Beispiel #1
0
func decryptCiphertext(keysrc KeySource, ctext io.Reader, passphrase []byte) ([]byte, *DecryptionStatus) {
	status := new(DecryptionStatus)
	md, err := openpgp.ReadMessage(ctext, keysrc.GetSecretKeyRing(), createPromptFunction(passphrase), openpgpConfig)
	if err == nil {
		status.Code = DecryptSuccess
		b := new(bytes.Buffer)
		b.ReadFrom(md.UnverifiedBody)
		if md.IsSigned {
			processSignature(md, status)
		}
		return b.Bytes(), status
	}
	if err == pgperr.ErrKeyIncorrect {
		status.Code = DecryptFailedNoPrivateKey
		return nil, status
	}
	if e, ok := err.(PassphraseNeededError); ok {
		status.Code = DecryptPassphraseNeeded
		status.KeyIds = e.KeyIds
		return nil, status
	}
	status.Code = DecryptFailed
	status.FailureMessage = "error decrypting message: " + err.Error()
	return nil, status
}
func (f *unpgpFilter) Link(r io.Reader) error {
	log.Print("openpgp.ReadMessage")
	message, err := openpgp.ReadMessage(r, f.keyRing, nil, nil)
	if err != nil {
		return err
	}
	f.r = message.UnverifiedBody
	return nil
}
Beispiel #3
0
func decrypt(ringPath string, input io.Reader) (io.Reader, error) {
	ringFile, err := os.Open(ringPath)
	if err != nil {
		return nil, err
	}
	defer ringFile.Close()

	ring, err := openpgp.ReadKeyRing(ringFile)
	if err != nil {
		return nil, err
	}

	var keyToTry, attempt int
	var triedCache bool
	promptFunc := openpgp.PromptFunction(func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		if keyToTry >= len(keys) {
			return nil, fmt.Errorf("no more keys to try")
		}
		if attempt > 2 {
			attempt = 0
			keyToTry++
			return nil, nil
		}
		defer func() { attempt++ }()

		key := keys[keyToTry]
		fingerprint := fmt.Sprintf("%X", key.PublicKey.Fingerprint)

		if !triedCache {
			triedCache = true
			if cachedPass, _ := passphrase.GetPassphrase(fingerprint, "", "", "", false, false); cachedPass != "" {
				if err := key.PrivateKey.Decrypt([]byte(cachedPass)); err == nil {
					return nil, nil
				}
			}
		}

		passphrase.ClearCachedPassphrase(fingerprint)
		prompt := ""
		description := fmt.Sprintf("Key %s; attempt %d", key.PublicKey.KeyIdShortString(), attempt+1)
		passwd, err := passphrase.GetPassphrase(fingerprint, prompt, description, "", true, false)
		if err != nil {
			return nil, err
		}
		key.PrivateKey.Decrypt([]byte(passwd))

		return nil, nil
	})

	msgDetails, err := openpgp.ReadMessage(input, ring, promptFunc, nil)
	if err != nil {
		return nil, err
	}

	return msgDetails.UnverifiedBody, nil
}
Beispiel #4
0
// Decrypt tries to decrypt an OpenPGP armored block using the provided decryption keys
// and passphrase. If succesfull the plain content of the block is returned as []byte.
func Decrypt(d []byte, decryptionKeys *openpgp.EntityList, passphrase string) ([]byte, error) {
	var armoredBlock *armor.Block
	var message *openpgp.MessageDetails
	var plain []byte
	var err error

	if d == nil {
		return nil, nil
	}

	// Decode the OpenPGP armored block
	armoredBlock, err = armor.Decode(bytes.NewReader(d))
	if err != nil {
		return nil, err
	}

	// Extract the message from the OpenPGP armored block
	message, err = openpgp.ReadMessage(armoredBlock.Body, decryptionKeys,
		func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
			kp := []byte(passphrase)

			if symmetric {
				return kp, nil
			}

			for _, k := range keys {
				err := k.PrivateKey.Decrypt(kp)
				if err == nil {
					// If no error were returned, we could succesfully
					// decrypt the message using the provided private key
					return nil, nil
				}
			}

			return nil, fmt.Errorf("Unable to decrypt trousseau data store. " +
				"Invalid passphrase supplied.")
		},
		nil)
	if err != nil {
		return nil, fmt.Errorf("unable to decrypt trousseau data store. " +
			"No private key able to decrypt it found in your keyring.")
	}

	// Read the plain message bytes
	plain, err = ioutil.ReadAll(message.UnverifiedBody)
	if err != nil {
		return nil, err
	}

	return plain, err
}
Beispiel #5
0
func NewDecrypter(ciphertextReader io.ReadCloser, key string) (decrypter io.Reader, err error) {
	prompt := func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		return []byte(key), nil
	}

	details, err := openpgp.ReadMessage(ciphertextReader, nil, prompt, nil)
	if err != nil {
		decrypter = nil
		return
	}

	decrypter = Decrypter{details}

	return
}
Beispiel #6
0
func decodeBase64EncryptedMessage(s string, keyring openpgp.KeyRing) string {
	// Decrypt base64 encoded encrypted message using decrypted private key
	dec, err := base64.StdEncoding.DecodeString(s)
	if err != nil {
		log.Fatalln("ERR:", err)
	}
	debug.Printf("keyring: #%v", keyring)
	md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), keyring, nil, nil)
	if err != nil {
		log.Fatalln("ERR: Error reading message - ", err)
	}

	bytes, err := ioutil.ReadAll(md.UnverifiedBody)
	debug.Printf("md:", string(bytes))
	return string(bytes)
}
Beispiel #7
0
// Deocde decodes data using the secconf codec.
func Decode(data []byte, secertKeyring io.Reader) ([]byte, error) {
	decoder := base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(data))
	entityList, err := openpgp.ReadArmoredKeyRing(secertKeyring)
	if err != nil {
		return nil, err
	}
	md, err := openpgp.ReadMessage(decoder, entityList, nil, nil)
	if err != nil {
		return nil, err
	}
	gzReader, err := gzip.NewReader(md.UnverifiedBody)
	if err != nil {
		return nil, err
	}
	defer gzReader.Close()
	bytes, err := ioutil.ReadAll(gzReader)
	if err != nil {
		return nil, err
	}
	return bytes, nil
}
Beispiel #8
0
func decrypt(s string) (string, error) {
	if s == "" {
		return "", nil
	}

	raw, err := armor.Decode(strings.NewReader(s))
	if err != nil {
		return "", err
	}

	d, err := openpgp.ReadMessage(raw.Body, keys,
		func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
			kp := []byte(password)

			if symmetric {
				return kp, nil
			}

			for _, k := range keys {
				err := k.PrivateKey.Decrypt(kp)
				if err == nil {
					return nil, nil
				}
			}

			return nil, fmt.Errorf("Whether no valid private key for" +
				"store decryption was available or " +
				"supplied password was invalid")
		},
		nil)
	if err != nil {
		return "", err
	}

	bytes, err := ioutil.ReadAll(d.UnverifiedBody)
	return string(bytes), err
}
func Decrypt(decryptionKeys *openpgp.EntityList, s, passphrase string) ([]byte, error) {
	if s == "" {
		return nil, nil
	}

	armorBlock, err := armor.Decode(strings.NewReader(s))
	if err != nil {
		return nil, err
	}

	d, err := openpgp.ReadMessage(armorBlock.Body, decryptionKeys,
		func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
			kp := []byte(passphrase)

			if symmetric {
				return kp, nil
			}

			for _, k := range keys {
				err := k.PrivateKey.Decrypt(kp)
				if err == nil {
					return nil, nil
				}
			}

			return nil, fmt.Errorf("Unable to decrypt trousseau data store. " +
				"Invalid passphrase supplied.")
		},
		nil)

	if err != nil {
		return nil, err
	}

	bytes, err := ioutil.ReadAll(d.UnverifiedBody)
	return bytes, err
}