func (ast *AuthorizedState) VerifyState(asciiPubKey string) (err error) {
var stateString string
stateString, err = ast.GetStateString()
if err != nil {
return
}
//fmt.Println("verify:StateString :", stateString)
var sigBuf bytes.Buffer
sigBuf.WriteString(ast.AsciiSigOfState)
var stateStrBuf bytes.Buffer
stateStrBuf.WriteString(stateString)
//func CheckArmoredDetachedSignature(keyring KeyRing, signed, signature io.Reader)
// (signer *Entity, err error)
//KeyRing is an interface:=>EntityList implements KeyRing hence pass Entity List
_, pubEnt, errGetPub := PrcIdSigner.GetPub(asciiPubKey)
if errGetPub != nil {
err = errGetPub
return
}
pubEntList := &openpgp.EntityList{&pubEnt}
var signer *openpgp.Entity
signer, err = openpgp.CheckArmoredDetachedSignature(pubEntList, &stateStrBuf, &sigBuf)
if err == nil {
//fmt.Println("Verify:Signer Id = ", signer.Identities)
} else {
fmt.Println("VerifyState:Signer Id = ", signer.Identities, "Error = ", err.Error())
}
return
}
func checkGPG(file File) (state SigState, err error) {
var signer *openpgp.Entity
keypath := path.Join(os.Getenv("HOME"), "/.gnupg/pubring.gpg")
keys, err := os.Open(keypath)
if err != nil {
fmt.Printf("Could not open public keyring at %s\n", keypath)
os.Exit(2)
}
keyring, err := openpgp.ReadKeyRing(keys)
if err != nil {
fmt.Printf("Error reading public keyring: %s\n", err)
os.Exit(2)
}
if *flagBin {
signer, err = openpgp.CheckDetachedSignature(keyring, bytes.NewReader(file.content), bytes.NewReader(file.signature))
} else {
signer, err = openpgp.CheckArmoredDetachedSignature(keyring, bytes.NewReader(file.content), bytes.NewReader(file.signature))
}
if err != nil {
fmt.Printf("Invalid signature or public key not present: %s\n", err)
os.Exit(2)
}
state.sig = signer.PrimaryKey.KeyIdString()
l := len(*flagKeyid)
if l > 0 {
var rid string
// Force the local id to be all uppercase
lid := strings.ToUpper(*flagKeyid)
// check the number of chars on the remote id to see if it's a
// short or long id. If it's not 8 or 16, it's not valid.
switch l {
case 8:
rid = signer.PrimaryKey.KeyIdShortString()
case 16:
rid = signer.PrimaryKey.KeyIdString()
}
if len(rid) == 0 {
fmt.Printf("You did not specify a valid GPG keyid length. Must be 8 or 16 characters.")
os.Exit(2)
}
if lid != rid {
fmt.Printf("The remote file was not signed by the expected GPG Public key. Expected %s and got %s\n", lid, rid)
os.Exit(2)
}
}
state.success = true
return state, nil
}
func VerifySignature(pubKey, signed, signatureArmor string) bool {
keyRing, err := openpgp.ReadArmoredKeyRing(strings.NewReader(pubKey))
if err != nil {
panic(err)
}
signer, err := openpgp.CheckArmoredDetachedSignature(
keyRing,
strings.NewReader(signed),
strings.NewReader(signatureArmor),
)
if err != nil {
panic(err)
}
return signer != nil
}
func checkGPG(file *File) (state SigState, err error) {
var signer *openpgp.Entity
var cs *clearsign.Block
keypath := path.Join(os.Getenv("HOME"), "/.gnupg/pubring.gpg")
keys, err := os.Open(keypath)
if err != nil {
fmt.Printf("Could not open public keyring at %s\n", keypath)
os.Exit(2)
}
keyring, err := openpgp.ReadKeyRing(keys)
if err != nil {
fmt.Printf("Error reading public keyring: %s\n", err)
os.Exit(2)
}
if *flagClear {
cs, _ = clearsign.Decode(file.content)
if cs == nil {
fmt.Printf("Problem decoding clearsign signature from file %s\n", file.name)
os.Exit(2)
}
lsig, err := ioutil.ReadAll(cs.ArmoredSignature.Body)
if err != nil {
fmt.Printf("Problem reading signature from %s. Are you sure this file is clearsigned?: %s\n", file.name, err)
os.Exit(2)
}
if len(lsig) > 0 {
file.signature = lsig
file.content = cs.Bytes
*flagBin = true
}
}
if *flagBin {
signer, err = openpgp.CheckDetachedSignature(keyring, bytes.NewReader(file.content), bytes.NewReader(file.signature))
} else {
signer, err = openpgp.CheckArmoredDetachedSignature(keyring, bytes.NewReader(file.content), bytes.NewReader(file.signature))
}
if err != nil {
fmt.Printf("Invalid signature or public key not present: %s\n", err)
os.Exit(2)
}
state.sig = signer.PrimaryKey.KeyIdString()
l := len(*flagKeyid)
if l > 0 {
var rid string
// Force the local id to be all uppercase
lid := strings.ToUpper(*flagKeyid)
// check the number of chars on the remote id to see if it's a
// short or long id. If it's not 8 or 16, it's not valid.
switch l {
case 8:
rid = signer.PrimaryKey.KeyIdShortString()
case 16:
rid = signer.PrimaryKey.KeyIdString()
}
if len(rid) == 0 {
fmt.Printf("You did not specify a valid GPG keyid length. Must be 8 or 16 characters.")
os.Exit(2)
}
if lid != rid {
fmt.Printf("The remote file was not signed by the expected GPG Public key. Expected %s and got %s\n", lid, rid)
os.Exit(2)
}
}
// Due to how clearsign works, the detached signature has to be
// processed using the Bytes field, but the stripped content is located
// in the Plaintext field. As we've verified the signature was valid
// we can now fix the content
if *flagClear {
file.content = cs.Plaintext
}
state.success = true
return state, nil
}
