// Issue CORE-2063: check that generated secret key is exported // to user's GPG keyring. func TestPGPImportGPGExport(t *testing.T) { tc := SetupEngineTest(t, "pgpexp") defer tc.Cleanup() u := CreateAndSignupFakeUser(tc, "pgp") ctx := &Context{LogUI: tc.G.UI.GetLogUI(), SecretUI: u.NewSecretUI()} // before running, they should have no pgp keys in key family or in gpg me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { t.Fatal(err) } if len(me.GetActivePGPKeys(false)) != 0 { t.Fatalf("active pgp keys: %d, expected 0", len(me.GetActivePGPKeys(false))) } gpgPrivate, err := numPrivateGPGKeys(tc.G) if err != nil { t.Fatal(err) } if gpgPrivate != 0 { t.Fatalf("private gpg keys: %d, expected 0", gpgPrivate) } // this is similar to how cmd_pgp_gen works: genArg := &libkb.PGPGenArg{ PrimaryBits: 1024, SubkeyBits: 1024, } if err := genArg.MakeAllIds(); err != nil { t.Fatal(err) } arg := PGPKeyImportEngineArg{ Gen: genArg, PushSecret: true, AllowMulti: true, DoExport: true, Ctx: tc.G, } eng := NewPGPKeyImportEngine(arg) if err := RunEngine(eng, ctx); err != nil { t.Fatal(err) } // after running, they should have one pgp keys in key family and in gpg me, err = libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { t.Fatal(err) } if len(me.GetActivePGPKeys(false)) != 1 { t.Errorf("active pgp keys: %d, expected 1", len(me.GetActivePGPKeys(false))) } gpgPrivate, err = numPrivateGPGKeys(tc.G) if err != nil { t.Fatal(err) } if gpgPrivate != 1 { t.Errorf("private gpg keys: %d, expected 1", gpgPrivate) } }
func TestTrackLocal(t *testing.T) { tc := SetupEngineTest(t, "track") defer tc.Cleanup() fu := CreateAndSignupFakeUser(tc, "track") _, them, err := runTrackWithOptions(tc, fu, "t_alice", keybase1.TrackOptions{LocalOnly: true, BypassConfirm: true}, fu.NewSecretUI(), false) if err != nil { t.Fatal(err) } me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { t.Fatal(err) } s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID()) if err != nil { t.Fatal(err) } if s == nil { t.Fatal("no tracking statement") } if s.IsRemote() { t.Errorf("tracking statement is remote, expected local") } }
func (e *BTCEngine) Run(ctx *Context) (err error) { e.G().Log.Debug("+ BTCEngine Run") defer func() { e.G().Log.Debug("- BTCEngine Run") }() _, _, err = libkb.BtcAddrCheck(e.address, nil) if err != nil { return err } me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } cryptocurrencyLink := me.IDTable().ActiveCryptocurrency() if cryptocurrencyLink != nil && !e.force { return fmt.Errorf("User already has a cryptocurrency address. To overwrite, use --force.") } var sigIDToRevoke keybase1.SigID if cryptocurrencyLink != nil { sigIDToRevoke = cryptocurrencyLink.GetSigID() } ska := libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceSigningKeyType, } sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to register a cryptocurrency address")) if err != nil { return err } if err = sigKey.CheckSecretKey(); err != nil { return err } claim, err := me.CryptocurrencySig(sigKey, e.address, sigIDToRevoke) if err != nil { return err } sig, _, _, err := libkb.SignJSON(claim, sigKey) if err != nil { return err } kid := sigKey.GetKID() _, err = e.G().API.Post(libkb.APIArg{ Endpoint: "sig/post", NeedSession: true, Args: libkb.HTTPArgs{ "sig": libkb.S{Val: sig}, "signing_kid": libkb.S{Val: kid.String()}, "is_remote_proof": libkb.B{Val: false}, "type": libkb.S{Val: "cryptocurrency"}, }, }) if err != nil { return err } return nil }
func TestDeviceKey(t *testing.T) { tc := SetupEngineTest(t, "dkal") defer tc.Cleanup() fu := CreateAndSignupFakeUser(tc, "dkal") check := func() { u, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { t.Fatal(err) } if u == nil { t.Fatalf("Can't load current user") } if subkey, err := u.GetDeviceSubkey(); err != nil { t.Fatal(err) } else if subkey == nil { t.Fatalf("Failed to load device subkey right after signup") } } check() Logout(tc) fu.LoginOrBust(tc) check() }
func getMySecretKey( g *libkb.GlobalContext, secretUI libkb.SecretUI, secretKeyType libkb.SecretKeyType, reason string) ( libkb.GenericKey, error) { var key libkb.GenericKey var err error aerr := g.LoginState().Account(func(a *libkb.Account) { key, err = a.CachedSecretKey(libkb.SecretKeyArg{KeyType: secretKeyType}) }, "Keyrings - cachedSecretKey") if key != nil && err == nil { return key, nil } if aerr != nil { g.Log.Debug("error getting account: %s", aerr) } me, err := libkb.LoadMe(libkb.NewLoadUserArg(g)) if err != nil { return nil, err } arg := libkb.SecretKeyPromptArg{ Ska: libkb.SecretKeyArg{ Me: me, KeyType: secretKeyType, }, SecretUI: secretUI, Reason: reason, UseCancelCache: true, } return g.Keyrings.GetSecretKeyWithPrompt(arg) }
// currentDeviceSolvesProblemSet returns true if the current device can fix all // of the folders in the ProblemSet. func currentDeviceSolvesProblemSet(g *libkb.GlobalContext, ps keybase1.ProblemSet) (ret bool) { g.Log.Debug("+ currentDeviceSolvesProblemSet") defer func() { g.Log.Debug("- currentDeviceSolvesProblemSet -> %v\n", ret) }() me, err := libkb.LoadMe(libkb.NewLoadUserArg(g)) if err != nil { g.Log.Info("| Problem loading me: %s\n", err) return ret } key, err := me.GetDeviceSubkey() if err != nil { g.Log.Info("| Problem getting device subkey: %s\n", err) return ret } for _, tlf := range ps.Tlfs { if !keySolvesProblemTLF(key, tlf) { g.Log.Debug("| Doesn't solve problem TLF: %s (%s)\n", tlf.Tlf.Name, tlf.Tlf.Id) return ret } } ret = true return ret }
func (e *loginProvisionedDevice) unlockDeviceKeys(ctx *Context, me *libkb.User) error { if me == nil { var err error me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } } ska := libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceSigningKeyType, } _, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys")) if err != nil { return err } ska.KeyType = libkb.DeviceEncryptionKeyType _, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "unlock device keys")) if err != nil { return err } return nil }
func assertLoadPGPKeys(tc libkb.TestContext, u *FakeUser) { me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { tc.T.Fatal(err) } ska := libkb.SecretKeyArg{ Me: me, KeyType: libkb.PGPKeyType, } parg := libkb.SecretKeyPromptArg{ Ska: ska, SecretUI: u.NewSecretUI(), Reason: "pgp test", } key, err := tc.G.Keyrings.GetSecretKeyWithPrompt(parg) if err != nil { tc.T.Fatal(err) } var ok bool _, ok = key.(*libkb.PGPKeyBundle) if !ok { tc.T.Errorf("key type: %T, expected libkb.PGPKeyBundle", key) } }
func (e *ListTrackingEngine) Run(ctx *Context) (err error) { var user *libkb.User if len(e.arg.ForAssertion) > 0 { user, err = libkb.LoadUser(libkb.NewLoadUserByNameArg(e.G(), e.arg.ForAssertion)) } else { user, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G())) } if err != nil { return } var trackList TrackList trackList = user.IDTable().GetTrackList() trackList, err = filterRxx(trackList, e.arg.Filter) if err != nil { return } sort.Sort(trackList) if e.arg.JSON { err = e.runJSON(trackList, e.arg.Verbose) } else { err = e.runTable(trackList) } return }
// Run starts the engine. func (e *PaperKeySubmit) Run(ctx *Context) error { me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } e.pair, err = matchPaperKey(ctx, e.G(), me, e.paperPhrase) if err != nil { return err } aerr := e.G().LoginState().Account(func(a *libkb.Account) { err = a.SetUnlockedPaperKey(e.pair.sigKey, e.pair.encKey) }, "PaperKeySubmit - cache paper key") if aerr != nil { return aerr } if err != nil { return err } // send a notification that a paper key has been cached // for rekey purposes e.G().NotifyRouter.HandlePaperKeyCached(me.GetUID(), e.pair.encKey.GetKID(), e.pair.sigKey.GetKID()) // XXX - this is temporary until KBFS handles the above notification e.G().NotifyRouter.HandleUserChanged(me.GetUID()) return nil }
func (e *ListTrackingEngine) Run(ctx *Context) (err error) { user, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return } var trackList TrackList trackList = user.IDTable().GetTrackList() trackList, err = filterRxx(trackList, e.arg.Filter) if err != nil { return } sort.Sort(trackList) if e.arg.JSON { err = e.runJSON(trackList, e.arg.Verbose) } else { err = e.runTable(trackList) } return }
func TestPaperKeyPrimary(t *testing.T) { tc := SetupEngineTest(t, "paper") defer tc.Cleanup() f := func(arg *SignupEngineRunArg) { arg.SkipPaper = true } fu, signingKey := CreateAndSignupFakeUserCustomArg(tc, "paper", f) me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { t.Fatal(err) } ctx := &Context{ LoginUI: libkb.TestLoginUI{}, } args := &PaperKeyPrimaryArgs{ Me: me, SigningKey: signingKey, } eng := NewPaperKeyPrimary(tc.G, args) if err := RunEngine(eng, ctx); err != nil { t.Fatal(err) } hasOnePaperDev(tc, fu) }
func assertLoadSecretKeys(tc libkb.TestContext, u *FakeUser, msg string) { me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { tc.T.Fatalf("%s: %s", msg, err) } if me == nil { tc.T.Fatalf("%s: nil LoadMe result", msg) } skarg := libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceSigningKeyType, } sigKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing sig") if err != nil { tc.T.Fatalf("%s: %s", msg, err) } if sigKey == nil { tc.T.Fatalf("%s: got nil signing key", msg) } skarg.KeyType = libkb.DeviceEncryptionKeyType encKey, err := tc.G.Keyrings.GetSecretKeyWithPrompt(nil, skarg, u.NewSecretUI(), "testing enc") if err != nil { tc.T.Fatalf("%s: %s", msg, err) } if encKey == nil { tc.T.Fatalf("%s: got nil encryption key", msg) } }
func assertUntracked(tc libkb.TestContext, username string) { me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { tc.T.Fatal(err) } them, err := libkb.LoadUser(libkb.NewLoadUserByNameArg(tc.G, username)) if err != nil { tc.T.Fatal(err) } s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID()) if err != nil { tc.T.Fatal(err) } if s != nil { tc.T.Fatal("expected not to get a tracking statement; but got one") } s, err = libkb.LocalTrackChainLinkFor(me.GetUID(), them.GetUID(), tc.G) if err != nil { tc.T.Fatal(err) } if s != nil { tc.T.Fatal("expected not to get a local tracking statement; but got one") } }
func (e *Identify) loadUserArg() (*libkb.LoadUserArg, error) { arg := libkb.NewLoadUserArg(e.G()) if e.arg.SelfID() { // loading self arg.Self = true return &arg, nil } // Use assertions for everything: if err := e.loadExpr(e.arg.TargetUsername); err != nil { return nil, err } // Next, pop off the 'best' assertion and load the user by it. // That is, it might be the keybase assertion (if there), or otherwise, // something that's unique like Twitter or Github, and lastly, // something like DNS that is more likely ambiguous... b := libkb.FindBestIdentifyComponent(e.userExpr) if len(b) == 0 { return nil, fmt.Errorf("Cannot lookup user with %q", e.arg.TargetUsername) } arg.Name = b arg.PublicKeyOptional = true return &arg, nil }
func (e *SaltpackEncrypt) loadMe(ctx *Context) error { loggedIn, err := IsLoggedIn(e, ctx) if err != nil || !loggedIn { return err } e.me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G())) return err }
func checkTrackCommon(tc libkb.TestContext, blocks []sb, outcome *keybase1.IdentifyOutcome, them *libkb.User, ui *FakeIdentifyUI) error { me, err := libkb.LoadMe(libkb.NewLoadUserArg(tc.G)) if err != nil { return err } if them == nil { tc.T.Fatal("checkTrackCommon called with nil 'them' user") } s, err := me.TrackChainLinkFor(them.GetName(), them.GetUID()) if err != nil { return err } if s == nil { tc.T.Fatal("me.TrackChainLinkFor(...) returned nil, nil") } tc.T.Logf("payload json:\n%s", s.GetPayloadJSON().MarshalPretty()) sbs := s.ToServiceBlocks() if len(sbs) != len(blocks) { return fmt.Errorf("num service blocks: %d, expected %d", len(sbs), len(blocks)) } sort.Sort(byID(sbs)) for i, sb := range sbs { tsb := blocks[i] if sb.IsSocial() != tsb.social { return fmt.Errorf("(sb %d): social: %v, expected %v", i, sb.IsSocial(), tsb.social) } if sb.ToIDString() != tsb.id { return fmt.Errorf("(sb %d): id: %s, expected %s", i, sb.ToIDString(), tsb.id) } if sb.GetProofState() != tsb.proofState { return fmt.Errorf("(sb %d): proof state: %d, expected %d", i, sb.GetProofState(), tsb.proofState) } } if ui.Outcome.TrackStatus != outcome.TrackStatus { return fmt.Errorf("track status: %d, expected %d", ui.Outcome.TrackStatus, outcome.TrackStatus) } if ui.Outcome.NumTrackFailures != outcome.NumTrackFailures { return fmt.Errorf("num track failures: %d, expected %d", ui.Outcome.NumTrackFailures, outcome.NumTrackFailures) } if ui.Outcome.NumTrackChanges != outcome.NumTrackChanges { return fmt.Errorf("num track changes: %d, expected %d", ui.Outcome.NumTrackChanges, outcome.NumTrackChanges) } if ui.Outcome.NumProofFailures != outcome.NumProofFailures { return fmt.Errorf("num proof failures: %d, expected %d", ui.Outcome.NumProofFailures, outcome.NumProofFailures) } if ui.Outcome.NumProofSuccesses != outcome.NumProofSuccesses { return fmt.Errorf("num proof successes: %d, expected %d", ui.Outcome.NumProofSuccesses, outcome.NumProofSuccesses) } if ui.Outcome.NumRevoked != outcome.NumRevoked { return fmt.Errorf("num revoked: %d, expected %d", ui.Outcome.NumRevoked, outcome.NumRevoked) } return nil }
func (e *RevokeEngine) Run(ctx *Context) error { currentDevice := e.G().Env.GetDeviceID() var deviceID keybase1.DeviceID if e.mode == RevokeDevice { deviceID = e.deviceID if e.deviceID == currentDevice && !e.force { return fmt.Errorf("Can't revoke the current device.") } } me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } kidsToRevoke, err := e.getKIDsToRevoke(me) if err != nil { return err } ctx.LogUI.Info("Revoking KIDs:") for _, kid := range kidsToRevoke { ctx.LogUI.Info(" %s", kid) } ska := libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceSigningKeyType, } sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "to revoke another key")) if err != nil { return err } if err = sigKey.CheckSecretKey(); err != nil { return err } proof, err := me.RevokeKeysProof(sigKey, kidsToRevoke, deviceID) if err != nil { return err } sig, _, _, err := libkb.SignJSON(proof, sigKey) if err != nil { return err } kid := sigKey.GetKID() _, err = e.G().API.Post(libkb.APIArg{ Endpoint: "sig/revoke", NeedSession: true, Args: libkb.HTTPArgs{ "signing_kid": libkb.S{Val: kid.String()}, "sig": libkb.S{Val: sig}, }, }) if err != nil { return err } return nil }
func (e *Identify2WithUID) loadThem(ctx *Context) (err error) { arg := libkb.NewLoadUserArg(e.G()) arg.UID = e.arg.Uid arg.ResolveBody = e.ResolveBody e.them, err = libkb.LoadUser(arg) if e.them == nil { return libkb.UserNotFoundError{UID: arg.UID, Msg: "in Identify2WithUID"} } return err }
// Run starts the engine. func (e *SaltpackDecrypt) Run(ctx *Context) (err error) { defer e.G().Trace("SaltpackDecrypt::Run", func() error { return err })() // We don't load this in the --paperkey case. var me *libkb.User var key libkb.GenericKey if e.arg.Opts.UsePaperKey { // Prompt the user for a paper key. This doesn't require you to be // logged in. keypair, err := getPaperKey(e.G(), ctx) if err != nil { return err } key = keypair.encKey } else { // Load self so that we can get device keys. This does require you to // be logged in. me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } // Get the device encryption key, maybe prompting the user. ska := libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceEncryptionKeyType, } e.G().Log.Debug("| GetSecretKeyWithPrompt") key, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.SecretKeyPromptArg(ska, "decrypting a message/file")) if err != nil { return err } } kp, ok := key.(libkb.NaclDHKeyPair) if !ok || kp.Private == nil { return libkb.KeyCannotDecryptError{} } hook := func(mki *saltpack.MessageKeyInfo) error { return e.promptForDecrypt(ctx, mki) } e.G().Log.Debug("| SaltpackDecrypt") var mki *saltpack.MessageKeyInfo mki, err = libkb.SaltpackDecrypt(e.G(), e.arg.Source, e.arg.Sink, kp, hook) if err == saltpack.ErrNoDecryptionKey { err = libkb.NoDecryptionKeyError{Msg: "no suitable device key found"} } // It's ok if me is nil here. e.makeMessageInfo(me, mki) return err }
func (h *RekeyHandler) GetPendingRekeyStatus(ctx context.Context, sessionID int) (keybase1.ProblemSetDevices, error) { me, err := libkb.LoadMe(libkb.NewLoadUserArg(h.G())) if err != nil { return keybase1.ProblemSetDevices{}, err } pset, err := h.scorer(h.G(), keybase1.ProblemSet{}) if err != nil { return keybase1.ProblemSetDevices{}, err } return newProblemSetDevices(me, pset) }
// Run starts the provisioner engine. func (e *Kex2Provisioner) Run(ctx *Context) (err error) { e.G().Log.Debug("+ Kex2Provisioner.Run()") defer func() { e.G().Log.Debug("- Kex2Provisioner.Run() -> %s", libkb.ErrToOk(err)) }() // before starting provisioning, need to load some information: // load self: e.me, err = libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } // get signing key (including secret key): arg := libkb.SecretKeyArg{ Me: e.me, KeyType: libkb.DeviceSigningKeyType, } e.signingKey, err = e.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, arg, ctx.SecretUI, "new device install") if err != nil { return err } // get current passphrase stream: e.pps, err = e.G().LoginState().GetPassphraseStream(ctx.SecretUI) if err != nil { return err } // ctx needed by some kex2 functions e.ctx = ctx deviceID := e.G().Env.GetDeviceID() // all set: start provisioner karg := kex2.KexBaseArg{ Ctx: context.TODO(), Mr: libkb.NewKexRouter(e.G()), DeviceID: deviceID, Secret: e.secret, SecretChannel: e.secretCh, Timeout: 5 * time.Minute, } parg := kex2.ProvisionerArg{ KexBaseArg: karg, Provisioner: e, } err = kex2.RunProvisioner(parg) if err == nil { ctx.ProvisionUI.ProvisionSuccess(context.TODO(), 0) } return err }
func (u *rekeyStatusUpdater) problemSetDevices() (keybase1.ProblemSetDevices, error) { if u.me == nil { me, err := libkb.LoadMe(libkb.NewLoadUserArg(u.G())) if err != nil { return keybase1.ProblemSetDevices{}, err } u.me = me } return newProblemSetDevices(u.me, u.problemSet) }
func (e *IDEngine) run(ctx *Context) (*IDRes, error) { iarg := NewIdentifyArg(e.arg.UserAssertion, e.arg.TrackStatement, e.arg.ForceRemoteCheck) iarg.Source = e.arg.Source ieng := NewIdentify(iarg, e.G()) if err := RunEngine(ieng, ctx); err != nil { return nil, err } user := ieng.User() res := &IDRes{Outcome: ieng.Outcome(), User: user, TrackToken: ieng.TrackToken(), ComputedKeyFamily: user.GetComputedKeyFamily()} res.Outcome.Reason = e.arg.Reason if ieng.DidShortCircuit() { return res, nil } // need to tell any ui clients the track token if err := ctx.IdentifyUI.ReportTrackToken(ieng.TrackToken()); err != nil { return nil, err } if !e.arg.TrackStatement { ctx.IdentifyUI.Finish() return res, nil } // they want a json tracking statement: // check to make sure they aren't identifying themselves me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return nil, err } if me.Equal(user) { e.G().Log.Warning("can't generate track statement on yourself") // but let's not call this an error...they'll see the warning. ctx.IdentifyUI.Finish() return res, nil } stmt, err := me.TrackStatementJSON(user, ieng.Outcome()) if err != nil { e.G().Log.Warning("error getting track statement: %s", err) return nil, err } if err = ctx.IdentifyUI.DisplayTrackStatement(stmt); err != nil { return nil, err } ctx.IdentifyUI.Finish() return res, nil }
func (e *TrackToken) loadMe() error { if e.arg.Me != nil { return nil } me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } e.arg.Me = me return nil }
func (e *SecretKeysEngine) Run(ctx *Context) (err error) { e.G().Log.Debug("+ SecretKeysEngine Run") me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return err } // Clear out all the cached secret key state. This forces a password prompt // below. e.G().LoginState().Account(func(a *libkb.Account) { a.ClearStreamCache() a.ClearCachedSecretKeys() a.ClearKeyring() }, "clear stream cache") sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceSigningKeyType, }, ctx.SecretUI, "to revoke another key") if err != nil { return err } if err = sigKey.CheckSecretKey(); err != nil { return err } sigNaclKey, ok := sigKey.(libkb.NaclSigningKeyPair) if !ok { return fmt.Errorf("Expected a NaCl signing key.") } e.G().Log.Debug("| got signing key") encKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, libkb.SecretKeyArg{ Me: me, KeyType: libkb.DeviceEncryptionKeyType, }, ctx.SecretUI, "to revoke another key") if err != nil { return err } if err = encKey.CheckSecretKey(); err != nil { return err } encNaclKey, ok := encKey.(libkb.NaclDHKeyPair) if !ok { return fmt.Errorf("Expected a NaCl encryption key.") } e.G().Log.Debug("| got encryption key") e.result.Signing = [64]byte(*sigNaclKey.Private) e.result.Encryption = [32]byte(*encNaclKey.Private) return nil }
func (h ConfigHandler) GetExtendedStatus(_ context.Context, sessionID int) (res keybase1.ExtendedStatus, err error) { defer h.G().Trace("ConfigHandler::GetExtendedStatus", func() error { return err })() res.Standalone = h.G().Env.GetStandalone() res.LogDir = h.G().Env.GetLogDir() // Should work in standalone mode too if h.G().ConnectionManager != nil { res.Clients = h.G().ConnectionManager.ListAllLabeledConnections() } me, err := libkb.LoadMe(libkb.NewLoadUserArg(h.G())) if err != nil { h.G().Log.Debug("| could not load me user") } else { device, err := me.GetComputedKeyFamily().GetCurrentDevice(h.G()) if err != nil { h.G().Log.Debug("| GetCurrentDevice failed: %s", err) } else { res.Device = device.ProtExport() } } h.G().LoginState().Account(func(a *libkb.Account) { res.PassphraseStreamCached = a.PassphraseStreamCache().Valid() if a.LoginSession() != nil { res.Session = a.LoginSession().Status() } }, "ConfigHandler::GetExtendedStatus") // this isn't quite ideal, but if there's a delegated UpdateUI available, then electron is running and connected. if h.G().UIRouter != nil { updateUI, err := h.G().UIRouter.GetUpdateUI() if err == nil && updateUI != nil { res.DesktopUIConnected = true } } current, all, err := h.G().GetAllUserNames() if err != nil { h.G().Log.Debug("| died in GetAllUseranmes()") return res, err } res.DefaultUsername = current.String() p := make([]string, len(all)) for i, u := range all { p[i] = u.String() } res.ProvisionedUsernames = p res.PlatformInfo = getPlatformInfo() return res, nil }
func (e *PGPEncrypt) loadSelfKey() (*libkb.PGPKeyBundle, error) { me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G())) if err != nil { return nil, err } keys := me.FilterActivePGPKeys(true, e.arg.KeyQuery) if len(keys) == 0 { return nil, libkb.NoKeyError{Msg: "No PGP key found for encrypting for self"} } return keys[0], nil }
func (h *RekeyHandler) DebugShowRekeyStatus(ctx context.Context, sessionID int) error { if h.G().Env.GetRunMode() == libkb.ProductionRunMode { return errors.New("DebugShowRekeyStatus is a devel-only RPC") } me, err := libkb.LoadMe(libkb.NewLoadUserArg(h.G())) if err != nil { return err } arg := keybase1.RefreshArg{ SessionID: sessionID, ProblemSetDevices: keybase1.ProblemSetDevices{ ProblemSet: keybase1.ProblemSet{ User: keybase1.User{ Uid: me.GetUID(), Username: me.GetName(), }, Tlfs: []keybase1.ProblemTLF{ keybase1.ProblemTLF{ Tlf: keybase1.TLF{ // this is only for debugging Name: "/keybase/private/" + me.GetName(), Writers: []string{me.GetName()}, Readers: []string{me.GetName()}, IsPrivate: true, }, }, }, }, }, } devices := me.GetComputedKeyFamily().GetAllActiveDevices() arg.ProblemSetDevices.Devices = make([]keybase1.Device, len(devices)) for i, dev := range devices { arg.ProblemSetDevices.Devices[i] = *(dev.ProtExport()) } rekeyUI, err := h.G().UIRouter.GetRekeyUINoSessionID() if err != nil { return err } if rekeyUI == nil { h.G().Log.Debug("no rekey ui, would have called refresh with this:") h.G().Log.Debug("arg: %+v", arg) return errors.New("no rekey ui") } return rekeyUI.Refresh(ctx, arg) }
// NewScanKeys creates a ScanKeys type. If there is a login // session, it will load the pgp keys for that user. func NewScanKeys(secui libkb.SecretUI, idui libkb.IdentifyUI, opts *keybase1.TrackOptions, g *libkb.GlobalContext) (*ScanKeys, error) { sk := &ScanKeys{ secui: secui, idui: idui, opts: opts, Contextified: libkb.NewContextified(g), } var err error g.Log.Debug("+ NewScanKeys") defer func() { g.Log.Debug("- NewScanKeys -> %s", err) }() lin, err := g.LoginState().LoggedInLoad() if err != nil { return nil, err } if !lin { return sk, nil } // logged in: sk.me, err = libkb.LoadMe(libkb.NewLoadUserArg(sk.G())) if err != nil { return nil, fmt.Errorf("loadme error: %s", err) } // if user provided, then load their local keys, and their synced secret key: synced, err := sk.me.GetSyncedSecretKey() if err != nil { return nil, fmt.Errorf("getsyncedsecret err: %s", err) } aerr := sk.G().LoginState().Account(func(a *libkb.Account) { var ring *libkb.SKBKeyringFile ring, err = a.Keyring() if err != nil { return } err = sk.coalesceBlocks(ring, synced) }, "NewScanKeys - coalesceBlocks") if aerr != nil { return nil, err } if err != nil { return nil, err } return sk, nil }