Ejemplo n.º 1
0
// Sign signs the message using the keystore's private key.
func (s *KeyStore) Sign(message []byte) ([]byte, bool) {
	if !s.Valid(false) || s.Locked() {
		return nil, false
	}

	return public.Sign(s.privateKey, message)
}
Ejemplo n.º 2
0
// Unlock decrypts the private key stored in the keystore.
func (s *KeyStore) Unlock(passphrase []byte) bool {
	if !s.Valid(true) {
		return false
	} else if !s.Locked() {
		return true
	}

	priv, ok := public.UnlockKey(s.PrivateKey, passphrase)
	if !ok {
		return false
	}
	pub, err := public.MarshalPublic(priv.PublicKey)
	if err != nil {
		priv.Zero()
		return false
	}

	s.privateKey = priv
	s.PublicKey = pub
	s.locked = false

	if s.ExportKey == nil {
		fmt.Println("Building export key.")
		vkey := &VerifiedKey{
			Public:    s.PublicKey,
			Signer:    s.PublicKey,
			Timestamp: time.Now().Unix(),
		}
		signatureData := vkey.SignatureData()
		sig, ok := public.Sign(s.privateKey, signatureData)
		if !ok {
			s.Lock()
			return false
		}
		vkey.Signature = sig
		verified, err := vkey.Serialise()
		if err != nil {
			s.Lock()
			return false
		}
		s.ExportKey = verified
	}

	return !s.Locked()
}
Ejemplo n.º 3
0
// AddKey adds the new peer key to the keystore, signing it with the
// owner's key. If the keystore is locked, this will fail.
func (s *KeyStore) AddKey(label string, peer []byte, metadata map[string]string) bool {
	if !s.Valid(true) {
		return false
	} else if s.Has(label) {
		return false
	} else if s.Locked() {
		return false
	} else if _, err := public.UnmarshalPublic(peer); err != nil {
		return false
	}

	signTime := time.Now().Unix()
	vkey := &VerifiedKey{
		Public:    peer,
		Signer:    s.PublicKey,
		Timestamp: signTime,
	}
	signatureData := vkey.SignatureData()

	sig, ok := public.Sign(s.privateKey, signatureData)
	if !ok {
		return false
	}
	if !public.Verify(s.privateKey.PublicKey, signatureData, sig) {
		return false
	}

	metadataCopy := map[string]string{}
	for k, v := range metadata {
		metadataCopy[k] = v
	}

	s.Keys[label] = &PublicKeyRecord{
		Label:         label,
		Timestamp:     time.Now().Unix(),
		Keys:          peer,
		KeySignature:  sig,
		KeySigner:     s.PublicKey,
		SignatureTime: signTime,
		Metadata:      metadataCopy,
	}
	return true
}
Ejemplo n.º 4
0
// ExportVerified returns a verified key from the label. The verified
// key will be signed by the keystore owner; the key's signature chain is
// first checked before exporting.
func (s *KeyStore) ExportVerified(label string) ([]byte, bool) {
	if !s.Valid(true) || !s.Has(label) || s.Locked() {
		return nil, false
	}

	if !s.VerifyChain(label) {
		return nil, false
	}

	var vkey *VerifiedKey

	if label == "self" {
		if s.ExportKey != nil {
			return s.ExportKey, true
		}
		vkey = &VerifiedKey{
			Public:    s.PublicKey,
			Signer:    s.PublicKey,
			Timestamp: time.Now().Unix(),
		}
	} else {
		vkey = &VerifiedKey{
			Public:    s.Keys[label].Keys,
			Signer:    s.PublicKey,
			Timestamp: time.Now().Unix(),
		}
	}
	signatureData := vkey.SignatureData()

	sig, ok := public.Sign(s.privateKey, signatureData)
	if !ok {
		return nil, false
	}

	vkey.Signature = sig
	signedKey, err := vkey.Serialise()
	return signedKey, err == nil
}
Ejemplo n.º 5
0
// NewPrivateKeyStore builds a keystore from a private key.
func NewPrivateKeyStore(priv *public.PrivateKey) (*KeyStore, bool) {
	if !priv.Valid() {
		return nil, false
	}

	pub, err := public.MarshalPublic(priv.PublicKey)
	if err != nil {
		return nil, false
	}

	vkey := &VerifiedKey{
		Public:    pub,
		Signer:    pub,
		Timestamp: time.Now().Unix(),
	}
	signatureData := vkey.SignatureData()
	sig, ok := public.Sign(priv, signatureData)
	if !ok {
		return nil, false
	}
	vkey.Signature = sig
	verified, err := vkey.Serialise()
	if err != nil {
		return nil, false
	}

	return &KeyStore{
		Version:    KeyStoreVersion,
		Timestamp:  time.Now().Unix(),
		Keys:       map[string]*PublicKeyRecord{},
		privateKey: priv,
		locked:     false,
		PublicKey:  pub,
		ExportKey:  verified,
	}, true

}