updated to golang 1.26

.gitea/workflows/registry.yml

@@ -0,0 +1,51 @@
+name: release-tag
+on:
+  push:
+    branches:
+      - 'main'
+jobs:
+  release-image:
+    runs-on: ubuntu-fast
+    env:
+      DOCKER_ORG: ${{ vars.DOCKER_ORG }}
+      DOCKER_LATEST: latest
+      RUNNER_TOOL_CACHE: /toolcache
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker BuildX
+        uses: docker/setup-buildx-action@v2
+        with: # replace it with your local IP
+          config-inline: |
+            [registry."${{ vars.DOCKER_REGISTRY }}"] 
+              http = true
+              insecure = true            
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ vars.DOCKER_REGISTRY }} # replace it with your local IP
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          
+      - name: Get Meta
+        id: meta
+        run: |
+          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
+          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT                
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: |
+            linux/amd64                       
+          push: true
+          tags: | # replace it with your local IP and tags
+            ${{ vars.DOCKER_REGISTRY }}/${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
+            ${{ vars.DOCKER_REGISTRY }}/${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}

Dockerfile

@@ -0,0 +1,27 @@
+FROM golang:1.26-alpine AS build
+WORKDIR /app
+
+# Optional: git + certs for private modules; cache modules and build cache
+RUN apk add --no-cache git ca-certificates
+
+# Go deps first (better layer caching)
+COPY go.mod go.sum ./
+RUN --mount=type=cache,target=/go/pkg/mod go mod download
+
+# App sources (incl. templates for go:embed)
+COPY . .
+
+# Build static binary (templates are embedded via //go:embed)
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
+    go build -trimpath -ldflags "-s -w" -o /out/pgpkeygen ./
+
+### Runtime stage (distroless)
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /app
+COPY --from=build /out/pgpkeygen /app/pgpkeygen
+EXPOSE 8080
+USER nonroot:nonroot
+#export KEYSERVER_URL='http://localhost:8080'
+#export KEYSERVER_TOKEN='supersecret'
+ENTRYPOINT ["/app/pgpkeygen"]

go.mod

@@ -1,6 +1,6 @@
 module git.send.nrw/sendnrw/go-pgp-generator
 
-go 1.24.4
+go 1.25.3
 
 require github.com/ProtonMail/go-crypto v1.3.0 // indirect
 

main.go

@@ -1,12 +1,17 @@
 package main
 
 import (
+	"bytes"
 	"embed"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"html/template"
+	"io"
 	"log"
 	"net/http"
+	"net/url"
+	"os"
 	"strconv"
 	"strings"
 	"time"
@@ -47,6 +52,86 @@ type genResult struct {
 	UIDOnKey       string // tatsächliche UID im Schlüssel
 }
 
+type apiUploadReq struct {
+	Name          string `json:"name"`
+	Email         string `json:"email"`
+	Fingerprint   string `json:"fingerprint"`
+	PublicArmored string `json:"public_armored"`
+	Filename      string `json:"filename,omitempty"`
+}
+
+type apiUploadResp struct {
+	ID          string `json:"id"`
+	Email       string `json:"email"`
+	Fingerprint string `json:"fingerprint"`
+	WKDHash     string `json:"wkd_hash"`
+	Domain      string `json:"domain"`
+	Local       string `json:"local"`
+}
+
+func getenv(k, d string) string {
+	if v := os.Getenv(k); v != "" {
+		return v
+	}
+	return d
+}
+
+func enabled(k string, def bool) bool {
+	b, err := strconv.ParseBool(strings.ToLower(os.Getenv(k)))
+	if err != nil {
+		return def
+	}
+	return b
+}
+
+func uploadPublicKey(res *genResult) (*apiUploadResp, error) {
+	base := strings.TrimSpace(getenv("KEYSERVER_URL", "http://127.0.0.1:8080"))
+	token := strings.TrimSpace(getenv("KEYSERVER_TOKEN", "12345678"))
+	if base == "" || token == "" {
+		return nil, nil // Upload deaktiviert
+	}
+
+	u, err := url.Parse(base)
+	if err != nil {
+		return nil, fmt.Errorf("invalid KEYSERVER_URL: %w", err)
+	}
+	u.Path = strings.TrimRight(u.Path, "/") + "/api/v1/keys"
+
+	reqBody := apiUploadReq{
+		Name:          res.Name,
+		Email:         res.Email,
+		Fingerprint:   res.Fingerprint,
+		PublicArmored: res.PublicArmored,
+		Filename:      res.Fingerprint + ".asc",
+	}
+
+	b, _ := json.Marshal(reqBody)
+	httpReq, err := http.NewRequest(http.MethodPost, u.String(), bytes.NewReader(b))
+	if err != nil {
+		return nil, err
+	}
+	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set("Authorization", "Bearer "+token)
+
+	client := &http.Client{Timeout: 10 * time.Second}
+	httpRes, err := client.Do(httpReq)
+	if err != nil {
+		return nil, err
+	}
+	defer httpRes.Body.Close()
+
+	if httpRes.StatusCode != http.StatusCreated {
+		msg, _ := io.ReadAll(io.LimitReader(httpRes.Body, 8<<10))
+		return nil, fmt.Errorf("keyserver returned %d: %s", httpRes.StatusCode, strings.TrimSpace(string(msg)))
+	}
+
+	var out apiUploadResp
+	if err := json.NewDecoder(httpRes.Body).Decode(&out); err != nil {
+		return nil, fmt.Errorf("decode response: %w", err)
+	}
+	return &out, nil
+}
+
 func main() {
 	mux := http.NewServeMux()
 	mux.HandleFunc("/", handleIndex)
@@ -97,6 +182,17 @@ func handleGenerate(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, fmt.Sprintf("Fehler beim Erzeugen der Schlüssel: %v", err), http.StatusInternalServerError)
 		return
 	}
+
+	// Optional: Upload zum Keyserver
+	if up, upErr := uploadPublicKey(res); upErr != nil {
+		log.Printf("upload failed: %v", upErr)
+		// Du kannst hier entscheiden: Fehler anzeigen oder nur loggen
+		// http.Error(w, "Upload fehlgeschlagen: "+upErr.Error(), 502); return
+	} else if up != nil {
+		// optional: im UI anzeigen
+		res.Comment += fmt.Sprintf(" (Uploaded: %s)", up.ID)
+	}
+
 	_ = resultTmpl.Execute(w, res)
 }
 
@@ -144,7 +240,7 @@ func generatePGP(in genInput) (*genResult, error) {
 	name := sanitizeName(in.Name)
 	email := sanitizeEmail(in.Email)
 	if !validateEmailBasic(email) {
-		return nil, errors.New("ungültige E‑Mail-Adresse")
+		return nil, errors.New("ungültige E-Mail-Adresse")
 	}
 	if name == "" {
 		return nil, errors.New("Name darf nicht leer sein")

templates/index.html

@@ -5,7 +5,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <title>PGP Keygenerator (Go)</title>
   <style>
-    body{font-family:system-ui,-apple-system,Segoe UI,Roboto,Ubuntu,Inter,sans-serif;max-width:960px;margin:2rem auto;padding:0 1rem;color:#0f172a}
+    body{font-family:system-ui,-apple-system,Segoe UI,Roboto,Ubuntu,Inter,sans-serif;max-width:960px;margin:2rem auto;padding:0 1rem;color:#e2e8f0;background: #0f172a}
     header{display:flex;justify-content:space-between;align-items:center;margin-bottom:1.5rem}
     .card{border:1px solid #e2e8f0;border-radius:14px;padding:1rem 1.25rem;box-shadow:0 1px 2px rgba(0,0,0,0.04)}
     .grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(280px,1fr));gap:1rem;align-items:start}
@@ -33,15 +33,15 @@
         <input id="name" name="name" placeholder="Max Mustermann" required />
       </div>
       <div>
-        <label for="email">E‑Mail</label>
+        <label for="email">E-Mail</label>
         <input id="email" name="email" type="email" placeholder="max@example.org" required />
       </div>
       <div>
         <label for="comment">Kommentar (optional)</label>
-        <input id="comment" name="comment" placeholder="z. B. Laptop‑Key" />
+        <input id="comment" name="comment" placeholder="z.B. Laptop-Key" />
       </div>
       <div>
-        <label for="rsabits">RSA‑Schlüssellänge</label>
+        <label for="rsabits">RSA-Schlüssellänge</label>
         <select id="rsabits" name="rsabits">
           <option value="2048">2048</option>
           <option value="3072">3072</option>
@@ -56,10 +56,10 @@
     </div>
     <div style="margin-top:1rem" class="row">
       <button type="submit">Schlüssel erzeugen</button>
-      <small class="muted">Die Erzeugung erfolgt serverseitig – nur lokal auf diesem Host. Schlüssel werden nicht gespeichert.</small>
+      <small class="muted">Die Erzeugung erfolgt serverseitig - nur lokal auf diesem Host. Schlüssel werden nicht gespeichert.</small>
     </div>
   </form>
 
-  <p class="footer">Hinweis: Für maximale Sicherheit sollten PGP‑Schlüssel auf einem vertrauenswürdigen, isolierten System erzeugt werden. Dieses Tool ist zu Demo‑/Entwicklungszwecken gedacht.</p>
+  <p class="footer">Hinweis: Für maximale Sicherheit sollten PGP-Schlüssel auf einem vertrauenswürdigen, isolierten System erzeugt werden.</p>
 </body>
 </html>

templates/result.html

@@ -3,7 +3,7 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <title>PGP Schlüssel – Ergebnis</title>
+  <title>PGP Schlüssel - Ergebnis</title>
   <style>
     body{font-family:system-ui,-apple-system,Segoe UI,Roboto,Ubuntu,Inter,sans-serif;max-width:960px;margin:2rem auto;padding:0 1rem;color:#0f172a}
     .card{border:1px solid #e2e8f0;border-radius:14px;padding:1rem 1.25rem;box-shadow:0 1px 2px rgba(0,0,0,0.04);margin-bottom:1rem}