// EncryptShares takes an ordered set of byte slices to encrypt and the // corresponding base64-encoded public keys to encrypt them with, encrypts each // byte slice with the corresponding public key. // // Note: There is no corresponding test function; this functionality is // thoroughly tested in the init and rekey command unit tests func EncryptShares(input [][]byte, pgpKeys []string) ([]string, [][]byte, error) { if len(input) != len(pgpKeys) { return nil, nil, fmt.Errorf("Mismatch between number items to encrypt and number of PGP keys") } encryptedShares := make([][]byte, 0, len(pgpKeys)) entities, err := GetEntities(pgpKeys) if err != nil { return nil, nil, err } for i, entity := range entities { ctBuf := bytes.NewBuffer(nil) pt, err := openpgp.Encrypt(ctBuf, []*openpgp.Entity{entity}, nil, nil, nil) if err != nil { return nil, nil, fmt.Errorf("Error setting up encryption for PGP message: %s", err) } _, err = pt.Write(input[i]) if err != nil { return nil, nil, fmt.Errorf("Error encrypting PGP message: %s", err) } pt.Close() encryptedShares = append(encryptedShares, ctBuf.Bytes()) } fingerprints, err := GetFingerprints(nil, entities) if err != nil { return nil, nil, err } return fingerprints, encryptedShares, nil }
func PGPEncrypt(source io.Reader, sink io.WriteCloser, signer *PGPKeyBundle, recipients []*PGPKeyBundle) error { to := make([]*openpgp.Entity, len(recipients)) for i, r := range recipients { to[i] = r.Entity } var signerEntity *openpgp.Entity if signer != nil { signerEntity = signer.Entity } w, err := openpgp.Encrypt(sink, to, signerEntity, &openpgp.FileHints{IsBinary: true}, nil) if err != nil { return err } n, err := io.Copy(w, source) if err != nil { return err } G.Log.Debug("PGPEncrypt: wrote %d bytes", n) if err := w.Close(); err != nil { return err } if err := sink.Close(); err != nil { return err } return nil }