Beispiel #1
0
// This is an entry point that largely defines "normal" miniLock behaviour.
// If sendToSender is true, then the sender's ID is added to recipients.
func EncryptFileContentsWithStrings(filename string, fileContents []byte, senderEmail, senderPassphrase string, sendToSender bool, recipientIDs ...string) (miniLockContents []byte, err error) {
	var (
		senderKey, this_recipient *taber.Keys
		recipientKeyList          []*taber.Keys
		this_id                   string
	)
	senderKey, err = taber.FromEmailAndPassphrase(senderEmail, senderPassphrase)
	if err != nil {
		return nil, err
	}
	if sendToSender {
		this_id, err = senderKey.EncodeID()
		if err != nil {
			return nil, err
		}
		recipientIDs = append(recipientIDs, this_id)
	}
	recipientKeyList = make([]*taber.Keys, 0, len(recipientIDs))
	// TODO: Randomise iteration here?
	for _, this_id = range recipientIDs {
		this_recipient, err = taber.FromID(this_id)
		if err != nil {
			return nil, err
		}
		recipientKeyList = append(recipientKeyList, this_recipient)
	}
	miniLockContents, err = EncryptFileContents(filename, fileContents, senderKey, recipientKeyList...)
	if err != nil {
		return nil, err
	}
	return miniLockContents, nil
}
Beispiel #2
0
// ExtractDecryptInfo iterates through the header using recipientKey and
// attempts to decrypt any DecryptInfoEntry using the provided ephemeral key.
// If unsuccessful after iterating through all decryptInfo objects, returns ErrCannotDecrypt.
func (hdr *miniLockv1Header) ExtractDecryptInfo(recipientKey *taber.Keys) (nonce []byte, DI *DecryptInfoEntry, err error) {
	var (
		ephemKey *taber.Keys
		encDI    []byte
		nonceS   string
	)
	ephemKey = new(taber.Keys)
	ephemKey.Public = hdr.Ephemeral
	if err != nil {
		return nil, nil, err
	}
	// Look for a DI we can decrypt with recipientKey
	// TODO: Make this concurrent!
	for nonceS, encDI = range hdr.DecryptInfo {
		nonce, err := base64.StdEncoding.DecodeString(nonceS)
		if err != nil {
			return nil, nil, err
		}
		DI, err = DecryptDecryptInfo(encDI, nonce, ephemKey, recipientKey)
		if err == ErrCannotDecrypt {
			continue
		} else if err != nil {
			return nil, nil, err
		}
		recipID, err := recipientKey.EncodeID()
		if err != nil {
			return nil, nil, err
		}
		if DI.RecipientID != recipID {
			return nil, nil, ErrBadRecipient
		}
		return nonce, DI, nil
	}
	return nil, nil, ErrCannotDecrypt
}
Beispiel #3
0
func NewDecryptInfoEntry(nonce []byte, fileinfo *FileInfo, senderKey, recipientKey *taber.Keys) (*DecryptInfoEntry, error) {
	encoded_fi, err := json.Marshal(fileinfo)
	if err != nil {
		return nil, err
	}
	cipher_fi, err := senderKey.Encrypt(encoded_fi, nonce, recipientKey)
	if err != nil {
		return nil, err
	}
	senderID, err := senderKey.EncodeID()
	if err != nil {
		return nil, err
	}
	recipientID, err := recipientKey.EncodeID()
	if err != nil {
		return nil, err
	}
	return &DecryptInfoEntry{SenderID: senderID, RecipientID: recipientID, FileInfoEnc: cipher_fi}, nil
}