func main() { pubRingFile, _ := os.Open("/home/brad/.gnupg/pubring.gpg") pubRing, _ := openpgp.ReadKeyRing(pubRingFile) privRingFile, _ := os.Open("/home/brad/.gnupg/secring.gpg") privRing, _ := openpgp.ReadKeyRing(privRingFile) myPrivateKey := getKeyByEmail(privRing, "*****@*****.**") theirPublicKey := getKeyByEmail(pubRing, "*****@*****.**") w, _ := armor.Encode(os.Stdout, "PGP MESSAGE", nil) plaintext, _ := openpgp.Encrypt(w, []*openpgp.Entity{theirPublicKey}, myPrivateKey, nil) fmt.Fprintf(plaintext, "Hello from golang.\n") plaintext.Close() w.Close() fmt.Printf("\n") }
func processSecretKeyRing() (entity *openpgp.Entity, entitylist openpgp.EntityList) { // Get default secret keyring location usr, err := user.Current() if err != nil { log.Fatal(err) } jaegerSecretKeyRing := fmt.Sprintf("%v/.gnupg/jaeger_secring.gpg", usr.HomeDir) secretKeyRing := "" if _, err := os.Stat(jaegerSecretKeyRing); err == nil { secretKeyRing = jaegerSecretKeyRing } else { secretKeyRing = fmt.Sprintf("%v/.gnupg/secring.gpg", usr.HomeDir) } debug.Printf("secretKeyRing file:", secretKeyRing) secretKeyRingBuffer, err := os.Open(secretKeyRing) if err != nil { panic(err) } entitylist, err = openpgp.ReadKeyRing(secretKeyRingBuffer) if err != nil { log.Fatal(err) } entity = entitylist[0] debug.Printf("Private key default keyring:", entity.Identities) return entity, entitylist }
func encrypt(ringPath string, input io.Reader, output io.Writer) error { ringFile, err := os.Open(ringPath) if err != nil { return err } defer ringFile.Close() ring, err := openpgp.ReadKeyRing(ringFile) if err != nil { return err } // TODO: Select proper key key := ring[0] plaintext, err := openpgp.Encrypt(output, []*openpgp.Entity{key}, nil, nil, nil) if err != nil { return err } defer plaintext.Close() if _, err := io.Copy(plaintext, input); err != nil { return err } return nil }
func GetSigner(keyringPath string, id string) (*openpgp.Entity, error) { f, er := os.Open(keyringPath) if er != nil { return nil, er } defer f.Close() entities, err := openpgp.ReadKeyRing(f) if err != nil { return nil, err } for _, entity := range entities { switch { case entity.PrivateKey == nil: continue case !entity.PrivateKey.Encrypted: return entity, nil default: passphrase, err := PromptPassphrase(entity.PrivateKey) if err == nil { err = entity.PrivateKey.Decrypt(passphrase) } if err != nil { fmt.Fprintf(os.Stderr, "could not decrypt private key: %s\n", err) continue } return entity, nil } } return nil, fmt.Errorf("no suitable private key found") }
func (fe *FileEntityFetcher) FetchEntity(keyId string) (*openpgp.Entity, error) { f, err := wkfs.Open(fe.File) if err != nil { return nil, fmt.Errorf("jsonsign: FetchEntity: %v", err) } defer f.Close() el, err := openpgp.ReadKeyRing(f) if err != nil { return nil, fmt.Errorf("jsonsign: openpgp.ReadKeyRing of %q: %v", fe.File, err) } for _, e := range el { pubk := &e.PrivateKey.PublicKey if pubk.KeyIdString() != keyId { continue } if e.PrivateKey.Encrypted { if err := fe.decryptEntity(e); err == nil { return e, nil } else { return nil, err } } return e, nil } return nil, fmt.Errorf("jsonsign: entity for keyid %q not found in %q", keyId, fe.File) }
func InitDocumentHandler(defs UploadDefs) { // initialize upload handling parameters uploadPath = defs.Path treshold = defs.ShareTreshold // check for disabled secret sharing scheme if treshold > 0 { // compute prime: (2^512-1) - SharePrimeOfs one := big.NewInt(1) ofs := big.NewInt(int64(defs.SharePrimeOfs)) prime = new(big.Int).Lsh(one, 512) prime = new(big.Int).Sub(prime, one) prime = new(big.Int).Sub(prime, ofs) // open keyring file rdr, err := os.Open(defs.Keyring) if err != nil { // can't read keys -- terminate! logger.Printf(logger.ERROR, "[sid.upload] Can't read keyring file '%s' -- terminating!\n", defs.Keyring) os.Exit(1) } defer rdr.Close() // read public keys from keyring if reviewer, err = openpgp.ReadKeyRing(rdr); err != nil { // can't read keys -- terminate! logger.Printf(logger.ERROR, "[sid.upload] Failed to process keyring '%s' -- terminating!\n", defs.Keyring) os.Exit(1) } } else { logger.Printf(logger.WARN, "[sid.upload] Secret sharing scheme disabled -- uploads will be stored unencrypted!!") } }
func runShowKey(cmd *Command, args []string) { var err error log := NewTee("postcrypt") path, _ := cmd.Config.GetString("main", "keyring") if len(args) < 1 { log.Err("too few arguments. run `go help " + cmd.Name + "`.") return } // open gpg keyring file fh, _ := os.Open(path) if err != nil { log.Crit("could not open keyring: " + err.Error()) return } // read keyring keyring, err := openpgp.ReadKeyRing(fh) if err != nil { log.Crit("could not read keyring: " + err.Error()) return } for _, entity := range keyring { if args[0] == getKeyId(entity) { fmt.Printf("%s:\n", getKeyId(entity)) for _, ident := range entity.Identities { fmt.Printf("\t%s\n", ident.Name) } } } }
func findKey(key string) (*openpgp.Entity, error) { keyId, err := strconv.ParseUint(key, 16, 64) if err != nil { log.Printf("Unable to parse key '%s': %s\n", key, err) return nil, &UnknownKey{key} } f, err := os.Open(KeyringFile) if err != nil { log.Printf("Failed to open keyring: %s\n", err) return nil, err } defer f.Close() el, err := openpgp.ReadKeyRing(f) if err != nil { log.Printf("Failed to read keyring: %s\n", err) return nil, err } for _, entity := range el { if entity.PrimaryKey.KeyId&0xFFFFFFFF == keyId { return entity, nil } for _, key := range entity.Subkeys { if key.PublicKey.KeyId&0xFFFFFFFF == keyId { return entity, nil } } } return nil, &UnknownKey{key} }
func main() { sigReader := strings.NewReader(sig) sigBlock, err := armor.Decode(sigReader) if err != nil { panic(err) } if sigBlock.Type != openpgp.SignatureType { panic("not a signature type") } dataReader := strings.NewReader(data) krfd, err := os.Open("/home/ulfr/.gnupg/pubring.gpg") if err != nil { panic(err) } defer krfd.Close() keyring, err := openpgp.ReadKeyRing(krfd) if err != nil { panic(err) } entity, err := openpgp.CheckDetachedSignature( keyring, dataReader, sigBlock.Body) if err != nil { panic(err) } fmt.Printf("valid signature from key %s\n", hex.EncodeToString(entity.PrimaryKey.Fingerprint[:])) }
// Verify() checks the validity of a signature for some data, // and returns a boolean set to true if valid and an OpenPGP Entity func Verify(data string, signature string, keyring io.Reader) (valid bool, entity *openpgp.Entity, err error) { valid = false // re-armor signature and transform into io.Reader sigReader := strings.NewReader(reArmor(signature)) // decode armor sigBlock, err := armor.Decode(sigReader) if err != nil { panic(err) } if sigBlock.Type != "PGP SIGNATURE" { err = fmt.Errorf("Wrong signature type '%s'", sigBlock.Type) panic(err) } // convert to io.Reader srcReader := strings.NewReader(data) // open the keyring ring, err := openpgp.ReadKeyRing(keyring) if err != nil { panic(err) } entity, err = openpgp.CheckDetachedSignature(ring, srcReader, sigBlock.Body) if err != nil { panic(err) } // we passed, signature is valid valid = true return }
func processPublicKeyRing() (entity *openpgp.Entity, entitylist openpgp.EntityList) { // TODO: Handle a specified recipient // Get default public keyring location usr, err := user.Current() if err != nil { log.Fatal(err) } jaegerPublicKeyRing := fmt.Sprintf("%v/.gnupg/jaeger_pubring.gpg", usr.HomeDir) publicKeyRing := "" if _, err := os.Stat(jaegerPublicKeyRing); err == nil { publicKeyRing = jaegerPublicKeyRing } else { publicKeyRing = fmt.Sprintf("%v/.gnupg/pubring.gpg", usr.HomeDir) } debug.Printf("publicKeyRing file:", publicKeyRing) publicKeyRingBuffer, err := os.Open(publicKeyRing) if err != nil { panic(err) } entitylist, err = openpgp.ReadKeyRing(publicKeyRingBuffer) if err != nil { log.Fatal(err) } entity = entitylist[0] debug.Printf("Public key default keyring:", entity.Identities) return entity, entitylist }
// Sign signs a string with a key identified by a key fingerprint or an email address func Sign(data, keyid string, secringFile io.Reader) (sig string, err error) { defer func() { if e := recover(); e != nil { err = fmt.Errorf("pgp.Sign(): %v", e) } }() keyring, err := openpgp.ReadKeyRing(secringFile) if err != nil { err = fmt.Errorf("Keyring access failed: '%v'", err) panic(err) } // find the entity in the keyring var signer *openpgp.Entity found := false for _, entity := range keyring { fingerprint := strings.ToUpper(hex.EncodeToString(entity.PrimaryKey.Fingerprint[:])) for _, ident := range entity.Identities { email := ident.UserId.Email if keyid == fingerprint || keyid == email { signer = entity found = true break } } } if !found { err = fmt.Errorf("Signer '%s' not found", keyid) panic(err) } // if private key is encrypted, attempt to decrypt it with the passphrase if signer.PrivateKey.Encrypted { // get private key passphrase signer, err = decryptEntity(signer) if err != nil { panic(err) } } // calculate signature out := bytes.NewBuffer(nil) message := bytes.NewBufferString(data) err = openpgp.ArmoredDetachSign(out, signer, message, nil) if err != nil { err = fmt.Errorf("Signature failed: '%v'", err) panic(err) } // convert the writer back to string sig, err = deArmor(out.String()) if err != nil { err = fmt.Errorf("Error converting signature to string: '%v'", err) panic(err) } return }
func main() { if len(os.Args) < 2 { fmt.Printf("usage:\t%s <FINGERPRINT>\nex: \t%s 02699C276B60F27FC55C329968D63477A392B6FA\n", os.Args[0], os.Args[0]) os.Exit(1) } keyid := os.Args[1] data := "some random string to sign" secringFile, err := os.Open(FindHomedir() + "/.gnupg/secring.gpg") if err != nil { panic(err) } defer secringFile.Close() keyring, err := openpgp.ReadKeyRing(secringFile) if err != nil { err = fmt.Errorf("Keyring access failed: '%v'", err) panic(err) } // find the entity in the keyring var signer *openpgp.Entity found := false for _, entity := range keyring { fingerprint := strings.ToUpper(hex.EncodeToString(entity.PrimaryKey.Fingerprint[:])) fmt.Println("reading key with fingerprint", fingerprint) if keyid == fingerprint { signer = entity found = true fmt.Println("found a match") break } } if !found { err = fmt.Errorf("No key found for ID '%s'", keyid) panic(err) } // if private key is encrypted, attempt to decrypt it with the cached passphrase // then try with an agent or by asking the user for a passphrase if signer.PrivateKey.Encrypted { // get private key passphrase signer, err = decryptEntity(signer) if err != nil { panic(err) } } // calculate signature out := bytes.NewBuffer(nil) message := bytes.NewBufferString(data) err = openpgp.ArmoredDetachSign(out, signer, message, nil) if err != nil { err = fmt.Errorf("Signature failed: '%v'", err) panic(err) } fmt.Printf("%s\n", out) }
func decrypt(ringPath string, input io.Reader) (io.Reader, error) { ringFile, err := os.Open(ringPath) if err != nil { return nil, err } defer ringFile.Close() ring, err := openpgp.ReadKeyRing(ringFile) if err != nil { return nil, err } var keyToTry, attempt int var triedCache bool promptFunc := openpgp.PromptFunction(func(keys []openpgp.Key, symmetric bool) ([]byte, error) { if keyToTry >= len(keys) { return nil, fmt.Errorf("no more keys to try") } if attempt > 2 { attempt = 0 keyToTry++ return nil, nil } defer func() { attempt++ }() key := keys[keyToTry] fingerprint := fmt.Sprintf("%X", key.PublicKey.Fingerprint) if !triedCache { triedCache = true if cachedPass, _ := passphrase.GetPassphrase(fingerprint, "", "", "", false, false); cachedPass != "" { if err := key.PrivateKey.Decrypt([]byte(cachedPass)); err == nil { return nil, nil } } } passphrase.ClearCachedPassphrase(fingerprint) prompt := "" description := fmt.Sprintf("Key %s; attempt %d", key.PublicKey.KeyIdShortString(), attempt+1) passwd, err := passphrase.GetPassphrase(fingerprint, prompt, description, "", true, false) if err != nil { return nil, err } key.PrivateKey.Decrypt([]byte(passwd)) return nil, nil }) msgDetails, err := openpgp.ReadMessage(input, ring, promptFunc, nil) if err != nil { return nil, err } return msgDetails.UnverifiedBody, nil }
func checkGPG(file File) (state SigState, err error) { var signer *openpgp.Entity keypath := path.Join(os.Getenv("HOME"), "/.gnupg/pubring.gpg") keys, err := os.Open(keypath) if err != nil { fmt.Printf("Could not open public keyring at %s\n", keypath) os.Exit(2) } keyring, err := openpgp.ReadKeyRing(keys) if err != nil { fmt.Printf("Error reading public keyring: %s\n", err) os.Exit(2) } if *flagBin { signer, err = openpgp.CheckDetachedSignature(keyring, bytes.NewReader(file.content), bytes.NewReader(file.signature)) } else { signer, err = openpgp.CheckArmoredDetachedSignature(keyring, bytes.NewReader(file.content), bytes.NewReader(file.signature)) } if err != nil { fmt.Printf("Invalid signature or public key not present: %s\n", err) os.Exit(2) } state.sig = signer.PrimaryKey.KeyIdString() l := len(*flagKeyid) if l > 0 { var rid string // Force the local id to be all uppercase lid := strings.ToUpper(*flagKeyid) // check the number of chars on the remote id to see if it's a // short or long id. If it's not 8 or 16, it's not valid. switch l { case 8: rid = signer.PrimaryKey.KeyIdShortString() case 16: rid = signer.PrimaryKey.KeyIdString() } if len(rid) == 0 { fmt.Printf("You did not specify a valid GPG keyid length. Must be 8 or 16 characters.") os.Exit(2) } if lid != rid { fmt.Printf("The remote file was not signed by the expected GPG Public key. Expected %s and got %s\n", lid, rid) os.Exit(2) } } state.success = true return state, nil }
func initCrypto(keyRingPath, pass string) { f, err := os.Open(keyRingPath) if err != nil { log.Fatalf("Can't open keyring: %v", err) } defer f.Close() keys, err = openpgp.ReadKeyRing(f) if err != nil { log.Fatalf("Can't read keyring: %v", err) } }
func loadKeyringFile(path string) (openpgp.EntityList, error) { f, err := os.Open(path) if err != nil { return nil, err } defer f.Close() el, err := openpgp.ReadKeyRing(f) if err != nil { return nil, err } return el, nil }
func (g *GpgEncrypt) LoadPublicKeyRing() error { keyringFileBuffer, err := os.Open(g.PublicKeyringPath) if err != nil { return err } defer keyringFileBuffer.Close() entitylist, err := openpgp.ReadKeyRing(keyringFileBuffer) if err == nil { g.entityList = entitylist } return err }
// KeyIdFromRing returns the public keyId contained in the secret // ring file secRing. It expects only one keyId in this secret ring // and returns an error otherwise. func KeyIdFromRing(secRing string) (keyId string, err error) { f, err := wkfs.Open(secRing) if err != nil { return "", fmt.Errorf("Could not open secret ring file %v: %v", secRing, err) } defer f.Close() el, err := openpgp.ReadKeyRing(f) if err != nil { return "", fmt.Errorf("Could not read secret ring file %s: %v", secRing, err) } if len(el) != 1 { return "", fmt.Errorf("Secret ring file %v contained %d identities; expected 1", secRing, len(el)) } ent := el[0] return ent.PrimaryKey.KeyIdShortString(), nil }
func NewPwStore(keyring string) (*PwStore, error) { f, err := os.Open(keyring) if err != nil { return nil, err } keyr, err := openpgp.ReadKeyRing(f) if err != nil { return nil, err } ret := &PwStore{ keyring: keyr, } return ret, nil }
func main() { secringFile, err := os.Open("/tmp/testgolangopenpgp/secring.gpg") if err != nil { panic(err) } defer secringFile.Close() keyring, err := openpgp.ReadKeyRing(secringFile) if err != nil { err = fmt.Errorf("Keyring access failed: '%v'", err) panic(err) } fmt.Printf("found %d entities in keyring\n", len(keyring)) for _, entity := range keyring { fingerprint := strings.ToUpper(hex.EncodeToString(entity.PrimaryKey.Fingerprint[:])) fmt.Println("reading entity with fingerprint", fingerprint) } }
func ReadKeyRing(path string) (*openpgp.EntityList, error) { var keys openpgp.EntityList var err error f, err := os.Open(path) if err != nil { return nil, NewPgpError(ERR_KEYRING, fmt.Sprintf("Unable to open gnupg keyring: %v", err)) } defer f.Close() keys, err = openpgp.ReadKeyRing(f) if err != nil { return nil, NewPgpError(ERR_KEYRING, fmt.Sprintf("Unable to read from gnupg keyring: %v", err)) } return &keys, nil }
func initCrypto() { if *uploadEncryptTo == "" { return } // If encrypting, the hashes are basically not known. *uploadNoHash = true f, err := os.Open(filepath.Join(gpgHome(), "pubring.gpg")) if err != nil { log.Fatalf("Can't open keyring: %v", err) } defer f.Close() kl, err := openpgp.ReadKeyRing(f) if err != nil { log.Fatalf("Can't read keyring: %v", err) } keyids := strings.Split(*uploadEncryptTo, ",") var hprefs, sprefs []uint8 for _, w := range keyids { for _, e := range kl { if e.PrimaryKey.KeyIdShortString() == w { pi := primaryIdentity(e) ss := pi.SelfSignature hprefs = intersectPref(hprefs, ss.PreferredHash) sprefs = intersectPref(sprefs, ss.PreferredSymmetric) encryptKeys = append(encryptKeys, e) } } } if len(encryptKeys) != len(keyids) { log.Fatalf("Couldn't find all keys") } if len(hprefs) == 0 { log.Fatalf("No common hashes for encryption keys") } if len(sprefs) == 0 { log.Fatalf("No common symmetric ciphers for encryption keys") } }
func runListKeys(cmd *Command, args []string) { var err error var emails []string log := NewTee("postcrypt") path, _ := cmd.Config.GetString("main", "keyring") // open gpg keyring file fh, _ := os.Open(path) if err != nil { log.Crit("could not open keyring: " + err.Error()) return } // read keyring keyring, err := openpgp.ReadKeyRing(fh) if err != nil { log.Crit("could not read keyring: " + err.Error()) return } emails, _ = cmd.Config.GetOptions("keys") emails = append(emails, getAllEmails(keyring)...) fmt.Println("# Note: keys with (!!!) could not be found in keyring") for _, e := range emails { ids := getIdsByEmails(cmd.Config, keyring, []string{e}) fmt.Printf("%s = ", e) for _, i := range ids { if len(getKeysByIds(keyring, []string{i})) > 0 { fmt.Printf("%s ", i) } else { fmt.Printf("%s(!!!) ", i) } } fmt.Printf("\n") } }
func loadPGPKey(path string, defaultPath string) (*openpgp.Entity, error) { if path == "" { path = getHomePath(defaultPath) } f, err := os.Open(path) if err != nil { return nil, err } defer f.Close() block, err := armor.Decode(f) if err != nil { return nil, err } el, err := openpgp.ReadKeyRing(block.Body) if err != nil { return nil, err } if len(el) != 1 { return nil, fmt.Errorf("Key file %s contained %d keys, expecting 1", path, len(el)) } return el[0], nil }
func getKeys(c *conf.ConfigFile, e Envelope) openpgp.EntityList { var ids []string var path string var fh *os.File var err error var k openpgp.EntityList path, _ = c.GetString("main", "keyring") fh, err = os.Open(path) if err != nil { panic(err) } k, err = openpgp.ReadKeyRing(fh) if err != nil { panic(err) } ids = getIdsByEmails(c, k, e.Recipients) return getKeysByIds(k, ids) }
// EntityFromSecring returns the openpgp Entity from keyFile that matches keyId. // If empty, keyFile defaults to osutil.SecretRingFile(). func EntityFromSecring(keyId, keyFile string) (*openpgp.Entity, error) { if keyId == "" { return nil, errors.New("empty keyId passed to EntityFromSecring") } keyId = strings.ToUpper(keyId) if keyFile == "" { keyFile = osutil.SecretRingFile() } secring, err := wkfs.Open(keyFile) if err != nil { return nil, fmt.Errorf("jsonsign: failed to open keyring: %v", err) } defer secring.Close() el, err := openpgp.ReadKeyRing(secring) if err != nil { return nil, fmt.Errorf("openpgp.ReadKeyRing of %q: %v", keyFile, err) } var entity *openpgp.Entity for _, e := range el { pk := e.PrivateKey if pk == nil || (pk.KeyIdString() != keyId && pk.KeyIdShortString() != keyId) { continue } entity = e } if entity == nil { found := []string{} for _, e := range el { pk := e.PrivateKey if pk == nil { continue } found = append(found, pk.KeyIdShortString()) } return nil, fmt.Errorf("didn't find a key in %q for keyId %q; other keyIds in file = %v", keyFile, keyId, found) } return entity, nil }
func initPgp(kr string, keyids []string) { f, err := os.Open(kr) if err != nil { log.Fatalf("Can't open keyring: %v", err) } defer f.Close() kl, err := openpgp.ReadKeyRing(f) if err != nil { log.Fatalf("Can't read keyring: %v", err) } var hprefs, sprefs []uint8 for _, w := range keyids { for _, e := range kl { if e.PrimaryKey.KeyIdShortString() == w { pi := primaryIdentity(e) ss := pi.SelfSignature hprefs = intersectPreferences(hprefs, ss.PreferredHash) sprefs = intersectPreferences(sprefs, ss.PreferredSymmetric) encryptKeys = append(encryptKeys, e) } } } if len(encryptKeys) != len(keyids) { log.Fatalf("Couldn't find all keys") } if len(hprefs) == 0 { log.Fatalf("No common hashes for encryption keys") } if len(sprefs) == 0 { log.Fatalf("No common symmetric ciphers for encryption keys") } }
// LoadKeyRing reads the unarmoured keyring stored at the named path. func LoadKeyRing(path string) (keyRing *KeyRing, err error) { file, err := os.Open(path) if err != nil { return } defer file.Close() el, err := openpgp.ReadKeyRing(file) if err != nil { return } keyRing = new(KeyRing) keyRing.path = path keyRing.Entities = map[string]*openpgp.Entity{} for _, e := range el { if e.PrivateKey != nil { keyRing.private = true } id := fmt.Sprintf("%x", e.PrimaryKey.Fingerprint) keyRing.Entities[id] = e } return }
func loadKeys() { secring := filepath.Join(keysDir, "image-signing", "secring.gpg") s, err := os.Open(secring) if err != nil { log.Fatalf("No secret keyring found in %s\n", keysDir) } defer s.Close() el, err := openpgp.ReadKeyRing(s) if err != nil { log.Fatal("Could not read secret keyring, will not sign tarballs:", err) } for _, e := range el { for i := range e.Identities { log.Printf("Signing key: \"%s\"\n", i) signingKey = e return } } if signingKey == nil { log.Fatal("Could not find a signing identity in the keyring") } }