// VerifyNonce verifies the nonce signature with the given sigPubKey.
func VerifyNonce(sigPubKey string, nonce uint64, signature string) error {
var ed25519Key cipher.Ed25519Key
sig, err := base64.Decode(signature)
if err != nil {
return err
}
pubKey, err := base64.Decode(sigPubKey)
if err != nil {
return err
}
if err := ed25519Key.SetPublicKey(pubKey); err != nil {
return err
}
if !ed25519Key.Verify(encode.ToByte8(nonce), sig) {
return log.Error(ErrInvalidNonceSig)
}
return nil
}
// writeKeyFile writes a key file with the given filename that contains the
// supplied key in AES-256 encrypted form.
func writeKeyfile(filename string, passphrase []byte, iter int, key []byte) error {
// make sure keyfile does not exist already
if _, err := os.Stat(filename); err == nil {
return log.Errorf("encdb: keyfile '%s' exists already", filename)
}
// convert iter to uint64
var uiter uint64
if iter < 0 || iter > 2147483647 {
return log.Errorf("encdb: writeKeyfile: invalid iter value")
}
uiter = uint64(iter)
// check keylength
if len(key) != 32 {
return log.Errorf("encdb: writeKeyfile: len(key) != 32")
}
// create keyfile
keyfile, err := os.Create(filename)
if err != nil {
return log.Error(err)
}
defer keyfile.Close()
// generate salt
var salt = make([]byte, 32)
if _, err := io.ReadFull(cipher.RandReader, salt); err != nil {
return err
}
// compute derived key from passphrase
dk := pbkdf2.Key(passphrase, salt, iter, 32, sha256.New)
// compute AES-256 encrypted key (with IV)
encKey := cipher.AES256CBCEncrypt([]byte(dk), key, cipher.RandReader)
// write number of iterations
if _, err := keyfile.Write(encode.ToByte8(uiter)); err != nil {
return err
}
// write salt
if _, err := keyfile.Write(salt); err != nil {
return err
}
// write IV and AES-256 encrypted key
if _, err := keyfile.Write(encKey); err != nil {
return err
}
return nil
}
// SignNonce signs the current time as nonce and returns it.
func (msg *Message) SignNonce() (nonce uint64, signature string) {
nonce = uint64(times.Now())
signature = base64.Encode(msg.UIDContent.SIGKEY.ed25519Key.Sign(encode.ToByte8(nonce)))
return
}
