey.Sig.EmbeddedSignature != nil {
 				err = subkey.Sig.EmbeddedSignature.CrossSignKey(subkey.PublicKey, e.PrimaryKey,
 					subkey.PrivateKey, config)
 				if err != nil {
 					return
 				}
 			}
 		}
 		for _, revocation := range subkey.Revocations {
 			err := revocation.Serialize(w)
 			if err != nil {
 				return err
 			}
 		}
 		err = subkey.Sig.Serialize(w)
 		if err != nil {
@ -632,12 +694,14 @@ func (e *Entity) Serialize(w io.Writer) error {
 	if err != nil {
 		return err
 	}
-	for _, ident := range e.Identities {
+	for _, revocation := range e.Revocations {
-		err = ident.UserId.Serialize(w)
+		err := revocation.Serialize(w)
 		if err != nil {
 			return err
 		}
-		err = ident.SelfSignature.Serialize(w)
+	}
 	for _, ident := range e.Identities {
 		err = ident.UserId.Serialize(w)
 		if err != nil {
 			return err
 		}
@ -653,6 +717,12 @@ func (e *Entity) Serialize(w io.Writer) error {
 		if err != nil {
 			return err
 		}
 		for _, revocation := range subkey.Revocations {
 			err := revocation.Serialize(w)
 			if err != nil {
 				return err
 			}
 		}
 		err = subkey.Sig.Serialize(w)
 		if err != nil {
 			return err
@ -667,27 +737,68 @@ func (e *Entity) Serialize(w io.Writer) error {
 // necessary.
 // If config is nil, sensible defaults will be used.
 func (e *Entity) SignIdentity(identity string, signer *Entity, config *packet.Config) error {
-	if signer.PrivateKey == nil {
+	certificationKey, ok := signer.CertificationKey(config.Now())
-		return errors.InvalidArgumentError("signing Entity must have a private key")
+	if !ok {
 		return errors.InvalidArgumentError("no valid certification key found")
 	}
-	if signer.PrivateKey.Encrypted {
+
 	if certificationKey.PrivateKey.Encrypted {
 		return errors.InvalidArgumentError("signing Entity's private key must be decrypted")
 	}
 	ident, ok := e.Identities[identity]
 	if !ok {
 		return errors.InvalidArgumentError("given identity string not found in Entity")
 	}
-	sig := &packet.Signature{
+	sig := createSignaturePacket(certificationKey.PublicKey, packet.SigTypeGenericCert, config)
-		SigType:      packet.SigTypeGenericCert,
+
-		PubKeyAlgo:   signer.PrivateKey.PubKeyAlgo,
+	signingUserID := config.SigningUserId()
-		Hash:         config.Hash(),
+	if signingUserID != "" {
-		CreationTime: config.Now(),
+		if _, ok := signer.Identities[signingUserID]; !ok {
-		IssuerKeyId:  &signer.PrivateKey.KeyId,
+			return errors.InvalidArgumentError("signer identity string not found in signer Entity")
 		}
 		sig.SignerUserId = &signingUserID
 	}
-	if err := sig.SignUserId(identity, e.PrimaryKey, signer.PrivateKey, config); err != nil {
+
 	if err := sig.SignUserId(identity, e.PrimaryKey, certificationKey.PrivateKey, config); err != nil {
 		return err
 	}
 	ident.Signatures = append(ident.Signatures, sig)
 	return nil
 }
 // RevokeKey generates a key revocation signature (packet.SigTypeKeyRevocation) with the
 // specified reason code and text (RFC4880 section-5.2.3.23).
 // If config is nil, sensible defaults will be used.
 func (e *Entity) RevokeKey(reason packet.ReasonForRevocation, reasonText string, config *packet.Config) error {
 	revSig := createSignaturePacket(e.PrimaryKey, packet.SigTypeKeyRevocation, config)
 	revSig.RevocationReason = &reason
 	revSig.RevocationReasonText = reasonText
 	if err := revSig.RevokeKey(e.PrimaryKey, e.PrivateKey, config); err != nil {
 		return err
 	}
 	e.Revocations = append(e.Revocations, revSig)
 	return nil
 }
 // RevokeSubkey generates a subkey revocation signature (packet.SigTypeSubkeyRevocation) for
 // a subkey with the specified reason code and text (RFC4880 section-5.2.3.23).
 // If config is nil, sensible defaults will be used.
 func (e *Entity) RevokeSubkey(sk *Subkey, reason packet.ReasonForRevocation, reasonText string, config *packet.Config) error {
 	if err := e.PrimaryKey.VerifyKeySignature(sk.PublicKey, sk.Sig); err != nil {
 		return errors.InvalidArgumentError("given subkey is not associated with this key")
 	}
 	revSig := createSignaturePacket(e.PrimaryKey, packet.SigTypeSubkeyRevocation, config)
 	revSig.RevocationReason = &reason
 	revSig.RevocationReasonText = reasonText
 	if err := revSig.RevokeSubkey(sk.PublicKey, e.PrivateKey, config); err != nil {
 		return err
 	}
 	sk.Revocations = append(sk.Revocations, revSig)
 	return nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
@ -0,0 +1,67 @@
 // Copyright (C) 2019 ProtonTech AG
 package packet
 import "math/bits"
 // CipherSuite contains a combination of Cipher and Mode
 type CipherSuite struct {
 	// The cipher function
 	Cipher CipherFunction
 	// The AEAD mode of operation.
 	Mode AEADMode
 }
 // AEADConfig collects a number of AEAD parameters along with sensible defaults.
 // A nil AEADConfig is valid and results in all default values.
 type AEADConfig struct {
 	// The AEAD mode of operation.
 	DefaultMode AEADMode
 	// Amount of octets in each chunk of data
 	ChunkSize uint64
 }
 // Mode returns the AEAD mode of operation.
 func (conf *AEADConfig) Mode() AEADMode {
 	// If no preference is specified, OCB is used (which is mandatory to implement).
 	if conf == nil || conf.DefaultMode == 0 {
 		return AEADModeOCB
 	}
 	mode := conf.DefaultMode
 	if mode != AEADModeEAX && mode != AEADModeOCB && mode != AEADModeGCM {
 		panic("AEAD mode unsupported")
 	}
 	return mode
 }
 // ChunkSizeByte returns the byte indicating the chunk size. The effective
 // chunk size is computed with the formula uint64(1) << (chunkSizeByte + 6)
 // limit to 16 = 4 MiB
 // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
 func (conf *AEADConfig) ChunkSizeByte() byte {
 	if conf == nil || conf.ChunkSize == 0 {
 		return 12 // 1 << (12 + 6) == 262144 bytes
 	}
 	chunkSize := conf.ChunkSize
 	exponent := bits.Len64(chunkSize) - 1
 	switch {
 	case exponent < 6:
 		exponent = 6
 	case exponent > 16:
 		exponent = 16
 	}
 	return byte(exponent - 6)
 }
 // decodeAEADChunkSize returns the effective chunk size. In 32-bit systems, the
 // maximum returned value is 1 << 30.
 func decodeAEADChunkSize(c byte) int {
 	size := uint64(1 << (c + 6))
 	if size != uint64(int(size)) {
 		return 1 << 30
 	}
 	return int(size)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go
@ -0,0 +1,265 @@
 // Copyright (C) 2019 ProtonTech AG
 package packet
 import (
 	"bytes"
 	"crypto/cipher"
 	"encoding/binary"
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 )
 // aeadCrypter is an AEAD opener/sealer, its configuration, and data for en/decryption.
 type aeadCrypter struct {
 	aead           cipher.AEAD
 	chunkSize      int
 	initialNonce   []byte
 	associatedData []byte       // Chunk-independent associated data
 	chunkIndex     []byte       // Chunk counter
 	packetTag      packetType
 	bytesProcessed int          // Amount of plaintext bytes encrypted/decrypted
 	buffer         bytes.Buffer // Buffered bytes across chunks
 }
 // computeNonce takes the incremental index and computes an eXclusive OR with
 // the least significant 8 bytes of the receivers' initial nonce (see sec.
 // 5.16.1 and 5.16.2). It returns the resulting nonce.
 func (wo *aeadCrypter) computeNextNonce() (nonce []byte) {
 	if wo.packetTag == packetTypeSymmetricallyEncryptedIntegrityProtected {
 		return append(wo.initialNonce, wo.chunkIndex...)
 	}
 	nonce = make([]byte, len(wo.initialNonce))
 	copy(nonce, wo.initialNonce)
 	offset := len(wo.initialNonce) - 8
 	for i := 0; i < 8; i++ {
 		nonce[i+offset] ^= wo.chunkIndex[i]
 	}
 	return
 }
 // incrementIndex performs an integer increment by 1 of the integer represented by the
 // slice, modifying it accordingly.
 func (wo *aeadCrypter) incrementIndex() error {
 	index := wo.chunkIndex
 	if len(index) == 0 {
 		return errors.AEADError("Index has length 0")
 	}
 	for i := len(index) - 1; i >= 0; i-- {
 		if index[i] < 255 {
 			index[i]++
 			return nil
 		}
 		index[i] = 0
 	}
 	return errors.AEADError("cannot further increment index")
 }
 // aeadDecrypter reads and decrypts bytes. It buffers extra decrypted bytes when
 // necessary, similar to aeadEncrypter.
 type aeadDecrypter struct {
 	aeadCrypter           // Embedded ciphertext opener
 	reader      io.Reader // 'reader' is a partialLengthReader
 	peekedBytes []byte    // Used to detect last chunk
 	eof         bool
 }
 // Read decrypts bytes and reads them into dst. It decrypts when necessary and
 // buffers extra decrypted bytes. It returns the number of bytes copied into dst
 // and an error.
 func (ar *aeadDecrypter) Read(dst []byte) (n int, err error) {
 	// Return buffered plaintext bytes from previous calls
 	if ar.buffer.Len() > 0 {
 		return ar.buffer.Read(dst)
 	}
 	// Return EOF if we've previously validated the final tag
 	if ar.eof {
 		return 0, io.EOF
 	}
 	// Read a chunk
 	tagLen := ar.aead.Overhead()
 	cipherChunkBuf := new(bytes.Buffer)
 	_, errRead := io.CopyN(cipherChunkBuf, ar.reader, int64(ar.chunkSize + tagLen))
 	cipherChunk := cipherChunkBuf.Bytes()
 	if errRead != nil && errRead != io.EOF {
 		return 0, errRead
 	}
 	decrypted, errChunk := ar.openChunk(cipherChunk)
 	if errChunk != nil {
 		return 0, errChunk
 	}
 	// Return decrypted bytes, buffering if necessary
 	if len(dst) < len(decrypted) {
 		n = copy(dst, decrypted[:len(dst)])
 		ar.buffer.Write(decrypted[len(dst):])
 	} else {
 		n = copy(dst, decrypted)
 	}
 	// Check final authentication tag
 	if errRead == io.EOF {
 		errChunk := ar.validateFinalTag(ar.peekedBytes)
 		if errChunk != nil {
 			return n, errChunk
 		}
 		ar.eof = true // Mark EOF for when we've returned all buffered data
 	}
 	return
 }
 // Close is noOp. The final authentication tag of the stream was already
 // checked in the last Read call. In the future, this function could be used to
 // wipe the reader and peeked, decrypted bytes, if necessary.
 func (ar *aeadDecrypter) Close() (err error) {
 	return nil
 }
 // openChunk decrypts and checks integrity of an encrypted chunk, returning
 // the underlying plaintext and an error. It accesses peeked bytes from next
 // chunk, to identify the last chunk and decrypt/validate accordingly.
 func (ar *aeadDecrypter) openChunk(data []byte) ([]byte, error) {
 	tagLen := ar.aead.Overhead()
 	// Restore carried bytes from last call
 	chunkExtra := append(ar.peekedBytes, data...)
 	// 'chunk' contains encrypted bytes, followed by an authentication tag.
 	chunk := chunkExtra[:len(chunkExtra)-tagLen]
 	ar.peekedBytes = chunkExtra[len(chunkExtra)-tagLen:]
 	adata := ar.associatedData
 	if ar.aeadCrypter.packetTag == packetTypeAEADEncrypted {
 		adata = append(ar.associatedData, ar.chunkIndex...)
 	}
 	nonce := ar.computeNextNonce()
 	plainChunk, err := ar.aead.Open(nil, nonce, chunk, adata)
 	if err != nil {
 		return nil, err
 	}
 	ar.bytesProcessed += len(plainChunk)
 	if err = ar.aeadCrypter.incrementIndex(); err != nil {
 		return nil, err
 	}
 	return plainChunk, nil
 }
 // Checks the summary tag. It takes into account the total decrypted bytes into
 // the associated data. It returns an error, or nil if the tag is valid.
 func (ar *aeadDecrypter) validateFinalTag(tag []byte) error {
 	// Associated: tag, version, cipher, aead, chunk size, ...
 	amountBytes := make([]byte, 8)
 	binary.BigEndian.PutUint64(amountBytes, uint64(ar.bytesProcessed))
 	adata := ar.associatedData
 	if ar.aeadCrypter.packetTag == packetTypeAEADEncrypted {
 		// ... index ...
 		adata = append(ar.associatedData, ar.chunkIndex...)
 	}
 	// ... and total number of encrypted octets
 	adata = append(adata, amountBytes...)
 	nonce := ar.computeNextNonce()
 	_, err := ar.aead.Open(nil, nonce, tag, adata)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 // aeadEncrypter encrypts and writes bytes. It encrypts when necessary according
 // to the AEAD block size, and buffers the extra encrypted bytes for next write.
 type aeadEncrypter struct {
 	aeadCrypter                // Embedded plaintext sealer
 	writer      io.WriteCloser // 'writer' is a partialLengthWriter
 }
 // Write encrypts and writes bytes. It encrypts when necessary and buffers extra
 // plaintext bytes for next call. When the stream is finished, Close() MUST be
 // called to append the final tag.
 func (aw *aeadEncrypter) Write(plaintextBytes []byte) (n int, err error) {
 	// Append plaintextBytes to existing buffered bytes
 	n, err = aw.buffer.Write(plaintextBytes)
 	if err != nil {
 		return n, err
 	}
 	// Encrypt and write chunks
 	for aw.buffer.Len() >= aw.chunkSize {
 		plainChunk := aw.buffer.Next(aw.chunkSize)
 		encryptedChunk, err := aw.sealChunk(plainChunk)
 		if err != nil {
 			return n, err
 		}
 		_, err = aw.writer.Write(encryptedChunk)
 		if err != nil {
 			return n, err
 		}
 	}
 	return
 }
 // Close encrypts and writes the remaining buffered plaintext if any, appends
 // the final authentication tag, and closes the embedded writer. This function
 // MUST be called at the end of a stream.
 func (aw *aeadEncrypter) Close() (err error) {
 	// Encrypt and write a chunk if there's buffered data left, or if we haven't
 	// written any chunks yet.
 	if aw.buffer.Len() > 0 || aw.bytesProcessed == 0 {
 		plainChunk := aw.buffer.Bytes()
 		lastEncryptedChunk, err := aw.sealChunk(plainChunk)
 		if err != nil {
 			return err
 		}
 		_, err = aw.writer.Write(lastEncryptedChunk)
 		if err != nil {
 			return err
 		}
 	}
 	// Compute final tag (associated data: packet tag, version, cipher, aead,
 	// chunk size...
 	adata := aw.associatedData
 	if aw.aeadCrypter.packetTag == packetTypeAEADEncrypted {
 		// ... index ...
 		adata = append(aw.associatedData, aw.chunkIndex...)
 	}
 	// ... and total number of encrypted octets
 	amountBytes := make([]byte, 8)
 	binary.BigEndian.PutUint64(amountBytes, uint64(aw.bytesProcessed))
 	adata = append(adata, amountBytes...)
 	nonce := aw.computeNextNonce()
 	finalTag := aw.aead.Seal(nil, nonce, nil, adata)
 	_, err = aw.writer.Write(finalTag)
 	if err != nil {
 		return err
 	}
 	return aw.writer.Close()
 }
 // sealChunk Encrypts and authenticates the given chunk.
 func (aw *aeadEncrypter) sealChunk(data []byte) ([]byte, error) {
 	if len(data) > aw.chunkSize {
 		return nil, errors.AEADError("chunk exceeds maximum length")
 	}
 	if aw.associatedData == nil {
 		return nil, errors.AEADError("can't seal without headers")
 	}
 	adata := aw.associatedData
 	if aw.aeadCrypter.packetTag == packetTypeAEADEncrypted {
 		adata = append(aw.associatedData, aw.chunkIndex...)
 	}
 	nonce := aw.computeNextNonce()
 	encrypted := aw.aead.Seal(nil, nonce, data, adata)
 	aw.bytesProcessed += len(data)
 	if err := aw.aeadCrypter.incrementIndex(); err != nil {
 		return nil, err
 	}
 	return encrypted, nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_encrypted.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_encrypted.go
@ -0,0 +1,96 @@
 // Copyright (C) 2019 ProtonTech AG
 package packet
 import (
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
 )
 // AEADEncrypted represents an AEAD Encrypted Packet.
 // See https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-00.html#name-aead-encrypted-data-packet-t
 type AEADEncrypted struct {
 	cipher        CipherFunction
 	mode          AEADMode
 	chunkSizeByte byte
 	Contents      io.Reader // Encrypted chunks and tags
 	initialNonce  []byte    // Referred to as IV in RFC4880-bis
 }
 // Only currently defined version
 const aeadEncryptedVersion = 1
 func (ae *AEADEncrypted) parse(buf io.Reader) error {
 	headerData := make([]byte, 4)
 	if n, err := io.ReadFull(buf, headerData); n < 4 {
 		return errors.AEADError("could not read aead header:" + err.Error())
 	}
 	// Read initial nonce
 	mode := AEADMode(headerData[2])
 	nonceLen := mode.IvLength()
 	// This packet supports only EAX and OCB
 	// https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-00.html#name-aead-encrypted-data-packet-t
 	if nonceLen == 0 || mode > AEADModeOCB {
 		return errors.AEADError("unknown mode")
 	}
 	initialNonce := make([]byte, nonceLen)
 	if n, err := io.ReadFull(buf, initialNonce); n < nonceLen {
 		return errors.AEADError("could not read aead nonce:" + err.Error())
 	}
 	ae.Contents = buf
 	ae.initialNonce = initialNonce
 	c := headerData[1]
 	if _, ok := algorithm.CipherById[c]; !ok {
 		return errors.UnsupportedError("unknown cipher: " + string(c))
 	}
 	ae.cipher = CipherFunction(c)
 	ae.mode = mode
 	ae.chunkSizeByte = headerData[3]
 	return nil
 }
 // Decrypt returns a io.ReadCloser from which decrypted bytes can be read, or
 // an error.
 func (ae *AEADEncrypted) Decrypt(ciph CipherFunction, key []byte) (io.ReadCloser, error) {
 	return ae.decrypt(key)
 }
 // decrypt prepares an aeadCrypter and returns a ReadCloser from which
 // decrypted bytes can be read (see aeadDecrypter.Read()).
 func (ae *AEADEncrypted) decrypt(key []byte) (io.ReadCloser, error) {
 	blockCipher := ae.cipher.new(key)
 	aead := ae.mode.new(blockCipher)
 	// Carry the first tagLen bytes
 	tagLen := ae.mode.TagLength()
 	peekedBytes := make([]byte, tagLen)
 	n, err := io.ReadFull(ae.Contents, peekedBytes)
 	if n < tagLen || (err != nil && err != io.EOF) {
 		return nil, errors.AEADError("Not enough data to decrypt:" + err.Error())
 	}
 	chunkSize := decodeAEADChunkSize(ae.chunkSizeByte)
 	return &aeadDecrypter{
 		aeadCrypter: aeadCrypter{
 			aead:           aead,
 			chunkSize:      chunkSize,
 			initialNonce:   ae.initialNonce,
 			associatedData: ae.associatedData(),
 			chunkIndex:     make([]byte, 8),
 			packetTag:      packetTypeAEADEncrypted,
 		},
 		reader:      ae.Contents,
 		peekedBytes: peekedBytes}, nil
 }
 // associatedData for chunks: tag, version, cipher, mode, chunk size byte
 func (ae *AEADEncrypted) associatedData() []byte {
 	return []byte{
 		0xD4,
 		aeadEncryptedVersion,
 		byte(ae.cipher),
 		byte(ae.mode),
 		ae.chunkSizeByte}
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go
@ -8,7 +8,7 @@ import (
 	"compress/bzip2"
 	"compress/flate"
 	"compress/zlib"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"io"
 	"strconv"
 )
@ -47,6 +47,8 @@ func (c *Compressed) parse(r io.Reader) error {
 	}
 	switch buf[0] {
 	case 0:
 		c.Body = r
 	case 1:
 		c.Body = flate.NewReader(r)
 	case 2:
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
@ -0,0 +1,224 @@
 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package packet
 import (
 	"crypto"
 	"crypto/rand"
 	"io"
 	"math/big"
 	"time"
 )
 // Config collects a number of parameters along with sensible defaults.
 // A nil *Config is valid and results in all default values.
 type Config struct {
 	// Rand provides the source of entropy.
 	// If nil, the crypto/rand Reader is used.
 	Rand io.Reader
 	// DefaultHash is the default hash function to be used.
 	// If zero, SHA-256 is used.
 	DefaultHash crypto.Hash
 	// DefaultCipher is the cipher to be used.
 	// If zero, AES-128 is used.
 	DefaultCipher CipherFunction
 	// Time returns the current time as the number of seconds since the
 	// epoch. If Time is nil, time.Now is used.
 	Time func() time.Time
 	// DefaultCompressionAlgo is the compression algorithm to be
 	// applied to the plaintext before encryption. If zero, no
 	// compression is done.
 	DefaultCompressionAlgo CompressionAlgo
 	// CompressionConfig configures the compression settings.
 	CompressionConfig *CompressionConfig
 	// S2KCount is only used for symmetric encryption. It
 	// determines the strength of the passphrase stretching when
 	// the said passphrase is hashed to produce a key. S2KCount
 	// should be between 1024 and 65011712, inclusive. If Config
 	// is nil or S2KCount is 0, the value 65536 used. Not all
 	// values in the above range can be represented. S2KCount will
 	// be rounded up to the next representable value if it cannot
 	// be encoded exactly. When set, it is strongly encrouraged to
 	// use a value that is at least 65536. See RFC 4880 Section
 	// 3.7.1.3.
 	S2KCount int
 	// RSABits is the number of bits in new RSA keys made with NewEntity.
 	// If zero, then 2048 bit keys are created.
 	RSABits int
 	// The public key algorithm to use - will always create a signing primary
 	// key and encryption subkey.
 	Algorithm PublicKeyAlgorithm
 	// Some known primes that are optionally prepopulated by the caller
 	RSAPrimes []*big.Int
 	// Curve configures the desired packet.Curve if the Algorithm is PubKeyAlgoECDSA,
 	// PubKeyAlgoEdDSA, or PubKeyAlgoECDH. If empty Curve25519 is used.
 	Curve Curve
 	// AEADConfig configures the use of the new AEAD Encrypted Data Packet,
 	// defined in the draft of the next version of the OpenPGP specification.
 	// If a non-nil AEADConfig is passed, usage of this packet is enabled. By
 	// default, it is disabled. See the documentation of AEADConfig for more
 	// configuration options related to AEAD.
 	// **Note: using this option may break compatibility with other OpenPGP
 	// implementations, as well as future versions of this library.**
 	AEADConfig *AEADConfig
 	// V5Keys configures version 5 key generation. If false, this package still
 	// supports version 5 keys, but produces version 4 keys.
 	V5Keys bool
 	// "The validity period of the key.  This is the number of seconds after
 	// the key creation time that the key expires.  If this is not present
 	// or has a value of zero, the key never expires.  This is found only on
 	// a self-signature.""
 	// https://tools.ietf.org/html/rfc4880#section-5.2.3.6
 	KeyLifetimeSecs uint32
 	// "The validity period of the signature.  This is the number of seconds
 	// after the signature creation time that the signature expires.  If
 	// this is not present or has a value of zero, it never expires."
 	// https://tools.ietf.org/html/rfc4880#section-5.2.3.10
 	SigLifetimeSecs uint32
 	// SigningKeyId is used to specify the signing key to use (by Key ID).
 	// By default, the signing key is selected automatically, preferring
 	// signing subkeys if available.
 	SigningKeyId uint64
 	// SigningIdentity is used to specify a user ID (packet Signer's User ID, type 28)
 	// when producing a generic certification signature onto an existing user ID.
 	// The identity must be present in the signer Entity.
 	SigningIdentity string
 	// InsecureAllowUnauthenticatedMessages controls, whether it is tolerated to read
 	// encrypted messages without Modification Detection Code (MDC).
 	// MDC is mandated by the IETF OpenPGP Crypto Refresh draft and has long been implemented
 	// in most OpenPGP implementations. Messages without MDC are considered unnecessarily
 	// insecure and should be prevented whenever possible.
 	// In case one needs to deal with messages from very old OpenPGP implementations, there
 	// might be no other way than to tolerate the missing MDC. Setting this flag, allows this
 	// mode of operation. It should be considered a measure of last resort.
 	InsecureAllowUnauthenticatedMessages bool
 	// KnownNotations is a map of Notation Data names to bools, which controls
 	// the notation names that are allowed to be present in critical Notation Data
 	// signature subpackets.
 	KnownNotations map[string]bool
 	// SignatureNotations is a list of Notations to be added to any signatures.
 	SignatureNotations []*Notation
 }
 func (c *Config) Random() io.Reader {
 	if c == nil || c.Rand == nil {
 		return rand.Reader
 	}
 	return c.Rand
 }
 func (c *Config) Hash() crypto.Hash {
 	if c == nil || uint(c.DefaultHash) == 0 {
 		return crypto.SHA256
 	}
 	return c.DefaultHash
 }
 func (c *Config) Cipher() CipherFunction {
 	if c == nil || uint8(c.DefaultCipher) == 0 {
 		return CipherAES128
 	}
 	return c.DefaultCipher
 }
 func (c *Config) Now() time.Time {
 	if c == nil || c.Time == nil {
 		return time.Now()
 	}
 	return c.Time()
 }
 // KeyLifetime returns the validity period of the key.
 func (c *Config) KeyLifetime() uint32 {
 	if c == nil {
 		return 0
 	}
 	return c.KeyLifetimeSecs
 }
 // SigLifetime returns the validity period of the signature.
 func (c *Config) SigLifetime() uint32 {
 	if c == nil {
 		return 0
 	}
 	return c.SigLifetimeSecs
 }
 func (c *Config) Compression() CompressionAlgo {
 	if c == nil {
 		return CompressionNone
 	}
 	return c.DefaultCompressionAlgo
 }
 func (c *Config) PasswordHashIterations() int {
 	if c == nil || c.S2KCount == 0 {
 		return 0
 	}
 	return c.S2KCount
 }
 func (c *Config) RSAModulusBits() int {
 	if c == nil || c.RSABits == 0 {
 		return 2048
 	}
 	return c.RSABits
 }
 func (c *Config) PublicKeyAlgorithm() PublicKeyAlgorithm {
 	if c == nil || c.Algorithm == 0 {
 		return PubKeyAlgoRSA
 	}
 	return c.Algorithm
 }
 func (c *Config) CurveName() Curve {
 	if c == nil || c.Curve == "" {
 		return Curve25519
 	}
 	return c.Curve
 }
 func (c *Config) AEAD() *AEADConfig {
 	if c == nil {
 		return nil
 	}
 	return c.AEADConfig
 }
 func (c *Config) SigningKey() uint64 {
 	if c == nil {
 		return 0
 	}
 	return c.SigningKeyId
 }
 func (c *Config) SigningUserId() string {
 	if c == nil {
 		return ""
 	}
 	return c.SigningIdentity
 }
 func (c *Config) AllowUnauthenticatedMessages() bool {
 	if c == nil {
 		return false
 	}
 	return c.InsecureAllowUnauthenticatedMessages
 }
 func (c *Config) KnownNotation(notationName string) bool {
 	if c == nil {
 		return false
 	}
 	return c.KnownNotations[notationName]
 }
 func (c *Config) Notations() []*Notation {
 	if c == nil {
 		return nil
 	}
 	return c.SignatureNotations
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go
@ -12,8 +12,10 @@ import (
 	"math/big"
 	"strconv"
-	"golang.org/x/crypto/openpgp/elgamal"
+	"github.com/ProtonMail/go-crypto/openpgp/ecdh"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/elgamal"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
 )
 const encryptedKeyVersion = 3
@ -23,10 +25,10 @@ const encryptedKeyVersion = 3
 type EncryptedKey struct {
 	KeyId      uint64
 	Algo       PublicKeyAlgorithm
-	CipherFunc CipherFunction // only valid after a successful Decrypt
+	CipherFunc CipherFunction // only valid after a successful Decrypt for a v3 packet
 	Key        []byte         // only valid after a successful Decrypt
-	encryptedMPI1, encryptedMPI2 parsedMPI
+	encryptedMPI1, encryptedMPI2 encoding.Field
 }
 func (e *EncryptedKey) parse(r io.Reader) (err error) {
@ -42,17 +44,28 @@ func (e *EncryptedKey) parse(r io.Reader) (err error) {
 	e.Algo = PublicKeyAlgorithm(buf[9])
 	switch e.Algo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
-		e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)
+		e.encryptedMPI1 = new(encoding.MPI)
-		if err != nil {
+		if _, err = e.encryptedMPI1.ReadFrom(r); err != nil {
 			return
 		}
 	case PubKeyAlgoElGamal:
-		e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)
+		e.encryptedMPI1 = new(encoding.MPI)
-		if err != nil {
+		if _, err = e.encryptedMPI1.ReadFrom(r); err != nil {
 			return
 		}
-		e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r)
+
-		if err != nil {
+		e.encryptedMPI2 = new(encoding.MPI)
 		if _, err = e.encryptedMPI2.ReadFrom(r); err != nil {
 			return
 		}
 	case PubKeyAlgoECDH:
 		e.encryptedMPI1 = new(encoding.MPI)
 		if _, err = e.encryptedMPI1.ReadFrom(r); err != nil {
 			return
 		}
 		e.encryptedMPI2 = new(encoding.OID)
 		if _, err = e.encryptedMPI2.ReadFrom(r); err != nil {
 			return
 		}
 	}
@ -72,6 +85,16 @@ func checksumKeyMaterial(key []byte) uint16 {
 // private key must have been decrypted first.
 // If config is nil, sensible defaults will be used.
 func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {
 	if e.KeyId != 0 && e.KeyId != priv.KeyId {
 		return errors.InvalidArgumentError("cannot decrypt encrypted session key for key id " + strconv.FormatUint(e.KeyId, 16) + " with private key id " + strconv.FormatUint(priv.KeyId, 16))
 	}
 	if e.Algo != priv.PubKeyAlgo {
 		return errors.InvalidArgumentError("cannot decrypt encrypted session key of type " + strconv.Itoa(int(e.Algo)) + " with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))
 	}
 	if priv.Dummy() {
 		return errors.ErrDummyPrivateKey("dummy key found")
 	}
 	var err error
 	var b []byte
@ -81,13 +104,18 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
 		// Supports both *rsa.PrivateKey and crypto.Decrypter
 		k := priv.PrivateKey.(crypto.Decrypter)
-		b, err = k.Decrypt(config.Random(), padToKeySize(k.Public().(*rsa.PublicKey), e.encryptedMPI1.bytes), nil)
+		b, err = k.Decrypt(config.Random(), padToKeySize(k.Public().(*rsa.PublicKey), e.encryptedMPI1.Bytes()), nil)
 	case PubKeyAlgoElGamal:
-		c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes)
+		c1 := new(big.Int).SetBytes(e.encryptedMPI1.Bytes())
-		c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes)
+		c2 := new(big.Int).SetBytes(e.encryptedMPI2.Bytes())
 		b, err = elgamal.Decrypt(priv.PrivateKey.(*elgamal.PrivateKey), c1, c2)
 	case PubKeyAlgoECDH:
 		vsG := e.encryptedMPI1.Bytes()
 		m := e.encryptedMPI2.Bytes()
 		oid := priv.PublicKey.oid.EncodedBytes()
 		b, err = ecdh.Decrypt(priv.PrivateKey.(*ecdh.PrivateKey), vsG, m, oid, priv.PublicKey.Fingerprint[:])
 	default:
-		err = errors.InvalidArgumentError("cannot decrypted encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))
+		err = errors.InvalidArgumentError("cannot decrypt encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))
 	}
 	if err != nil {
@ -95,6 +123,10 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {
 	}
 	e.CipherFunc = CipherFunction(b[0])
 	if !e.CipherFunc.IsSupported() {
 		return errors.UnsupportedError("unsupported encryption function")
 	}
 	e.Key = b[1 : len(b)-2]
 	expectedChecksum := uint16(b[len(b)-2])<<8 | uint16(b[len(b)-1])
 	checksum := checksumKeyMaterial(e.Key)
@ -110,14 +142,19 @@ func (e *EncryptedKey) Serialize(w io.Writer) error {
 	var mpiLen int
 	switch e.Algo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
-		mpiLen = 2 + len(e.encryptedMPI1.bytes)
+		mpiLen = int(e.encryptedMPI1.EncodedLength())
 	case PubKeyAlgoElGamal:
-		mpiLen = 2 + len(e.encryptedMPI1.bytes) + 2 + len(e.encryptedMPI2.bytes)
+		mpiLen = int(e.encryptedMPI1.EncodedLength()) + int(e.encryptedMPI2.EncodedLength())
 	case PubKeyAlgoECDH:
 		mpiLen = int(e.encryptedMPI1.EncodedLength()) + int(e.encryptedMPI2.EncodedLength())
 	default:
 		return errors.InvalidArgumentError("don't know how to serialize encrypted key type " + strconv.Itoa(int(e.Algo)))
 	}
-	serializeHeader(w, packetTypeEncryptedKey, 1 /* version */ +8 /* key id */ +1 /* algo */ +mpiLen)
+	err := serializeHeader(w, packetTypeEncryptedKey, 1 /* version */ +8 /* key id */ +1 /* algo */ +mpiLen)
 	if err != nil {
 		return err
 	}
 	w.Write([]byte{encryptedKeyVersion})
 	binary.Write(w, binary.BigEndian, e.KeyId)
@ -125,14 +162,23 @@ func (e *EncryptedKey) Serialize(w io.Writer) error {
 	switch e.Algo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
-		writeMPIs(w, e.encryptedMPI1)
+		_, err := w.Write(e.encryptedMPI1.EncodedBytes())
 		return err
 	case PubKeyAlgoElGamal:
-		writeMPIs(w, e.encryptedMPI1, e.encryptedMPI2)
+		if _, err := w.Write(e.encryptedMPI1.EncodedBytes()); err != nil {
 			return err
 		}
 		_, err := w.Write(e.encryptedMPI2.EncodedBytes())
 		return err
 	case PubKeyAlgoECDH:
 		if _, err := w.Write(e.encryptedMPI1.EncodedBytes()); err != nil {
 			return err
 		}
 		_, err := w.Write(e.encryptedMPI2.EncodedBytes())
 		return err
 	default:
 		panic("internal error")
 	}
 	return nil
 }
 // SerializeEncryptedKey serializes an encrypted key packet to w that contains
@ -156,6 +202,8 @@ func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunctio
 		return serializeEncryptedKeyRSA(w, config.Random(), buf, pub.PublicKey.(*rsa.PublicKey), keyBlock)
 	case PubKeyAlgoElGamal:
 		return serializeEncryptedKeyElGamal(w, config.Random(), buf, pub.PublicKey.(*elgamal.PublicKey), keyBlock)
 	case PubKeyAlgoECDH:
 		return serializeEncryptedKeyECDH(w, config.Random(), buf, pub.PublicKey.(*ecdh.PublicKey), keyBlock, pub.oid, pub.Fingerprint)
 	case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly:
 		return errors.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))
 	}
@ -169,7 +217,8 @@ func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header [10]byte, pub
 		return errors.InvalidArgumentError("RSA encryption failed: " + err.Error())
 	}
-	packetLen := 10 /* header length */ + 2 /* mpi size */ + len(cipherText)
+	cipherMPI := encoding.NewMPI(cipherText)
 	packetLen := 10 /* header length */ + int(cipherMPI.EncodedLength())
 	err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
 	if err != nil {
@ -179,7 +228,8 @@ func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header [10]byte, pub
 	if err != nil {
 		return err
 	}
-	return writeMPI(w, 8*uint16(len(cipherText)), cipherText)
+	_, err = w.Write(cipherMPI.EncodedBytes())
 	return err
 }
 func serializeEncryptedKeyElGamal(w io.Writer, rand io.Reader, header [10]byte, pub *elgamal.PublicKey, keyBlock []byte) error {
@ -200,9 +250,37 @@ func serializeEncryptedKeyElGamal(w io.Writer, rand io.Reader, header [10]byte,
 	if err != nil {
 		return err
 	}
-	err = writeBig(w, c1)
+	if _, err = w.Write(new(encoding.MPI).SetBig(c1).EncodedBytes()); err != nil {
 		return err
 	}
 	_, err = w.Write(new(encoding.MPI).SetBig(c2).EncodedBytes())
 	return err
 }
 func serializeEncryptedKeyECDH(w io.Writer, rand io.Reader, header [10]byte, pub *ecdh.PublicKey, keyBlock []byte, oid encoding.Field, fingerprint []byte) error {
 	vsG, c, err := ecdh.Encrypt(rand, pub, keyBlock, oid.EncodedBytes(), fingerprint)
 	if err != nil {
 		return errors.InvalidArgumentError("ECDH encryption failed: " + err.Error())
 	}
 	g := encoding.NewMPI(vsG)
 	m := encoding.NewOID(c)
 	packetLen := 10 /* header length */
 	packetLen += int(g.EncodedLength()) + int(m.EncodedLength())
 	err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
 	if err != nil {
 		return err
 	}
-	return writeBig(w, c2)
+
 	_, err = w.Write(header[:])
 	if err != nil {
 		return err
 	}
 	if _, err = w.Write(g.EncodedBytes()); err != nil {
 		return err
 	}
 	_, err = w.Write(m.EncodedBytes())
 	return err
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go
@ -11,6 +11,7 @@ import (
 // LiteralData represents an encrypted file. See RFC 4880, section 5.9.
 type LiteralData struct {
 	Format   uint8
 	IsBinary bool
 	FileName string
 	Time     uint32 // Unix epoch time. Either creation time or modification time. 0 means undefined.
@ -31,7 +32,8 @@ func (l *LiteralData) parse(r io.Reader) (err error) {
 		return
 	}
-	l.IsBinary = buf[0] == 'b'
+	l.Format = buf[0]
 	l.IsBinary = l.Format == 'b'
 	fileNameLen := int(buf[1])
 	_, err = readFull(r, buf[:fileNameLen])
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/notation.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/notation.go
@ -0,0 +1,29 @@
 package packet
 // Notation type represents a Notation Data subpacket
 // see https://tools.ietf.org/html/rfc4880#section-5.2.3.16
 type Notation struct {
 	Name            string
 	Value           []byte
 	IsCritical      bool
 	IsHumanReadable bool
 }
 func (notation *Notation) getData() []byte {
 	nameData := []byte(notation.Name)
 	nameLen := len(nameData)
 	valueLen := len(notation.Value)
 	data := make([]byte, 8+nameLen+valueLen)
 	if notation.IsHumanReadable {
 		data[0] = 0x80
 	}
 	data[4] = byte(nameLen >> 8)
 	data[5] = byte(nameLen)
 	data[6] = byte(valueLen >> 8)
 	data[7] = byte(valueLen)
 	copy(data[8:8+nameLen], nameData)
 	copy(data[8+nameLen:], notation.Value)
 	return data
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/ocfb.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/ocfb.go
@ -85,8 +85,7 @@ type ocfbDecrypter struct {
 // NewOCFBDecrypter returns a cipher.Stream which decrypts data with OpenPGP's
 // cipher feedback mode using the given cipher.Block. Prefix must be the first
 // blockSize + 2 bytes of the ciphertext, where blockSize is the cipher.Block's
-// block size. If an incorrect key is detected then nil is returned. On
+// block size. On successful exit, blockSize+2 bytes of decrypted data are written into
 // successful exit, blockSize+2 bytes of decrypted data are written into
 // prefix. Resync determines if the "resynchronization step" from RFC 4880,
 // 13.9 step 7 is performed. Different parts of OpenPGP vary on this point.
 func NewOCFBDecrypter(block cipher.Block, prefix []byte, resync OCFBResyncOption) cipher.Stream {
@ -112,11 +111,6 @@ func NewOCFBDecrypter(block cipher.Block, prefix []byte, resync OCFBResyncOption
 	prefixCopy[blockSize] ^= x.fre[0]
 	prefixCopy[blockSize+1] ^= x.fre[1]
 	if prefixCopy[blockSize-2] != prefixCopy[blockSize] ||
 		prefixCopy[blockSize-1] != prefixCopy[blockSize+1] {
 		return nil
 	}
 	if resync {
 		block.Encrypt(x.fre, prefix[2:])
 	} else {
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go
@ -7,8 +7,8 @@ package packet
 import (
 	"crypto"
 	"encoding/binary"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
-	"golang.org/x/crypto/openpgp/s2k"
+	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
 	"io"
 	"strconv"
 )
@ -37,7 +37,7 @@ func (ops *OnePassSignature) parse(r io.Reader) (err error) {
 	}
 	var ok bool
-	ops.Hash, ok = s2k.HashIdToHash(buf[2])
+	ops.Hash, ok = algorithm.HashIdToHashWithSha1(buf[2])
 	if !ok {
 		return errors.UnsupportedError("hash function: " + strconv.Itoa(int(buf[2])))
 	}
@ -55,7 +55,7 @@ func (ops *OnePassSignature) Serialize(w io.Writer) error {
 	buf[0] = onePassSignatureVersion
 	buf[1] = uint8(ops.SigType)
 	var ok bool
-	buf[2], ok = s2k.HashToHashId(ops.Hash)
+	buf[2], ok = algorithm.HashToHashId(ops.Hash)
 	if !ok {
 		return errors.UnsupportedError("hash type: " + strconv.Itoa(int(ops.Hash)))
 	}
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go
@ -9,7 +9,7 @@ import (
 	"io"
 	"io/ioutil"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
 )
 // OpaquePacket represents an OpenPGP packet as raw, unparsed data. This is
@ -84,8 +84,9 @@ func (or *OpaqueReader) Next() (op *OpaquePacket, err error) {
 // OpaqueSubpacket represents an unparsed OpenPGP subpacket,
 // as found in signature and user attribute packets.
 type OpaqueSubpacket struct {
-	SubType  uint8
+	SubType       uint8
-	Contents []byte
+	EncodedLength []byte // Store the original encoded length for signature verifications.
 	Contents      []byte
 }
 // OpaqueSubpackets extracts opaque, unparsed OpenPGP subpackets from
@ -109,6 +110,7 @@ func OpaqueSubpackets(contents []byte) (result []*OpaqueSubpacket, err error) {
 func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacket, err error) {
 	// RFC 4880, section 5.2.3.1
 	var subLen uint32
 	var encodedLength []byte
 	if len(contents) < 1 {
 		goto Truncated
 	}
@ -119,6 +121,7 @@ func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacke
 		if len(contents) < subHeaderLen {
 			goto Truncated
 		}
 		encodedLength = contents[0:1]
 		subLen = uint32(contents[0])
 		contents = contents[1:]
 	case contents[0] < 255:
@ -126,6 +129,7 @@ func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacke
 		if len(contents) < subHeaderLen {
 			goto Truncated
 		}
 		encodedLength = contents[0:2]
 		subLen = uint32(contents[0]-192)<<8 + uint32(contents[1]) + 192
 		contents = contents[2:]
 	default:
@ -133,16 +137,19 @@ func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacke
 		if len(contents) < subHeaderLen {
 			goto Truncated
 		}
 		encodedLength = contents[0:5]
 		subLen = uint32(contents[1])<<24 |
 			uint32(contents[2])<<16 |
 			uint32(contents[3])<<8 |
 			uint32(contents[4])
 		contents = contents[5:]
 	}
 	if subLen > uint32(len(contents)) || subLen == 0 {
 		goto Truncated
 	}
 	subPacket.SubType = contents[0]
 	subPacket.EncodedLength = encodedLength
 	subPacket.Contents = contents[1:subLen]
 	return
 Truncated:
@ -152,7 +159,9 @@ Truncated:
 func (osp *OpaqueSubpacket) Serialize(w io.Writer) (err error) {
 	buf := make([]byte, 6)
-	n := serializeSubpacketLength(buf, len(osp.Contents)+1)
+	copy(buf, osp.EncodedLength)
 	n := len(osp.EncodedLength)
 	buf[n] = osp.SubType
 	if _, err = w.Write(buf[:n+1]); err != nil {
 		return
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go
@ -4,26 +4,16 @@
 // Package packet implements parsing and serialization of OpenPGP packets, as
 // specified in RFC 4880.
-//
+package packet // import "github.com/ProtonMail/go-crypto/openpgp/packet"
 // Deprecated: this package is unmaintained except for security fixes. New
 // applications should consider a more focused, modern alternative to OpenPGP
 // for their specific task. If you are required to interoperate with OpenPGP
 // systems and need a maintained package, consider a community fork.
 // See https://golang.org/issue/44226.
 package packet // import "golang.org/x/crypto/openpgp/packet"
 import (
-	"bufio"
+	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/des"
 	"crypto/rsa"
 	"io"
 	"math/big"
 	"math/bits"
-	"golang.org/x/crypto/cast5"
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
 )
 // readFull is the same as io.ReadFull except that reading zero bytes returns
@ -106,68 +96,43 @@ func (r *partialLengthReader) Read(p []byte) (n int, err error) {
 // See RFC 4880, section 4.2.2.4.
 type partialLengthWriter struct {
 	w          io.WriteCloser
 	buf        bytes.Buffer
 	lengthByte [1]byte
 	sentFirst  bool
 	buf        []byte
 }
 // RFC 4880 4.2.2.4: the first partial length MUST be at least 512 octets long.
 const minFirstPartialWrite = 512
 func (w *partialLengthWriter) Write(p []byte) (n int, err error) {
-	off := 0
+	bufLen := w.buf.Len()
-	if !w.sentFirst {
+	if bufLen > 512 {
-		if len(w.buf) > 0 || len(p) < minFirstPartialWrite {
+		for power := uint(30); ; power-- {
-			off = len(w.buf)
+			l := 1 << power
-			w.buf = append(w.buf, p...)
+			if bufLen >= l {
-			if len(w.buf) < minFirstPartialWrite {
+				w.lengthByte[0] = 224 + uint8(power)
-				return len(p), nil
+				_, err = w.w.Write(w.lengthByte[:])
 				if err != nil {
 					return
 				}
 				var m int
 				m, err = w.w.Write(w.buf.Next(l))
 				if err != nil {
 					return
 				}
 				if m != l {
 					return 0, io.ErrShortWrite
 				}
 				break
 			}
 			p = w.buf
 			w.buf = nil
 		}
 		w.sentFirst = true
 	}
-
+	return w.buf.Write(p)
 	power := uint8(30)
 	for len(p) > 0 {
 		l := 1 << power
 		if len(p) < l {
 			power = uint8(bits.Len32(uint32(len(p)))) - 1
 			l = 1 << power
 		}
 		w.lengthByte[0] = 224 + power
 		_, err = w.w.Write(w.lengthByte[:])
 		if err == nil {
 			var m int
 			m, err = w.w.Write(p[:l])
 			n += m
 		}
 		if err != nil {
 			if n < off {
 				return 0, err
 			}
 			return n - off, err
 		}
 		p = p[l:]
 	}
 	return n - off, nil
 }
-func (w *partialLengthWriter) Close() error {
+func (w *partialLengthWriter) Close() (err error) {
-	if len(w.buf) > 0 {
+	len := w.buf.Len()
-		// In this case we can't send a 512 byte packet.
+	err = serializeLength(w.w, len)
-		// Just send what we have.
+	if err != nil {
-		p := w.buf
+		return err
 		w.sentFirst = true
 		w.buf = nil
 		if _, err := w.Write(p); err != nil {
 			return err
 		}
 	}
-
+	_, err = w.buf.WriteTo(w.w)
 	w.lengthByte[0] = 0
 	_, err := w.w.Write(w.lengthByte[:])
 	if err != nil {
 		return err
 	}
@ -252,25 +217,43 @@ func readHeader(r io.Reader) (tag packetType, length int64, contents io.Reader,
 // serializeHeader writes an OpenPGP packet header to w. See RFC 4880, section
 // 4.2.
 func serializeHeader(w io.Writer, ptype packetType, length int) (err error) {
-	var buf [6]byte
+	err = serializeType(w, ptype)
 	if err != nil {
 		return
 	}
 	return serializeLength(w, length)
 }
 // serializeType writes an OpenPGP packet type to w. See RFC 4880, section
 // 4.2.
 func serializeType(w io.Writer, ptype packetType) (err error) {
 	var buf [1]byte
 	buf[0] = 0x80 | 0x40 | byte(ptype)
 	_, err = w.Write(buf[:])
 	return
 }
 // serializeLength writes an OpenPGP packet length to w. See RFC 4880, section
 // 4.2.2.
 func serializeLength(w io.Writer, length int) (err error) {
 	var buf [5]byte
 	var n int
 	buf[0] = 0x80 | 0x40 | byte(ptype)
 	if length < 192 {
-		buf[1] = byte(length)
+		buf[0] = byte(length)
-		n = 2
+		n = 1
 	} else if length < 8384 {
 		length -= 192
-		buf[1] = 192 + byte(length>>8)
+		buf[0] = 192 + byte(length>>8)
-		buf[2] = byte(length)
+		buf[1] = byte(length)
-		n = 3
+		n = 2
 	} else {
-		buf[1] = 255
+		buf[0] = 255
-		buf[2] = byte(length >> 24)
+		buf[1] = byte(length >> 24)
-		buf[3] = byte(length >> 16)
+		buf[2] = byte(length >> 16)
-		buf[4] = byte(length >> 8)
+		buf[3] = byte(length >> 8)
-		buf[5] = byte(length)
+		buf[4] = byte(length)
-		n = 6
+		n = 5
 	}
 	_, err = w.Write(buf[:n])
@ -281,9 +264,7 @@ func serializeHeader(w io.Writer, ptype packetType, length int) (err error) {
 // length of the packet is unknown. It returns a io.WriteCloser which can be
 // used to write the contents of the packet. See RFC 4880, section 4.2.
 func serializeStreamHeader(w io.WriteCloser, ptype packetType) (out io.WriteCloser, err error) {
-	var buf [1]byte
+	err = serializeType(w, ptype)
 	buf[0] = 0x80 | 0x40 | byte(ptype)
 	_, err = w.Write(buf[:])
 	if err != nil {
 		return
 	}
@ -321,33 +302,27 @@ func consumeAll(r io.Reader) (n int64, err error) {
 type packetType uint8
 const (
-	packetTypeEncryptedKey              packetType = 1
+	packetTypeEncryptedKey                             packetType = 1
-	packetTypeSignature                 packetType = 2
+	packetTypeSignature                                packetType = 2
-	packetTypeSymmetricKeyEncrypted     packetType = 3
+	packetTypeSymmetricKeyEncrypted                    packetType = 3
-	packetTypeOnePassSignature          packetType = 4
+	packetTypeOnePassSignature                         packetType = 4
-	packetTypePrivateKey                packetType = 5
+	packetTypePrivateKey                               packetType = 5
-	packetTypePublicKey                 packetType = 6
+	packetTypePublicKey                                packetType = 6
-	packetTypePrivateSubkey             packetType = 7
+	packetTypePrivateSubkey                            packetType = 7
-	packetTypeCompressed                packetType = 8
+	packetTypeCompressed                               packetType = 8
-	packetTypeSymmetricallyEncrypted    packetType = 9
+	packetTypeSymmetricallyEncrypted                   packetType = 9
-	packetTypeLiteralData               packetType = 11
+	packetTypeLiteralData                              packetType = 11
-	packetTypeUserId                    packetType = 13
+	packetTypeUserId                                   packetType = 13
-	packetTypePublicSubkey              packetType = 14
+	packetTypePublicSubkey                             packetType = 14
-	packetTypeUserAttribute             packetType = 17
+	packetTypeUserAttribute                            packetType = 17
-	packetTypeSymmetricallyEncryptedMDC packetType = 18
+	packetTypeSymmetricallyEncryptedIntegrityProtected packetType = 18
 	packetTypeAEADEncrypted                            packetType = 20
 )
-// peekVersion detects the version of a public key packet about to
+// EncryptedDataPacket holds encrypted data. It is currently implemented by
-// be read. A bufio.Reader at the original position of the io.Reader
+// SymmetricallyEncrypted and AEADEncrypted.
-// is returned.
+type EncryptedDataPacket interface {
-func peekVersion(r io.Reader) (bufr *bufio.Reader, ver byte, err error) {
+	Decrypt(CipherFunction, []byte) (io.ReadCloser, error)
 	bufr = bufio.NewReader(r)
 	var verBuf []byte
 	if verBuf, err = bufr.Peek(1); err != nil {
 		return
 	}
 	ver = verBuf[0]
 	return
 }
 // Read reads a single OpenPGP packet from the given io.Reader. If there is an
@ -362,16 +337,7 @@ func Read(r io.Reader) (p Packet, err error) {
 	case packetTypeEncryptedKey:
 		p = new(EncryptedKey)
 	case packetTypeSignature:
-		var version byte
+		p = new(Signature)
 		// Detect signature version
 		if contents, version, err = peekVersion(contents); err != nil {
 			return
 		}
 		if version < 4 {
 			p = new(SignatureV3)
 		} else {
 			p = new(Signature)
 		}
 	case packetTypeSymmetricKeyEncrypted:
 		p = new(SymmetricKeyEncrypted)
 	case packetTypeOnePassSignature:
@ -383,16 +349,8 @@ func Read(r io.Reader) (p Packet, err error) {
 		}
 		p = pk
 	case packetTypePublicKey, packetTypePublicSubkey:
 		var version byte
 		if contents, version, err = peekVersion(contents); err != nil {
 			return
 		}
 		isSubkey := tag == packetTypePublicSubkey
-		if version < 4 {
+		p = &PublicKey{IsSubkey: isSubkey}
 			p = &PublicKeyV3{IsSubkey: isSubkey}
 		} else {
 			p = &PublicKey{IsSubkey: isSubkey}
 		}
 	case packetTypeCompressed:
 		p = new(Compressed)
 	case packetTypeSymmetricallyEncrypted:
@ -403,10 +361,12 @@ func Read(r io.Reader) (p Packet, err error) {
 		p = new(UserId)
 	case packetTypeUserAttribute:
 		p = new(UserAttribute)
-	case packetTypeSymmetricallyEncryptedMDC:
+	case packetTypeSymmetricallyEncryptedIntegrityProtected:
 		se := new(SymmetricallyEncrypted)
-		se.MDC = true
+		se.IntegrityProtected = true
 		p = se
 	case packetTypeAEADEncrypted:
 		p = new(AEADEncrypted)
 	default:
 		err = errors.UnknownPacketTypeError(tag)
 	}
@ -424,8 +384,8 @@ func Read(r io.Reader) (p Packet, err error) {
 type SignatureType uint8
 const (
-	SigTypeBinary            SignatureType = 0
+	SigTypeBinary            SignatureType = 0x00
-	SigTypeText                            = 1
+	SigTypeText                            = 0x01
 	SigTypeGenericCert                     = 0x10
 	SigTypePersonaCert                     = 0x11
 	SigTypeCasualCert                      = 0x12
@ -435,6 +395,7 @@ const (
 	SigTypeDirectSignature                 = 0x1F
 	SigTypeKeyRevocation                   = 0x20
 	SigTypeSubkeyRevocation                = 0x28
 	SigTypeCertificationRevocation         = 0x30
 )
 // PublicKeyAlgorithm represents the different public key system specified for
@ -449,6 +410,8 @@ const (
 	// RFC 6637, Section 5.
 	PubKeyAlgoECDH  PublicKeyAlgorithm = 18
 	PubKeyAlgoECDSA PublicKeyAlgorithm = 19
 	// https://www.ietf.org/archive/id/draft-koch-eddsa-for-openpgp-04.txt
 	PubKeyAlgoEdDSA PublicKeyAlgorithm = 22
 	// Deprecated in RFC 4880, Section 13.5. Use key flags instead.
 	PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
@ -459,7 +422,7 @@ const (
 // key of the given type.
 func (pka PublicKeyAlgorithm) CanEncrypt() bool {
 	switch pka {
-	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal:
+	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal, PubKeyAlgoECDH:
 		return true
 	}
 	return false
@ -469,7 +432,7 @@ func (pka PublicKeyAlgorithm) CanEncrypt() bool {
 // sign a message.
 func (pka PublicKeyAlgorithm) CanSign() bool {
 	switch pka {
-	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA:
+	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA, PubKeyAlgoEdDSA:
 		return true
 	}
 	return false
@ -477,7 +440,7 @@ func (pka PublicKeyAlgorithm) CanSign() bool {
 // CipherFunction represents the different block ciphers specified for OpenPGP. See
 // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13
-type CipherFunction uint8
+type CipherFunction algorithm.CipherFunction
 const (
 	Cipher3DES   CipherFunction = 2
@ -489,81 +452,22 @@ const (
 // KeySize returns the key size, in bytes, of cipher.
 func (cipher CipherFunction) KeySize() int {
-	switch cipher {
+	return algorithm.CipherFunction(cipher).KeySize()
-	case Cipher3DES:
+}
-		return 24
+
-	case CipherCAST5:
+// IsSupported returns true if the cipher is supported from the library
-		return cast5.KeySize
+func (cipher CipherFunction) IsSupported() bool {
-	case CipherAES128:
+	return algorithm.CipherFunction(cipher).KeySize() > 0
 		return 16
 	case CipherAES192:
 		return 24
 	case CipherAES256:
 		return 32
 	}
 	return 0
 }
 // blockSize returns the block size, in bytes, of cipher.
 func (cipher CipherFunction) blockSize() int {
-	switch cipher {
+	return algorithm.CipherFunction(cipher).BlockSize()
 	case Cipher3DES:
 		return des.BlockSize
 	case CipherCAST5:
 		return 8
 	case CipherAES128, CipherAES192, CipherAES256:
 		return 16
 	}
 	return 0
 }
 // new returns a fresh instance of the given cipher.
 func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
-	switch cipher {
+	return algorithm.CipherFunction(cipher).New(key)
 	case Cipher3DES:
 		block, _ = des.NewTripleDESCipher(key)
 	case CipherCAST5:
 		block, _ = cast5.NewCipher(key)
 	case CipherAES128, CipherAES192, CipherAES256:
 		block, _ = aes.NewCipher(key)
 	}
 	return
 }
 // readMPI reads a big integer from r. The bit length returned is the bit
 // length that was specified in r. This is preserved so that the integer can be
 // reserialized exactly.
 func readMPI(r io.Reader) (mpi []byte, bitLength uint16, err error) {
 	var buf [2]byte
 	_, err = readFull(r, buf[0:])
 	if err != nil {
 		return
 	}
 	bitLength = uint16(buf[0])<<8 | uint16(buf[1])
 	numBytes := (int(bitLength) + 7) / 8
 	mpi = make([]byte, numBytes)
 	_, err = readFull(r, mpi)
 	// According to RFC 4880 3.2. we should check that the MPI has no leading
 	// zeroes (at least when not an encrypted MPI?), but this implementation
 	// does generate leading zeroes, so we keep accepting them.
 	return
 }
 // writeMPI serializes a big integer to w.
 func writeMPI(w io.Writer, bitLength uint16, mpiBytes []byte) (err error) {
 	// Note that we can produce leading zeroes, in violation of RFC 4880 3.2.
 	// Implementations seem to be tolerant of them, and stripping them would
 	// make it complex to guarantee matching re-serialization.
 	_, err = w.Write([]byte{byte(bitLength >> 8), byte(bitLength)})
 	if err == nil {
 		_, err = w.Write(mpiBytes)
 	}
 	return
 }
 // writeBig serializes a *big.Int to w.
 func writeBig(w io.Writer, i *big.Int) error {
 	return writeMPI(w, uint16(i.BitLen()), i.Bytes())
 }
 // padToKeySize left-pads a MPI with zeroes to match the length of the
@ -588,3 +492,60 @@ const (
 	CompressionZIP  CompressionAlgo = 1
 	CompressionZLIB CompressionAlgo = 2
 )
 // AEADMode represents the different Authenticated Encryption with Associated
 // Data specified for OpenPGP.
 // See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.6
 type AEADMode algorithm.AEADMode
 const (
 	AEADModeEAX AEADMode = 1
 	AEADModeOCB AEADMode = 2
 	AEADModeGCM AEADMode = 3
 )
 func (mode AEADMode) IvLength() int {
 	return algorithm.AEADMode(mode).NonceLength()
 }
 func (mode AEADMode) TagLength() int {
 	return algorithm.AEADMode(mode).TagLength()
 }
 // new returns a fresh instance of the given mode.
 func (mode AEADMode) new(block cipher.Block) cipher.AEAD {
 	return algorithm.AEADMode(mode).New(block)
 }
 // ReasonForRevocation represents a revocation reason code as per RFC4880
 // section 5.2.3.23.
 type ReasonForRevocation uint8
 const (
 	NoReason       ReasonForRevocation = 0
 	KeySuperseded  ReasonForRevocation = 1
 	KeyCompromised ReasonForRevocation = 2
 	KeyRetired     ReasonForRevocation = 3
 )
 // Curve is a mapping to supported ECC curves for key generation.
 // See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-06.html#name-curve-specific-wire-formats
 type Curve string
 const (
 	Curve25519 Curve = "Curve25519"
 	Curve448 Curve = "Curve448"
 	CurveNistP256 Curve = "P256"
 	CurveNistP384 Curve = "P384"
 	CurveNistP521 Curve = "P521"
 	CurveSecP256k1 Curve = "SecP256k1"
 	CurveBrainpoolP256 Curve = "BrainpoolP256"
 	CurveBrainpoolP384 Curve = "BrainpoolP384"
 	CurveBrainpoolP512 Curve = "BrainpoolP512"
 )
 // TrustLevel represents a trust level per RFC4880 5.2.3.13
 type TrustLevel uint8 
 // TrustAmount represents a trust amount per RFC4880 5.2.3.13
 type TrustAmount uint8
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go
@ -0,0 +1,739 @@
 // Copyright 2011 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package packet
 import (
 	"bytes"
 	"crypto"
 	"crypto/cipher"
 	"crypto/dsa"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
 	"io"
 	"io/ioutil"
 	"math/big"
 	"strconv"
 	"time"
 	"github.com/ProtonMail/go-crypto/openpgp/ecdh"
 	"github.com/ProtonMail/go-crypto/openpgp/ecdsa"
 	"github.com/ProtonMail/go-crypto/openpgp/eddsa"
 	"github.com/ProtonMail/go-crypto/openpgp/elgamal"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
 	"github.com/ProtonMail/go-crypto/openpgp/s2k"
 )
 // PrivateKey represents a possibly encrypted private key. See RFC 4880,
 // section 5.5.3.
 type PrivateKey struct {
 	PublicKey
 	Encrypted     bool // if true then the private key is unavailable until Decrypt has been called.
 	encryptedData []byte
 	cipher        CipherFunction
 	s2k           func(out, in []byte)
 	// An *{rsa|dsa|elgamal|ecdh|ecdsa|ed25519}.PrivateKey or
 	// crypto.Signer/crypto.Decrypter (Decryptor RSA only).
 	PrivateKey   interface{}
 	sha1Checksum bool
 	iv           []byte
 	// Type of encryption of the S2K packet
 	// Allowed values are 0 (Not encrypted), 254 (SHA1), or
 	// 255 (2-byte checksum)
 	s2kType S2KType
 	// Full parameters of the S2K packet
 	s2kParams *s2k.Params
 }
 //S2KType s2k packet type
 type S2KType uint8
 const (
 	// S2KNON unencrypt
 	S2KNON S2KType = 0
 	// S2KSHA1 sha1 sum check
 	S2KSHA1 S2KType = 254
 	// S2KCHECKSUM sum check
 	S2KCHECKSUM S2KType = 255
 )
 func NewRSAPrivateKey(creationTime time.Time, priv *rsa.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
 	pk.PublicKey = *NewRSAPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 func NewDSAPrivateKey(creationTime time.Time, priv *dsa.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
 	pk.PublicKey = *NewDSAPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 func NewElGamalPrivateKey(creationTime time.Time, priv *elgamal.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
 	pk.PublicKey = *NewElGamalPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 func NewECDSAPrivateKey(creationTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
 	pk.PublicKey = *NewECDSAPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 func NewEdDSAPrivateKey(creationTime time.Time, priv *eddsa.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
 	pk.PublicKey = *NewEdDSAPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 func NewECDHPrivateKey(creationTime time.Time, priv *ecdh.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
 	pk.PublicKey = *NewECDHPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 // NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that
 // implements RSA, ECDSA or EdDSA.
 func NewSignerPrivateKey(creationTime time.Time, signer interface{}) *PrivateKey {
 	pk := new(PrivateKey)
 	// In general, the public Keys should be used as pointers. We still
 	// type-switch on the values, for backwards-compatibility.
 	switch pubkey := signer.(type) {
 	case *rsa.PrivateKey:
 		pk.PublicKey = *NewRSAPublicKey(creationTime, &pubkey.PublicKey)
 	case rsa.PrivateKey:
 		pk.PublicKey = *NewRSAPublicKey(creationTime, &pubkey.PublicKey)
 	case *ecdsa.PrivateKey:
 		pk.PublicKey = *NewECDSAPublicKey(creationTime, &pubkey.PublicKey)
 	case ecdsa.PrivateKey:
 		pk.PublicKey = *NewECDSAPublicKey(creationTime, &pubkey.PublicKey)
 	case *eddsa.PrivateKey:
 		pk.PublicKey = *NewEdDSAPublicKey(creationTime, &pubkey.PublicKey)
 	case eddsa.PrivateKey:
 		pk.PublicKey = *NewEdDSAPublicKey(creationTime, &pubkey.PublicKey)
 	default:
 		panic("openpgp: unknown signer type in NewSignerPrivateKey")
 	}
 	pk.PrivateKey = signer
 	return pk
 }
 // NewDecrypterPrivateKey creates a PrivateKey from a *{rsa|elgamal|ecdh}.PrivateKey.
 func NewDecrypterPrivateKey(creationTime time.Time, decrypter interface{}) *PrivateKey {
 	pk := new(PrivateKey)
 	switch priv := decrypter.(type) {
 	case *rsa.PrivateKey:
 		pk.PublicKey = *NewRSAPublicKey(creationTime, &priv.PublicKey)
 	case *elgamal.PrivateKey:
 		pk.PublicKey = *NewElGamalPublicKey(creationTime, &priv.PublicKey)
 	case *ecdh.PrivateKey:
 		pk.PublicKey = *NewECDHPublicKey(creationTime, &priv.PublicKey)
 	default:
 		panic("openpgp: unknown decrypter type in NewDecrypterPrivateKey")
 	}
 	pk.PrivateKey = decrypter
 	return pk
 }
 func (pk *PrivateKey) parse(r io.Reader) (err error) {
 	err = (&pk.PublicKey).parse(r)
 	if err != nil {
 		return
 	}
 	v5 := pk.PublicKey.Version == 5
 	var buf [1]byte
 	_, err = readFull(r, buf[:])
 	if err != nil {
 		return
 	}
 	pk.s2kType = S2KType(buf[0])
 	var optCount [1]byte
 	if v5 {
 		if _, err = readFull(r, optCount[:]); err != nil {
 			return
 		}
 	}
 	switch pk.s2kType {
 	case S2KNON:
 		pk.s2k = nil
 		pk.Encrypted = false
 	case S2KSHA1, S2KCHECKSUM:
 		if v5 && pk.s2kType == S2KCHECKSUM {
 			return errors.StructuralError("wrong s2k identifier for version 5")
 		}
 		_, err = readFull(r, buf[:])
 		if err != nil {
 			return
 		}
 		pk.cipher = CipherFunction(buf[0])
 		if pk.cipher != 0 && !pk.cipher.IsSupported() {
 			return errors.UnsupportedError("unsupported cipher function in private key")
 		}
 		pk.s2kParams, err = s2k.ParseIntoParams(r)
 		if err != nil {
 			return
 		}
 		if pk.s2kParams.Dummy() {
 			return
 		}
 		pk.s2k, err = pk.s2kParams.Function()
 		if err != nil {
 			return
 		}
 		pk.Encrypted = true
 		if pk.s2kType == S2KSHA1 {
 			pk.sha1Checksum = true
 		}
 	default:
 		return errors.UnsupportedError("deprecated s2k function in private key")
 	}
 	if pk.Encrypted {
 		blockSize := pk.cipher.blockSize()
 		if blockSize == 0 {
 			return errors.UnsupportedError("unsupported cipher in private key: " + strconv.Itoa(int(pk.cipher)))
 		}
 		pk.iv = make([]byte, blockSize)
 		_, err = readFull(r, pk.iv)
 		if err != nil {
 			return
 		}
 	}
 	var privateKeyData []byte
 	if v5 {
 		var n [4]byte /* secret material four octet count */
 		_, err = readFull(r, n[:])
 		if err != nil {
 			return
 		}
 		count := uint32(uint32(n[0])<<24 | uint32(n[1])<<16 | uint32(n[2])<<8 | uint32(n[3]))
 		if !pk.Encrypted {
 			count = count + 2 /* two octet checksum */
 		}
 		privateKeyData = make([]byte, count)
 		_, err = readFull(r, privateKeyData)
 		if err != nil {
 			return
 		}
 	} else {
 		privateKeyData, err = ioutil.ReadAll(r)
 		if err != nil {
 			return
 		}
 	}
 	if !pk.Encrypted {
 		if len(privateKeyData) < 2 {
 			return errors.StructuralError("truncated private key data")
 		}
 		var sum uint16
 		for i := 0; i < len(privateKeyData)-2; i++ {
 			sum += uint16(privateKeyData[i])
 		}
 		if privateKeyData[len(privateKeyData)-2] != uint8(sum>>8) ||
 			privateKeyData[len(privateKeyData)-1] != uint8(sum) {
 			return errors.StructuralError("private key checksum failure")
 		}
 		privateKeyData = privateKeyData[:len(privateKeyData)-2]
 		return pk.parsePrivateKey(privateKeyData)
 	}
 	pk.encryptedData = privateKeyData
 	return
 }
 // Dummy returns true if the private key is a dummy key. This is a GNU extension.
 func (pk *PrivateKey) Dummy() bool {
 	return pk.s2kParams.Dummy()
 }
 func mod64kHash(d []byte) uint16 {
 	var h uint16
 	for _, b := range d {
 		h += uint16(b)
 	}
 	return h
 }
 func (pk *PrivateKey) Serialize(w io.Writer) (err error) {
 	contents := bytes.NewBuffer(nil)
 	err = pk.PublicKey.serializeWithoutHeaders(contents)
 	if err != nil {
 		return
 	}
 	if _, err = contents.Write([]byte{uint8(pk.s2kType)}); err != nil {
 		return
 	}
 	optional := bytes.NewBuffer(nil)
 	if pk.Encrypted || pk.Dummy() {
 		optional.Write([]byte{uint8(pk.cipher)})
 		if err := pk.s2kParams.Serialize(optional); err != nil {
 			return err
 		}
 		if pk.Encrypted {
 			optional.Write(pk.iv)
 		}
 	}
 	if pk.Version == 5 {
 		contents.Write([]byte{uint8(optional.Len())})
 	}
 	io.Copy(contents, optional)
 	if !pk.Dummy() {
 		l := 0
 		var priv []byte
 		if !pk.Encrypted {
 			buf := bytes.NewBuffer(nil)
 			err = pk.serializePrivateKey(buf)
 			if err != nil {
 				return err
 			}
 			l = buf.Len()
 			checksum := mod64kHash(buf.Bytes())
 			buf.Write([]byte{byte(checksum >> 8), byte(checksum)})
 			priv = buf.Bytes()
 		} else {
 			priv, l = pk.encryptedData, len(pk.encryptedData)
 		}
 		if pk.Version == 5 {
 			contents.Write([]byte{byte(l >> 24), byte(l >> 16), byte(l >> 8), byte(l)})
 		}
 		contents.Write(priv)
 	}
 	ptype := packetTypePrivateKey
 	if pk.IsSubkey {
 		ptype = packetTypePrivateSubkey
 	}
 	err = serializeHeader(w, ptype, contents.Len())
 	if err != nil {
 		return
 	}
 	_, err = io.Copy(w, contents)
 	if err != nil {
 		return
 	}
 	return
 }
 func serializeRSAPrivateKey(w io.Writer, priv *rsa.PrivateKey) error {
 	if _, err := w.Write(new(encoding.MPI).SetBig(priv.D).EncodedBytes()); err != nil {
 		return err
 	}
 	if _, err := w.Write(new(encoding.MPI).SetBig(priv.Primes[1]).EncodedBytes()); err != nil {
 		return err
 	}
 	if _, err := w.Write(new(encoding.MPI).SetBig(priv.Primes[0]).EncodedBytes()); err != nil {
 		return err
 	}
 	_, err := w.Write(new(encoding.MPI).SetBig(priv.Precomputed.Qinv).EncodedBytes())
 	return err
 }
 func serializeDSAPrivateKey(w io.Writer, priv *dsa.PrivateKey) error {
 	_, err := w.Write(new(encoding.MPI).SetBig(priv.X).EncodedBytes())
 	return err
 }
 func serializeElGamalPrivateKey(w io.Writer, priv *elgamal.PrivateKey) error {
 	_, err := w.Write(new(encoding.MPI).SetBig(priv.X).EncodedBytes())
 	return err
 }
 func serializeECDSAPrivateKey(w io.Writer, priv *ecdsa.PrivateKey) error {
 	_, err := w.Write(encoding.NewMPI(priv.MarshalIntegerSecret()).EncodedBytes())
 	return err
 }
 func serializeEdDSAPrivateKey(w io.Writer, priv *eddsa.PrivateKey) error {
 	_, err := w.Write(encoding.NewMPI(priv.MarshalByteSecret()).EncodedBytes())
 	return err
 }
 func serializeECDHPrivateKey(w io.Writer, priv *ecdh.PrivateKey) error {
 	_, err := w.Write(encoding.NewMPI(priv.MarshalByteSecret()).EncodedBytes())
 	return err
 }
 // Decrypt decrypts an encrypted private key using a passphrase.
 func (pk *PrivateKey) Decrypt(passphrase []byte) error {
 	if pk.Dummy() {
 		return errors.ErrDummyPrivateKey("dummy key found")
 	}
 	if !pk.Encrypted {
 		return nil
 	}
 	key := make([]byte, pk.cipher.KeySize())
 	pk.s2k(key, passphrase)
 	block := pk.cipher.new(key)
 	cfb := cipher.NewCFBDecrypter(block, pk.iv)
 	data := make([]byte, len(pk.encryptedData))
 	cfb.XORKeyStream(data, pk.encryptedData)
 	if pk.sha1Checksum {
 		if len(data) < sha1.Size {
 			return errors.StructuralError("truncated private key data")
 		}
 		h := sha1.New()
 		h.Write(data[:len(data)-sha1.Size])
 		sum := h.Sum(nil)
 		if !bytes.Equal(sum, data[len(data)-sha1.Size:]) {
 			return errors.StructuralError("private key checksum failure")
 		}
 		data = data[:len(data)-sha1.Size]
 	} else {
 		if len(data) < 2 {
 			return errors.StructuralError("truncated private key data")
 		}
 		var sum uint16
 		for i := 0; i < len(data)-2; i++ {
 			sum += uint16(data[i])
 		}
 		if data[len(data)-2] != uint8(sum>>8) ||
 			data[len(data)-1] != uint8(sum) {
 			return errors.StructuralError("private key checksum failure")
 		}
 		data = data[:len(data)-2]
 	}
 	err := pk.parsePrivateKey(data)
 	if _, ok := err.(errors.KeyInvalidError); ok {
 		return errors.KeyInvalidError("invalid key parameters")
 	}
 	if err != nil {
 		return err
 	}
 	// Mark key as unencrypted
 	pk.s2kType = S2KNON
 	pk.s2k = nil
 	pk.Encrypted = false
 	pk.encryptedData = nil
 	return nil
 }
 // Encrypt encrypts an unencrypted private key using a passphrase.
 func (pk *PrivateKey) Encrypt(passphrase []byte) error {
 	priv := bytes.NewBuffer(nil)
 	err := pk.serializePrivateKey(priv)
 	if err != nil {
 		return err
 	}
 	//Default config of private key encryption
 	pk.cipher = CipherAES256
 	s2kConfig := &s2k.Config{
 		S2KMode:  3, //Iterated
 		S2KCount: 65536,
 		Hash:     crypto.SHA256,
 	}
 	pk.s2kParams, err = s2k.Generate(rand.Reader, s2kConfig)
 	if err != nil {
 		return err
 	}
 	privateKeyBytes := priv.Bytes()
 	key := make([]byte, pk.cipher.KeySize())
 	pk.sha1Checksum = true
 	pk.s2k, err = pk.s2kParams.Function()
 	if err != nil {
 		return err
 	}
 	pk.s2k(key, passphrase)
 	block := pk.cipher.new(key)
 	pk.iv = make([]byte, pk.cipher.blockSize())
 	_, err = rand.Read(pk.iv)
 	if err != nil {
 		return err
 	}
 	cfb := cipher.NewCFBEncrypter(block, pk.iv)
 	if pk.sha1Checksum {
 		pk.s2kType = S2KSHA1
 		h := sha1.New()
 		h.Write(privateKeyBytes)
 		sum := h.Sum(nil)
 		privateKeyBytes = append(privateKeyBytes, sum...)
 	} else {
 		pk.s2kType = S2KCHECKSUM
 		var sum uint16
 		for _, b := range privateKeyBytes {
 			sum += uint16(b)
 		}
 		priv.Write([]byte{uint8(sum >> 8), uint8(sum)})
 	}
 	pk.encryptedData = make([]byte, len(privateKeyBytes))
 	cfb.XORKeyStream(pk.encryptedData, privateKeyBytes)
 	pk.Encrypted = true
 	pk.PrivateKey = nil
 	return err
 }
 func (pk *PrivateKey) serializePrivateKey(w io.Writer) (err error) {
 	switch priv := pk.PrivateKey.(type) {
 	case *rsa.PrivateKey:
 		err = serializeRSAPrivateKey(w, priv)
 	case *dsa.PrivateKey:
 		err = serializeDSAPrivateKey(w, priv)
 	case *elgamal.PrivateKey:
 		err = serializeElGamalPrivateKey(w, priv)
 	case *ecdsa.PrivateKey:
 		err = serializeECDSAPrivateKey(w, priv)
 	case *eddsa.PrivateKey:
 		err = serializeEdDSAPrivateKey(w, priv)
 	case *ecdh.PrivateKey:
 		err = serializeECDHPrivateKey(w, priv)
 	default:
 		err = errors.InvalidArgumentError("unknown private key type")
 	}
 	return
 }
 func (pk *PrivateKey) parsePrivateKey(data []byte) (err error) {
 	switch pk.PublicKey.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoRSAEncryptOnly:
 		return pk.parseRSAPrivateKey(data)
 	case PubKeyAlgoDSA:
 		return pk.parseDSAPrivateKey(data)
 	case PubKeyAlgoElGamal:
 		return pk.parseElGamalPrivateKey(data)
 	case PubKeyAlgoECDSA:
 		return pk.parseECDSAPrivateKey(data)
 	case PubKeyAlgoECDH:
 		return pk.parseECDHPrivateKey(data)
 	case PubKeyAlgoEdDSA:
 		return pk.parseEdDSAPrivateKey(data)
 	}
 	panic("impossible")
 }
 func (pk *PrivateKey) parseRSAPrivateKey(data []byte) (err error) {
 	rsaPub := pk.PublicKey.PublicKey.(*rsa.PublicKey)
 	rsaPriv := new(rsa.PrivateKey)
 	rsaPriv.PublicKey = *rsaPub
 	buf := bytes.NewBuffer(data)
 	d := new(encoding.MPI)
 	if _, err := d.ReadFrom(buf); err != nil {
 		return err
 	}
 	p := new(encoding.MPI)
 	if _, err := p.ReadFrom(buf); err != nil {
 		return err
 	}
 	q := new(encoding.MPI)
 	if _, err := q.ReadFrom(buf); err != nil {
 		return err
 	}
 	rsaPriv.D = new(big.Int).SetBytes(d.Bytes())
 	rsaPriv.Primes = make([]*big.Int, 2)
 	rsaPriv.Primes[0] = new(big.Int).SetBytes(p.Bytes())
 	rsaPriv.Primes[1] = new(big.Int).SetBytes(q.Bytes())
 	if err := rsaPriv.Validate(); err != nil {
 		return errors.KeyInvalidError(err.Error())
 	}
 	rsaPriv.Precompute()
 	pk.PrivateKey = rsaPriv
 	return nil
 }
 func (pk *PrivateKey) parseDSAPrivateKey(data []byte) (err error) {
 	dsaPub := pk.PublicKey.PublicKey.(*dsa.PublicKey)
 	dsaPriv := new(dsa.PrivateKey)
 	dsaPriv.PublicKey = *dsaPub
 	buf := bytes.NewBuffer(data)
 	x := new(encoding.MPI)
 	if _, err := x.ReadFrom(buf); err != nil {
 		return err
 	}
 	dsaPriv.X = new(big.Int).SetBytes(x.Bytes())
 	if err := validateDSAParameters(dsaPriv); err != nil {
 		return err
 	}
 	pk.PrivateKey = dsaPriv
 	return nil
 }
 func (pk *PrivateKey) parseElGamalPrivateKey(data []byte) (err error) {
 	pub := pk.PublicKey.PublicKey.(*elgamal.PublicKey)
 	priv := new(elgamal.PrivateKey)
 	priv.PublicKey = *pub
 	buf := bytes.NewBuffer(data)
 	x := new(encoding.MPI)
 	if _, err := x.ReadFrom(buf); err != nil {
 		return err
 	}
 	priv.X = new(big.Int).SetBytes(x.Bytes())
 	if err := validateElGamalParameters(priv); err != nil {
 		return err
 	}
 	pk.PrivateKey = priv
 	return nil
 }
 func (pk *PrivateKey) parseECDSAPrivateKey(data []byte) (err error) {
 	ecdsaPub := pk.PublicKey.PublicKey.(*ecdsa.PublicKey)
 	ecdsaPriv := ecdsa.NewPrivateKey(*ecdsaPub)
 	buf := bytes.NewBuffer(data)
 	d := new(encoding.MPI)
 	if _, err := d.ReadFrom(buf); err != nil {
 		return err
 	}
 	if err := ecdsaPriv.UnmarshalIntegerSecret(d.Bytes()); err != nil {
 		return err
 	}
 	if err := ecdsa.Validate(ecdsaPriv); err != nil {
 		return err
 	}
 	pk.PrivateKey = ecdsaPriv
 	return nil
 }
 func (pk *PrivateKey) parseECDHPrivateKey(data []byte) (err error) {
 	ecdhPub := pk.PublicKey.PublicKey.(*ecdh.PublicKey)
 	ecdhPriv := ecdh.NewPrivateKey(*ecdhPub)
 	buf := bytes.NewBuffer(data)
 	d := new(encoding.MPI)
 	if _, err := d.ReadFrom(buf); err != nil {
 		return err
 	}
 	if err := ecdhPriv.UnmarshalByteSecret(d.Bytes()); err != nil {
 		return err
 	}
 	if err := ecdh.Validate(ecdhPriv); err != nil {
 		return err
 	}
 	pk.PrivateKey = ecdhPriv
 	return nil
 }
 func (pk *PrivateKey) parseEdDSAPrivateKey(data []byte) (err error) {
 	eddsaPub := pk.PublicKey.PublicKey.(*eddsa.PublicKey)
 	eddsaPriv := eddsa.NewPrivateKey(*eddsaPub)
 	eddsaPriv.PublicKey = *eddsaPub
 	buf := bytes.NewBuffer(data)
 	d := new(encoding.MPI)
 	if _, err := d.ReadFrom(buf); err != nil {
 		return err
 	}
 	if err = eddsaPriv.UnmarshalByteSecret(d.Bytes()); err != nil {
 		return err
 	}
 	if err := eddsa.Validate(eddsaPriv); err != nil {
 		return err
 	}
 	pk.PrivateKey = eddsaPriv
 	return nil
 }
 func validateDSAParameters(priv *dsa.PrivateKey) error {
 	p := priv.P // group prime
 	q := priv.Q // subgroup order
 	g := priv.G // g has order q mod p
 	x := priv.X // secret
 	y := priv.Y // y == g**x mod p
 	one := big.NewInt(1)
 	// expect g, y >= 2 and g < p
 	if g.Cmp(one) <= 0 || y.Cmp(one) <= 0 || g.Cmp(p) > 0 {
 		return errors.KeyInvalidError("dsa: invalid group")
 	}
 	// expect p > q
 	if p.Cmp(q) <= 0 {
 		return errors.KeyInvalidError("dsa: invalid group prime")
 	}
 	// q should be large enough and divide p-1
 	pSub1 := new(big.Int).Sub(p, one)
 	if q.BitLen() < 150 || new(big.Int).Mod(pSub1, q).Cmp(big.NewInt(0)) != 0 {
 		return errors.KeyInvalidError("dsa: invalid order")
 	}
 	// confirm that g has order q mod p
 	if !q.ProbablyPrime(32) || new(big.Int).Exp(g, q, p).Cmp(one) != 0 {
 		return errors.KeyInvalidError("dsa: invalid order")
 	}
 	// check y
 	if new(big.Int).Exp(g, x, p).Cmp(y) != 0 {
 		return errors.KeyInvalidError("dsa: mismatching values")
 	}
 	return nil
 }
 func validateElGamalParameters(priv *elgamal.PrivateKey) error {
 	p := priv.P // group prime
 	g := priv.G // g has order p-1 mod p
 	x := priv.X // secret
 	y := priv.Y // y == g**x mod p
 	one := big.NewInt(1)
 	// Expect g, y >= 2 and g < p
 	if g.Cmp(one) <= 0 || y.Cmp(one) <= 0 || g.Cmp(p) > 0 {
 		return errors.KeyInvalidError("elgamal: invalid group")
 	}
 	if p.BitLen() < 1024 {
 		return errors.KeyInvalidError("elgamal: group order too small")
 	}
 	pSub1 := new(big.Int).Sub(p, one)
 	if new(big.Int).Exp(g, pSub1, p).Cmp(one) != 0 {
 		return errors.KeyInvalidError("elgamal: invalid group")
 	}
 	// Since p-1 is not prime, g might have a smaller order that divides p-1.
 	// We cannot confirm the exact order of g, but we make sure it is not too small.
 	gExpI := new(big.Int).Set(g)
 	i := 1
 	threshold := 2 << 17 // we want order > threshold
 	for i < threshold {
 		i++ // we check every order to make sure key validation is not easily bypassed by guessing y'
 		gExpI.Mod(new(big.Int).Mul(gExpI, g), p)
 		if gExpI.Cmp(one) == 0 {
 			return errors.KeyInvalidError("elgamal: order too small")
 		}
 	}
 	// Check y
 	if new(big.Int).Exp(g, x, p).Cmp(y) != 0 {
 		return errors.KeyInvalidError("elgamal: mismatching values")
 	}
 	return nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key_test_data.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key_test_data.go
@ -0,0 +1,12 @@
 package packet
 // Generated with `gpg --export-secret-keys "Test Key 2"`
 const privKeyRSAHex = "9501fe044cc349a8010400b70ca0010e98c090008d45d1ee8f9113bd5861fd57b88bacb7c68658747663f1e1a3b5a98f32fda6472373c024b97359cd2efc88ff60f77751adfbf6af5e615e6a1408cfad8bf0cea30b0d5f53aa27ad59089ba9b15b7ebc2777a25d7b436144027e3bcd203909f147d0e332b240cf63d3395f5dfe0df0a6c04e8655af7eacdf0011010001fe0303024a252e7d475fd445607de39a265472aa74a9320ba2dac395faa687e9e0336aeb7e9a7397e511b5afd9dc84557c80ac0f3d4d7bfec5ae16f20d41c8c84a04552a33870b930420e230e179564f6d19bb153145e76c33ae993886c388832b0fa042ddda7f133924f3854481533e0ede31d51278c0519b29abc3bf53da673e13e3e1214b52413d179d7f66deee35cac8eacb060f78379d70ef4af8607e68131ff529439668fc39c9ce6dfef8a5ac234d234802cbfb749a26107db26406213ae5c06d4673253a3cbee1fcbae58d6ab77e38d6e2c0e7c6317c48e054edadb5a40d0d48acb44643d998139a8a66bb820be1f3f80185bc777d14b5954b60effe2448a036d565c6bc0b915fcea518acdd20ab07bc1529f561c58cd044f723109b93f6fd99f876ff891d64306b5d08f48bab59f38695e9109c4dec34013ba3153488ce070268381ba923ee1eb77125b36afcb4347ec3478c8f2735b06ef17351d872e577fa95d0c397c88c71b59629a36aec"
 // Generated by `gpg --export-secret-keys` followed by a manual extraction of
 // the ElGamal subkey from the packets.
 const privKeyElGamalHex = "9d0157044df9ee1a100400eb8e136a58ec39b582629cdadf830bc64e0a94ed8103ca8bb247b27b11b46d1d25297ef4bcc3071785ba0c0bedfe89eabc5287fcc0edf81ab5896c1c8e4b20d27d79813c7aede75320b33eaeeaa586edc00fd1036c10133e6ba0ff277245d0d59d04b2b3421b7244aca5f4a8d870c6f1c1fbff9e1c26699a860b9504f35ca1d700030503fd1ededd3b840795be6d9ccbe3c51ee42e2f39233c432b831ddd9c4e72b7025a819317e47bf94f9ee316d7273b05d5fcf2999c3a681f519b1234bbfa6d359b4752bd9c3f77d6b6456cde152464763414ca130f4e91d91041432f90620fec0e6d6b5116076c2985d5aeaae13be492b9b329efcaf7ee25120159a0a30cd976b42d7afe030302dae7eb80db744d4960c4df930d57e87fe81412eaace9f900e6c839817a614ddb75ba6603b9417c33ea7b6c93967dfa2bcff3fa3c74a5ce2c962db65b03aece14c96cbd0038fc"
 // pkcs1PrivKeyHex is a PKCS#1, RSA private key.
 // Generated by `openssl genrsa 1024 | openssl rsa -outform DER  | xxd -p`
 const pkcs1PrivKeyHex = "3082025d02010002818100e98edfa1c3b35884a54d0b36a6a603b0290fa85e49e30fa23fc94fef9c6790bc4849928607aa48d809da326fb42a969d06ad756b98b9c1a90f5d4a2b6d0ac05953c97f4da3120164a21a679793ce181c906dc01d235cc085ddcdf6ea06c389b6ab8885dfd685959e693138856a68a7e5db263337ff82a088d583a897cf2d59e9020301000102818100b6d5c9eb70b02d5369b3ee5b520a14490b5bde8a317d36f7e4c74b7460141311d1e5067735f8f01d6f5908b2b96fbd881f7a1ab9a84d82753e39e19e2d36856be960d05ac9ef8e8782ea1b6d65aee28fdfe1d61451e8cff0adfe84322f12cf455028b581cf60eb9e0e140ba5d21aeba6c2634d7c65318b9a665fc01c3191ca21024100fa5e818da3705b0fa33278bb28d4b6f6050388af2d4b75ec9375dd91ccf2e7d7068086a8b82a8f6282e4fbbdb8a7f2622eb97295249d87acea7f5f816f54d347024100eecf9406d7dc49cdfb95ab1eff4064de84c7a30f64b2798936a0d2018ba9eb52e4b636f82e96c49cc63b80b675e91e40d1b2e4017d4b9adaf33ab3d9cf1c214f024100c173704ace742c082323066226a4655226819a85304c542b9dacbeacbf5d1881ee863485fcf6f59f3a604f9b42289282067447f2b13dfeed3eab7851fc81e0550240741fc41f3fc002b382eed8730e33c5d8de40256e4accee846667f536832f711ab1d4590e7db91a8a116ac5bff3be13d3f9243ff2e976662aa9b395d907f8e9c9024046a5696c9ef882363e06c9fa4e2f5b580906452befba03f4a99d0f873697ef1f851d2226ca7934b30b7c3e80cb634a67172bbbf4781735fe3e09263e2dd723e7"
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
@ -0,0 +1,802 @@
 // Copyright 2011 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package packet
 import (
 	"crypto"
 	"crypto/dsa"
 	"crypto/rsa"
 	"crypto/sha1"
 	"crypto/sha256"
 	_ "crypto/sha512"
 	"encoding/binary"
 	"fmt"
 	"hash"
 	"io"
 	"math/big"
 	"strconv"
 	"time"
 	"github.com/ProtonMail/go-crypto/openpgp/ecdh"
 	"github.com/ProtonMail/go-crypto/openpgp/ecdsa"
 	"github.com/ProtonMail/go-crypto/openpgp/eddsa"
 	"github.com/ProtonMail/go-crypto/openpgp/elgamal"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
 )
 type kdfHashFunction byte
 type kdfAlgorithm byte
 // PublicKey represents an OpenPGP public key. See RFC 4880, section 5.5.2.
 type PublicKey struct {
 	Version      int
 	CreationTime time.Time
 	PubKeyAlgo   PublicKeyAlgorithm
 	PublicKey    interface{} // *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey or *eddsa.PublicKey
 	Fingerprint  []byte
 	KeyId        uint64
 	IsSubkey     bool
 	// RFC 4880 fields
 	n, e, p, q, g, y encoding.Field
 	// RFC 6637 fields
 	// oid contains the OID byte sequence identifying the elliptic curve used
 	oid encoding.Field
 	// kdf stores key derivation function parameters
 	// used for ECDH encryption. See RFC 6637, Section 9.
 	kdf encoding.Field
 }
 // UpgradeToV5 updates the version of the key to v5, and updates all necessary
 // fields.
 func (pk *PublicKey) UpgradeToV5() {
 	pk.Version = 5
 	pk.setFingerprintAndKeyId()
 }
 // signingKey provides a convenient abstraction over signature verification
 // for v3 and v4 public keys.
 type signingKey interface {
 	SerializeForHash(io.Writer) error
 	SerializeSignaturePrefix(io.Writer)
 	serializeWithoutHeaders(io.Writer) error
 }
 // NewRSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey.
 func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey {
 	pk := &PublicKey{
 		Version:      4,
 		CreationTime: creationTime,
 		PubKeyAlgo:   PubKeyAlgoRSA,
 		PublicKey:    pub,
 		n:            new(encoding.MPI).SetBig(pub.N),
 		e:            new(encoding.MPI).SetBig(big.NewInt(int64(pub.E))),
 	}
 	pk.setFingerprintAndKeyId()
 	return pk
 }
 // NewDSAPublicKey returns a PublicKey that wraps the given dsa.PublicKey.
 func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey {
 	pk := &PublicKey{
 		Version:      4,
 		CreationTime: creationTime,
 		PubKeyAlgo:   PubKeyAlgoDSA,
 		PublicKey:    pub,
 		p:            new(encoding.MPI).SetBig(pub.P),
 		q:            new(encoding.MPI).SetBig(pub.Q),
 		g:            new(encoding.MPI).SetBig(pub.G),
 		y:            new(encoding.MPI).SetBig(pub.Y),
 	}
 	pk.setFingerprintAndKeyId()
 	return pk
 }
 // NewElGamalPublicKey returns a PublicKey that wraps the given elgamal.PublicKey.
 func NewElGamalPublicKey(creationTime time.Time, pub *elgamal.PublicKey) *PublicKey {
 	pk := &PublicKey{
 		Version:      4,
 		CreationTime: creationTime,
 		PubKeyAlgo:   PubKeyAlgoElGamal,
 		PublicKey:    pub,
 		p:            new(encoding.MPI).SetBig(pub.P),
 		g:            new(encoding.MPI).SetBig(pub.G),
 		y:            new(encoding.MPI).SetBig(pub.Y),
 	}
 	pk.setFingerprintAndKeyId()
 	return pk
 }
 func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey {
 	pk := &PublicKey{
 		Version:      4,
 		CreationTime: creationTime,
 		PubKeyAlgo:   PubKeyAlgoECDSA,
 		PublicKey:    pub,
 		p:            encoding.NewMPI(pub.MarshalPoint()),
 	}
 	curveInfo := ecc.FindByCurve(pub.GetCurve())
 	if curveInfo == nil {
 		panic("unknown elliptic curve")
 	}
 	pk.oid = curveInfo.Oid
 	pk.setFingerprintAndKeyId()
 	return pk
 }
 func NewECDHPublicKey(creationTime time.Time, pub *ecdh.PublicKey) *PublicKey {
 	var pk *PublicKey
 	var kdf = encoding.NewOID([]byte{0x1, pub.Hash.Id(), pub.Cipher.Id()})
 	pk = &PublicKey{
 		Version:      4,
 		CreationTime: creationTime,
 		PubKeyAlgo:   PubKeyAlgoECDH,
 		PublicKey:    pub,
 		p:            encoding.NewMPI(pub.MarshalPoint()),
 		kdf:          kdf,
 	}
 	curveInfo := ecc.FindByCurve(pub.GetCurve())
 	if curveInfo == nil {
 		panic("unknown elliptic curve")
 	}
 	pk.oid = curveInfo.Oid
 	pk.setFingerprintAndKeyId()
 	return pk
 }
 func NewEdDSAPublicKey(creationTime time.Time, pub *eddsa.PublicKey) *PublicKey {
 	curveInfo := ecc.FindByCurve(pub.GetCurve())
 	pk := &PublicKey{
 		Version:      4,
 		CreationTime: creationTime,
 		PubKeyAlgo:   PubKeyAlgoEdDSA,
 		PublicKey:    pub,
 		oid:          curveInfo.Oid,
 		// Native point format, see draft-koch-eddsa-for-openpgp-04, Appendix B
 		p: encoding.NewMPI(pub.MarshalPoint()),
 	}
 	pk.setFingerprintAndKeyId()
 	return pk
 }
 func (pk *PublicKey) parse(r io.Reader) (err error) {
 	// RFC 4880, section 5.5.2
 	var buf [6]byte
 	_, err = readFull(r, buf[:])
 	if err != nil {
 		return
 	}
 	if buf[0] != 4 && buf[0] != 5 {
 		return errors.UnsupportedError("public key version " + strconv.Itoa(int(buf[0])))
 	}
 	pk.Version = int(buf[0])
 	if pk.Version == 5 {
 		var n [4]byte
 		_, err = readFull(r, n[:])
 		if err != nil {
 			return
 		}
 	}
 	pk.CreationTime = time.Unix(int64(uint32(buf[1])<<24|uint32(buf[2])<<16|uint32(buf[3])<<8|uint32(buf[4])), 0)
 	pk.PubKeyAlgo = PublicKeyAlgorithm(buf[5])
 	switch pk.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:
 		err = pk.parseRSA(r)
 	case PubKeyAlgoDSA:
 		err = pk.parseDSA(r)
 	case PubKeyAlgoElGamal:
 		err = pk.parseElGamal(r)
 	case PubKeyAlgoECDSA:
 		err = pk.parseECDSA(r)
 	case PubKeyAlgoECDH:
 		err = pk.parseECDH(r)
 	case PubKeyAlgoEdDSA:
 		err = pk.parseEdDSA(r)
 	default:
 		err = errors.UnsupportedError("public key type: " + strconv.Itoa(int(pk.PubKeyAlgo)))
 	}
 	if err != nil {
 		return
 	}
 	pk.setFingerprintAndKeyId()
 	return
 }
 func (pk *PublicKey) setFingerprintAndKeyId() {
 	// RFC 4880, section 12.2
 	if pk.Version == 5 {
 		fingerprint := sha256.New()
 		pk.SerializeForHash(fingerprint)
 		pk.Fingerprint = make([]byte, 32)
 		copy(pk.Fingerprint, fingerprint.Sum(nil))
 		pk.KeyId = binary.BigEndian.Uint64(pk.Fingerprint[:8])
 	} else {
 		fingerprint := sha1.New()
 		pk.SerializeForHash(fingerprint)
 		pk.Fingerprint = make([]byte, 20)
 		copy(pk.Fingerprint, fingerprint.Sum(nil))
 		pk.KeyId = binary.BigEndian.Uint64(pk.Fingerprint[12:20])
 	}
 }
 // parseRSA parses RSA public key material from the given Reader. See RFC 4880,
 // section 5.5.2.
 func (pk *PublicKey) parseRSA(r io.Reader) (err error) {
 	pk.n = new(encoding.MPI)
 	if _, err = pk.n.ReadFrom(r); err != nil {
 		return
 	}
 	pk.e = new(encoding.MPI)
 	if _, err = pk.e.ReadFrom(r); err != nil {
 		return
 	}
 	if len(pk.e.Bytes()) > 3 {
 		err = errors.UnsupportedError("large public exponent")
 		return
 	}
 	rsa := &rsa.PublicKey{
 		N: new(big.Int).SetBytes(pk.n.Bytes()),
 		E: 0,
 	}
 	for i := 0; i < len(pk.e.Bytes()); i++ {
 		rsa.E <<= 8
 		rsa.E |= int(pk.e.Bytes()[i])
 	}
 	pk.PublicKey = rsa
 	return
 }
 // parseDSA parses DSA public key material from the given Reader. See RFC 4880,
 // section 5.5.2.
 func (pk *PublicKey) parseDSA(r io.Reader) (err error) {
 	pk.p = new(encoding.MPI)
 	if _, err = pk.p.ReadFrom(r); err != nil {
 		return
 	}
 	pk.q = new(encoding.MPI)
 	if _, err = pk.q.ReadFrom(r); err != nil {
 		return
 	}
 	pk.g = new(encoding.MPI)
 	if _, err = pk.g.ReadFrom(r); err != nil {
 		return
 	}
 	pk.y = new(encoding.MPI)
 	if _, err = pk.y.ReadFrom(r); err != nil {
 		return
 	}
 	dsa := new(dsa.PublicKey)
 	dsa.P = new(big.Int).SetBytes(pk.p.Bytes())
 	dsa.Q = new(big.Int).SetBytes(pk.q.Bytes())
 	dsa.G = new(big.Int).SetBytes(pk.g.Bytes())
 	dsa.Y = new(big.Int).SetBytes(pk.y.Bytes())
 	pk.PublicKey = dsa
 	return
 }
 // parseElGamal parses ElGamal public key material from the given Reader. See
 // RFC 4880, section 5.5.2.
 func (pk *PublicKey) parseElGamal(r io.Reader) (err error) {
 	pk.p = new(encoding.MPI)
 	if _, err = pk.p.ReadFrom(r); err != nil {
 		return
 	}
 	pk.g = new(encoding.MPI)
 	if _, err = pk.g.ReadFrom(r); err != nil {
 		return
 	}
 	pk.y = new(encoding.MPI)
 	if _, err = pk.y.ReadFrom(r); err != nil {
 		return
 	}
 	elgamal := new(elgamal.PublicKey)
 	elgamal.P = new(big.Int).SetBytes(pk.p.Bytes())
 	elgamal.G = new(big.Int).SetBytes(pk.g.Bytes())
 	elgamal.Y = new(big.Int).SetBytes(pk.y.Bytes())
 	pk.PublicKey = elgamal
 	return
 }
 // parseECDSA parses ECDSA public key material from the given Reader. See
 // RFC 6637, Section 9.
 func (pk *PublicKey) parseECDSA(r io.Reader) (err error) {
 	pk.oid = new(encoding.OID)
 	if _, err = pk.oid.ReadFrom(r); err != nil {
 		return
 	}
 	pk.p = new(encoding.MPI)
 	if _, err = pk.p.ReadFrom(r); err != nil {
 		return
 	}
 	curveInfo := ecc.FindByOid(pk.oid)
 	if curveInfo == nil {
 		return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid))
 	}
 	c, ok := curveInfo.Curve.(ecc.ECDSACurve)
 	if !ok {
 		return errors.UnsupportedError(fmt.Sprintf("unsupported oid: %x", pk.oid))
 	}
 	ecdsaKey := ecdsa.NewPublicKey(c)
 	err = ecdsaKey.UnmarshalPoint(pk.p.Bytes())
 	pk.PublicKey = ecdsaKey
 	return
 }
 // parseECDH parses ECDH public key material from the given Reader. See
 // RFC 6637, Section 9.
 func (pk *PublicKey) parseECDH(r io.Reader) (err error) {
 	pk.oid = new(encoding.OID)
 	if _, err = pk.oid.ReadFrom(r); err != nil {
 		return
 	}
 	pk.p = new(encoding.MPI)
 	if _, err = pk.p.ReadFrom(r); err != nil {
 		return
 	}
 	pk.kdf = new(encoding.OID)
 	if _, err = pk.kdf.ReadFrom(r); err != nil {
 		return
 	}
 	curveInfo := ecc.FindByOid(pk.oid)
 	if curveInfo == nil {
 		return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid))
 	}
 	c, ok := curveInfo.Curve.(ecc.ECDHCurve)
 	if !ok {
 		return errors.UnsupportedError(fmt.Sprintf("unsupported oid: %x", pk.oid))
 	}
 	if kdfLen := len(pk.kdf.Bytes()); kdfLen < 3 {
 		return errors.UnsupportedError("unsupported ECDH KDF length: " + strconv.Itoa(kdfLen))
 	}
 	if reserved := pk.kdf.Bytes()[0]; reserved != 0x01 {
 		return errors.UnsupportedError("unsupported KDF reserved field: " + strconv.Itoa(int(reserved)))
 	}
 	kdfHash, ok := algorithm.HashById[pk.kdf.Bytes()[1]]
 	if !ok {
 		return errors.UnsupportedError("unsupported ECDH KDF hash: " + strconv.Itoa(int(pk.kdf.Bytes()[1])))
 	}
 	kdfCipher, ok := algorithm.CipherById[pk.kdf.Bytes()[2]]
 	if !ok {
 		return errors.UnsupportedError("unsupported ECDH KDF cipher: " + strconv.Itoa(int(pk.kdf.Bytes()[2])))
 	}
 	ecdhKey := ecdh.NewPublicKey(c, kdfHash, kdfCipher)
 	err = ecdhKey.UnmarshalPoint(pk.p.Bytes())
 	pk.PublicKey = ecdhKey
 	return
 }
 func (pk *PublicKey) parseEdDSA(r io.Reader) (err error) {
 	pk.oid = new(encoding.OID)
 	if _, err = pk.oid.ReadFrom(r); err != nil {
 		return
 	}
 	curveInfo := ecc.FindByOid(pk.oid)
 	if curveInfo == nil {
 		return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid))
 	}
 	c, ok := curveInfo.Curve.(ecc.EdDSACurve)
 	if !ok {
 		return errors.UnsupportedError(fmt.Sprintf("unsupported oid: %x", pk.oid))
 	}
 	pk.p = new(encoding.MPI)
 	if _, err = pk.p.ReadFrom(r); err != nil {
 		return
 	}
 	pub := eddsa.NewPublicKey(c)
 	switch flag := pk.p.Bytes()[0]; flag {
 	case 0x04:
 		// TODO: see _grcy_ecc_eddsa_ensure_compact in grcypt
 		return errors.UnsupportedError("unsupported EdDSA compression: " + strconv.Itoa(int(flag)))
 	case 0x40:
 		err = pub.UnmarshalPoint(pk.p.Bytes())
 	default:
 		return errors.UnsupportedError("unsupported EdDSA compression: " + strconv.Itoa(int(flag)))
 	}
 	pk.PublicKey = pub
 	return
 }
 // SerializeForHash serializes the PublicKey to w with the special packet
 // header format needed for hashing.
 func (pk *PublicKey) SerializeForHash(w io.Writer) error {
 	pk.SerializeSignaturePrefix(w)
 	return pk.serializeWithoutHeaders(w)
 }
 // SerializeSignaturePrefix writes the prefix for this public key to the given Writer.
 // The prefix is used when calculating a signature over this public key. See
 // RFC 4880, section 5.2.4.
 func (pk *PublicKey) SerializeSignaturePrefix(w io.Writer) {
 	var pLength = pk.algorithmSpecificByteCount()
 	if pk.Version == 5 {
 		pLength += 10 // version, timestamp (4), algorithm, key octet count (4).
 		w.Write([]byte{
 			0x9A,
 			byte(pLength >> 24),
 			byte(pLength >> 16),
 			byte(pLength >> 8),
 			byte(pLength),
 		})
 		return
 	}
 	pLength += 6
 	w.Write([]byte{0x99, byte(pLength >> 8), byte(pLength)})
 }
 func (pk *PublicKey) Serialize(w io.Writer) (err error) {
 	length := 6 // 6 byte header
 	length += pk.algorithmSpecificByteCount()
 	if pk.Version == 5 {
 		length += 4 // octet key count
 	}
 	packetType := packetTypePublicKey
 	if pk.IsSubkey {
 		packetType = packetTypePublicSubkey
 	}
 	err = serializeHeader(w, packetType, length)
 	if err != nil {
 		return
 	}
 	return pk.serializeWithoutHeaders(w)
 }
 func (pk *PublicKey) algorithmSpecificByteCount() int {
 	length := 0
 	switch pk.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:
 		length += int(pk.n.EncodedLength())
 		length += int(pk.e.EncodedLength())
 	case PubKeyAlgoDSA:
 		length += int(pk.p.EncodedLength())
 		length += int(pk.q.EncodedLength())
 		length += int(pk.g.EncodedLength())
 		length += int(pk.y.EncodedLength())
 	case PubKeyAlgoElGamal:
 		length += int(pk.p.EncodedLength())
 		length += int(pk.g.EncodedLength())
 		length += int(pk.y.EncodedLength())
 	case PubKeyAlgoECDSA:
 		length += int(pk.oid.EncodedLength())
 		length += int(pk.p.EncodedLength())
 	case PubKeyAlgoECDH:
 		length += int(pk.oid.EncodedLength())
 		length += int(pk.p.EncodedLength())
 		length += int(pk.kdf.EncodedLength())
 	case PubKeyAlgoEdDSA:
 		length += int(pk.oid.EncodedLength())
 		length += int(pk.p.EncodedLength())
 	default:
 		panic("unknown public key algorithm")
 	}
 	return length
 }
 // serializeWithoutHeaders marshals the PublicKey to w in the form of an
 // OpenPGP public key packet, not including the packet header.
 func (pk *PublicKey) serializeWithoutHeaders(w io.Writer) (err error) {
 	t := uint32(pk.CreationTime.Unix())
 	if _, err = w.Write([]byte{
 		byte(pk.Version),
 		byte(t >> 24), byte(t >> 16), byte(t >> 8), byte(t),
 		byte(pk.PubKeyAlgo),
 	}); err != nil {
 		return
 	}
 	if pk.Version == 5 {
 		n := pk.algorithmSpecificByteCount()
 		if _, err = w.Write([]byte{
 			byte(n >> 24), byte(n >> 16), byte(n >> 8), byte(n),
 		}); err != nil {
 			return
 		}
 	}
 	switch pk.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:
 		if _, err = w.Write(pk.n.EncodedBytes()); err != nil {
 			return
 		}
 		_, err = w.Write(pk.e.EncodedBytes())
 		return
 	case PubKeyAlgoDSA:
 		if _, err = w.Write(pk.p.EncodedBytes()); err != nil {
 			return
 		}
 		if _, err = w.Write(pk.q.EncodedBytes()); err != nil {
 			return
 		}
 		if _, err = w.Write(pk.g.EncodedBytes()); err != nil {
 			return
 		}
 		_, err = w.Write(pk.y.EncodedBytes())
 		return
 	case PubKeyAlgoElGamal:
 		if _, err = w.Write(pk.p.EncodedBytes()); err != nil {
 			return
 		}
 		if _, err = w.Write(pk.g.EncodedBytes()); err != nil {
 			return
 		}
 		_, err = w.Write(pk.y.EncodedBytes())
 		return
 	case PubKeyAlgoECDSA:
 		if _, err = w.Write(pk.oid.EncodedBytes()); err != nil {
 			return
 		}
 		_, err = w.Write(pk.p.EncodedBytes())
 		return
 	case PubKeyAlgoECDH:
 		if _, err = w.Write(pk.oid.EncodedBytes()); err != nil {
 			return
 		}
 		if _, err = w.Write(pk.p.EncodedBytes()); err != nil {
 			return
 		}
 		_, err = w.Write(pk.kdf.EncodedBytes())
 		return
 	case PubKeyAlgoEdDSA:
 		if _, err = w.Write(pk.oid.EncodedBytes()); err != nil {
 			return
 		}
 		_, err = w.Write(pk.p.EncodedBytes())
 		return
 	}
 	return errors.InvalidArgumentError("bad public-key algorithm")
 }
 // CanSign returns true iff this public key can generate signatures
 func (pk *PublicKey) CanSign() bool {
 	return pk.PubKeyAlgo != PubKeyAlgoRSAEncryptOnly && pk.PubKeyAlgo != PubKeyAlgoElGamal && pk.PubKeyAlgo != PubKeyAlgoECDH
 }
 // VerifySignature returns nil iff sig is a valid signature, made by this
 // public key, of the data hashed into signed. signed is mutated by this call.
 func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err error) {
 	if !pk.CanSign() {
 		return errors.InvalidArgumentError("public key cannot generate signatures")
 	}
 	if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) {
 		sig.AddMetadataToHashSuffix()
 	}
 	signed.Write(sig.HashSuffix)
 	hashBytes := signed.Sum(nil)
 	if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] {
 		return errors.SignatureError("hash tag doesn't match")
 	}
 	if pk.PubKeyAlgo != sig.PubKeyAlgo {
 		return errors.InvalidArgumentError("public key and signature use different algorithms")
 	}
 	switch pk.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
 		rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey)
 		err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.Bytes()))
 		if err != nil {
 			return errors.SignatureError("RSA verification failure")
 		}
 		return nil
 	case PubKeyAlgoDSA:
 		dsaPublicKey, _ := pk.PublicKey.(*dsa.PublicKey)
 		// Need to truncate hashBytes to match FIPS 186-3 section 4.6.
 		subgroupSize := (dsaPublicKey.Q.BitLen() + 7) / 8
 		if len(hashBytes) > subgroupSize {
 			hashBytes = hashBytes[:subgroupSize]
 		}
 		if !dsa.Verify(dsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.DSASigR.Bytes()), new(big.Int).SetBytes(sig.DSASigS.Bytes())) {
 			return errors.SignatureError("DSA verification failure")
 		}
 		return nil
 	case PubKeyAlgoECDSA:
 		ecdsaPublicKey := pk.PublicKey.(*ecdsa.PublicKey)
 		if !ecdsa.Verify(ecdsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.ECDSASigR.Bytes()), new(big.Int).SetBytes(sig.ECDSASigS.Bytes())) {
 			return errors.SignatureError("ECDSA verification failure")
 		}
 		return nil
 	case PubKeyAlgoEdDSA:
 		eddsaPublicKey := pk.PublicKey.(*eddsa.PublicKey)
 		if !eddsa.Verify(eddsaPublicKey, hashBytes, sig.EdDSASigR.Bytes(), sig.EdDSASigS.Bytes()) {
 			return errors.SignatureError("EdDSA verification failure")
 		}
 		return nil
 	default:
 		return errors.SignatureError("Unsupported public key algorithm used in signature")
 	}
 }
 // keySignatureHash returns a Hash of the message that needs to be signed for
 // pk to assert a subkey relationship to signed.
 func keySignatureHash(pk, signed signingKey, hashFunc crypto.Hash) (h hash.Hash, err error) {
 	if !hashFunc.Available() {
 		return nil, errors.UnsupportedError("hash function")
 	}
 	h = hashFunc.New()
 	// RFC 4880, section 5.2.4
 	err = pk.SerializeForHash(h)
 	if err != nil {
 		return nil, err
 	}
 	err = signed.SerializeForHash(h)
 	return
 }
 // VerifyKeySignature returns nil iff sig is a valid signature, made by this
 // public key, of signed.
 func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) error {
 	h, err := keySignatureHash(pk, signed, sig.Hash)
 	if err != nil {
 		return err
 	}
 	if err = pk.VerifySignature(h, sig); err != nil {
 		return err
 	}
 	if sig.FlagSign {
 		// Signing subkeys must be cross-signed. See
 		// https://www.gnupg.org/faq/subkey-cross-certify.html.
 		if sig.EmbeddedSignature == nil {
 			return errors.StructuralError("signing subkey is missing cross-signature")
 		}
 		// Verify the cross-signature. This is calculated over the same
 		// data as the main signature, so we cannot just recursively
 		// call signed.VerifyKeySignature(...)
 		if h, err = keySignatureHash(pk, signed, sig.EmbeddedSignature.Hash); err != nil {
 			return errors.StructuralError("error while hashing for cross-signature: " + err.Error())
 		}
 		if err := signed.VerifySignature(h, sig.EmbeddedSignature); err != nil {
 			return errors.StructuralError("error while verifying cross-signature: " + err.Error())
 		}
 	}
 	return nil
 }
 func keyRevocationHash(pk signingKey, hashFunc crypto.Hash) (h hash.Hash, err error) {
 	if !hashFunc.Available() {
 		return nil, errors.UnsupportedError("hash function")
 	}
 	h = hashFunc.New()
 	// RFC 4880, section 5.2.4
 	err = pk.SerializeForHash(h)
 	return
 }
 // VerifyRevocationSignature returns nil iff sig is a valid signature, made by this
 // public key.
 func (pk *PublicKey) VerifyRevocationSignature(sig *Signature) (err error) {
 	h, err := keyRevocationHash(pk, sig.Hash)
 	if err != nil {
 		return err
 	}
 	return pk.VerifySignature(h, sig)
 }
 // VerifySubkeyRevocationSignature returns nil iff sig is a valid subkey revocation signature,
 // made by this public key, of signed.
 func (pk *PublicKey) VerifySubkeyRevocationSignature(sig *Signature, signed *PublicKey) (err error) {
 	h, err := keySignatureHash(pk, signed, sig.Hash)
 	if err != nil {
 		return err
 	}
 	return pk.VerifySignature(h, sig)
 }
 // userIdSignatureHash returns a Hash of the message that needs to be signed
 // to assert that pk is a valid key for id.
 func userIdSignatureHash(id string, pk *PublicKey, hashFunc crypto.Hash) (h hash.Hash, err error) {
 	if !hashFunc.Available() {
 		return nil, errors.UnsupportedError("hash function")
 	}
 	h = hashFunc.New()
 	// RFC 4880, section 5.2.4
 	pk.SerializeSignaturePrefix(h)
 	pk.serializeWithoutHeaders(h)
 	var buf [5]byte
 	buf[0] = 0xb4
 	buf[1] = byte(len(id) >> 24)
 	buf[2] = byte(len(id) >> 16)
 	buf[3] = byte(len(id) >> 8)
 	buf[4] = byte(len(id))
 	h.Write(buf[:])
 	h.Write([]byte(id))
 	return
 }
 // VerifyUserIdSignature returns nil iff sig is a valid signature, made by this
 // public key, that id is the identity of pub.
 func (pk *PublicKey) VerifyUserIdSignature(id string, pub *PublicKey, sig *Signature) (err error) {
 	h, err := userIdSignatureHash(id, pub, sig.Hash)
 	if err != nil {
 		return err
 	}
 	return pk.VerifySignature(h, sig)
 }
 // KeyIdString returns the public key's fingerprint in capital hex
 // (e.g. "6C7EE1B8621CC013").
 func (pk *PublicKey) KeyIdString() string {
 	return fmt.Sprintf("%X", pk.Fingerprint[12:20])
 }
 // KeyIdShortString returns the short form of public key's fingerprint
 // in capital hex, as shown by gpg --list-keys (e.g. "621CC013").
 func (pk *PublicKey) KeyIdShortString() string {
 	return fmt.Sprintf("%X", pk.Fingerprint[16:20])
 }
 // BitLength returns the bit length for the given public key.
 func (pk *PublicKey) BitLength() (bitLength uint16, err error) {
 	switch pk.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:
 		bitLength = pk.n.BitLength()
 	case PubKeyAlgoDSA:
 		bitLength = pk.p.BitLength()
 	case PubKeyAlgoElGamal:
 		bitLength = pk.p.BitLength()
 	case PubKeyAlgoECDSA:
 		bitLength = pk.p.BitLength()
 	case PubKeyAlgoECDH:
 		bitLength = pk.p.BitLength()
 	case PubKeyAlgoEdDSA:
 		bitLength = pk.p.BitLength()
 	default:
 		err = errors.InvalidArgumentError("bad public-key algorithm")
 	}
 	return
 }
 // KeyExpired returns whether sig is a self-signature of a key that has
 // expired or is created in the future.
 func (pk *PublicKey) KeyExpired(sig *Signature, currentTime time.Time) bool {
 	if pk.CreationTime.After(currentTime) {
 		return true
 	}
 	if sig.KeyLifetimeSecs == nil || *sig.KeyLifetimeSecs == 0 {
 		return false
 	}
 	expiry := pk.CreationTime.Add(time.Duration(*sig.KeyLifetimeSecs) * time.Second)
 	return currentTime.After(expiry)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key_test_data.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key_test_data.go
@ -0,0 +1,24 @@
 package packet
 const rsaFingerprintHex = "5fb74b1d03b1e3cb31bc2f8aa34d7e18c20c31bb"
 const rsaPkDataHex = "988d044d3c5c10010400b1d13382944bd5aba23a4312968b5095d14f947f600eb478e14a6fcb16b0e0cac764884909c020bc495cfcc39a935387c661507bdb236a0612fb582cac3af9b29cc2c8c70090616c41b662f4da4c1201e195472eb7f4ae1ccbcbf9940fe21d985e379a5563dde5b9a23d35f1cfaa5790da3b79db26f23695107bfaca8e7b5bcd0011010001"
 const dsaFingerprintHex = "eece4c094db002103714c63c8e8fbe54062f19ed"
 const dsaPkDataHex = "9901a2044d432f89110400cd581334f0d7a1e1bdc8b9d6d8c0baf68793632735d2bb0903224cbaa1dfbf35a60ee7a13b92643421e1eb41aa8d79bea19a115a677f6b8ba3c7818ce53a6c2a24a1608bd8b8d6e55c5090cbde09dd26e356267465ae25e69ec8bdd57c7bbb2623e4d73336f73a0a9098f7f16da2e25252130fd694c0e8070c55a812a423ae7f00a0ebf50e70c2f19c3520a551bd4b08d30f23530d3d03ff7d0bf4a53a64a09dc5e6e6e35854b7d70c882b0c60293401958b1bd9e40abec3ea05ba87cf64899299d4bd6aa7f459c201d3fbbd6c82004bdc5e8a9eb8082d12054cc90fa9d4ec251a843236a588bf49552441817436c4f43326966fe85447d4e6d0acf8fa1ef0f014730770603ad7634c3088dc52501c237328417c31c89ed70400b2f1a98b0bf42f11fefc430704bebbaa41d9f355600c3facee1e490f64208e0e094ea55e3a598a219a58500bf78ac677b670a14f4e47e9cf8eab4f368cc1ddcaa18cc59309d4cc62dd4f680e73e6cc3e1ce87a84d0925efbcb26c575c093fc42eecf45135fabf6403a25c2016e1774c0484e440a18319072c617cc97ac0a3bb0"
 const ecdsaFingerprintHex = "9892270b38b8980b05c8d56d43fe956c542ca00b"
 const ecdsaPkDataHex = "9893045071c29413052b8104002304230401f4867769cedfa52c325018896245443968e52e51d0c2df8d939949cb5b330f2921711fbee1c9b9dddb95d15cb0255e99badeddda7cc23d9ddcaacbc290969b9f24019375d61c2e4e3b36953a28d8b2bc95f78c3f1d592fb24499be348656a7b17e3963187b4361afe497bc5f9f81213f04069f8e1fb9e6a6290ae295ca1a92b894396cb4"
 const ecdhFingerprintHex = "722354df2475a42164d1d49faa8b938f9a201946"
 const ecdhPkDataHex = "b90073044d53059212052b810400220303042faa84024a20b6735c4897efa5bfb41bf85b7eefeab5ca0cb9ffc8ea04a46acb25534a577694f9e25340a4ab5223a9dd1eda530c8aa2e6718db10d7e672558c7736fe09369ea5739a2a3554bf16d41faa50562f11c6d39bbd5dffb6b9a9ec91803010909"
 const eddsaFingerprintHex = "b2d5e5ec0e6deca6bc8eeeb00907e75e1dd99ad8"
 const eddsaPkDataHex = "98330456e2132b16092b06010401da470f01010740bbda39266affa511a8c2d02edf690fb784b0499c4406185811a163539ef11dc1b41d74657374696e67203c74657374696e674074657374696e672e636f6d3e8879041316080021050256e2132b021b03050b09080702061508090a0b020416020301021e01021780000a09100907e75e1dd99ad86d0c00fe39d2008359352782bc9b61ac382584cd8eff3f57a18c2287e3afeeb05d1f04ba00fe2d0bc1ddf3ff8adb9afa3e7d9287244b4ec567f3db4d60b74a9b5465ed528203"
 // Source: https://sites.google.com/site/brainhub/pgpecckeys#TOC-ECC-NIST-P-384-key
 const ecc384PubHex = `99006f044d53059213052b81040022030304f6b8c5aced5b84ef9f4a209db2e4a9dfb70d28cb8c10ecd57674a9fa5a67389942b62d5e51367df4c7bfd3f8e500feecf07ed265a621a8ebbbe53e947ec78c677eba143bd1533c2b350e1c29f82313e1e1108eba063be1e64b10e6950e799c2db42465635f6473615f64685f333834203c6f70656e70677040627261696e6875622e6f72673e8900cb04101309005305024d530592301480000000002000077072656665727265642d656d61696c2d656e636f64696e67407067702e636f6d7067706d696d65040b090807021901051b03000000021602051e010000000415090a08000a0910098033880f54719fca2b0180aa37350968bd5f115afd8ce7bc7b103822152dbff06d0afcda835329510905b98cb469ba208faab87c7412b799e7b633017f58364ea480e8a1a3f253a0c5f22c446e8be9a9fce6210136ee30811abbd49139de28b5bdf8dc36d06ae748579e9ff503b90073044d53059212052b810400220303042faa84024a20b6735c4897efa5bfb41bf85b7eefeab5ca0cb9ffc8ea04a46acb25534a577694f9e25340a4ab5223a9dd1eda530c8aa2e6718db10d7e672558c7736fe09369ea5739a2a3554bf16d41faa50562f11c6d39bbd5dffb6b9a9ec9180301090989008404181309000c05024d530592051b0c000000000a0910098033880f54719f80970180eee7a6d8fcee41ee4f9289df17f9bcf9d955dca25c583b94336f3a2b2d4986dc5cf417b8d2dc86f741a9e1a6d236c0e3017d1c76575458a0cfb93ae8a2b274fcc65ceecd7a91eec83656ba13219969f06945b48c56bd04152c3a0553c5f2f4bd1267`
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/reader.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/reader.go
@ -5,8 +5,9 @@
 package packet
 import (
 	"golang.org/x/crypto/openpgp/errors"
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 )
 // Reader reads packets from an io.Reader and allows packets to be 'unread' so
@ -42,9 +43,18 @@ func (r *Reader) Next() (p Packet, err error) {
 			r.readers = r.readers[:len(r.readers)-1]
 			continue
 		}
-		if _, ok := err.(errors.UnknownPacketTypeError); !ok {
+		// TODO: Add strict mode that rejects unknown packets, instead of ignoring them.
-			return nil, err
+		if _, ok := err.(errors.UnknownPacketTypeError); ok {
 			continue
 		}
 		if _, ok := err.(errors.UnsupportedError); ok {
 			switch p.(type) {
 			case *SymmetricallyEncrypted, *AEADEncrypted, *Compressed, *LiteralData:
 				return nil, err
 			}
 			continue
 		}
 		return nil, err
 	}
 	return nil, io.EOF
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
@ -8,17 +8,17 @@ import (
 	"bytes"
 	"crypto"
 	"crypto/dsa"
 	"crypto/ecdsa"
 	"encoding/asn1"
 	"encoding/binary"
 	"hash"
 	"io"
 	"math/big"
 	"strconv"
 	"time"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/ecdsa"
-	"golang.org/x/crypto/openpgp/s2k"
+	"github.com/ProtonMail/go-crypto/openpgp/eddsa"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
 )
 const (
@ -27,10 +27,15 @@ const (
 	KeyFlagSign
 	KeyFlagEncryptCommunications
 	KeyFlagEncryptStorage
 	KeyFlagSplitKey
 	KeyFlagAuthenticate
 	_
 	KeyFlagGroupKey
 )
 // Signature represents a signature. See RFC 4880, section 5.2.
 type Signature struct {
 	Version    int
 	SigType    SignatureType
 	PubKeyAlgo PublicKeyAlgorithm
 	Hash       crypto.Hash
@ -39,12 +44,19 @@ type Signature struct {
 	HashSuffix []byte
 	// HashTag contains the first two bytes of the hash for fast rejection
 	// of bad signed data.
-	HashTag      [2]byte
+	HashTag [2]byte
 	// Metadata includes format, filename and time, and is protected by v5
 	// signatures of type 0x00 or 0x01. This metadata is included into the hash
 	// computation; if nil, six 0x00 bytes are used instead. See section 5.2.4.
 	Metadata *LiteralData
 	CreationTime time.Time
-	RSASignature         parsedMPI
+	RSASignature         encoding.Field
-	DSASigR, DSASigS     parsedMPI
+	DSASigR, DSASigS     encoding.Field
-	ECDSASigR, ECDSASigS parsedMPI
+	ECDSASigR, ECDSASigS encoding.Field
 	EdDSASigR, EdDSASigS encoding.Field
 	// rawSubpackets contains the unparsed subpackets, in order.
 	rawSubpackets []outputSubpacket
@ -54,22 +66,44 @@ type Signature struct {
 	SigLifetimeSecs, KeyLifetimeSecs                        *uint32
 	PreferredSymmetric, PreferredHash, PreferredCompression []uint8
 	PreferredCipherSuites                                   [][2]uint8
 	IssuerKeyId                                             *uint64
 	IssuerFingerprint                                       []byte
 	SignerUserId                                            *string
 	IsPrimaryId                                             *bool
 	Notations                                               []*Notation
 	// TrustLevel and TrustAmount can be set by the signer to assert that 
 	// the key is not only valid but also trustworthy at the specified 
 	// level. 
 	// See RFC 4880, section 5.2.3.13 for details. 
 	TrustLevel TrustLevel
 	TrustAmount TrustAmount
 	// TrustRegularExpression can be used in conjunction with trust Signature
 	// packets to limit the scope of the trust that is extended. 
 	// See RFC 4880, section 5.2.3.14 for details.
 	TrustRegularExpression *string
 	// PolicyURI can be set to the URI of a document that describes the
 	// policy under which the signature was issued. See RFC 4880, section
 	// 5.2.3.20 for details.
 	PolicyURI string
 	// FlagsValid is set if any flags were given. See RFC 4880, section
 	// 5.2.3.21 for details.
-	FlagsValid                                                           bool
+	FlagsValid                                                                                                         bool
-	FlagCertify, FlagSign, FlagEncryptCommunications, FlagEncryptStorage bool
+	FlagCertify, FlagSign, FlagEncryptCommunications, FlagEncryptStorage, FlagSplitKey, FlagAuthenticate, FlagGroupKey bool
 	// RevocationReason is set if this signature has been revoked.
 	// See RFC 4880, section 5.2.3.23 for details.
-	RevocationReason     *uint8
+	RevocationReason     *ReasonForRevocation
 	RevocationReasonText string
-	// MDC is set if this signature has a feature packet that indicates
+	// In a self-signature, these flags are set there is a features subpacket
-	// support for MDC subpackets.
+	// indicating that the issuer implementation supports these features
-	MDC bool
+	// see https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#features-subpacket
 	SEIPDv1, SEIPDv2 bool
 	// EmbeddedSignature, if non-nil, is a signature of the parent key, by
 	// this key. This prevents an attacker from claiming another's signing
@ -86,11 +120,11 @@ func (sig *Signature) parse(r io.Reader) (err error) {
 	if err != nil {
 		return
 	}
-	if buf[0] != 4 {
+	if buf[0] != 4 && buf[0] != 5 {
 		err = errors.UnsupportedError("signature packet version " + strconv.Itoa(int(buf[0])))
 		return
 	}
-
+	sig.Version = int(buf[0])
 	_, err = readFull(r, buf[:5])
 	if err != nil {
 		return
@ -98,36 +132,34 @@ func (sig *Signature) parse(r io.Reader) (err error) {
 	sig.SigType = SignatureType(buf[0])
 	sig.PubKeyAlgo = PublicKeyAlgorithm(buf[1])
 	switch sig.PubKeyAlgo {
-	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA:
+	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA, PubKeyAlgoEdDSA:
 	default:
 		err = errors.UnsupportedError("public key algorithm " + strconv.Itoa(int(sig.PubKeyAlgo)))
 		return
 	}
 	var ok bool
-	sig.Hash, ok = s2k.HashIdToHash(buf[2])
+
 	if sig.Version < 5 {
 		sig.Hash, ok = algorithm.HashIdToHashWithSha1(buf[2])
 	} else {
 		sig.Hash, ok = algorithm.HashIdToHash(buf[2])
 	}
 	if !ok {
 		return errors.UnsupportedError("hash function " + strconv.Itoa(int(buf[2])))
 	}
 	hashedSubpacketsLength := int(buf[3])<<8 | int(buf[4])
-	l := 6 + hashedSubpacketsLength
+	hashedSubpackets := make([]byte, hashedSubpacketsLength)
 	sig.HashSuffix = make([]byte, l+6)
 	sig.HashSuffix[0] = 4
 	copy(sig.HashSuffix[1:], buf[:5])
 	hashedSubpackets := sig.HashSuffix[6:l]
 	_, err = readFull(r, hashedSubpackets)
 	if err != nil {
 		return
 	}
-	// See RFC 4880, section 5.2.4
+	err = sig.buildHashSuffix(hashedSubpackets)
-	trailer := sig.HashSuffix[l:]
+	if err != nil {
-	trailer[0] = 4
+		return
-	trailer[1] = 0xff
+	}
 	trailer[2] = uint8(l >> 24)
 	trailer[3] = uint8(l >> 16)
 	trailer[4] = uint8(l >> 8)
 	trailer[5] = uint8(l)
 	err = parseSignatureSubpackets(sig, hashedSubpackets, true)
 	if err != nil {
@ -156,16 +188,33 @@ func (sig *Signature) parse(r io.Reader) (err error) {
 	switch sig.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
-		sig.RSASignature.bytes, sig.RSASignature.bitLength, err = readMPI(r)
+		sig.RSASignature = new(encoding.MPI)
 		_, err = sig.RSASignature.ReadFrom(r)
 	case PubKeyAlgoDSA:
-		sig.DSASigR.bytes, sig.DSASigR.bitLength, err = readMPI(r)
+		sig.DSASigR = new(encoding.MPI)
-		if err == nil {
+		if _, err = sig.DSASigR.ReadFrom(r); err != nil {
-			sig.DSASigS.bytes, sig.DSASigS.bitLength, err = readMPI(r)
+			return
 		}
 		sig.DSASigS = new(encoding.MPI)
 		_, err = sig.DSASigS.ReadFrom(r)
 	case PubKeyAlgoECDSA:
-		sig.ECDSASigR.bytes, sig.ECDSASigR.bitLength, err = readMPI(r)
+		sig.ECDSASigR = new(encoding.MPI)
-		if err == nil {
+		if _, err = sig.ECDSASigR.ReadFrom(r); err != nil {
-			sig.ECDSASigS.bytes, sig.ECDSASigS.bitLength, err = readMPI(r)
+			return
 		}
 		sig.ECDSASigS = new(encoding.MPI)
 		_, err = sig.ECDSASigS.ReadFrom(r)
 	case PubKeyAlgoEdDSA:
 		sig.EdDSASigR = new(encoding.MPI)
 		if _, err = sig.EdDSASigR.ReadFrom(r); err != nil {
 			return
 		}
 		sig.EdDSASigS = new(encoding.MPI)
 		if _, err = sig.EdDSASigS.ReadFrom(r); err != nil {
 			return
 		}
 	default:
 		panic("unreachable")
@ -195,16 +244,23 @@ type signatureSubpacketType uint8
 const (
 	creationTimeSubpacket        signatureSubpacketType = 2
 	signatureExpirationSubpacket signatureSubpacketType = 3
 	trustSubpacket               signatureSubpacketType = 5
 	regularExpressionSubpacket   signatureSubpacketType = 6
 	keyExpirationSubpacket       signatureSubpacketType = 9
 	prefSymmetricAlgosSubpacket  signatureSubpacketType = 11
 	issuerSubpacket              signatureSubpacketType = 16
 	notationDataSubpacket        signatureSubpacketType = 20
 	prefHashAlgosSubpacket       signatureSubpacketType = 21
 	prefCompressionSubpacket     signatureSubpacketType = 22
 	primaryUserIdSubpacket       signatureSubpacketType = 25
 	policyUriSubpacket           signatureSubpacketType = 26
 	keyFlagsSubpacket            signatureSubpacketType = 27
 	signerUserIdSubpacket        signatureSubpacketType = 28
 	reasonForRevocationSubpacket signatureSubpacketType = 29
 	featuresSubpacket            signatureSubpacketType = 30
 	embeddedSignatureSubpacket   signatureSubpacketType = 32
 	issuerFingerprintSubpacket   signatureSubpacketType = 33
 	prefCipherSuitesSubpacket    signatureSubpacketType = 39
 )
 // parseSignatureSubpacket parses a single subpacket. len(subpacket) is >= 1.
@ -248,12 +304,14 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r
 	isCritical = subpacket[0]&0x80 == 0x80
 	subpacket = subpacket[1:]
 	sig.rawSubpackets = append(sig.rawSubpackets, outputSubpacket{isHashed, packetType, isCritical, subpacket})
 	if !isHashed &&
 		packetType != issuerSubpacket &&
 		packetType != issuerFingerprintSubpacket &&
 		packetType != embeddedSignatureSubpacket {
 		return
 	}
 	switch packetType {
 	case creationTimeSubpacket:
 		if !isHashed {
 			err = errors.StructuralError("signature creation time in non-hashed area")
 			return
 		}
 		if len(subpacket) != 4 {
 			err = errors.StructuralError("signature creation time not four bytes")
 			return
@ -262,20 +320,27 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r
 		sig.CreationTime = time.Unix(int64(t), 0)
 	case signatureExpirationSubpacket:
 		// Signature expiration time, section 5.2.3.10
 		if !isHashed {
 			return
 		}
 		if len(subpacket) != 4 {
 			err = errors.StructuralError("expiration subpacket with bad length")
 			return
 		}
 		sig.SigLifetimeSecs = new(uint32)
 		*sig.SigLifetimeSecs = binary.BigEndian.Uint32(subpacket)
-	case keyExpirationSubpacket:
+	case trustSubpacket:
-		// Key expiration time, section 5.2.3.6
+		// Trust level and amount, section 5.2.3.13
-		if !isHashed {
+		sig.TrustLevel = TrustLevel(subpacket[0])
 		sig.TrustAmount = TrustAmount(subpacket[1])
 	case regularExpressionSubpacket:
 		// Trust regular expression, section 5.2.3.14
 		// RFC specifies the string should be null-terminated; remove a null byte from the end
 		if subpacket[len(subpacket)-1] != 0x00 {
 			err = errors.StructuralError("expected regular expression to be null-terminated")
 			return
 		}
 		trustRegularExpression := string(subpacket[:len(subpacket)-1])
 		sig.TrustRegularExpression = &trustRegularExpression
 	case keyExpirationSubpacket:
 		// Key expiration time, section 5.2.3.6
 		if len(subpacket) != 4 {
 			err = errors.StructuralError("key expiration subpacket with bad length")
 			return
@ -284,38 +349,52 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r
 		*sig.KeyLifetimeSecs = binary.BigEndian.Uint32(subpacket)
 	case prefSymmetricAlgosSubpacket:
 		// Preferred symmetric algorithms, section 5.2.3.7
 		if !isHashed {
 			return
 		}
 		sig.PreferredSymmetric = make([]byte, len(subpacket))
 		copy(sig.PreferredSymmetric, subpacket)
 	case issuerSubpacket:
 		// Issuer, section 5.2.3.5
 		if sig.Version > 4 {
 			err = errors.StructuralError("issuer subpacket found in v5 key")
 			return
 		}
 		if len(subpacket) != 8 {
 			err = errors.StructuralError("issuer subpacket with bad length")
 			return
 		}
 		sig.IssuerKeyId = new(uint64)
 		*sig.IssuerKeyId = binary.BigEndian.Uint64(subpacket)
-	case prefHashAlgosSubpacket:
+	case notationDataSubpacket:
-		// Preferred hash algorithms, section 5.2.3.8
+		// Notation data, section 5.2.3.16
-		if !isHashed {
+		if len(subpacket) < 8 {
 			err = errors.StructuralError("notation data subpacket with bad length")
 			return
 		}
 		nameLength := uint32(subpacket[4])<<8 | uint32(subpacket[5])
 		valueLength := uint32(subpacket[6])<<8 | uint32(subpacket[7])
 		if len(subpacket) != int(nameLength) + int(valueLength) + 8 {
 			err = errors.StructuralError("notation data subpacket with bad length")
 			return
 		}
 		notation := Notation{
 			IsHumanReadable: (subpacket[0] & 0x80) == 0x80,
 			Name: string(subpacket[8: (nameLength + 8)]),
 			Value: subpacket[(nameLength + 8) : (valueLength + nameLength + 8)],
 			IsCritical: isCritical,
 		}
 		sig.Notations = append(sig.Notations, &notation)
 	case prefHashAlgosSubpacket:
 		// Preferred hash algorithms, section 5.2.3.8
 		sig.PreferredHash = make([]byte, len(subpacket))
 		copy(sig.PreferredHash, subpacket)
 	case prefCompressionSubpacket:
 		// Preferred compression algorithms, section 5.2.3.9
 		if !isHashed {
 			return
 		}
 		sig.PreferredCompression = make([]byte, len(subpacket))
 		copy(sig.PreferredCompression, subpacket)
 	case primaryUserIdSubpacket:
 		// Primary User ID, section 5.2.3.19
 		if !isHashed {
 			return
 		}
 		if len(subpacket) != 1 {
 			err = errors.StructuralError("primary user id subpacket with bad length")
 			return
@ -326,9 +405,6 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r
 		}
 	case keyFlagsSubpacket:
 		// Key flags, section 5.2.3.21
 		if !isHashed {
 			return
 		}
 		if len(subpacket) == 0 {
 			err = errors.StructuralError("empty key flags subpacket")
 			return
@ -346,24 +422,40 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r
 		if subpacket[0]&KeyFlagEncryptStorage != 0 {
 			sig.FlagEncryptStorage = true
 		}
 		if subpacket[0]&KeyFlagSplitKey != 0 {
 			sig.FlagSplitKey = true
 		}
 		if subpacket[0]&KeyFlagAuthenticate != 0 {
 			sig.FlagAuthenticate = true
 		}
 		if subpacket[0]&KeyFlagGroupKey != 0 {
 			sig.FlagGroupKey = true
 		}
 	case signerUserIdSubpacket:
 		userId := string(subpacket)
 		sig.SignerUserId = &userId
 	case reasonForRevocationSubpacket:
 		// Reason For Revocation, section 5.2.3.23
 		if !isHashed {
 			return
 		}
 		if len(subpacket) == 0 {
 			err = errors.StructuralError("empty revocation reason subpacket")
 			return
 		}
-		sig.RevocationReason = new(uint8)
+		sig.RevocationReason = new(ReasonForRevocation)
-		*sig.RevocationReason = subpacket[0]
+		*sig.RevocationReason = ReasonForRevocation(subpacket[0])
 		sig.RevocationReasonText = string(subpacket[1:])
 	case featuresSubpacket:
 		// Features subpacket, section 5.2.3.24 specifies a very general
 		// mechanism for OpenPGP implementations to signal support for new
-		// features. In practice, the subpacket is used exclusively to
+		// features.
-		// indicate support for MDC-protected encryption.
+		if len(subpacket) > 0 {
-		sig.MDC = len(subpacket) >= 1 && subpacket[0]&1 == 1
+			if subpacket[0]&0x01 != 0 {
 				sig.SEIPDv1 = true
 			}
 			// 0x02 and 0x04 are reserved
 			if subpacket[0]&0x08 != 0 {
 				sig.SEIPDv2 = true
 			}
 		}
 	case embeddedSignatureSubpacket:
 		// Only usage is in signatures that cross-certify
 		// signing subkeys. section 5.2.3.26 describes the
@ -382,6 +474,35 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r
 		if sigType := sig.EmbeddedSignature.SigType; sigType != SigTypePrimaryKeyBinding {
 			return nil, errors.StructuralError("cross-signature has unexpected type " + strconv.Itoa(int(sigType)))
 		}
 	case policyUriSubpacket:
 		// Policy URI, section 5.2.3.20
 		sig.PolicyURI = string(subpacket)
 	case issuerFingerprintSubpacket:
 		v, l := subpacket[0], len(subpacket[1:])
 		if v == 5 && l != 32 || v != 5 && l != 20 {
 			return nil, errors.StructuralError("bad fingerprint length")
 		}
 		sig.IssuerFingerprint = make([]byte, l)
 		copy(sig.IssuerFingerprint, subpacket[1:])
 		sig.IssuerKeyId = new(uint64)
 		if v == 5 {
 			*sig.IssuerKeyId = binary.BigEndian.Uint64(subpacket[1:9])
 		} else {
 			*sig.IssuerKeyId = binary.BigEndian.Uint64(subpacket[13:21])
 		}
 	case prefCipherSuitesSubpacket:
 		// Preferred AEAD cipher suites
 		// See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#name-preferred-aead-ciphersuites
 		if len(subpacket) % 2 != 0 {
 			err = errors.StructuralError("invalid aead cipher suite length")
 			return
 		}
 		sig.PreferredCipherSuites = make([][2]byte, len(subpacket) / 2)
 		for i := 0; i < len(subpacket) / 2; i++ {
 			sig.PreferredCipherSuites[i] = [2]uint8{subpacket[2*i], subpacket[2*i+1]}
 		}
 	default:
 		if isCritical {
 			err = errors.UnsupportedError("unknown critical signature subpacket type " + strconv.Itoa(int(packetType)))
@ -406,6 +527,13 @@ func subpacketLengthLength(length int) int {
 	return 5
 }
 func (sig *Signature) CheckKeyIdOrFingerprint(pk *PublicKey) bool {
 	if sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) >= 20 {
 		return bytes.Equal(sig.IssuerFingerprint, pk.Fingerprint)
 	}
 	return sig.IssuerKeyId != nil && *sig.IssuerKeyId == pk.KeyId
 }
 // serializeSubpacketLength marshals the given length into to.
 func serializeSubpacketLength(to []byte, length int) int {
 	// RFC 4880, Section 4.2.2.
@ -446,6 +574,9 @@ func serializeSubpackets(to []byte, subpackets []outputSubpacket, hashed bool) {
 		if subpacket.hashed == hashed {
 			n := serializeSubpacketLength(to, len(subpacket.contents)+1)
 			to[n] = byte(subpacket.subpacketType)
 			if subpacket.isCritical {
 				to[n] |= 0x80
 			}
 			to = to[1+n:]
 			n = copy(to, subpacket.contents)
 			to = to[n:]
@ -454,49 +585,74 @@ func serializeSubpackets(to []byte, subpackets []outputSubpacket, hashed bool) {
 	return
 }
-// KeyExpired returns whether sig is a self-signature of a key that has
+// SigExpired returns whether sig is a signature that has expired or is created
-// expired.
+// in the future.
-func (sig *Signature) KeyExpired(currentTime time.Time) bool {
+func (sig *Signature) SigExpired(currentTime time.Time) bool {
-	if sig.KeyLifetimeSecs == nil {
+	if sig.CreationTime.After(currentTime) {
 		return true
 	}
 	if sig.SigLifetimeSecs == nil || *sig.SigLifetimeSecs == 0 {
 		return false
 	}
-	expiry := sig.CreationTime.Add(time.Duration(*sig.KeyLifetimeSecs) * time.Second)
+	expiry := sig.CreationTime.Add(time.Duration(*sig.SigLifetimeSecs) * time.Second)
 	return currentTime.After(expiry)
 }
 // buildHashSuffix constructs the HashSuffix member of sig in preparation for signing.
-func (sig *Signature) buildHashSuffix() (err error) {
+func (sig *Signature) buildHashSuffix(hashedSubpackets []byte) (err error) {
-	hashedSubpacketsLen := subpacketsLength(sig.outSubpackets, true)
+	var hashId byte
 	var ok bool
-	l := 6 + hashedSubpacketsLen
+
-	sig.HashSuffix = make([]byte, l+6)
+	if sig.Version < 5 {
-	sig.HashSuffix[0] = 4
+		hashId, ok = algorithm.HashToHashIdWithSha1(sig.Hash)
-	sig.HashSuffix[1] = uint8(sig.SigType)
+	} else {
-	sig.HashSuffix[2] = uint8(sig.PubKeyAlgo)
+		hashId, ok = algorithm.HashToHashId(sig.Hash)
-	sig.HashSuffix[3], ok = s2k.HashToHashId(sig.Hash)
+	}
 	if !ok {
 		sig.HashSuffix = nil
 		return errors.InvalidArgumentError("hash cannot be represented in OpenPGP: " + strconv.Itoa(int(sig.Hash)))
 	}
-	sig.HashSuffix[4] = byte(hashedSubpacketsLen >> 8)
+
-	sig.HashSuffix[5] = byte(hashedSubpacketsLen)
+	hashedFields := bytes.NewBuffer([]byte{
-	serializeSubpackets(sig.HashSuffix[6:l], sig.outSubpackets, true)
+		uint8(sig.Version),
-	trailer := sig.HashSuffix[l:]
+		uint8(sig.SigType),
-	trailer[0] = 4
+		uint8(sig.PubKeyAlgo),
-	trailer[1] = 0xff
+		uint8(hashId),
-	trailer[2] = byte(l >> 24)
+		uint8(len(hashedSubpackets) >> 8),
-	trailer[3] = byte(l >> 16)
+		uint8(len(hashedSubpackets)),
-	trailer[4] = byte(l >> 8)
+	})
-	trailer[5] = byte(l)
+	hashedFields.Write(hashedSubpackets)
 	var l uint64 = uint64(6 + len(hashedSubpackets))
 	if sig.Version == 5 {
 		hashedFields.Write([]byte{0x05, 0xff})
 		hashedFields.Write([]byte{
 			uint8(l >> 56), uint8(l >> 48), uint8(l >> 40), uint8(l >> 32),
 			uint8(l >> 24), uint8(l >> 16), uint8(l >> 8), uint8(l),
 		})
 	} else {
 		hashedFields.Write([]byte{0x04, 0xff})
 		hashedFields.Write([]byte{
 			uint8(l >> 24), uint8(l >> 16), uint8(l >> 8), uint8(l),
 		})
 	}
 	sig.HashSuffix = make([]byte, hashedFields.Len())
 	copy(sig.HashSuffix, hashedFields.Bytes())
 	return
 }
 func (sig *Signature) signPrepareHash(h hash.Hash) (digest []byte, err error) {
-	err = sig.buildHashSuffix()
+	hashedSubpacketsLen := subpacketsLength(sig.outSubpackets, true)
 	hashedSubpackets := make([]byte, hashedSubpacketsLen)
 	serializeSubpackets(hashedSubpackets, sig.outSubpackets, true)
 	err = sig.buildHashSuffix(hashedSubpackets)
 	if err != nil {
 		return
 	}
 	if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) {
 		sig.AddMetadataToHashSuffix()
 	}
 	h.Write(sig.HashSuffix)
 	digest = h.Sum(nil)
@ -509,17 +665,26 @@ func (sig *Signature) signPrepareHash(h hash.Hash) (digest []byte, err error) {
 // On success, the signature is stored in sig. Call Serialize to write it out.
 // If config is nil, sensible defaults will be used.
 func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err error) {
-	sig.outSubpackets = sig.buildSubpackets()
+	if priv.Dummy() {
 		return errors.ErrDummyPrivateKey("dummy key found")
 	}
 	sig.Version = priv.PublicKey.Version
 	sig.IssuerFingerprint = priv.PublicKey.Fingerprint
 	sig.outSubpackets, err = sig.buildSubpackets(priv.PublicKey)
 	if err != nil {
 		return err
 	}
 	digest, err := sig.signPrepareHash(h)
 	if err != nil {
 		return
 	}
 	switch priv.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
 		// supports both *rsa.PrivateKey and crypto.Signer
-		sig.RSASignature.bytes, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash)
+		sigdata, err := priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash)
-		sig.RSASignature.bitLength = uint16(8 * len(sig.RSASignature.bytes))
+		if err == nil {
 			sig.RSASignature = encoding.NewMPI(sigdata)
 		}
 	case PubKeyAlgoDSA:
 		dsaPriv := priv.PrivateKey.(*dsa.PrivateKey)
@ -530,26 +695,23 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e
 		}
 		r, s, err := dsa.Sign(config.Random(), dsaPriv, digest)
 		if err == nil {
-			sig.DSASigR.bytes = r.Bytes()
+			sig.DSASigR = new(encoding.MPI).SetBig(r)
-			sig.DSASigR.bitLength = uint16(8 * len(sig.DSASigR.bytes))
+			sig.DSASigS = new(encoding.MPI).SetBig(s)
 			sig.DSASigS.bytes = s.Bytes()
 			sig.DSASigS.bitLength = uint16(8 * len(sig.DSASigS.bytes))
 		}
 	case PubKeyAlgoECDSA:
-		var r, s *big.Int
+		sk := priv.PrivateKey.(*ecdsa.PrivateKey)
-		if pk, ok := priv.PrivateKey.(*ecdsa.PrivateKey); ok {
+		r, s, err := ecdsa.Sign(config.Random(), sk, digest)
-			// direct support, avoid asn1 wrapping/unwrapping
+
 			r, s, err = ecdsa.Sign(config.Random(), pk, digest)
 		} else {
 			var b []byte
 			b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash)
 			if err == nil {
 				r, s, err = unwrapECDSASig(b)
 			}
 		}
 		if err == nil {
-			sig.ECDSASigR = fromBig(r)
+			sig.ECDSASigR = new(encoding.MPI).SetBig(r)
-			sig.ECDSASigS = fromBig(s)
+			sig.ECDSASigS = new(encoding.MPI).SetBig(s)
 		}
 	case PubKeyAlgoEdDSA:
 		sk := priv.PrivateKey.(*eddsa.PrivateKey)
 		r, s, err := eddsa.Sign(sk, digest)
 		if err == nil {
 			sig.EdDSASigR = encoding.NewMPI(r)
 			sig.EdDSASigS = encoding.NewMPI(s)
 		}
 	default:
 		err = errors.UnsupportedError("public key algorithm: " + strconv.Itoa(int(sig.PubKeyAlgo)))
@ -558,24 +720,14 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e
 	return
 }
 // unwrapECDSASig parses the two integer components of an ASN.1-encoded ECDSA
 // signature.
 func unwrapECDSASig(b []byte) (r, s *big.Int, err error) {
 	var ecsdaSig struct {
 		R, S *big.Int
 	}
 	_, err = asn1.Unmarshal(b, &ecsdaSig)
 	if err != nil {
 		return
 	}
 	return ecsdaSig.R, ecsdaSig.S, nil
 }
 // SignUserId computes a signature from priv, asserting that pub is a valid
 // key for the identity id.  On success, the signature is stored in sig. Call
 // Serialize to write it out.
 // If config is nil, sensible defaults will be used.
 func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, config *Config) error {
 	if priv.Dummy() {
 		return errors.ErrDummyPrivateKey("dummy key found")
 	}
 	h, err := userIdSignatureHash(id, pub, sig.Hash)
 	if err != nil {
 		return err
@ -583,10 +735,25 @@ func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, co
 	return sig.Sign(h, priv, config)
 }
 // CrossSignKey computes a signature from signingKey on pub hashed using hashKey. On success,
 // the signature is stored in sig. Call Serialize to write it out.
 // If config is nil, sensible defaults will be used.
 func (sig *Signature) CrossSignKey(pub *PublicKey, hashKey *PublicKey, signingKey *PrivateKey,
 	config *Config) error {
 	h, err := keySignatureHash(hashKey, pub, sig.Hash)
 	if err != nil {
 		return err
 	}
 	return sig.Sign(h, signingKey, config)
 }
 // SignKey computes a signature from priv, asserting that pub is a subkey. On
 // success, the signature is stored in sig. Call Serialize to write it out.
 // If config is nil, sensible defaults will be used.
 func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config) error {
 	if priv.Dummy() {
 		return errors.ErrDummyPrivateKey("dummy key found")
 	}
 	h, err := keySignatureHash(&priv.PublicKey, pub, sig.Hash)
 	if err != nil {
 		return err
@ -594,26 +761,48 @@ func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config)
 	return sig.Sign(h, priv, config)
 }
 // RevokeKey computes a revocation signature of pub using priv. On success, the signature is
 // stored in sig. Call Serialize to write it out.
 // If config is nil, sensible defaults will be used.
 func (sig *Signature) RevokeKey(pub *PublicKey, priv *PrivateKey, config *Config) error {
 	h, err := keyRevocationHash(pub, sig.Hash)
 	if err != nil {
 		return err
 	}
 	return sig.Sign(h, priv, config)
 }
 // RevokeSubkey computes a subkey revocation signature of pub using priv.
 // On success, the signature is stored in sig. Call Serialize to write it out.
 // If config is nil, sensible defaults will be used.
 func (sig *Signature) RevokeSubkey(pub *PublicKey, priv *PrivateKey, config *Config) error {
 	// Identical to a subkey binding signature
 	return sig.SignKey(pub, priv, config)
 }
 // Serialize marshals sig to w. Sign, SignUserId or SignKey must have been
 // called first.
 func (sig *Signature) Serialize(w io.Writer) (err error) {
 	if len(sig.outSubpackets) == 0 {
 		sig.outSubpackets = sig.rawSubpackets
 	}
-	if sig.RSASignature.bytes == nil && sig.DSASigR.bytes == nil && sig.ECDSASigR.bytes == nil {
+	if sig.RSASignature == nil && sig.DSASigR == nil && sig.ECDSASigR == nil && sig.EdDSASigR == nil {
 		return errors.InvalidArgumentError("Signature: need to call Sign, SignUserId or SignKey before Serialize")
 	}
 	sigLength := 0
 	switch sig.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
-		sigLength = 2 + len(sig.RSASignature.bytes)
+		sigLength = int(sig.RSASignature.EncodedLength())
 	case PubKeyAlgoDSA:
-		sigLength = 2 + len(sig.DSASigR.bytes)
+		sigLength = int(sig.DSASigR.EncodedLength())
-		sigLength += 2 + len(sig.DSASigS.bytes)
+		sigLength += int(sig.DSASigS.EncodedLength())
 	case PubKeyAlgoECDSA:
-		sigLength = 2 + len(sig.ECDSASigR.bytes)
+		sigLength = int(sig.ECDSASigR.EncodedLength())
-		sigLength += 2 + len(sig.ECDSASigS.bytes)
+		sigLength += int(sig.ECDSASigS.EncodedLength())
 	case PubKeyAlgoEdDSA:
 		sigLength = int(sig.EdDSASigR.EncodedLength())
 		sigLength += int(sig.EdDSASigS.EncodedLength())
 	default:
 		panic("impossible")
 	}
@ -622,16 +811,29 @@ func (sig *Signature) Serialize(w io.Writer) (err error) {
 	length := len(sig.HashSuffix) - 6 /* trailer not included */ +
 		2 /* length of unhashed subpackets */ + unhashedSubpacketsLen +
 		2 /* hash tag */ + sigLength
 	if sig.Version == 5 {
 		length -= 4 // eight-octet instead of four-octet big endian
 	}
 	err = serializeHeader(w, packetTypeSignature, length)
 	if err != nil {
 		return
 	}
 	err = sig.serializeBody(w)
 	if err != nil {
 		return err
 	}
 	return
 }
-	_, err = w.Write(sig.HashSuffix[:len(sig.HashSuffix)-6])
+func (sig *Signature) serializeBody(w io.Writer) (err error) {
 	hashedSubpacketsLen := uint16(uint16(sig.HashSuffix[4])<<8) | uint16(sig.HashSuffix[5])
 	fields := sig.HashSuffix[:6+hashedSubpacketsLen]
 	_, err = w.Write(fields)
 	if err != nil {
 		return
 	}
 	unhashedSubpacketsLen := subpacketsLength(sig.outSubpackets, false)
 	unhashedSubpackets := make([]byte, 2+unhashedSubpacketsLen)
 	unhashedSubpackets[0] = byte(unhashedSubpacketsLen >> 8)
 	unhashedSubpackets[1] = byte(unhashedSubpacketsLen)
@ -648,11 +850,22 @@ func (sig *Signature) Serialize(w io.Writer) (err error) {
 	switch sig.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
-		err = writeMPIs(w, sig.RSASignature)
+		_, err = w.Write(sig.RSASignature.EncodedBytes())
 	case PubKeyAlgoDSA:
-		err = writeMPIs(w, sig.DSASigR, sig.DSASigS)
+		if _, err = w.Write(sig.DSASigR.EncodedBytes()); err != nil {
 			return
 		}
 		_, err = w.Write(sig.DSASigS.EncodedBytes())
 	case PubKeyAlgoECDSA:
-		err = writeMPIs(w, sig.ECDSASigR, sig.ECDSASigS)
+		if _, err = w.Write(sig.ECDSASigR.EncodedBytes()); err != nil {
 			return
 		}
 		_, err = w.Write(sig.ECDSASigS.EncodedBytes())
 	case PubKeyAlgoEdDSA:
 		if _, err = w.Write(sig.EdDSASigR.EncodedBytes()); err != nil {
 			return
 		}
 		_, err = w.Write(sig.EdDSASigS.EncodedBytes())
 	default:
 		panic("impossible")
 	}
@ -667,17 +880,23 @@ type outputSubpacket struct {
 	contents      []byte
 }
-func (sig *Signature) buildSubpackets() (subpackets []outputSubpacket) {
+func (sig *Signature) buildSubpackets(issuer PublicKey) (subpackets []outputSubpacket, err error) {
 	creationTime := make([]byte, 4)
 	binary.BigEndian.PutUint32(creationTime, uint32(sig.CreationTime.Unix()))
 	subpackets = append(subpackets, outputSubpacket{true, creationTimeSubpacket, false, creationTime})
-	if sig.IssuerKeyId != nil {
+	if sig.IssuerKeyId != nil && sig.Version == 4 {
 		keyId := make([]byte, 8)
 		binary.BigEndian.PutUint64(keyId, *sig.IssuerKeyId)
-		subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, false, keyId})
+		subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, true, keyId})
 	}
 	if sig.IssuerFingerprint != nil {
 		contents := append([]uint8{uint8(issuer.Version)}, sig.IssuerFingerprint...)
 		subpackets = append(subpackets, outputSubpacket{true, issuerFingerprintSubpacket, sig.Version == 5, contents})
 	}
 	if sig.SignerUserId != nil {
 		subpackets = append(subpackets, outputSubpacket{true, signerUserIdSubpacket, false, []byte(*sig.SignerUserId)})
 	}
 	if sig.SigLifetimeSecs != nil && *sig.SigLifetimeSecs != 0 {
 		sigLifetime := make([]byte, 4)
 		binary.BigEndian.PutUint32(sigLifetime, *sig.SigLifetimeSecs)
@ -700,10 +919,51 @@ func (sig *Signature) buildSubpackets() (subpackets []outputSubpacket) {
 		if sig.FlagEncryptStorage {
 			flags |= KeyFlagEncryptStorage
 		}
 		if sig.FlagSplitKey {
 			flags |= KeyFlagSplitKey
 		}
 		if sig.FlagAuthenticate {
 			flags |= KeyFlagAuthenticate
 		}
 		if sig.FlagGroupKey {
 			flags |= KeyFlagGroupKey
 		}
 		subpackets = append(subpackets, outputSubpacket{true, keyFlagsSubpacket, false, []byte{flags}})
 	}
-	// The following subpackets may only appear in self-signatures
+	for _, notation := range sig.Notations {
 		subpackets = append(
 			subpackets,
 			outputSubpacket{
 				true,
 				notationDataSubpacket,
 				notation.IsCritical,
 				notation.getData(),
 			})
 	}
 	// The following subpackets may only appear in self-signatures.
 	var features = byte(0x00)
 	if sig.SEIPDv1 {
 		features |= 0x01
 	}
 	if sig.SEIPDv2 {
 		features |= 0x08
 	}
 	if features != 0x00 {
 		subpackets = append(subpackets, outputSubpacket{true, featuresSubpacket, false, []byte{features}})
 	}
 	if sig.TrustLevel != 0 {
 		subpackets = append(subpackets, outputSubpacket{true, trustSubpacket, true, []byte{byte(sig.TrustLevel), byte(sig.TrustAmount)}})
 	}
 	if sig.TrustRegularExpression != nil {
 		// RFC specifies the string should be null-terminated; add a null byte to the end
 		subpackets = append(subpackets, outputSubpacket{true, regularExpressionSubpacket, true, []byte(*sig.TrustRegularExpression + "\000")})
 	}
 	if sig.KeyLifetimeSecs != nil && *sig.KeyLifetimeSecs != 0 {
 		keyLifetime := make([]byte, 4)
@ -727,5 +987,82 @@ func (sig *Signature) buildSubpackets() (subpackets []outputSubpacket) {
 		subpackets = append(subpackets, outputSubpacket{true, prefCompressionSubpacket, false, sig.PreferredCompression})
 	}
 	if len(sig.PolicyURI) > 0 {
 		subpackets = append(subpackets, outputSubpacket{true, policyUriSubpacket, false, []uint8(sig.PolicyURI)})
 	}
 	if len(sig.PreferredCipherSuites) > 0 {
 		serialized := make([]byte, len(sig.PreferredCipherSuites)*2)
 		for i, cipherSuite := range sig.PreferredCipherSuites {
 			serialized[2*i] = cipherSuite[0]
 			serialized[2*i+1] = cipherSuite[1]
 		}
 		subpackets = append(subpackets, outputSubpacket{true, prefCipherSuitesSubpacket, false, serialized})
 	}
 	// Revocation reason appears only in revocation signatures and is serialized as per section 5.2.3.23.
 	if sig.RevocationReason != nil {
 		subpackets = append(subpackets, outputSubpacket{true, reasonForRevocationSubpacket, true,
 			append([]uint8{uint8(*sig.RevocationReason)}, []uint8(sig.RevocationReasonText)...)})
 	}
 	// EmbeddedSignature appears only in subkeys capable of signing and is serialized as per section 5.2.3.26.
 	if sig.EmbeddedSignature != nil {
 		var buf bytes.Buffer
 		err = sig.EmbeddedSignature.serializeBody(&buf)
 		if err != nil {
 			return
 		}
 		subpackets = append(subpackets, outputSubpacket{true, embeddedSignatureSubpacket, true, buf.Bytes()})
 	}
 	return
 }
 // AddMetadataToHashSuffix modifies the current hash suffix to include metadata
 // (format, filename, and time). Version 5 keys protect this data including it
 // in the hash computation. See section 5.2.4.
 func (sig *Signature) AddMetadataToHashSuffix() {
 	if sig == nil || sig.Version != 5 {
 		return
 	}
 	if sig.SigType != 0x00 && sig.SigType != 0x01 {
 		return
 	}
 	lit := sig.Metadata
 	if lit == nil {
 		// This will translate into six 0x00 bytes.
 		lit = &LiteralData{}
 	}
 	// Extract the current byte count
 	n := sig.HashSuffix[len(sig.HashSuffix)-8:]
 	l := uint64(
 		uint64(n[0])<<56 | uint64(n[1])<<48 | uint64(n[2])<<40 | uint64(n[3])<<32 |
 		uint64(n[4])<<24 | uint64(n[5])<<16 | uint64(n[6])<<8 | uint64(n[7]))
 	suffix := bytes.NewBuffer(nil)
 	suffix.Write(sig.HashSuffix[:l])
 	// Add the metadata
 	var buf [4]byte
 	buf[0] = lit.Format
 	fileName := lit.FileName
 	if len(lit.FileName) > 255 {
 		fileName = fileName[:255]
 	}
 	buf[1] = byte(len(fileName))
 	suffix.Write(buf[:2])
 	suffix.Write([]byte(lit.FileName))
 	binary.BigEndian.PutUint32(buf[:], lit.Time)
 	suffix.Write(buf[:])
 	// Update the counter and restore trailing bytes
 	l = uint64(suffix.Len())
 	suffix.Write([]byte{0x05, 0xff})
 	suffix.Write([]byte{
 		uint8(l >> 56), uint8(l >> 48), uint8(l >> 40), uint8(l >> 32),
 		uint8(l >> 24), uint8(l >> 16), uint8(l >> 8), uint8(l),
 	})
 	sig.HashSuffix = suffix.Bytes()
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go
@ -0,0 +1,303 @@
 // Copyright 2011 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package packet
 import (
 	"bytes"
 	"crypto/cipher"
 	"crypto/sha256"
 	"io"
 	"strconv"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/s2k"
 	"golang.org/x/crypto/hkdf"
 )
 // This is the largest session key that we'll support. Since at most 256-bit cipher
 // is supported in OpenPGP, this is large enough to contain also the auth tag.
 const maxSessionKeySizeInBytes = 64
 // SymmetricKeyEncrypted represents a passphrase protected session key. See RFC
 // 4880, section 5.3.
 type SymmetricKeyEncrypted struct {
 	Version      int
 	CipherFunc   CipherFunction
 	Mode         AEADMode
 	s2k          func(out, in []byte)
 	iv           []byte
 	encryptedKey []byte // Contains also the authentication tag for AEAD
 }
 // parse parses an SymmetricKeyEncrypted packet as specified in
 // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#name-symmetric-key-encrypted-ses
 func (ske *SymmetricKeyEncrypted) parse(r io.Reader) error {
 	var buf [1]byte
 	// Version
 	if _, err := readFull(r, buf[:]); err != nil {
 		return err
 	}
 	ske.Version = int(buf[0])
 	if ske.Version != 4 && ske.Version != 5 {
 		return errors.UnsupportedError("unknown SymmetricKeyEncrypted version")
 	}
 	if ske.Version == 5 {
 		// Scalar octet count
 		if _, err := readFull(r, buf[:]); err != nil {
 			return err
 		}
 	}
 	// Cipher function
 	if _, err := readFull(r, buf[:]); err != nil {
 		return err
 	}
 	ske.CipherFunc = CipherFunction(buf[0])
 	if !ske.CipherFunc.IsSupported() {
 		return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[0])))
 	}
 	if ske.Version == 5 {
 		// AEAD mode
 		if _, err := readFull(r, buf[:]); err != nil {
 			return errors.StructuralError("cannot read AEAD octet from packet")
 		}
 		ske.Mode = AEADMode(buf[0])
 		// Scalar octet count
 		if _, err := readFull(r, buf[:]); err != nil {
 			return err
 		}
 	}
 	var err error
 	if ske.s2k, err = s2k.Parse(r); err != nil {
 		if _, ok := err.(errors.ErrDummyPrivateKey); ok {
 			return errors.UnsupportedError("missing key GNU extension in session key")
 		}
 		return err
 	}
 	if ske.Version == 5 {
 		// AEAD IV
 		iv := make([]byte, ske.Mode.IvLength())
 		_, err := readFull(r, iv)
 		if err != nil {
 			return errors.StructuralError("cannot read AEAD IV")
 		}
 		ske.iv = iv
 	}
 	encryptedKey := make([]byte, maxSessionKeySizeInBytes)
 	// The session key may follow. We just have to try and read to find
 	// out. If it exists then we limit it to maxSessionKeySizeInBytes.
 	n, err := readFull(r, encryptedKey)
 	if err != nil && err != io.ErrUnexpectedEOF {
 		return err
 	}
 	if n != 0 {
 		if n == maxSessionKeySizeInBytes {
 			return errors.UnsupportedError("oversized encrypted session key")
 		}
 		ske.encryptedKey = encryptedKey[:n]
 	}
 	return nil
 }
 // Decrypt attempts to decrypt an encrypted session key and returns the key and
 // the cipher to use when decrypting a subsequent Symmetrically Encrypted Data
 // packet.
 func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunction, error) {
 	key := make([]byte, ske.CipherFunc.KeySize())
 	ske.s2k(key, passphrase)
 	if len(ske.encryptedKey) == 0 {
 		return key, ske.CipherFunc, nil
 	}
 	switch ske.Version {
 	case 4:
 		plaintextKey, cipherFunc, err := ske.decryptV4(key)
 		return plaintextKey, cipherFunc, err
 	case 5:
 		plaintextKey, err := ske.decryptV5(key)
 		return plaintextKey, CipherFunction(0), err
 	}
 	err := errors.UnsupportedError("unknown SymmetricKeyEncrypted version")
 	return nil, CipherFunction(0), err
 }
 func (ske *SymmetricKeyEncrypted) decryptV4(key []byte) ([]byte, CipherFunction, error) {
 	// the IV is all zeros
 	iv := make([]byte, ske.CipherFunc.blockSize())
 	c := cipher.NewCFBDecrypter(ske.CipherFunc.new(key), iv)
 	plaintextKey := make([]byte, len(ske.encryptedKey))
 	c.XORKeyStream(plaintextKey, ske.encryptedKey)
 	cipherFunc := CipherFunction(plaintextKey[0])
 	if cipherFunc.blockSize() == 0 {
 		return nil, ske.CipherFunc, errors.UnsupportedError(
 			"unknown cipher: " + strconv.Itoa(int(cipherFunc)))
 	}
 	plaintextKey = plaintextKey[1:]
 	if len(plaintextKey) != cipherFunc.KeySize() {
 		return nil, cipherFunc, errors.StructuralError(
 			"length of decrypted key not equal to cipher keysize")
 	}
 	return plaintextKey, cipherFunc, nil
 }
 func (ske *SymmetricKeyEncrypted) decryptV5(key []byte) ([]byte, error) {
 	adata := []byte{0xc3, byte(5), byte(ske.CipherFunc), byte(ske.Mode)}
 	aead := getEncryptedKeyAeadInstance(ske.CipherFunc, ske.Mode, key, adata)
 	plaintextKey, err := aead.Open(nil, ske.iv, ske.encryptedKey, adata)
 	if err != nil {
 		return nil, err
 	}
 	return plaintextKey, nil
 }
 // SerializeSymmetricKeyEncrypted serializes a symmetric key packet to w.
 // The packet contains a random session key, encrypted by a key derived from
 // the given passphrase. The session key is returned and must be passed to
 // SerializeSymmetricallyEncrypted.
 // If config is nil, sensible defaults will be used.
 func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error) {
 	cipherFunc := config.Cipher()
 	sessionKey := make([]byte, cipherFunc.KeySize())
 	_, err = io.ReadFull(config.Random(), sessionKey)
 	if err != nil {
 		return
 	}
 	err = SerializeSymmetricKeyEncryptedReuseKey(w, sessionKey, passphrase, config)
 	if err != nil {
 		return
 	}
 	key = sessionKey
 	return
 }
 // SerializeSymmetricKeyEncryptedReuseKey serializes a symmetric key packet to w.
 // The packet contains the given session key, encrypted by a key derived from
 // the given passphrase. The returned session key must be passed to
 // SerializeSymmetricallyEncrypted.
 // If config is nil, sensible defaults will be used.
 func SerializeSymmetricKeyEncryptedReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, config *Config) (err error) {
 	var version int
 	if config.AEAD() != nil {
 		version = 5
 	} else {
 		version = 4
 	}
 	cipherFunc := config.Cipher()
 	// cipherFunc must be AES
 	if !cipherFunc.IsSupported() ||  cipherFunc < CipherAES128 || cipherFunc > CipherAES256 {
 		return errors.UnsupportedError("unsupported cipher: " + strconv.Itoa(int(cipherFunc)))
 	}
 	keySize := cipherFunc.KeySize()
 	s2kBuf := new(bytes.Buffer)
 	keyEncryptingKey := make([]byte, keySize)
 	// s2k.Serialize salts and stretches the passphrase, and writes the
 	// resulting key to keyEncryptingKey and the s2k descriptor to s2kBuf.
 	err = s2k.Serialize(s2kBuf, keyEncryptingKey, config.Random(), passphrase, &s2k.Config{Hash: config.Hash(), S2KCount: config.PasswordHashIterations()})
 	if err != nil {
 		return
 	}
 	s2kBytes := s2kBuf.Bytes()
 	var packetLength int
 	switch version {
 	case 4:
 		packetLength = 2 /* header */ + len(s2kBytes) + 1 /* cipher type */ + keySize
 	case 5:
 		ivLen := config.AEAD().Mode().IvLength()
 		tagLen := config.AEAD().Mode().TagLength()
 		packetLength = 5 + len(s2kBytes) + ivLen + keySize + tagLen
 	}
 	err = serializeHeader(w, packetTypeSymmetricKeyEncrypted, packetLength)
 	if err != nil {
 		return
 	}
 	// Symmetric Key Encrypted Version
 	buf := []byte{byte(version)}
 	if version == 5 {
 		// Scalar octet count
 		buf = append(buf, byte(3 + len(s2kBytes) + config.AEAD().Mode().IvLength()))
 	}
 	// Cipher function
 	buf = append(buf, byte(cipherFunc))
 	if version == 5 {
 		// AEAD mode
 		buf = append(buf, byte(config.AEAD().Mode()))
 		// Scalar octet count
 		buf = append(buf, byte(len(s2kBytes)))
 	}
 	_, err = w.Write(buf)
 	if err != nil {
 		return
 	}
 	_, err = w.Write(s2kBytes)
 	if err != nil {
 		return
 	}
 	switch version {
 	case 4:
 		iv := make([]byte, cipherFunc.blockSize())
 		c := cipher.NewCFBEncrypter(cipherFunc.new(keyEncryptingKey), iv)
 		encryptedCipherAndKey := make([]byte, keySize+1)
 		c.XORKeyStream(encryptedCipherAndKey, buf[1:])
 		c.XORKeyStream(encryptedCipherAndKey[1:], sessionKey)
 		_, err = w.Write(encryptedCipherAndKey)
 		if err != nil {
 			return
 		}
 	case 5:
 		mode := config.AEAD().Mode()
 		adata := []byte{0xc3, byte(5), byte(cipherFunc), byte(mode)}
 		aead := getEncryptedKeyAeadInstance(cipherFunc, mode, keyEncryptingKey, adata)
 		// Sample iv using random reader
 		iv := make([]byte, config.AEAD().Mode().IvLength())
 		_, err = io.ReadFull(config.Random(), iv)
 		if err != nil {
 			return
 		}
 		// Seal and write (encryptedData includes auth. tag)
 		encryptedData := aead.Seal(nil, iv, sessionKey, adata)
 		_, err = w.Write(iv)
 		if err != nil {
 			return
 		}
 		_, err = w.Write(encryptedData)
 		if err != nil {
 			return
 		}
 	}
 	return
 }
 func getEncryptedKeyAeadInstance(c CipherFunction, mode AEADMode, inputKey, associatedData []byte) (aead cipher.AEAD) {
 	hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, associatedData)
 	encryptionKey := make([]byte, c.KeySize())
 	_, _ = readFull(hkdfReader, encryptionKey)
 	blockCipher := c.new(encryptionKey)
 	return mode.new(blockCipher)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
@ -0,0 +1,91 @@
 // Copyright 2011 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package packet
 import (
 	"io"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 )
 const aeadSaltSize = 32
 // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
 // encrypted Contents will consist of more OpenPGP packets. See RFC 4880,
 // sections 5.7 and 5.13.
 type SymmetricallyEncrypted struct {
 	Version            int
 	Contents           io.Reader // contains tag for version 2
 	IntegrityProtected bool      // If true it is type 18 (with MDC or AEAD). False is packet type 9
 	// Specific to version 1
 	prefix   []byte
 	// Specific to version 2
 	cipher CipherFunction
 	mode AEADMode
 	chunkSizeByte byte
 	salt [aeadSaltSize]byte
 }
 const (
 	symmetricallyEncryptedVersionMdc = 1
 	symmetricallyEncryptedVersionAead = 2
 )
 func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
 	if se.IntegrityProtected {
 		// See RFC 4880, section 5.13.
 		var buf [1]byte
 		_, err := readFull(r, buf[:])
 		if err != nil {
 			return err
 		}
 		switch buf[0] {
 		case symmetricallyEncryptedVersionMdc:
 			se.Version = symmetricallyEncryptedVersionMdc
 		case symmetricallyEncryptedVersionAead:
 			se.Version = symmetricallyEncryptedVersionAead
 			if err := se.parseAead(r); err != nil {
 				return err
 			}
 		default:
 			return errors.UnsupportedError("unknown SymmetricallyEncrypted version")
 		}
 	}
 	se.Contents = r
 	return nil
 }
 // Decrypt returns a ReadCloser, from which the decrypted Contents of the
 // packet can be read. An incorrect key will only be detected after trying
 // to decrypt the entire data.
 func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
 	if se.Version == symmetricallyEncryptedVersionAead {
 		return se.decryptAead(key)
 	}
 	return se.decryptMdc(c, key)
 }
 // SerializeSymmetricallyEncrypted serializes a symmetrically encrypted packet
 // to w and returns a WriteCloser to which the to-be-encrypted packets can be
 // written.
 // If config is nil, sensible defaults will be used.
 func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, aeadSupported bool, cipherSuite CipherSuite, key []byte, config *Config) (Contents io.WriteCloser, err error) {
 	writeCloser := noOpCloser{w}
 	ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedIntegrityProtected)
 	if err != nil {
 		return
 	}
 	if aeadSupported {
 		return serializeSymmetricallyEncryptedAead(ciphertext, cipherSuite, config.AEADConfig.ChunkSizeByte(), config.Random(), key)
 	}
 	return serializeSymmetricallyEncryptedMdc(ciphertext, c, key, config)
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
@ -0,0 +1,155 @@
 // Copyright 2023 Proton AG. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package packet
 import (
 	"crypto/cipher"
 	"crypto/sha256"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"golang.org/x/crypto/hkdf"
 	"io"
 )
 // parseAead parses a V2 SEIPD packet (AEAD) as specified in
 // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
 func (se *SymmetricallyEncrypted) parseAead(r io.Reader) error {
 	headerData := make([]byte, 3)
 	if n, err := io.ReadFull(r, headerData); n < 3 {
 		return errors.StructuralError("could not read aead header: " + err.Error())
 	}
 	// Cipher
 	se.cipher = CipherFunction(headerData[0])
 	// cipherFunc must have block size 16 to use AEAD
 	if se.cipher.blockSize() != 16 {
 		return errors.UnsupportedError("invalid aead cipher: " + string(se.cipher))
 	}
 	// Mode
 	se.mode = AEADMode(headerData[1])
 	if se.mode.TagLength() == 0 {
 		return errors.UnsupportedError("unknown aead mode: " + string(se.mode))
 	}
 	// Chunk size
 	se.chunkSizeByte = headerData[2]
 	if se.chunkSizeByte > 16 {
 		return errors.UnsupportedError("invalid aead chunk size byte: " + string(se.chunkSizeByte))
 	}
 	// Salt
 	if n, err := io.ReadFull(r, se.salt[:]); n < aeadSaltSize {
 		return errors.StructuralError("could not read aead salt: " + err.Error())
 	}
 	return nil
 }
 // associatedData for chunks: tag, version, cipher, mode, chunk size byte
 func (se *SymmetricallyEncrypted) associatedData() []byte {
 	return []byte{
 		0xD2,
 		symmetricallyEncryptedVersionAead,
 		byte(se.cipher),
 		byte(se.mode),
 		se.chunkSizeByte,
 	}
 }
 // decryptAead decrypts a V2 SEIPD packet (AEAD) as specified in
 // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
 func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, error) {
 	aead, nonce := getSymmetricallyEncryptedAeadInstance(se.cipher, se.mode, inputKey, se.salt[:], se.associatedData())
 	// Carry the first tagLen bytes
 	tagLen := se.mode.TagLength()
 	peekedBytes := make([]byte, tagLen)
 	n, err := io.ReadFull(se.Contents, peekedBytes)
 	if n < tagLen || (err != nil && err != io.EOF) {
 		return nil, errors.StructuralError("not enough data to decrypt:" + err.Error())
 	}
 	return &aeadDecrypter{
 		aeadCrypter: aeadCrypter{
 			aead:           aead,
 			chunkSize:      decodeAEADChunkSize(se.chunkSizeByte),
 			initialNonce:   nonce,
 			associatedData: se.associatedData(),
 			chunkIndex:     make([]byte, 8),
 			packetTag:      packetTypeSymmetricallyEncryptedIntegrityProtected,
 		},
 		reader:      se.Contents,
 		peekedBytes: peekedBytes,
 	}, nil
 }
 // serializeSymmetricallyEncryptedAead encrypts to a writer a V2 SEIPD packet (AEAD) as specified in
 // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
 func serializeSymmetricallyEncryptedAead(ciphertext io.WriteCloser, cipherSuite CipherSuite, chunkSizeByte byte, rand io.Reader, inputKey []byte) (Contents io.WriteCloser, err error) {
 	// cipherFunc must have block size 16 to use AEAD
 	if cipherSuite.Cipher.blockSize() != 16 {
 		return nil, errors.InvalidArgumentError("invalid aead cipher function")
 	}
 	if cipherSuite.Cipher.KeySize() != len(inputKey) {
 		return nil, errors.InvalidArgumentError("error in aead serialization: bad key length")
 	}
 	// Data for en/decryption: tag, version, cipher, aead mode, chunk size
 	prefix := []byte{
 		0xD2,
 		symmetricallyEncryptedVersionAead,
 		byte(cipherSuite.Cipher),
 		byte(cipherSuite.Mode),
 		chunkSizeByte,
 	}
 	// Write header (that correspond to prefix except first byte)
 	n, err := ciphertext.Write(prefix[1:])
 	if err != nil || n < 4 {
 		return nil, err
 	}
 	// Random salt
 	salt := make([]byte, aeadSaltSize)
 	if _, err := rand.Read(salt); err != nil {
 		return nil, err
 	}
 	if _, err := ciphertext.Write(salt); err != nil {
 		return nil, err
 	}
 	aead, nonce := getSymmetricallyEncryptedAeadInstance(cipherSuite.Cipher, cipherSuite.Mode, inputKey, salt, prefix)
 	return &aeadEncrypter{
 		aeadCrypter: aeadCrypter{
 			aead:           aead,
 			chunkSize:      decodeAEADChunkSize(chunkSizeByte),
 			associatedData: prefix,
 			chunkIndex:     make([]byte, 8),
 			initialNonce:   nonce,
 			packetTag:      packetTypeSymmetricallyEncryptedIntegrityProtected,
 		},
 		writer: ciphertext,
 	}, nil
 }
 func getSymmetricallyEncryptedAeadInstance(c CipherFunction, mode AEADMode, inputKey, salt, associatedData []byte) (aead cipher.AEAD, nonce []byte) {
 	hkdfReader := hkdf.New(sha256.New, inputKey, salt, associatedData)
 	encryptionKey := make([]byte, c.KeySize())
 	_, _ = readFull(hkdfReader, encryptionKey)
 	// Last 64 bits of nonce are the counter
 	nonce = make([]byte, mode.IvLength() - 8)
 	_, _ = readFull(hkdfReader, nonce)
 	blockCipher := c.new(encryptionKey)
 	aead = mode.new(blockCipher)
 	return
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go
@ -8,54 +8,38 @@ import (
 	"crypto/cipher"
 	"crypto/sha1"
 	"crypto/subtle"
 	"golang.org/x/crypto/openpgp/errors"
 	"hash"
 	"io"
 	"strconv"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 )
-// SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
+// seMdcReader wraps an io.Reader with a no-op Close method.
-// encrypted contents will consist of more OpenPGP packets. See RFC 4880,
+type seMdcReader struct {
-// sections 5.7 and 5.13.
+	in io.Reader
 type SymmetricallyEncrypted struct {
 	MDC      bool // true iff this is a type 18 packet and thus has an embedded MAC.
 	contents io.Reader
 	prefix   []byte
 }
-const symmetricallyEncryptedVersion = 1
+func (ser seMdcReader) Read(buf []byte) (int, error) {
 	return ser.in.Read(buf)
 }
-func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
+func (ser seMdcReader) Close() error {
 	if se.MDC {
 		// See RFC 4880, section 5.13.
 		var buf [1]byte
 		_, err := readFull(r, buf[:])
 		if err != nil {
 			return err
 		}
 		if buf[0] != symmetricallyEncryptedVersion {
 			return errors.UnsupportedError("unknown SymmetricallyEncrypted version")
 		}
 	}
 	se.contents = r
 	return nil
 }
-// Decrypt returns a ReadCloser, from which the decrypted contents of the
+func (se *SymmetricallyEncrypted) decryptMdc(c CipherFunction, key []byte) (io.ReadCloser, error) {
-// packet can be read. An incorrect key can, with high probability, be detected
+	if !c.IsSupported() {
-// immediately and this will result in a KeyIncorrect error being returned.
+		return nil, errors.UnsupportedError("unsupported cipher: " + strconv.Itoa(int(c)))
 func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
 	keySize := c.KeySize()
 	if keySize == 0 {
 		return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
 	}
-	if len(key) != keySize {
+
 	if len(key) != c.KeySize() {
 		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
 	}
 	if se.prefix == nil {
 		se.prefix = make([]byte, c.blockSize()+2)
-		_, err := readFull(se.contents, se.prefix)
+		_, err := readFull(se.Contents, se.prefix)
 		if err != nil {
 			return nil, err
 		}
@ -64,47 +48,31 @@ func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.Read
 	}
 	ocfbResync := OCFBResync
-	if se.MDC {
+	if se.IntegrityProtected {
 		// MDC packets use a different form of OCFB mode.
 		ocfbResync = OCFBNoResync
 	}
 	s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
 	if s == nil {
 		return nil, errors.ErrKeyIncorrect
 	}
-	plaintext := cipher.StreamReader{S: s, R: se.contents}
+	plaintext := cipher.StreamReader{S: s, R: se.Contents}
-	if se.MDC {
+	if se.IntegrityProtected {
-		// MDC packets have an embedded hash that we need to check.
+		// IntegrityProtected packets have an embedded hash that we need to check.
 		h := sha1.New()
 		h.Write(se.prefix)
 		return &seMDCReader{in: plaintext, h: h}, nil
 	}
 	// Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.
-	return seReader{plaintext}, nil
+	return seMdcReader{plaintext}, nil
 }
 // seReader wraps an io.Reader with a no-op Close method.
 type seReader struct {
 	in io.Reader
 }
 func (ser seReader) Read(buf []byte) (int, error) {
 	return ser.in.Read(buf)
 }
 func (ser seReader) Close() error {
 	return nil
 }
 const mdcTrailerSize = 1 /* tag byte */ + 1 /* length byte */ + sha1.Size
 // An seMDCReader wraps an io.Reader, maintains a running hash and keeps hold
 // of the most recent 22 bytes (mdcTrailerSize). Upon EOF, those bytes form an
-// MDC packet containing a hash of the previous contents which is checked
+// MDC packet containing a hash of the previous Contents which is checked
 // against the running hash. See RFC 4880, section 5.13.
 type seMDCReader struct {
 	in          io.Reader
@ -175,12 +143,12 @@ func (ser *seMDCReader) Read(buf []byte) (n int, err error) {
 	return
 }
-// This is a new-format packet tag byte for a type 19 (MDC) packet.
+// This is a new-format packet tag byte for a type 19 (Integrity Protected) packet.
 const mdcPacketTagByte = byte(0x80) | 0x40 | 19
 func (ser *seMDCReader) Close() error {
 	if ser.error {
-		return errors.SignatureError("error during reading")
+		return errors.ErrMDCMissing
 	}
 	for !ser.eof {
@ -191,18 +159,20 @@ func (ser *seMDCReader) Close() error {
 			break
 		}
 		if err != nil {
-			return errors.SignatureError("error during reading")
+			return errors.ErrMDCMissing
 		}
 	}
 	if ser.trailer[0] != mdcPacketTagByte || ser.trailer[1] != sha1.Size {
 		return errors.SignatureError("MDC packet not found")
 	}
 	ser.h.Write(ser.trailer[:2])
 	final := ser.h.Sum(nil)
 	if subtle.ConstantTimeCompare(final, ser.trailer[2:]) != 1 {
-		return errors.SignatureError("hash mismatch")
+		return errors.ErrMDCHashMismatch
 	}
 	// The hash already includes the MDC header, but we still check its value
 	// to confirm encryption correctness
 	if ser.trailer[0] != mdcPacketTagByte || ser.trailer[1] != sha1.Size {
 		return errors.ErrMDCMissing
 	}
 	return nil
 }
@ -249,21 +219,17 @@ func (c noOpCloser) Close() error {
 	return nil
 }
-// SerializeSymmetricallyEncrypted serializes a symmetrically encrypted packet
+func serializeSymmetricallyEncryptedMdc(ciphertext io.WriteCloser, c CipherFunction, key []byte, config *Config) (Contents io.WriteCloser, err error) {
-// to w and returns a WriteCloser to which the to-be-encrypted packets can be
+	// Disallow old cipher suites
-// written.
+	if !c.IsSupported() ||  c < CipherAES128 {
-// If config is nil, sensible defaults will be used.
+		return nil, errors.InvalidArgumentError("invalid mdc cipher function")
 func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) {
 	if c.KeySize() != len(key) {
 		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
 	}
 	writeCloser := noOpCloser{w}
 	ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)
 	if err != nil {
 		return
 	}
-	_, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion})
+	if c.KeySize() != len(key) {
 		return nil, errors.InvalidArgumentError("error in mdc serialization: bad key length")
 	}
 	_, err = ciphertext.Write([]byte{symmetricallyEncryptedVersionMdc})
 	if err != nil {
 		return
 	}
@ -285,6 +251,6 @@ func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte,
 	h := sha1.New()
 	h.Write(iv)
 	h.Write(iv[blockSize-2:])
-	contents = &seMDCWriter{w: plaintext, h: h}
+	Contents = &seMDCWriter{w: plaintext, h: h}
 	return
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go
@ -42,9 +42,16 @@ func NewUserAttributePhoto(photos ...image.Image) (uat *UserAttribute, err error
 		if err = jpeg.Encode(&buf, photo, nil); err != nil {
 			return
 		}
 		lengthBuf := make([]byte, 5)
 		n := serializeSubpacketLength(lengthBuf, len(buf.Bytes())+1)
 		lengthBuf = lengthBuf[:n]
 		uat.Contents = append(uat.Contents, &OpaqueSubpacket{
-			SubType:  UserAttrImageSubpacket,
+			SubType:       UserAttrImageSubpacket,
-			Contents: buf.Bytes()})
+			EncodedLength: lengthBuf,
 			Contents:      buf.Bytes(),
 		})
 	}
 	return
 }
@ -69,7 +76,10 @@ func (uat *UserAttribute) parse(r io.Reader) (err error) {
 func (uat *UserAttribute) Serialize(w io.Writer) (err error) {
 	var buf bytes.Buffer
 	for _, sp := range uat.Contents {
-		sp.Serialize(&buf)
+		err = sp.Serialize(&buf)
 		if err != nil {
 			return err
 		}
 	}
 	if err = serializeHeader(w, packetTypeUserAttribute, buf.Len()); err != nil {
 		return err
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go
@ -156,5 +156,12 @@ func parseUserId(id string) (name, comment, email string) {
 	name = strings.TrimSpace(id[n.start:n.end])
 	comment = strings.TrimSpace(id[c.start:c.end])
 	email = strings.TrimSpace(id[e.start:e.end])
 	// RFC 2822 3.4: alternate simple form of a mailbox
 	if email == "" && strings.ContainsRune(name, '@') {
 		email = name
 		name = ""
 	}
 	return
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
@ -3,24 +3,21 @@
 // license that can be found in the LICENSE file.
 // Package openpgp implements high level operations on OpenPGP messages.
-//
+package openpgp // import "github.com/ProtonMail/go-crypto/openpgp"
 // Deprecated: this package is unmaintained except for security fixes. New
 // applications should consider a more focused, modern alternative to OpenPGP
 // for their specific task. If you are required to interoperate with OpenPGP
 // systems and need a maintained package, consider a community fork.
 // See https://golang.org/issue/44226.
 package openpgp // import "golang.org/x/crypto/openpgp"
 import (
 	"crypto"
 	_ "crypto/sha256"
 	_ "crypto/sha512"
 	"hash"
 	"io"
 	"strconv"
-	"golang.org/x/crypto/openpgp/armor"
+	"github.com/ProtonMail/go-crypto/openpgp/armor"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
-	"golang.org/x/crypto/openpgp/packet"
+	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	_ "golang.org/x/crypto/sha3"
 )
 // SignatureType is the armor type for a PGP signature.
@ -62,9 +59,9 @@ type MessageDetails struct {
 	// been consumed. Once EOF has been seen, the following fields are
 	// valid. (An authentication code failure is reported as a
 	// SignatureError error when reading from UnverifiedBody.)
-	SignatureError error               // nil if the signature is good.
+	Signature            *packet.Signature   // the signature packet itself.
-	Signature      *packet.Signature   // the signature packet itself, if v4 (default)
+	SignatureError       error               // nil if the signature is good.
-	SignatureV3    *packet.SignatureV3 // the signature packet if it is a v2 or v3 signature
+	UnverifiedSignatures []*packet.Signature // all other unverified signature packets.
 	decrypted io.ReadCloser
 }
@ -94,7 +91,8 @@ func ReadMessage(r io.Reader, keyring KeyRing, prompt PromptFunction, config *pa
 	var symKeys []*packet.SymmetricKeyEncrypted
 	var pubKeys []keyEnvelopePair
-	var se *packet.SymmetricallyEncrypted
+	// Integrity protected encrypted packet: SymmetricallyEncrypted or AEADEncrypted
 	var edp packet.EncryptedDataPacket
 	packets := packet.NewReader(r)
 	md = new(MessageDetails)
@ -119,22 +117,30 @@ ParsePackets:
 			// This packet contains the decryption key encrypted to a public key.
 			md.EncryptedToKeyIds = append(md.EncryptedToKeyIds, p.KeyId)
 			switch p.Algo {
-			case packet.PubKeyAlgoRSA, packet.PubKeyAlgoRSAEncryptOnly, packet.PubKeyAlgoElGamal:
+			case packet.PubKeyAlgoRSA, packet.PubKeyAlgoRSAEncryptOnly, packet.PubKeyAlgoElGamal, packet.PubKeyAlgoECDH:
 				break
 			default:
 				continue
 			}
-			var keys []Key
+			if keyring != nil {
-			if p.KeyId == 0 {
+				var keys []Key
-				keys = keyring.DecryptionKeys()
+				if p.KeyId == 0 {
-			} else {
+					keys = keyring.DecryptionKeys()
-				keys = keyring.KeysById(p.KeyId)
+				} else {
-			}
+					keys = keyring.KeysById(p.KeyId)
-			for _, k := range keys {
+				}
-				pubKeys = append(pubKeys, keyEnvelopePair{k, p})
+				for _, k := range keys {
 					pubKeys = append(pubKeys, keyEnvelopePair{k, p})
 				}
 			}
 		case *packet.SymmetricallyEncrypted:
-			se = p
+			if !p.IntegrityProtected && !config.AllowUnauthenticatedMessages() {
 				return nil, errors.UnsupportedError("message is not integrity protected")
 			}
 			edp = p
 			break ParsePackets
 		case *packet.AEADEncrypted:
 			edp = p
 			break ParsePackets
 		case *packet.Compressed, *packet.LiteralData, *packet.OnePassSignature:
 			// This message isn't encrypted.
@ -142,7 +148,7 @@ ParsePackets:
 				return nil, errors.StructuralError("key material not followed by encrypted message")
 			}
 			packets.Unread(p)
-			return readSignedMessage(packets, nil, keyring)
+			return readSignedMessage(packets, nil, keyring, config)
 		}
 	}
@ -164,12 +170,13 @@ FindKey:
 			}
 			if !pk.key.PrivateKey.Encrypted {
 				if len(pk.encryptedKey.Key) == 0 {
-					pk.encryptedKey.Decrypt(pk.key.PrivateKey, config)
+					errDec := pk.encryptedKey.Decrypt(pk.key.PrivateKey, config)
 					if errDec != nil {
 						continue
 					}
 				}
-				if len(pk.encryptedKey.Key) == 0 {
+				// Try to decrypt symmetrically encrypted
-					continue
+				decrypted, err = edp.Decrypt(pk.encryptedKey.CipherFunc, pk.encryptedKey.Key)
 				}
 				decrypted, err = se.Decrypt(pk.encryptedKey.CipherFunc, pk.encryptedKey.Key)
 				if err != nil && err != errors.ErrKeyIncorrect {
 					return nil, err
 				}
@ -204,16 +211,17 @@ FindKey:
 		if len(symKeys) != 0 && passphrase != nil {
 			for _, s := range symKeys {
 				key, cipherFunc, err := s.Decrypt(passphrase)
 				// In v4, on wrong passphrase, session key decryption is very likely to result in an invalid cipherFunc:
 				// only for < 5% of cases we will proceed to decrypt the data
 				if err == nil {
-					decrypted, err = se.Decrypt(cipherFunc, key)
+					decrypted, err = edp.Decrypt(cipherFunc, key)
-					if err != nil && err != errors.ErrKeyIncorrect {
+					if err != nil {
 						return nil, err
 					}
 					if decrypted != nil {
 						break FindKey
 					}
 				}
 			}
 		}
 	}
@ -222,13 +230,17 @@ FindKey:
 	if err := packets.Push(decrypted); err != nil {
 		return nil, err
 	}
-	return readSignedMessage(packets, md, keyring)
+	mdFinal, sensitiveParsingErr := readSignedMessage(packets, md, keyring, config)
 	if sensitiveParsingErr != nil {
 		return nil, errors.StructuralError("parsing error")
 	}
 	return mdFinal, nil
 }
 // readSignedMessage reads a possibly signed message if mdin is non-zero then
 // that structure is updated and returned. Otherwise a fresh MessageDetails is
 // used.
-func readSignedMessage(packets *packet.Reader, mdin *MessageDetails, keyring KeyRing) (md *MessageDetails, err error) {
+func readSignedMessage(packets *packet.Reader, mdin *MessageDetails, keyring KeyRing, config *packet.Config) (md *MessageDetails, err error) {
 	if mdin == nil {
 		mdin = new(MessageDetails)
 	}
@ -237,6 +249,7 @@ func readSignedMessage(packets *packet.Reader, mdin *MessageDetails, keyring Key
 	var p packet.Packet
 	var h hash.Hash
 	var wrappedHash hash.Hash
 	var prevLast bool
 FindLiteralData:
 	for {
 		p, err = packets.Next()
@ -249,21 +262,26 @@ FindLiteralData:
 				return nil, err
 			}
 		case *packet.OnePassSignature:
-			if !p.IsLast {
+			if prevLast {
-				return nil, errors.UnsupportedError("nested signatures")
+				return nil, errors.UnsupportedError("nested signature packets")
 			}
 			if p.IsLast {
 				prevLast = true
 			}
 			h, wrappedHash, err = hashForSignature(p.Hash, p.SigType)
 			if err != nil {
-				md = nil
+				md.SignatureError = err
 				return
 			}
 			md.IsSigned = true
 			md.SignedByKeyId = p.KeyId
-			keys := keyring.KeysByIdUsage(p.KeyId, packet.KeyFlagSign)
+			if keyring != nil {
-			if len(keys) > 0 {
+				keys := keyring.KeysByIdUsage(p.KeyId, packet.KeyFlagSign)
-				md.SignedBy = &keys[0]
+				if len(keys) > 0 {
 					md.SignedBy = &keys[0]
 				}
 			}
 		case *packet.LiteralData:
 			md.LiteralData = p
@ -271,8 +289,8 @@ FindLiteralData:
 		}
 	}
-	if md.SignedBy != nil {
+	if md.IsSigned && md.SignatureError == nil {
-		md.UnverifiedBody = &signatureCheckReader{packets, h, wrappedHash, md}
+		md.UnverifiedBody = &signatureCheckReader{packets, h, wrappedHash, md, config}
 	} else if md.decrypted != nil {
 		md.UnverifiedBody = checkReader{md}
 	} else {
@ -287,11 +305,14 @@ FindLiteralData:
 // should be preprocessed (i.e. to normalize line endings). Thus this function
 // returns two hashes. The second should be used to hash the message itself and
 // performs any needed preprocessing.
-func hashForSignature(hashId crypto.Hash, sigType packet.SignatureType) (hash.Hash, hash.Hash, error) {
+func hashForSignature(hashFunc crypto.Hash, sigType packet.SignatureType) (hash.Hash, hash.Hash, error) {
-	if !hashId.Available() {
+	if _, ok := algorithm.HashToHashIdWithSha1(hashFunc); !ok {
-		return nil, nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashId)))
+		return nil, nil, errors.UnsupportedError("unsupported hash function")
 	}
-	h := hashId.New()
+	if !hashFunc.Available() {
 		return nil, nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashFunc)))
 	}
 	h := hashFunc.New()
 	switch sigType {
 	case packet.SigTypeBinary:
@ -310,15 +331,21 @@ type checkReader struct {
 	md *MessageDetails
 }
-func (cr checkReader) Read(buf []byte) (n int, err error) {
+func (cr checkReader) Read(buf []byte) (int, error) {
-	n, err = cr.md.LiteralData.Body.Read(buf)
+	n, sensitiveParsingError := cr.md.LiteralData.Body.Read(buf)
-	if err == io.EOF {
+	if sensitiveParsingError == io.EOF {
 		mdcErr := cr.md.decrypted.Close()
 		if mdcErr != nil {
-			err = mdcErr
+			return n, mdcErr
 		}
 		return n, io.EOF
 	}
-	return
+
 	if sensitiveParsingError != nil {
 		return n, errors.StructuralError("parsing error")
 	}
 	return n, nil
 }
 // signatureCheckReader wraps an io.Reader from a LiteralData packet and hashes
@ -328,26 +355,53 @@ type signatureCheckReader struct {
 	packets        *packet.Reader
 	h, wrappedHash hash.Hash
 	md             *MessageDetails
 	config         *packet.Config
 }
-func (scr *signatureCheckReader) Read(buf []byte) (n int, err error) {
+func (scr *signatureCheckReader) Read(buf []byte) (int, error) {
-	n, err = scr.md.LiteralData.Body.Read(buf)
+	n, sensitiveParsingError := scr.md.LiteralData.Body.Read(buf)
-	scr.wrappedHash.Write(buf[:n])
+
-	if err == io.EOF {
+	// Hash only if required
 	if scr.md.SignedBy != nil {
 		scr.wrappedHash.Write(buf[:n])
 	}
 	if sensitiveParsingError == io.EOF {
 		var p packet.Packet
-		p, scr.md.SignatureError = scr.packets.Next()
+		var readError error
-		if scr.md.SignatureError != nil {
+		var sig *packet.Signature
-			return
+
 		p, readError = scr.packets.Next()
 		for readError == nil {
 			var ok bool
 			if sig, ok = p.(*packet.Signature); ok {
 				if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) {
 					sig.Metadata = scr.md.LiteralData
 				}
 				// If signature KeyID matches
 				if scr.md.SignedBy != nil && *sig.IssuerKeyId == scr.md.SignedByKeyId {
 					key := scr.md.SignedBy
 					signatureError := key.PublicKey.VerifySignature(scr.h, sig)
 					if signatureError == nil {
 						signatureError = checkSignatureDetails(key, sig, scr.config)
 					}
 					scr.md.Signature = sig
 					scr.md.SignatureError = signatureError
 				} else {
 					scr.md.UnverifiedSignatures = append(scr.md.UnverifiedSignatures, sig)
 				}
 			}
 			p, readError = scr.packets.Next()
 		}
-		var ok bool
+		if scr.md.SignedBy != nil && scr.md.Signature == nil {
-		if scr.md.Signature, ok = p.(*packet.Signature); ok {
+			if scr.md.UnverifiedSignatures == nil {
-			scr.md.SignatureError = scr.md.SignedBy.PublicKey.VerifySignature(scr.h, scr.md.Signature)
+				scr.md.SignatureError = errors.StructuralError("LiteralData not followed by signature")
-		} else if scr.md.SignatureV3, ok = p.(*packet.SignatureV3); ok {
+			} else {
-			scr.md.SignatureError = scr.md.SignedBy.PublicKey.VerifySignatureV3(scr.h, scr.md.SignatureV3)
+				scr.md.SignatureError = errors.StructuralError("No matching signature found")
-		} else {
+			}
 			scr.md.SignatureError = errors.StructuralError("LiteralData not followed by Signature")
 			return
 		}
 		// The SymmetricallyEncrypted packet, if any, might have an
@ -356,47 +410,87 @@ func (scr *signatureCheckReader) Read(buf []byte) (n int, err error) {
 		if scr.md.decrypted != nil {
 			mdcErr := scr.md.decrypted.Close()
 			if mdcErr != nil {
-				err = mdcErr
+				return n, mdcErr
 			}
 		}
 		return n, io.EOF
 	}
-	return
+
 	if sensitiveParsingError != nil {
 		return n, errors.StructuralError("parsing error")
 	}
 	return n, nil
 }
 // VerifyDetachedSignature takes a signed file and a detached signature and
 // returns the signature packet and the entity the signature was signed by,
 // if any, and a possible signature verification error.
 // If the signer isn't known, ErrUnknownIssuer is returned.
 func VerifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
 	var expectedHashes []crypto.Hash
 	return verifyDetachedSignature(keyring, signed, signature, expectedHashes, config)
 }
 // VerifyDetachedSignatureAndHash performs the same actions as
 // VerifyDetachedSignature and checks that the expected hash functions were used.
 func VerifyDetachedSignatureAndHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
 	return verifyDetachedSignature(keyring, signed, signature, expectedHashes, config)
 }
 // CheckDetachedSignature takes a signed file and a detached signature and
-// returns the signer if the signature is valid. If the signer isn't known,
+// returns the entity the signature was signed by, if any, and a possible
 // signature verification error. If the signer isn't known,
 // ErrUnknownIssuer is returned.
-func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) {
+func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (signer *Entity, err error) {
 	var expectedHashes []crypto.Hash
 	return CheckDetachedSignatureAndHash(keyring, signed, signature, expectedHashes, config)
 }
 // CheckDetachedSignatureAndHash performs the same actions as
 // CheckDetachedSignature and checks that the expected hash functions were used.
 func CheckDetachedSignatureAndHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, config *packet.Config) (signer *Entity, err error) {
 	_, signer, err = verifyDetachedSignature(keyring, signed, signature, expectedHashes, config)
 	return
 }
 func verifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
 	var issuerKeyId uint64
 	var hashFunc crypto.Hash
 	var sigType packet.SignatureType
 	var keys []Key
 	var p packet.Packet
 	expectedHashesLen := len(expectedHashes)
 	packets := packet.NewReader(signature)
 	for {
 		p, err = packets.Next()
 		if err == io.EOF {
-			return nil, errors.ErrUnknownIssuer
+			return nil, nil, errors.ErrUnknownIssuer
 		}
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
-		switch sig := p.(type) {
+		var ok bool
-		case *packet.Signature:
+		sig, ok = p.(*packet.Signature)
-			if sig.IssuerKeyId == nil {
+		if !ok {
-				return nil, errors.StructuralError("signature doesn't have an issuer")
+			return nil, nil, errors.StructuralError("non signature packet found")
 		}
 		if sig.IssuerKeyId == nil {
 			return nil, nil, errors.StructuralError("signature doesn't have an issuer")
 		}
 		issuerKeyId = *sig.IssuerKeyId
 		hashFunc = sig.Hash
 		sigType = sig.SigType
 		for i, expectedHash := range expectedHashes {
 			if hashFunc == expectedHash {
 				break
 			}
 			if i+1 == expectedHashesLen {
 				return nil, nil, errors.StructuralError("hash algorithm mismatch with cleartext message headers")
 			}
 			issuerKeyId = *sig.IssuerKeyId
 			hashFunc = sig.Hash
 			sigType = sig.SigType
 		case *packet.SignatureV3:
 			issuerKeyId = sig.IssuerKeyId
 			hashFunc = sig.Hash
 			sigType = sig.SigType
 		default:
 			return nil, errors.StructuralError("non signature packet found")
 		}
 		keys = keyring.KeysByIdUsage(issuerKeyId, packet.KeyFlagSign)
@ -411,38 +505,86 @@ func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signe
 	h, wrappedHash, err := hashForSignature(hashFunc, sigType)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	if _, err := io.Copy(wrappedHash, signed); err != nil && err != io.EOF {
-		return nil, err
+		return nil, nil, err
 	}
 	for _, key := range keys {
-		switch sig := p.(type) {
+		err = key.PublicKey.VerifySignature(h, sig)
 		case *packet.Signature:
 			err = key.PublicKey.VerifySignature(h, sig)
 		case *packet.SignatureV3:
 			err = key.PublicKey.VerifySignatureV3(h, sig)
 		default:
 			panic("unreachable")
 		}
 		if err == nil {
-			return key.Entity, nil
+			return sig, key.Entity, checkSignatureDetails(&key, sig, config)
 		}
 	}
-	return nil, err
+	return nil, nil, err
 }
 // CheckArmoredDetachedSignature performs the same actions as
 // CheckDetachedSignature but expects the signature to be armored.
-func CheckArmoredDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) {
+func CheckArmoredDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (signer *Entity, err error) {
 	body, err := readArmored(signature, SignatureType)
 	if err != nil {
 		return
 	}
-	return CheckDetachedSignature(keyring, signed, body)
+	return CheckDetachedSignature(keyring, signed, body, config)
 }
 // checkSignatureDetails returns an error if:
 // - The signature (or one of the binding signatures mentioned below)
 //   has a unknown critical notation data subpacket
 // - The primary key of the signing entity is revoked
 // The signature was signed by a subkey and:
 //   - The signing subkey is revoked
 // - The primary identity is revoked
 // - The signature is expired
 // - The primary key of the signing entity is expired according to the
 //   primary identity binding signature
 // The signature was signed by a subkey and:
 //   - The signing subkey is expired according to the subkey binding signature
 //   - The signing subkey binding signature is expired
 //   - The signing subkey cross-signature is expired
 // NOTE: The order of these checks is important, as the caller may choose to
 // ignore ErrSignatureExpired or ErrKeyExpired errors, but should never
 // ignore any other errors.
 // TODO: Also return an error if:
 // - The primary key is expired according to a direct-key signature
 // - (For V5 keys only:) The direct-key signature (exists and) is expired
 func checkSignatureDetails(key *Key, signature *packet.Signature, config *packet.Config) error {
 	now := config.Now()
 	primaryIdentity := key.Entity.PrimaryIdentity()
 	signedBySubKey := key.PublicKey != key.Entity.PrimaryKey
 	sigsToCheck := []*packet.Signature{ signature, primaryIdentity.SelfSignature }
 	if signedBySubKey {
 		sigsToCheck = append(sigsToCheck, key.SelfSignature, key.SelfSignature.EmbeddedSignature)
 	}
 	for _, sig := range sigsToCheck {
 		for _, notation := range sig.Notations {
 			if notation.IsCritical && !config.KnownNotation(notation.Name) {
 				return errors.SignatureError("unknown critical notation: " + notation.Name)
 			}
 		}
 	}
 	if key.Entity.Revoked(now) || // primary key is revoked
 		(signedBySubKey && key.Revoked(now)) || // subkey is revoked
 		primaryIdentity.Revoked(now) { // primary identity is revoked
 		return errors.ErrKeyRevoked
 	}
 	if key.Entity.PrimaryKey.KeyExpired(primaryIdentity.SelfSignature, now) { // primary key is expired
 		return errors.ErrKeyExpired
 	}
 	if signedBySubKey {
 		if key.PublicKey.KeyExpired(key.SelfSignature, now) { // subkey is expired
 			return errors.ErrKeyExpired
 		}
 	}
 	for _, sig := range sigsToCheck {
 		if sig.SigExpired(now) { // any of the relevant signatures are expired
 			return errors.ErrSignatureExpired
 		}
 	}
 	return nil
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/read_write_test_data.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/read_write_test_data.go
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go
@ -4,13 +4,7 @@
 // Package s2k implements the various OpenPGP string-to-key transforms as
 // specified in RFC 4800 section 3.7.1.
-//
+package s2k // import "github.com/ProtonMail/go-crypto/openpgp/s2k"
 // Deprecated: this package is unmaintained except for security fixes. New
 // applications should consider a more focused, modern alternative to OpenPGP
 // for their specific task. If you are required to interoperate with OpenPGP
 // systems and need a maintained package, consider a community fork.
 // See https://golang.org/issue/44226.
 package s2k // import "golang.org/x/crypto/openpgp/s2k"
 import (
 	"crypto"
@ -18,49 +12,67 @@ import (
 	"io"
 	"strconv"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
 )
 // Config collects configuration parameters for s2k key-stretching
-// transformatioms. A nil *Config is valid and results in all default
+// transformations. A nil *Config is valid and results in all default
 // values. Currently, Config is used only by the Serialize function in
 // this package.
 type Config struct {
 	// S2KMode is the mode of s2k function.
 	// It can be 0 (simple), 1(salted), 3(iterated)
 	// 2(reserved) 100-110(private/experimental).
 	S2KMode uint8
 	// Hash is the default hash function to be used. If
-	// nil, SHA1 is used.
+	// nil, SHA256 is used.
 	Hash crypto.Hash
 	// S2KCount is only used for symmetric encryption. It
 	// determines the strength of the passphrase stretching when
 	// the said passphrase is hashed to produce a key. S2KCount
-	// should be between 1024 and 65011712, inclusive. If Config
+	// should be between 65536 and 65011712, inclusive. If Config
-	// is nil or S2KCount is 0, the value 65536 used. Not all
+	// is nil or S2KCount is 0, the value 16777216 used. Not all
 	// values in the above range can be represented. S2KCount will
 	// be rounded up to the next representable value if it cannot
-	// be encoded exactly. When set, it is strongly encrouraged to
+	// be encoded exactly. See RFC 4880 Section 3.7.1.3.
 	// use a value that is at least 65536. See RFC 4880 Section
 	// 3.7.1.3.
 	S2KCount int
 }
 // Params contains all the parameters of the s2k packet
 type Params struct {
 	// mode is the mode of s2k function.
 	// It can be 0 (simple), 1(salted), 3(iterated)
 	// 2(reserved) 100-110(private/experimental).
 	mode uint8
 	// hashId is the ID of the hash function used in any of the modes
 	hashId byte
 	// salt is a byte array to use as a salt in hashing process
 	salt []byte
 	// countByte is used to determine how many rounds of hashing are to
 	// be performed in s2k mode 3. See RFC 4880 Section 3.7.1.3.
 	countByte byte
 }
 func (c *Config) hash() crypto.Hash {
 	if c == nil || uint(c.Hash) == 0 {
-		// SHA1 is the historical default in this package.
+		return crypto.SHA256
 		return crypto.SHA1
 	}
 	return c.Hash
 }
-func (c *Config) encodedCount() uint8 {
+// EncodedCount get encoded count
 func (c *Config) EncodedCount() uint8 {
 	if c == nil || c.S2KCount == 0 {
-		return 96 // The common case. Correspoding to 65536
+		return 224 // The common case. Corresponding to 16777216
 	}
 	i := c.S2KCount
 	switch {
-	// Behave like GPG. Should we make 65536 the lowest value used?
+	case i < 65536:
-	case i < 1024:
+		i = 65536
 		i = 1024
 	case i > 65011712:
 		i = 65011712
 	}
@ -74,11 +86,11 @@ func (c *Config) encodedCount() uint8 {
 // if i is not in the above range (encodedCount above takes care to
 // pass i in the correct range). See RFC 4880 Section 3.7.7.1.
 func encodeCount(i int) uint8 {
-	if i < 1024 || i > 65011712 {
+	if i < 65536 || i > 65011712 {
 		panic("count arg i outside the required range")
 	}
-	for encoded := 0; encoded < 256; encoded++ {
+	for encoded := 96; encoded < 256; encoded++ {
 		count := decodeCount(uint8(encoded))
 		if count >= i {
 			return uint8(encoded)
@ -157,9 +169,44 @@ func Iterated(out []byte, h hash.Hash, in []byte, salt []byte, count int) {
 	}
 }
 // Generate generates valid parameters from given configuration.
 // It will enforce salted + hashed s2k method
 func Generate(rand io.Reader, c *Config) (*Params, error) {
 	hashId, ok := algorithm.HashToHashId(c.Hash)
 	if !ok {
 		return nil, errors.UnsupportedError("no such hash")
 	}
 	params := &Params{
 		mode:      3, // Enforce iterared + salted method
 		hashId:    hashId,
 		salt:      make([]byte, 8),
 		countByte: c.EncodedCount(),
 	}
 	if _, err := io.ReadFull(rand, params.salt); err != nil {
 		return nil, err
 	}
 	return params, nil
 }
 // Parse reads a binary specification for a string-to-key transformation from r
-// and returns a function which performs that transform.
+// and returns a function which performs that transform. If the S2K is a special
 // GNU extension that indicates that the private key is missing, then the error
 // returned is errors.ErrDummyPrivateKey.
 func Parse(r io.Reader) (f func(out, in []byte), err error) {
 	params, err := ParseIntoParams(r)
 	if err != nil {
 		return nil, err
 	}
 	return params.Function()
 }
 // ParseIntoParams reads a binary specification for a string-to-key
 // transformation from r and returns a struct describing the s2k parameters.
 func ParseIntoParams(r io.Reader) (params *Params, err error) {
 	var buf [9]byte
 	_, err = io.ReadFull(r, buf[:2])
@ -167,113 +214,126 @@ func Parse(r io.Reader) (f func(out, in []byte), err error) {
 		return
 	}
-	hash, ok := HashIdToHash(buf[1])
+	params = &Params{
-	if !ok {
+		mode:   buf[0],
-		return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(buf[1])))
+		hashId: buf[1],
 	}
 	if !hash.Available() {
 		return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hash)))
 	}
 	h := hash.New()
-	switch buf[0] {
+	switch params.mode {
 	case 0:
-		f := func(out, in []byte) {
+		return params, nil
 			Simple(out, h, in)
 		}
 		return f, nil
 	case 1:
 		_, err = io.ReadFull(r, buf[:8])
 		if err != nil {
-			return
+			return nil, err
 		}
-		f := func(out, in []byte) {
+
-			Salted(out, h, in, buf[:8])
+		params.salt = buf[:8]
-		}
+		return params, nil
 		return f, nil
 	case 3:
 		_, err = io.ReadFull(r, buf[:9])
 		if err != nil {
-			return
+			return nil, err
 		}
-		count := decodeCount(buf[8])
+
 		params.salt = buf[:8]
 		params.countByte = buf[8]
 		return params, nil
 	case 101:
 		// This is a GNU extension. See
 		// https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109
 		if _, err = io.ReadFull(r, buf[:4]); err != nil {
 			return nil, err
 		}
 		if buf[0] == 'G' && buf[1] == 'N' && buf[2] == 'U' && buf[3] == 1 {
 			return params, nil
 		}
 		return nil, errors.UnsupportedError("GNU S2K extension")
 	}
 	return nil, errors.UnsupportedError("S2K function")
 }
 func (params *Params) Dummy() bool {
 	return params != nil && params.mode == 101
 }
 func (params *Params) Function() (f func(out, in []byte), err error) {
 	if params.Dummy() {
 		return nil, errors.ErrDummyPrivateKey("dummy key found")
 	}
 	hashObj, ok := algorithm.HashIdToHashWithSha1(params.hashId)
 	if !ok {
 		return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(params.hashId)))
 	}
 	if !hashObj.Available() {
 		return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashObj)))
 	}
 	switch params.mode {
 	case 0:
 		f := func(out, in []byte) {
-			Iterated(out, h, in, buf[:8], count)
+			Simple(out, hashObj.New(), in)
 		}
 		return f, nil
 	case 1:
 		f := func(out, in []byte) {
 			Salted(out, hashObj.New(), in, params.salt)
 		}
 		return f, nil
 	case 3:
 		f := func(out, in []byte) {
 			Iterated(out, hashObj.New(), in, params.salt, decodeCount(params.countByte))
 		}
 		return f, nil
 	}
 	return nil, errors.UnsupportedError("S2K function")
 }
 func (params *Params) Serialize(w io.Writer) (err error) {
 	if _, err = w.Write([]byte{params.mode}); err != nil {
 		return
 	}
 	if _, err = w.Write([]byte{params.hashId}); err != nil {
 		return
 	}
 	if params.Dummy() {
 		_, err = w.Write(append([]byte("GNU"), 1))
 		return
 	}
 	if params.mode > 0 {
 		if _, err = w.Write(params.salt); err != nil {
 			return
 		}
 		if params.mode == 3 {
 			_, err = w.Write([]byte{params.countByte})
 		}
 	}
 	return
 }
 // Serialize salts and stretches the given passphrase and writes the
 // resulting key into key. It also serializes an S2K descriptor to
 // w. The key stretching can be configured with c, which may be
 // nil. In that case, sensible defaults will be used.
 func Serialize(w io.Writer, key []byte, rand io.Reader, passphrase []byte, c *Config) error {
-	var buf [11]byte
+	params, err := Generate(rand, c)
-	buf[0] = 3 /* iterated and salted */
+	if err != nil {
 	buf[1], _ = HashToHashId(c.hash())
 	salt := buf[2:10]
 	if _, err := io.ReadFull(rand, salt); err != nil {
 		return err
 	}
-	encodedCount := c.encodedCount()
+	err = params.Serialize(w)
-	count := decodeCount(encodedCount)
+	if err != nil {
 	buf[10] = encodedCount
 	if _, err := w.Write(buf[:]); err != nil {
 		return err
 	}
-	Iterated(key, c.hash().New(), passphrase, salt, count)
+	f, err := params.Function()
 	if err != nil {
 		return err
 	}
 	f(key, passphrase)
 	return nil
 }
 // hashToHashIdMapping contains pairs relating OpenPGP's hash identifier with
 // Go's crypto.Hash type. See RFC 4880, section 9.4.
 var hashToHashIdMapping = []struct {
 	id   byte
 	hash crypto.Hash
 	name string
 }{
 	{1, crypto.MD5, "MD5"},
 	{2, crypto.SHA1, "SHA1"},
 	{3, crypto.RIPEMD160, "RIPEMD160"},
 	{8, crypto.SHA256, "SHA256"},
 	{9, crypto.SHA384, "SHA384"},
 	{10, crypto.SHA512, "SHA512"},
 	{11, crypto.SHA224, "SHA224"},
 }
 // HashIdToHash returns a crypto.Hash which corresponds to the given OpenPGP
 // hash id.
 func HashIdToHash(id byte) (h crypto.Hash, ok bool) {
 	for _, m := range hashToHashIdMapping {
 		if m.id == id {
 			return m.hash, true
 		}
 	}
 	return 0, false
 }
 // HashIdToString returns the name of the hash function corresponding to the
 // given OpenPGP hash id.
 func HashIdToString(id byte) (name string, ok bool) {
 	for _, m := range hashToHashIdMapping {
 		if m.id == id {
 			return m.name, true
 		}
 	}
 	return "", false
 }
 // HashIdToHash returns an OpenPGP hash id which corresponds the given Hash.
 func HashToHashId(h crypto.Hash) (id byte, ok bool) {
 	for _, m := range hashToHashIdMapping {
 		if m.hash == h {
 			return m.id, true
 		}
 	}
 	return 0, false
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
@ -11,10 +11,10 @@ import (
 	"strconv"
 	"time"
-	"golang.org/x/crypto/openpgp/armor"
+	"github.com/ProtonMail/go-crypto/openpgp/armor"
-	"golang.org/x/crypto/openpgp/errors"
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
-	"golang.org/x/crypto/openpgp/packet"
+	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
-	"golang.org/x/crypto/openpgp/s2k"
+	"github.com/ProtonMail/go-crypto/openpgp/packet"
 )
 // DetachSign signs message with the private key from signer (which must
@ -60,27 +60,31 @@ func armoredDetachSign(w io.Writer, signer *Entity, message io.Reader, sigType p
 }
 func detachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.SignatureType, config *packet.Config) (err error) {
-	if signer.PrivateKey == nil {
+	signingKey, ok := signer.SigningKeyById(config.Now(), config.SigningKey())
 	if !ok {
 		return errors.InvalidArgumentError("no valid signing keys")
 	}
 	if signingKey.PrivateKey == nil {
 		return errors.InvalidArgumentError("signing key doesn't have a private key")
 	}
-	if signer.PrivateKey.Encrypted {
+	if signingKey.PrivateKey.Encrypted {
 		return errors.InvalidArgumentError("signing key is encrypted")
 	}
 	if _, ok := algorithm.HashToHashId(config.Hash()); !ok {
 		return errors.InvalidArgumentError("invalid hash function")
 	}
-	sig := new(packet.Signature)
+	sig := createSignaturePacket(signingKey.PublicKey, sigType, config)
 	sig.SigType = sigType
 	sig.PubKeyAlgo = signer.PrivateKey.PubKeyAlgo
 	sig.Hash = config.Hash()
 	sig.CreationTime = config.Now()
 	sig.IssuerKeyId = &signer.PrivateKey.KeyId
 	h, wrappedHash, err := hashForSignature(sig.Hash, sig.SigType)
 	if err != nil {
 		return
 	}
-	io.Copy(wrappedHash, message)
+	if _, err = io.Copy(wrappedHash, message); err != nil {
 		return err
 	}
-	err = sig.Sign(h, signer.PrivateKey, config)
+	err = sig.Sign(h, signingKey.PrivateKey, config)
 	if err != nil {
 		return
 	}
@ -115,18 +119,24 @@ func SymmetricallyEncrypt(ciphertext io.Writer, passphrase []byte, hints *FileHi
 	if err != nil {
 		return
 	}
-	w, err := packet.SerializeSymmetricallyEncrypted(ciphertext, config.Cipher(), key, config)
+
 	var w io.WriteCloser
 	cipherSuite := packet.CipherSuite{
 		Cipher: config.Cipher(),
 		Mode: config.AEAD().Mode(),
 	}
 	w, err = packet.SerializeSymmetricallyEncrypted(ciphertext, config.Cipher(), config.AEAD() != nil, cipherSuite, key, config)
 	if err != nil {
 		return
 	}
-	literaldata := w
+	literalData := w
 	if algo := config.Compression(); algo != packet.CompressionNone {
 		var compConfig *packet.CompressionConfig
 		if config != nil {
 			compConfig = config.CompressionConfig
 		}
-		literaldata, err = packet.SerializeCompressed(w, algo, compConfig)
+		literalData, err = packet.SerializeCompressed(w, algo, compConfig)
 		if err != nil {
 			return
 		}
@ -136,7 +146,7 @@ func SymmetricallyEncrypt(ciphertext io.Writer, passphrase []byte, hints *FileHi
 	if !hints.ModTime.IsZero() {
 		epochSeconds = uint32(hints.ModTime.Unix())
 	}
-	return packet.SerializeLiteral(literaldata, hints.IsBinary, hints.FileName, epochSeconds)
+	return packet.SerializeLiteral(literalData, hints.IsBinary, hints.FileName, epochSeconds)
 }
 // intersectPreferences mutates and returns a prefix of a that contains only
@ -156,23 +166,76 @@ func intersectPreferences(a []uint8, b []uint8) (intersection []uint8) {
 	return a[:j]
 }
 // intersectPreferences mutates and returns a prefix of a that contains only
 // the values in the intersection of a and b. The order of a is preserved.
 func intersectCipherSuites(a [][2]uint8, b [][2]uint8) (intersection [][2]uint8) {
 	var j int
 	for _, v := range a {
 		for _, v2 := range b {
 			if v[0] == v2[0] && v[1] == v2[1] {
 				a[j] = v
 				j++
 				break
 			}
 		}
 	}
 	return a[:j]
 }
 func hashToHashId(h crypto.Hash) uint8 {
-	v, ok := s2k.HashToHashId(h)
+	v, ok := algorithm.HashToHashId(h)
 	if !ok {
 		panic("tried to convert unknown hash")
 	}
 	return v
 }
 // EncryptText encrypts a message to a number of recipients and, optionally,
 // signs it. Optional information is contained in 'hints', also encrypted, that
 // aids the recipients in processing the message. The resulting WriteCloser
 // must be closed after the contents of the file have been written. If config
 // is nil, sensible defaults will be used. The signing is done in text mode.
 func EncryptText(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
 	return encrypt(ciphertext, ciphertext, to, signed, hints, packet.SigTypeText, config)
 }
 // Encrypt encrypts a message to a number of recipients and, optionally, signs
 // it. hints contains optional information, that is also encrypted, that aids
 // the recipients in processing the message. The resulting WriteCloser must
 // be closed after the contents of the file have been written.
 // If config is nil, sensible defaults will be used.
 func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
 	return encrypt(ciphertext, ciphertext, to, signed, hints, packet.SigTypeBinary, config)
 }
 // EncryptSplit encrypts a message to a number of recipients and, optionally, signs
 // it. hints contains optional information, that is also encrypted, that aids
 // the recipients in processing the message. The resulting WriteCloser must
 // be closed after the contents of the file have been written.
 // If config is nil, sensible defaults will be used.
 func EncryptSplit(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
 	return encrypt(keyWriter, dataWriter, to, signed, hints, packet.SigTypeBinary, config)
 }
 // EncryptTextSplit encrypts a message to a number of recipients and, optionally, signs
 // it. hints contains optional information, that is also encrypted, that aids
 // the recipients in processing the message. The resulting WriteCloser must
 // be closed after the contents of the file have been written.
 // If config is nil, sensible defaults will be used.
 func EncryptTextSplit(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
 	return encrypt(keyWriter, dataWriter, to, signed, hints, packet.SigTypeText, config)
 }
 // writeAndSign writes the data as a payload package and, optionally, signs
 // it. hints contains optional information, that is also encrypted,
 // that aids the recipients in processing the message. The resulting
 // WriteCloser must be closed after the contents of the file have been
 // written. If config is nil, sensible defaults will be used.
-func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
+func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entity, hints *FileHints, sigType packet.SignatureType, config *packet.Config) (plaintext io.WriteCloser, err error) {
 	var signer *packet.PrivateKey
 	if signed != nil {
-		signKey, ok := signed.signingKey(config.Now())
+		signKey, ok := signed.SigningKeyById(config.Now(), config.SigningKey())
 		if !ok {
 			return nil, errors.InvalidArgumentError("no valid signing keys")
 		}
@ -187,7 +250,7 @@ func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entit
 	var hash crypto.Hash
 	for _, hashId := range candidateHashes {
-		if h, ok := s2k.HashIdToHash(hashId); ok && h.Available() {
+		if h, ok := algorithm.HashIdToHash(hashId); ok && h.Available() {
 			hash = h
 			break
 		}
@ -196,7 +259,7 @@ func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entit
 	// If the hash specified by config is a candidate, we'll use that.
 	if configuredHash := config.Hash(); configuredHash.Available() {
 		for _, hashId := range candidateHashes {
-			if h, ok := s2k.HashIdToHash(hashId); ok && h == configuredHash {
+			if h, ok := algorithm.HashIdToHash(hashId); ok && h == configuredHash {
 				hash = h
 				break
 			}
@ -205,7 +268,7 @@ func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entit
 	if hash == 0 {
 		hashId := candidateHashes[0]
-		name, ok := s2k.HashIdToString(hashId)
+		name, ok := algorithm.HashIdToString(hashId)
 		if !ok {
 			name = "#" + strconv.Itoa(int(hashId))
 		}
@ -214,7 +277,7 @@ func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entit
 	if signer != nil {
 		ops := &packet.OnePassSignature{
-			SigType:    packet.SigTypeBinary,
+			SigType:    sigType,
 			Hash:       hash,
 			PubKeyAlgo: signer.PubKeyAlgo,
 			KeyId:      signer.KeyId,
@ -247,68 +310,108 @@ func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entit
 	}
 	if signer != nil {
-		return signatureWriter{payload, literalData, hash, hash.New(), signer, config}, nil
+		h, wrappedHash, err := hashForSignature(hash, sigType)
 		if err != nil {
 			return nil, err
 		}
 		metadata := &packet.LiteralData{
 			Format:   't',
 			FileName: hints.FileName,
 			Time:     epochSeconds,
 		}
 		if hints.IsBinary {
 			metadata.Format = 'b'
 		}
 		return signatureWriter{payload, literalData, hash, wrappedHash, h, signer, sigType, config, metadata}, nil
 	}
 	return literalData, nil
 }
-// Encrypt encrypts a message to a number of recipients and, optionally, signs
+// encrypt encrypts a message to a number of recipients and, optionally, signs
 // it. hints contains optional information, that is also encrypted, that aids
 // the recipients in processing the message. The resulting WriteCloser must
 // be closed after the contents of the file have been written.
 // If config is nil, sensible defaults will be used.
-func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
+func encrypt(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *Entity, hints *FileHints, sigType packet.SignatureType, config *packet.Config) (plaintext io.WriteCloser, err error) {
 	if len(to) == 0 {
 		return nil, errors.InvalidArgumentError("no encryption recipient provided")
 	}
 	// These are the possible ciphers that we'll use for the message.
 	candidateCiphers := []uint8{
 		uint8(packet.CipherAES128),
 		uint8(packet.CipherAES256),
-		uint8(packet.CipherCAST5),
+		uint8(packet.CipherAES128),
 	}
 	// These are the possible hash functions that we'll use for the signature.
 	candidateHashes := []uint8{
 		hashToHashId(crypto.SHA256),
 		hashToHashId(crypto.SHA384),
 		hashToHashId(crypto.SHA512),
-		hashToHashId(crypto.SHA1),
+		hashToHashId(crypto.SHA3_256),
-		hashToHashId(crypto.RIPEMD160),
+		hashToHashId(crypto.SHA3_512),
 	}
 	// Prefer GCM if everyone supports it
 	candidateCipherSuites := [][2]uint8{
 		{uint8(packet.CipherAES256), uint8(packet.AEADModeGCM)},
 		{uint8(packet.CipherAES256), uint8(packet.AEADModeEAX)},
 		{uint8(packet.CipherAES256), uint8(packet.AEADModeOCB)},
 		{uint8(packet.CipherAES128), uint8(packet.AEADModeGCM)},
 		{uint8(packet.CipherAES128), uint8(packet.AEADModeEAX)},
 		{uint8(packet.CipherAES128), uint8(packet.AEADModeOCB)},
 	}
 	candidateCompression := []uint8{
 		uint8(packet.CompressionNone),
 		uint8(packet.CompressionZIP),
 		uint8(packet.CompressionZLIB),
 	}
 	// In the event that a recipient doesn't specify any supported ciphers
 	// or hash functions, these are the ones that we assume that every
 	// implementation supports.
 	defaultCiphers := candidateCiphers[len(candidateCiphers)-1:]
 	defaultHashes := candidateHashes[len(candidateHashes)-1:]
 	encryptKeys := make([]Key, len(to))
 	// AEAD is used only if config enables it and every key supports it
 	aeadSupported := config.AEAD() != nil
 	for i := range to {
 		var ok bool
-		encryptKeys[i], ok = to[i].encryptionKey(config.Now())
+		encryptKeys[i], ok = to[i].EncryptionKey(config.Now())
 		if !ok {
-			return nil, errors.InvalidArgumentError("cannot encrypt a message to key id " + strconv.FormatUint(to[i].PrimaryKey.KeyId, 16) + " because it has no encryption keys")
+			return nil, errors.InvalidArgumentError("cannot encrypt a message to key id " + strconv.FormatUint(to[i].PrimaryKey.KeyId, 16) + " because it has no valid encryption keys")
 		}
-		sig := to[i].primaryIdentity().SelfSignature
+		sig := to[i].PrimaryIdentity().SelfSignature
 		if sig.SEIPDv2 == false {
 			aeadSupported = false
 		}
-		preferredSymmetric := sig.PreferredSymmetric
+		candidateCiphers = intersectPreferences(candidateCiphers, sig.PreferredSymmetric)
-		if len(preferredSymmetric) == 0 {
+		candidateHashes = intersectPreferences(candidateHashes, sig.PreferredHash)
-			preferredSymmetric = defaultCiphers
+		candidateCipherSuites = intersectCipherSuites(candidateCipherSuites, sig.PreferredCipherSuites)
-		}
+		candidateCompression = intersectPreferences(candidateCompression, sig.PreferredCompression)
 		preferredHashes := sig.PreferredHash
 		if len(preferredHashes) == 0 {
 			preferredHashes = defaultHashes
 		}
 		candidateCiphers = intersectPreferences(candidateCiphers, preferredSymmetric)
 		candidateHashes = intersectPreferences(candidateHashes, preferredHashes)
 	}
-	if len(candidateCiphers) == 0 || len(candidateHashes) == 0 {
+	// In the event that the intersection of supported algorithms is empty we use the ones
-		return nil, errors.InvalidArgumentError("cannot encrypt because recipient set shares no common algorithms")
+	// labelled as MUST that every implementation supports.
 	if len(candidateCiphers) == 0 {
 		// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.3
 		candidateCiphers = []uint8{uint8(packet.CipherAES128)}
 	}
 	if len(candidateHashes) == 0 {
 		// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#hash-algos
 		candidateHashes = []uint8{hashToHashId(crypto.SHA256)}
 	}
 	if len(candidateCipherSuites) == 0 {
 		// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.6
 		candidateCipherSuites = [][2]uint8{{uint8(packet.CipherAES128), uint8(packet.AEADModeOCB)}}
 	}
 	cipher := packet.CipherFunction(candidateCiphers[0])
 	aeadCipherSuite := packet.CipherSuite{
 		Cipher: packet.CipherFunction(candidateCipherSuites[0][0]),
 		Mode: packet.AEADMode(candidateCipherSuites[0][1]),
 	}
 	// If the cipher specified by config is a candidate, we'll use that.
 	configuredCipher := config.Cipher()
 	for _, c := range candidateCiphers {
@ -325,17 +428,23 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
 	}
 	for _, key := range encryptKeys {
-		if err := packet.SerializeEncryptedKey(ciphertext, key.PublicKey, cipher, symKey, config); err != nil {
+		if err := packet.SerializeEncryptedKey(keyWriter, key.PublicKey, cipher, symKey, config); err != nil {
 			return nil, err
 		}
 	}
-	payload, err := packet.SerializeSymmetricallyEncrypted(ciphertext, cipher, symKey, config)
+	var payload io.WriteCloser
 	payload, err = packet.SerializeSymmetricallyEncrypted(dataWriter, cipher, aeadSupported, aeadCipherSuite, symKey, config)
 	if err != nil {
-		return
+			return
 		}
 	payload, err = handleCompression(payload, candidateCompression, config)
 	if err != nil {
 		return nil, err
 	}
-	return writeAndSign(payload, candidateHashes, signed, hints, config)
+	return writeAndSign(payload, candidateHashes, signed, hints, sigType, config)
 }
 // Sign signs a message. The resulting WriteCloser must be closed after the
@ -352,16 +461,20 @@ func Sign(output io.Writer, signed *Entity, hints *FileHints, config *packet.Con
 		hashToHashId(crypto.SHA256),
 		hashToHashId(crypto.SHA384),
 		hashToHashId(crypto.SHA512),
-		hashToHashId(crypto.SHA1),
+		hashToHashId(crypto.SHA3_256),
-		hashToHashId(crypto.RIPEMD160),
+		hashToHashId(crypto.SHA3_512),
 	}
-	defaultHashes := candidateHashes[len(candidateHashes)-1:]
+	defaultHashes := candidateHashes[0:1]
-	preferredHashes := signed.primaryIdentity().SelfSignature.PreferredHash
+	preferredHashes := signed.PrimaryIdentity().SelfSignature.PreferredHash
 	if len(preferredHashes) == 0 {
 		preferredHashes = defaultHashes
 	}
 	candidateHashes = intersectPreferences(candidateHashes, preferredHashes)
-	return writeAndSign(noOpCloser{output}, candidateHashes, signed, hints, config)
+	if len(candidateHashes) == 0 {
 		return nil, errors.InvalidArgumentError("cannot sign because signing key shares no common algorithms with candidate hashes")
 	}
 	return writeAndSign(noOpCloser{output}, candidateHashes, signed, hints, packet.SigTypeBinary, config)
 }
 // signatureWriter hashes the contents of a message while passing it along to
@ -371,24 +484,30 @@ type signatureWriter struct {
 	encryptedData io.WriteCloser
 	literalData   io.WriteCloser
 	hashType      crypto.Hash
 	wrappedHash   hash.Hash
 	h             hash.Hash
 	signer        *packet.PrivateKey
 	sigType       packet.SignatureType
 	config        *packet.Config
 	metadata      *packet.LiteralData // V5 signatures protect document metadata
 }
 func (s signatureWriter) Write(data []byte) (int, error) {
-	s.h.Write(data)
+	s.wrappedHash.Write(data)
-	return s.literalData.Write(data)
+	switch s.sigType {
 	case packet.SigTypeBinary:
 		return s.literalData.Write(data)
 	case packet.SigTypeText:
 		flag := 0
 		return writeCanonical(s.literalData, data, &flag)
 	}
 	return 0, errors.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(s.sigType)))
 }
 func (s signatureWriter) Close() error {
-	sig := &packet.Signature{
+	sig := createSignaturePacket(&s.signer.PublicKey, s.sigType, s.config)
-		SigType:      packet.SigTypeBinary,
+	sig.Hash = s.hashType
-		PubKeyAlgo:   s.signer.PubKeyAlgo,
+	sig.Metadata = s.metadata
 		Hash:         s.hashType,
 		CreationTime: s.config.Now(),
 		IssuerKeyId:  &s.signer.KeyId,
 	}
 	if err := sig.Sign(s.h, s.signer, s.config); err != nil {
 		return err
@ -402,6 +521,21 @@ func (s signatureWriter) Close() error {
 	return s.encryptedData.Close()
 }
 func createSignaturePacket(signer *packet.PublicKey, sigType packet.SignatureType, config *packet.Config) *packet.Signature {
 	sigLifetimeSecs := config.SigLifetime()
 	return &packet.Signature{
 		Version:           signer.Version,
 		SigType:           sigType,
 		PubKeyAlgo:        signer.PubKeyAlgo,
 		Hash:              config.Hash(),
 		CreationTime:      config.Now(),
 		IssuerKeyId:       &signer.KeyId,
 		IssuerFingerprint: signer.Fingerprint,
 		Notations:         config.Notations(),
 		SigLifetimeSecs:   &sigLifetimeSecs,
 	}
 }
 // noOpCloser is like an ioutil.NopCloser, but for an io.Writer.
 // TODO: we have two of these in OpenPGP packages alone. This probably needs
 // to be promoted somewhere more common.
@ -416,3 +550,34 @@ func (c noOpCloser) Write(data []byte) (n int, err error) {
 func (c noOpCloser) Close() error {
 	return nil
 }
 func handleCompression(compressed io.WriteCloser, candidateCompression []uint8, config *packet.Config) (data io.WriteCloser, err error) {
 	data = compressed
 	confAlgo := config.Compression()
 	if confAlgo == packet.CompressionNone {
 		return
 	}
 	// Set algorithm labelled as MUST as fallback
 	// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.4
 	finalAlgo := packet.CompressionNone
 	// if compression specified by config available we will use it
 	for _, c := range candidateCompression {
 		if uint8(confAlgo) == c {
 			finalAlgo = confAlgo
 			break
 		}
 	}
 	if finalAlgo != packet.CompressionNone {
 		var compConfig *packet.CompressionConfig
 		if config != nil {
 			compConfig = config.CompressionConfig
 		}
 		data, err = packet.SerializeCompressed(compressed, finalAlgo, compConfig)
 		if err != nil {
 			return
 		}
 	}
 	return data, nil
 }
--- a/vendor/github.com/cloudflare/circl/LICENSE
+++ b/vendor/github.com/cloudflare/circl/LICENSE
@ -0,0 +1,57 @@
 Copyright (c) 2019 Cloudflare. All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
 met:
   * Redistributions of source code must retain the above copyright
 notice, this list of conditions and the following disclaimer.
   * Redistributions in binary form must reproduce the above
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
   * Neither the name of Cloudflare nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ========================================================================
 Copyright (c) 2009 The Go Authors. All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
 met:
   * Redistributions of source code must retain the above copyright
 notice, this list of conditions and the following disclaimer.
   * Redistributions in binary form must reproduce the above
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
   * Neither the name of Google Inc. nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/vendor/github.com/cloudflare/circl/dh/x25519/curve.go
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve.go
@ -0,0 +1,96 @@
 package x25519
 import (
 	fp "github.com/cloudflare/circl/math/fp25519"
 )
 // ladderJoye calculates a fixed-point multiplication with the generator point.
 // The algorithm is the right-to-left Joye's ladder as described
 // in "How to precompute a ladder" in SAC'2017.
 func ladderJoye(k *Key) {
 	w := [5]fp.Elt{} // [mu,x1,z1,x2,z2] order must be preserved.
 	fp.SetOne(&w[1]) // x1 = 1
 	fp.SetOne(&w[2]) // z1 = 1
 	w[3] = fp.Elt{   // x2 = G-S
 		0xbd, 0xaa, 0x2f, 0xc8, 0xfe, 0xe1, 0x94, 0x7e,
 		0xf8, 0xed, 0xb2, 0x14, 0xae, 0x95, 0xf0, 0xbb,
 		0xe2, 0x48, 0x5d, 0x23, 0xb9, 0xa0, 0xc7, 0xad,
 		0x34, 0xab, 0x7c, 0xe2, 0xee, 0xcd, 0xae, 0x1e,
 	}
 	fp.SetOne(&w[4]) // z2 = 1
 	const n = 255
 	const h = 3
 	swap := uint(1)
 	for s := 0; s < n-h; s++ {
 		i := (s + h) / 8
 		j := (s + h) % 8
 		bit := uint((k[i] >> uint(j)) & 1)
 		copy(w[0][:], tableGenerator[s*Size:(s+1)*Size])
 		diffAdd(&w, swap^bit)
 		swap = bit
 	}
 	for s := 0; s < h; s++ {
 		double(&w[1], &w[2])
 	}
 	toAffine((*[fp.Size]byte)(k), &w[1], &w[2])
 }
 // ladderMontgomery calculates a generic scalar point multiplication
 // The algorithm implemented is the left-to-right Montgomery's ladder.
 func ladderMontgomery(k, xP *Key) {
 	w := [5]fp.Elt{}      // [x1, x2, z2, x3, z3] order must be preserved.
 	w[0] = *(*fp.Elt)(xP) // x1 = xP
 	fp.SetOne(&w[1])      // x2 = 1
 	w[3] = *(*fp.Elt)(xP) // x3 = xP
 	fp.SetOne(&w[4])      // z3 = 1
 	move := uint(0)
 	for s := 255 - 1; s >= 0; s-- {
 		i := s / 8
 		j := s % 8
 		bit := uint((k[i] >> uint(j)) & 1)
 		ladderStep(&w, move^bit)
 		move = bit
 	}
 	toAffine((*[fp.Size]byte)(k), &w[1], &w[2])
 }
 func toAffine(k *[fp.Size]byte, x, z *fp.Elt) {
 	fp.Inv(z, z)
 	fp.Mul(x, x, z)
 	_ = fp.ToBytes(k[:], x)
 }
 var lowOrderPoints = [5]fp.Elt{
 	{ /* (0,_,1) point of order 2 on Curve25519 */
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	},
 	{ /* (1,_,1) point of order 4 on Curve25519 */
 		0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	},
 	{ /* (x,_,1) first point of order 8 on Curve25519 */
 		0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae,
 		0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a,
 		0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd,
 		0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00,
 	},
 	{ /* (x,_,1) second point of order 8 on Curve25519 */
 		0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24,
 		0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b,
 		0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86,
 		0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57,
 	},
 	{ /* (-1,_,1) a point of order 4 on the twist of Curve25519 */
 		0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f,
 	},
 }
--- a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go
@ -0,0 +1,30 @@
 //go:build amd64 && !purego
 // +build amd64,!purego
 package x25519
 import (
 	fp "github.com/cloudflare/circl/math/fp25519"
 	"golang.org/x/sys/cpu"
 )
 var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX
 var _ = hasBmi2Adx
 func double(x, z *fp.Elt)             { doubleAmd64(x, z) }
 func diffAdd(w *[5]fp.Elt, b uint)    { diffAddAmd64(w, b) }
 func ladderStep(w *[5]fp.Elt, b uint) { ladderStepAmd64(w, b) }
 func mulA24(z, x *fp.Elt)             { mulA24Amd64(z, x) }
 //go:noescape
 func ladderStepAmd64(w *[5]fp.Elt, b uint)
 //go:noescape
 func diffAddAmd64(w *[5]fp.Elt, b uint)
 //go:noescape
 func doubleAmd64(x, z *fp.Elt)
 //go:noescape
 func mulA24Amd64(z, x *fp.Elt)
--- a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.h
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.h
@ -0,0 +1,111 @@
 #define ladderStepLeg          \
    addSub(x2,z2)              \
    addSub(x3,z3)              \
    integerMulLeg(b0,x2,z3)    \
    integerMulLeg(b1,x3,z2)    \
    reduceFromDoubleLeg(t0,b0) \
    reduceFromDoubleLeg(t1,b1) \
    addSub(t0,t1)              \
    cselect(x2,x3,regMove)     \
    cselect(z2,z3,regMove)     \
    integerSqrLeg(b0,t0)       \
    integerSqrLeg(b1,t1)       \
    reduceFromDoubleLeg(x3,b0) \
    reduceFromDoubleLeg(z3,b1) \
    integerMulLeg(b0,x1,z3)    \
    reduceFromDoubleLeg(z3,b0) \
    integerSqrLeg(b0,x2)       \
    integerSqrLeg(b1,z2)       \
    reduceFromDoubleLeg(x2,b0) \
    reduceFromDoubleLeg(z2,b1) \
    subtraction(t0,x2,z2)      \
    multiplyA24Leg(t1,t0)      \
    additionLeg(t1,t1,z2)      \
    integerMulLeg(b0,x2,z2)    \
    integerMulLeg(b1,t0,t1)    \
    reduceFromDoubleLeg(x2,b0) \
    reduceFromDoubleLeg(z2,b1)
 #define ladderStepBmi2Adx      \
    addSub(x2,z2)              \
    addSub(x3,z3)              \
    integerMulAdx(b0,x2,z3)    \
    integerMulAdx(b1,x3,z2)    \
    reduceFromDoubleAdx(t0,b0) \
    reduceFromDoubleAdx(t1,b1) \
    addSub(t0,t1)              \
    cselect(x2,x3,regMove)     \
    cselect(z2,z3,regMove)     \
    integerSqrAdx(b0,t0)       \
    integerSqrAdx(b1,t1)       \
    reduceFromDoubleAdx(x3,b0) \
    reduceFromDoubleAdx(z3,b1) \
    integerMulAdx(b0,x1,z3)    \
    reduceFromDoubleAdx(z3,b0) \
    integerSqrAdx(b0,x2)       \
    integerSqrAdx(b1,z2)       \
    reduceFromDoubleAdx(x2,b0) \
    reduceFromDoubleAdx(z2,b1) \
    subtraction(t0,x2,z2)      \
    multiplyA24Adx(t1,t0)      \
    additionAdx(t1,t1,z2)      \
    integerMulAdx(b0,x2,z2)    \
    integerMulAdx(b1,t0,t1)    \
    reduceFromDoubleAdx(x2,b0) \
    reduceFromDoubleAdx(z2,b1)
 #define difAddLeg              \
    addSub(x1,z1)              \
    integerMulLeg(b0,z1,ui)    \
    reduceFromDoubleLeg(z1,b0) \
    addSub(x1,z1)              \
    integerSqrLeg(b0,x1)       \
    integerSqrLeg(b1,z1)       \
    reduceFromDoubleLeg(x1,b0) \
    reduceFromDoubleLeg(z1,b1) \
    integerMulLeg(b0,x1,z2)    \
    integerMulLeg(b1,z1,x2)    \
    reduceFromDoubleLeg(x1,b0) \
    reduceFromDoubleLeg(z1,b1)
 #define difAddBmi2Adx          \
    addSub(x1,z1)              \
    integerMulAdx(b0,z1,ui)    \
    reduceFromDoubleAdx(z1,b0) \
    addSub(x1,z1)              \
    integerSqrAdx(b0,x1)       \
    integerSqrAdx(b1,z1)       \
    reduceFromDoubleAdx(x1,b0) \
    reduceFromDoubleAdx(z1,b1) \
    integerMulAdx(b0,x1,z2)    \
    integerMulAdx(b1,z1,x2)    \
    reduceFromDoubleAdx(x1,b0) \
    reduceFromDoubleAdx(z1,b1)
 #define doubleLeg              \
    addSub(x1,z1)              \
    integerSqrLeg(b0,x1)       \
    integerSqrLeg(b1,z1)       \
    reduceFromDoubleLeg(x1,b0) \
    reduceFromDoubleLeg(z1,b1) \
    subtraction(t0,x1,z1)      \
    multiplyA24Leg(t1,t0)      \
    additionLeg(t1,t1,z1)      \
    integerMulLeg(b0,x1,z1)    \
    integerMulLeg(b1,t0,t1)    \
    reduceFromDoubleLeg(x1,b0) \
    reduceFromDoubleLeg(z1,b1)
 #define doubleBmi2Adx          \
    addSub(x1,z1)              \
    integerSqrAdx(b0,x1)       \
    integerSqrAdx(b1,z1)       \
    reduceFromDoubleAdx(x1,b0) \
    reduceFromDoubleAdx(z1,b1) \
    subtraction(t0,x1,z1)      \
    multiplyA24Adx(t1,t0)      \
    additionAdx(t1,t1,z1)      \
    integerMulAdx(b0,x1,z1)    \
    integerMulAdx(b1,t0,t1)    \
    reduceFromDoubleAdx(x1,b0) \
    reduceFromDoubleAdx(z1,b1)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tobias Trabelsi	601cc245ef	bump version Some checks failed continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is failing Details	2023-07-20 09:12:14 +02:00
Tobias Trabelsi	340bcd48fe	Merge pull request #46 from deblasis/fix/gitea_oauth2_app_confidential_client All checks were successful continuous-integration/drone/push Build is passing Details Support `gitea_oauth2_app` `confidential_client` flag	2023-07-20 09:09:50 +02:00
Alessandro De Blasis	2d7147442b	fix(oauth): updates	2023-07-19 19:56:50 +00:00
Tobias Trabelsi	ed32470b17	Merge pull request #48 from Lerentis/feature/#47/list-all-org-repos Some checks failed continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is failing Details	2023-07-19 20:54:36 +02:00
Tobias Trabelsi	483bda1033	added possibility to list all repos of an organisation	2023-07-19 20:52:36 +02:00
Tobias Trabelsi	48f5c3ee3c	Merge pull request #45 from Lerentis/dependabot/go_modules/github.com/hashicorp/terraform-plugin-docs-0.16.0 All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-19 19:47:43 +02:00
Alessandro De Blasis	c707cba22e	fix(gitea_oauth_app): added missing createoptions and resourcedata	2023-07-13 11:32:30 +00:00
Alessandro De Blasis	5b14a5d789	docs(oauth2_app): docs	2023-07-11 21:19:53 +00:00
Alessandro De Blasis	707443c6d2	feat(gitea_oauth_app): support	2023-07-11 21:18:08 +00:00
dependabot[bot]	04160fa7a3	Bump github.com/hashicorp/terraform-plugin-docs from 0.15.0 to 0.16.0 Bumps [github.com/hashicorp/terraform-plugin-docs](https://github.com/hashicorp/terraform-plugin-docs) from 0.15.0 to 0.16.0. - [Release notes](https://github.com/hashicorp/terraform-plugin-docs/releases) - [Changelog](https://github.com/hashicorp/terraform-plugin-docs/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/terraform-plugin-docs/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/terraform-plugin-docs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-10 20:16:39 +00:00
Tobias Trabelsi	c1ba34b248	fix deprecated goreleaser flag All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-04 11:43:37 +02:00
Tobias Trabelsi	0d09d97866	bump version Some checks failed continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is failing Details	2023-07-04 11:35:15 +02:00
Tobias Trabelsi	b3f93373d0	Merge pull request #38 from Lerentis/Lerentis/issue35 All checks were successful continuous-integration/drone/push Build is passing Details potential fix for #35	2023-07-04 10:40:44 +02:00
Tobias Trabelsi	58498b616b	Merge pull request #43 from Lerentis/dependabot/go_modules/github.com/hashicorp/terraform-plugin-docs-0.15.0 Bump github.com/hashicorp/terraform-plugin-docs from 0.14.1 to 0.15.0	2023-07-04 10:40:11 +02:00
dependabot[bot]	4e94047737	Bump github.com/hashicorp/terraform-plugin-docs from 0.14.1 to 0.15.0 Bumps [github.com/hashicorp/terraform-plugin-docs](https://github.com/hashicorp/terraform-plugin-docs) from 0.14.1 to 0.15.0. - [Release notes](https://github.com/hashicorp/terraform-plugin-docs/releases) - [Changelog](https://github.com/hashicorp/terraform-plugin-docs/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/terraform-plugin-docs/compare/v0.14.1...v0.15.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/terraform-plugin-docs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-04 08:39:56 +00:00
Tobias Trabelsi	425434baa8	Merge pull request #42 from Lerentis/dependabot/github_actions/goreleaser/goreleaser-action-4.3.0 Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0	2023-07-04 10:39:14 +02:00
dependabot[bot]	7f04ccd8f8	Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4.2.0...v4.3.0) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-04 08:39:00 +00:00
Tobias Trabelsi	e8584b0270	Merge pull request #44 from Lerentis/dependabot/go_modules/github.com/hashicorp/terraform-plugin-sdk/v2-2.27.0 Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.26.1 to 2.27.0	2023-07-04 10:37:55 +02:00
dependabot[bot]	910ccdb092	Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.26.1 to 2.27.0 Bumps [github.com/hashicorp/terraform-plugin-sdk/v2](https://github.com/hashicorp/terraform-plugin-sdk) from 2.26.1 to 2.27.0. - [Release notes](https://github.com/hashicorp/terraform-plugin-sdk/releases) - [Changelog](https://github.com/hashicorp/terraform-plugin-sdk/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/terraform-plugin-sdk/compare/v2.26.1...v2.27.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/terraform-plugin-sdk/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-03 20:21:30 +00:00
Tobias Trabelsi	b2403e2569	Merge pull request #40 from ultimania/feature/non-mirror-migration Some checks reported errors continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build encountered an error Details Fixed conditions of repository migration	2023-05-31 09:26:02 +02:00
ultimania	98867f2830	add example for origin migration	2023-05-31 10:56:18 +09:00
ultimania	948b20a6d2	fixed conditions of migration	2023-05-31 08:54:45 +09:00
Tobias Trabelsi	83a0cbf14c	fallback on resource data on buggy gitea versions All checks were successful continuous-integration/drone/push Build is passing Details	2023-05-17 10:27:17 +02:00
Tobias Trabelsi	71caf4430b	potential fix for #35	2023-05-17 10:14:55 +02:00
Tobias Trabelsi	bc28fe186f	Merge pull request #37 from yamadayutaka/feature/team_repositories Some checks failed continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is failing Details implement repositories attribute to gitea_team	2023-05-17 09:48:10 +02:00
Tobias Trabelsi	19062e27f0	transparent errors Some checks reported errors continuous-integration/drone/push Build encountered an error Details	2023-05-17 09:34:11 +02:00
YAMADA Yutaka	322ad2d3c4	add log output on error	2023-05-17 00:48:25 +00:00
YAMADA Yutaka	9e34636c29	Bump the version from 0.12.3 to 0.13.0	2023-05-16 07:58:50 +00:00
YAMADA Yutaka	b4b13dc3ca	implement repositories attribute of gitea_team	2023-05-15 03:22:29 +00:00
Tobias Trabelsi	e5a6132b9d	Merge pull request #34 from Lerentis/dependabot/github_actions/crazy-max/ghaction-import-gpg-5.3.0 All checks were successful continuous-integration/drone/push Build is passing Details	2023-05-10 10:46:32 +02:00
dependabot[bot]	d71cbbd0b6	Bump crazy-max/ghaction-import-gpg from 5.2.0 to 5.3.0 Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/v5.2.0...v5.3.0) --- updated-dependencies: - dependency-name: crazy-max/ghaction-import-gpg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-08 21:01:02 +00:00
Tobias Trabelsi	0a85957c50	#26 document codeberg not allowing pull mirrors Some checks are pending continuous-integration/drone/tag Build is running Details continuous-integration/drone/push Build is passing Details fixed permission failure in gite_repository	2023-04-21 13:23:18 +02:00
Tobias Trabelsi	f87515a453	Merge pull request #32 from Lerentis/dependabot/go_modules/github.com/hashicorp/terraform-plugin-sdk/v2-2.26.1 All checks were successful continuous-integration/drone/push Build is passing Details Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.26.0 to 2.26.1	2023-03-28 10:48:35 +02:00
dependabot[bot]	0e8aa2bf9b	Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.26.0 to 2.26.1 Bumps [github.com/hashicorp/terraform-plugin-sdk/v2](https://github.com/hashicorp/terraform-plugin-sdk) from 2.26.0 to 2.26.1. - [Release notes](https://github.com/hashicorp/terraform-plugin-sdk/releases) - [Changelog](https://github.com/hashicorp/terraform-plugin-sdk/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/terraform-plugin-sdk/compare/v2.26.0...v2.26.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/terraform-plugin-sdk/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-27 21:02:54 +00:00
Tobias Trabelsi	1162650a73	Merge pull request #29 from Lerentis/dependabot/go_modules/github.com/hashicorp/terraform-plugin-docs-0.14.1 All checks were successful continuous-integration/drone/push Build is passing Details	2023-03-21 16:09:50 +01:00
dependabot[bot]	abc332958b	Bump github.com/hashicorp/terraform-plugin-docs from 0.13.0 to 0.14.1 Bumps [github.com/hashicorp/terraform-plugin-docs](https://github.com/hashicorp/terraform-plugin-docs) from 0.13.0 to 0.14.1. - [Release notes](https://github.com/hashicorp/terraform-plugin-docs/releases) - [Changelog](https://github.com/hashicorp/terraform-plugin-docs/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/terraform-plugin-docs/compare/v0.13.0...v0.14.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/terraform-plugin-docs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-21 15:09:33 +00:00
Tobias Trabelsi	6ce5f8bf9f	Merge pull request #30 from Lerentis/dependabot/github_actions/actions/setup-go-4 All checks were successful continuous-integration/drone/push Build is passing Details	2023-03-21 16:08:04 +01:00
Tobias Trabelsi	1c80699599	Merge pull request #31 from Lerentis/dependabot/go_modules/github.com/hashicorp/terraform-plugin-sdk/v2-2.26.0 All checks were successful continuous-integration/drone/push Build is passing Details	2023-03-21 16:05:12 +01:00
dependabot[bot]	84c9110a24	Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.24.1 to 2.26.0 Bumps [github.com/hashicorp/terraform-plugin-sdk/v2](https://github.com/hashicorp/terraform-plugin-sdk) from 2.24.1 to 2.26.0. - [Release notes](https://github.com/hashicorp/terraform-plugin-sdk/releases) - [Changelog](https://github.com/hashicorp/terraform-plugin-sdk/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/terraform-plugin-sdk/compare/v2.24.1...v2.26.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/terraform-plugin-sdk/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-20 20:25:53 +00:00
dependabot[bot]	ad2692136f	Bump actions/setup-go from 3 to 4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-20 20:22:19 +00:00
Tobias Trabelsi	4f33464489	version bump All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	2023-02-19 11:47:06 +01:00
lerentis	2c787bd532	Fixed typo in repo data source All checks were successful continuous-integration/drone/push Build is passing Details	2023-02-17 22:40:28 +00:00
lerentis	feacbf5a3f	update goreleaser version All checks were successful continuous-integration/drone/push Build is passing Details	2023-01-31 19:40:16 +00:00
Tobias Trabelsi	d6160c596b	correct version in docs All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	2023-01-28 22:51:49 +01:00
Tobias Trabelsi	9799416352	fixed org vanashing All checks were successful continuous-integration/drone/push Build is passing Details fixed regression of v0.11.1	2023-01-28 22:49:54 +01:00
Tobias Trabelsi	8095c2a513	prepare next release All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	2023-01-04 19:15:00 +01:00
Tobias Trabelsi	14c1a11417	Merge pull request #21 from martin31821/feature/deploykey Some checks reported errors continuous-integration/drone/push Build encountered an error Details	2023-01-04 19:08:30 +01:00
Martin Koppehel	8a805faa72	Add docs	2023-01-04 10:10:45 +01:00
Martin Koppehel	32ad02fa73	Implement deploy_key resource	2023-01-03 20:29:22 +01:00
Tobias Trabelsi	edd03aca2f	try to publish sbom with next release All checks were successful continuous-integration/drone/push Build is passing Details	2022-12-24 18:37:41 +01:00