func encryptOpenpgp(data io.Reader, recipient string, gpghome string) ([]byte, error) { pubkeyfile, err := os.Open(fmt.Sprintf("%s%spubring.gpg", gpghome, string(os.PathSeparator))) if err != nil { fmt.Println("Failed to open pubring", err) return nil, err } pubring, err := openpgp.ReadKeyRing(pubkeyfile) if err != nil { fmt.Println("Failed to open pubring", err) return nil, err } pubkey := findKey(pubring, recipient) buf := bytes.NewBuffer(nil) w, _ := armor.Encode(buf, "PGP MESSAGE", nil) plaintext, err := openpgp.Encrypt(w, []*openpgp.Entity{pubkey}, nil, nil, nil) if err != nil { return nil, err } //reader := bytes.NewReader(data) _, err = io.Copy(plaintext, data) plaintext.Close() w.Close() if err != nil { return nil, err } return buf.Bytes(), nil }
func processPublicKeyRing() (entity *openpgp.Entity, entitylist openpgp.EntityList) { // TODO: Handle a specified recipient // Get default public keyring location usr, err := user.Current() if err != nil { log.Fatal(err) } jaegerPublicKeyRing := fmt.Sprintf("%v/.gnupg/jaeger_pubring.gpg", usr.HomeDir) publicKeyRing := "" if _, err := os.Stat(jaegerPublicKeyRing); err == nil { publicKeyRing = jaegerPublicKeyRing } else { publicKeyRing = fmt.Sprintf("%v/.gnupg/pubring.gpg", usr.HomeDir) } debug.Printf("publicKeyRing file:", publicKeyRing) publicKeyRingBuffer, err := os.Open(publicKeyRing) if err != nil { panic(err) } entitylist, err = openpgp.ReadKeyRing(publicKeyRingBuffer) if err != nil { log.Fatal(err) } entity = entitylist[0] debug.Printf("Public key default keyring:", entity.Identities) return entity, entitylist }
func loadKeyring(keyringReader io.Reader) (openpgp.EntityList, error) { entityList, err := openpgp.ReadKeyRing(keyringReader) if err != nil { return entityList, err } return entityList, nil }
func LoadKeyring(path string) (openpgp.EntityList, error) { if path == "" { return nil, util.Errorf("no keyring configured") } f, err := os.Open(path) if err != nil { return nil, err } defer f.Close() // Accept both ASCII-armored and binary encodings keyring, err := openpgp.ReadArmoredKeyRing(f) if err != nil && err.Error() == "openpgp: invalid argument: no armored data found" { offset, seekErr := f.Seek(0, os.SEEK_SET) if offset != 0 || seekErr != nil { return nil, util.Errorf( "couldn't seek to beginning, got %d %s", offset, seekErr, ) } keyring, err = openpgp.ReadKeyRing(f) } return keyring, err }
func enc(i int, keyRingHex string, keyName string, isSigned bool, filename string, message string, passphraseS string) error { kring, err := openpgp.ReadKeyRing(ReaderFromHex(keyRingHex)) if err != nil { return err } return Encrypt(i, kring, keyName, isSigned, filename, message) }
// Encode encodes data to a base64 encoded using the secconf codec. // data is encrypted with all public keys found in the supplied keyring. func Encode(data []byte, keyring io.Reader) ([]byte, error) { entityList, err := openpgp.ReadKeyRing(keyring) if err != nil { return nil, err } return encode(data, entityList) }
func checkGPGSig(fileName string, sigFileName string) error { // Get a Reader for the signature file sigFile, err := os.Open(sigFileName) if err != nil { return err } defer sigFile.Close() // Get a Reader for the signature file file, err := os.Open(fileName) if err != nil { return err } defer file.Close() publicKeyBin, err := hex.DecodeString(publicKeyHex) if err != nil { return err } keyring, _ := openpgp.ReadKeyRing(bytes.NewReader(publicKeyBin)) _, err = openpgp.CheckDetachedSignature(keyring, file, sigFile) return err }
func (fe *FileEntityFetcher) FetchEntity(keyId string) (*openpgp.Entity, error) { f, err := wkfs.Open(fe.File) if err != nil { return nil, fmt.Errorf("jsonsign: FetchEntity: %v", err) } defer f.Close() el, err := openpgp.ReadKeyRing(f) if err != nil { return nil, fmt.Errorf("jsonsign: openpgp.ReadKeyRing of %q: %v", fe.File, err) } for _, e := range el { pubk := &e.PrivateKey.PublicKey if pubk.KeyIdString() != keyId { continue } if e.PrivateKey.Encrypted { if err := fe.decryptEntity(e); err == nil { return e, nil } else { return nil, err } } return e, nil } return nil, fmt.Errorf("jsonsign: entity for keyid %q not found in %q", keyId, fe.File) }
func Insert(publicKeyringFile, keyName, fdir, name, pass string) error { message := pass filename := filepath.Join(fdir, fmt.Sprintf("%s.gpg", name)) _, err := os.Stat(filename) if err != nil { if !os.IsNotExist(err) { return err } } else { return fmt.Errorf("file %s exists", filename) } keyringFileBuffer, err := os.Open(publicKeyringFile) if err != nil { return err } defer func() { err := keyringFileBuffer.Close() if err != nil { logrus.Errorf("Error closing file %s", err) } }() kring, err := openpgp.ReadKeyRing(keyringFileBuffer) if err != nil { return err } err = Encrypt(0, kring, keyName, false, filename, message) return err }
func findKey(key string) (*openpgp.Entity, error) { keyId, err := strconv.ParseUint(key, 16, 64) if err != nil { log.Printf("Unable to parse key '%s': %s\n", key, err) return nil, &UnknownKey{key} } f, err := os.Open(KeyringFile) if err != nil { log.Printf("Failed to open keyring: %s\n", err) return nil, err } defer f.Close() el, err := openpgp.ReadKeyRing(f) if err != nil { log.Printf("Failed to read keyring: %s\n", err) return nil, err } for _, entity := range el { if entity.PrimaryKey.KeyId&0xFFFFFFFF == keyId { return entity, nil } for _, key := range entity.Subkeys { if key.PublicKey.KeyId&0xFFFFFFFF == keyId { return entity, nil } } } return nil, &UnknownKey{key} }
func processSecretKeyRing() (entity *openpgp.Entity, entitylist openpgp.EntityList) { // Get default secret keyring location usr, err := user.Current() if err != nil { log.Fatal(err) } jaegerSecretKeyRing := fmt.Sprintf("%v/.gnupg/jaeger_secring.gpg", usr.HomeDir) secretKeyRing := "" if _, err := os.Stat(jaegerSecretKeyRing); err == nil { secretKeyRing = jaegerSecretKeyRing } else { secretKeyRing = fmt.Sprintf("%v/.gnupg/secring.gpg", usr.HomeDir) } debug.Printf("secretKeyRing file:", secretKeyRing) secretKeyRingBuffer, err := os.Open(secretKeyRing) if err != nil { panic(err) } entitylist, err = openpgp.ReadKeyRing(secretKeyRingBuffer) if err != nil { log.Fatal(err) } entity = entitylist[0] debug.Printf("Private key default keyring:", entity.Identities) return entity, entitylist }
func main() { //NewEntity("hyg", "*****@*****.**", "secfile.key") //return pubringFile, _ := os.Open("path to public keyring") defer pubringFile.Close() pubring, _ := openpgp.ReadKeyRing(pubringFile) //theirPublicKey := getKeyByEmail(pubring, "*****@*****.**") theirPublicKey := getKeyByEmail(pubring, "*****@*****.**") secringFile, _ := os.Open("path to private keyring") defer secringFile.Close() sevring, _ := openpgp.ReadKeyRing(secringFile) myPrivateKey := getKeyByEmail(sevring, "*****@*****.**") //theirPublicKey.Serialize(os.Stdout) //myPrivateKey.Serialize(os.Stdout) //myPrivateKey.SerializePrivate(os.Stdout, nil) myPrivateKey.PrivateKey.Decrypt([]byte("passphrase")) /* // bug: have to input the correct passphrase at the first time for myPrivateKey.PrivateKey.Encrypted { fmt.Print("PGP passphrase: ") pgppass := gopass.GetPasswd() myPrivateKey.PrivateKey.Decrypt([]byte(pgppass)) if myPrivateKey.PrivateKey.Encrypted { fmt.Println("Incorrect. Try again or press ctrl+c to exit.") } } */ var hint openpgp.FileHints hint.IsBinary = false hint.FileName = "_CONSOLE" hint.ModTime = time.Now() w, _ := armor.Encode(os.Stdout, "PGP MESSAGE", nil) defer w.Close() plaintext, _ := openpgp.Encrypt(w, []*openpgp.Entity{theirPublicKey}, myPrivateKey, &hint, nil) defer plaintext.Close() fmt.Fprintf(plaintext, "黄勇刚在熟悉OpenPGP代码\n") }
func ReadKeyRing(keyRingName string) (openpgp.EntityList, error) { keyfile, err := os.Open(keyRingName) if err != nil { return nil, err } defer keyfile.Close() return openpgp.ReadKeyRing(keyfile) }
func EncodeWith(data []byte, keyring io.Reader, f EntityFilter) ([]byte, error) { entityList, err := openpgp.ReadKeyRing(keyring) if err != nil { return nil, err } return encode(data, f.Entities(entityList...)) }
func loadKeyRing(ringpath string) (openpgp.EntityList, error) { f, err := os.Open(ringpath) if err != nil { return nil, err } defer f.Close() return openpgp.ReadKeyRing(f) }
func decryptOpenpgp(data io.Reader, gpghome string, pass []byte) (io.Reader, error) { privkeyfile, err := os.Open(fmt.Sprintf("%s%ssecring.gpg", gpghome, string(os.PathSeparator))) if err != nil { fmt.Println("Failed to open secring", err) return nil, err } privring, err := openpgp.ReadKeyRing(privkeyfile) if err != nil { fmt.Println("Failed to open secring", err) return nil, err } //reader := bytes.NewReader(data) //brk,_ := ioutil.ReadAll(data) //fmt.Println("wtf",string(brk)) //fmt.Println("here is where eof panic") block, err := armor.Decode(data) if err != nil { fmt.Println(err) panic(err) } if len(pass) == 0 { fmt.Fprintf(os.Stderr, "Password: "******"") } for _, entity := range privring { if entity.PrivateKey != nil && entity.PrivateKey.Encrypted { entity.PrivateKey.Decrypt(pass) } for _, subkey := range entity.Subkeys { if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted { subkey.PrivateKey.Decrypt(pass) } } } md, err := openpgp.ReadMessage(block.Body, privring, nil, nil) if err != nil { return nil, err } return md.UnverifiedBody, nil //plaintext, err := ioutil.ReadAll(md.UnverifiedBody) //if err != nil { // panic(err) // } // return plaintext, nil }
func Fuzz(data []byte) int { r := bytes.NewBuffer(data) _, err := openpgp.ReadKeyRing(r) if err != nil { return 0 } return 1 }
// KeyRing reads a openpgp.KeyRing from the given io.Reader which may then be // used to validate GPG keys in RPM packages. func KeyRing(r io.Reader) (openpgp.KeyRing, error) { // decode gpgkey file p, err := armor.Decode(r) if err != nil { return nil, err } // extract keys return openpgp.ReadKeyRing(p.Body) }
func (key *MasterKey) loadRing(path string) (openpgp.EntityList, error) { f, err := os.Open(path) if err != nil { return openpgp.EntityList{}, err } defer f.Close() keyring, err := openpgp.ReadKeyRing(f) if err != nil { return keyring, err } return keyring, nil }
// GetEntityFrom returns (OpenPGP) Entity values for the specified // user's private or public key (from secring.gpg or pubring.gpg, // respectively) func GetEntityFrom(emailOrName, sourceFile string) (*openpgp.Entity, error) { // Default case: sourceFile == PUBLIC_KEYRING_FILENAME keyType := "public" keyMap := pubkeys if sourceFile == PRIVATE_KEYRING_FILENAME { keyType = "private" keyMap = privkeys } if key, ok := pubkeys[emailOrName]; ok { if DEBUG { log.Printf("Grabbed cached pubkey for %s\n", emailOrName) } return key, nil } ringFile, err := os.Open(sourceFile) if err != nil { return nil, fmt.Errorf("Error opening %s key file %s: %v", keyType, sourceFile, err) } defer ringFile.Close() ring, err := openpgp.ReadKeyRing(ringFile) if err != nil { return nil, fmt.Errorf("Error reading %s key file %s: %v", keyType, sourceFile, err) } if DEBUG { log.Printf("Grabbed %s key for %s off disk\n", keyType, emailOrName) } key := GetKeyByEmail(ring, emailOrName) if key == nil { key = GetKeyByName(ring, emailOrName) } if key == nil { e := fmt.Errorf("Couldn't find key for user %s: %v", emailOrName, err) return nil, e } // TODO: Is adding to this map this thread safe? Doesn't look // like it. Should it be? keyMap[emailOrName] = key return key, nil if sourceFile != PUBLIC_KEYRING_FILENAME && sourceFile != PRIVATE_KEYRING_FILENAME { panic("GetEntityFrom: Asking for neither private nor public key???") } return nil, fmt.Errorf("This should never happen!!!\n") }
func (ctx *SecureContext) ReadKeyRing() error { secringPath, _ := expandPath(ctx.SecureRingPath) privringFile, err := os.Open(secringPath) if err != nil { return err } defer privringFile.Close() ctx.PrivateRing, err = openpgp.ReadKeyRing(privringFile) if err != nil { return err } pubringPath, _ := expandPath(ctx.PubRingPath) pubringFile, err := os.Open(pubringPath) if err != nil { return err } defer pubringFile.Close() ctx.PublicRing, err = openpgp.ReadKeyRing(pubringFile) return err }
func runSignImage(t *testing.T, imagePath string, keyIndex int) string { // keys stored in tests/secring.gpg. keyFingerprint := "" switch keyIndex { case 1: keyFingerprint = "D9DCEF41" case 2: keyFingerprint = "585091E3" default: panic("unknown key") } secringFile, err := os.Open("./secring.gpg") if err != nil { t.Fatalf("Cannot open secring.gpg file: %v", err) } defer secringFile.Close() entityList, err := openpgp.ReadKeyRing(secringFile) if err != nil { t.Fatalf("Failed to read secring.gpg file: %v", err) } var signingEntity *openpgp.Entity for _, entity := range entityList { if entity.PrivateKey.KeyIdShortString() == keyFingerprint { signingEntity = entity } } imageFile, err := os.Open(imagePath) if err != nil { t.Fatalf("Cannot open image file %s: %v", imagePath, err) } defer imageFile.Close() ascPath := fmt.Sprintf("%s.asc", imagePath) ascFile, err := os.Create(ascPath) if err != nil { t.Fatalf("Cannot create asc file %s: %v", ascPath, err) } defer ascFile.Close() err = openpgp.ArmoredDetachSign(ascFile, signingEntity, imageFile, nil) if err != nil { t.Fatalf("Cannot create armored detached signature: %v", err) } return ascPath }
func NewPGP() PGP { gnupg := path.Join(os.Getenv("HOME"), ".gnupg") // Keyring keyringFileBuffer, err := os.Open(path.Join(gnupg, "secring.gpg")) if err != nil { log.Fatal(err) } privateEntities, err := openpgp.ReadKeyRing(keyringFileBuffer) defer keyringFileBuffer.Close() // Keyring publicKeyringFile, err := os.Open(path.Join(gnupg, "pubring.gpg")) if err != nil { log.Fatal(err) } publicEntities, err := openpgp.ReadKeyRing(publicKeyringFile) for _, entity := range publicEntities { log.Println(entity) } defer publicKeyringFile.Close() return PGP{privateEntities, publicEntities} }
func newKeyring() (*keyring, error) { data, err := hex.DecodeString(keyringHex) if err != nil { return nil, err } r := bytes.NewBuffer(data) el, err := openpgp.ReadKeyRing(r) if err != nil { return nil, err } return &keyring{el: el}, nil }
// KeyIdFromRing returns the public keyId contained in the secret // ring file secRing. It expects only one keyId in this secret ring // and returns an error otherwise. func KeyIdFromRing(secRing string) (keyId string, err error) { f, err := wkfs.Open(secRing) if err != nil { return "", fmt.Errorf("Could not open secret ring file %v: %v", secRing, err) } defer f.Close() el, err := openpgp.ReadKeyRing(f) if err != nil { return "", fmt.Errorf("Could not read secret ring file %s: %v", secRing, err) } if len(el) != 1 { return "", fmt.Errorf("Secret ring file %v contained %d identities; expected 1", secRing, len(el)) } ent := el[0] return ent.PrimaryKey.KeyIdShortString(), nil }
func entityFromLocal(fileName string, fingerprint string) (*openpgp.Entity, error) { path := os.Getenv("GNUPGHOME") if len(path) == 0 { return nil, fmt.Errorf("cound not find GNUPGHOME in ENV") } file, err := os.Open(filepath.Join(path, fileName)) if err != nil { return nil, err } defer file.Close() keyring, err := openpgp.ReadKeyRing(file) if err != nil { return nil, err } decoded, err := hex.DecodeString(fingerprint) if err != nil { return nil, err } if len(decoded) != 20 { return nil, fmt.Errorf("the fingerprint is not 20 bytes") } var fp [20]byte copy(fp[:], decoded[:20]) for _, entity := range keyring { if entity.PrimaryKey.Fingerprint != fp { continue } if entity != nil && entity.PrivateKey != nil && entity.PrivateKey.Encrypted { if err := decryptEntity(entity); err != nil { return nil, err } return entity, nil } return entity, nil } return nil, fmt.Errorf("entity for %s not found in %s", fingerprint, fileName) }
func validKeyForUser(userid, email string, key []byte) (ok bool) { el, err := openpgp.ReadKeyRing(bytes.NewBuffer(key)) if err != nil { glog.Errorf("error reading keyring: %s", err) return false } // Check that there's only one keypair included, if len(el) != 1 { glog.Errorf("Expected one entity, got %d.\n%+v", len(el), el) return false } // that there's only one UID packet for the keypair, identities := el[0].Identities if len(identities) != 1 { glog.Errorf("Expected one identity, got %d.\n%+v", len(identities), identities) return false } var uidEmail string for _, v := range identities { // This loop will only execute once... u := v.UserId if u.Name != "" || u.Comment != "" { glog.Errorf("too many fields filled (names and comments prohibited): got %+v", u) return false } uidEmail = u.Email if uidEmail == "" || uidEmail != email { glog.Errorf("email address in identity did not agree with email address passed in: got %s, wanted %s", uidEmail, email) return false } } // and, finally, // FIXME(OSS): authentication-mechanism-specific checks. if userid == email { err = nil } else { err = fmt.Errorf("userid != email") } if err != nil { glog.Error(err) return false } return true }
func initCrypto() { if *uploadEncryptTo == "" { return } // If encrypting, the hashes are basically not known. *uploadNoHash = true f, err := os.Open(filepath.Join(gpgHome(), "pubring.gpg")) if err != nil { log.Fatalf("Can't open keyring: %v", err) } defer f.Close() kl, err := openpgp.ReadKeyRing(f) if err != nil { log.Fatalf("Can't read keyring: %v", err) } keyids := strings.Split(*uploadEncryptTo, ",") var hprefs, sprefs []uint8 for _, w := range keyids { for _, e := range kl { if e.PrimaryKey.KeyIdShortString() == w { pi := primaryIdentity(e) ss := pi.SelfSignature hprefs = intersectPref(hprefs, ss.PreferredHash) sprefs = intersectPref(sprefs, ss.PreferredSymmetric) encryptKeys = append(encryptKeys, e) } } } if len(encryptKeys) != len(keyids) { log.Fatalf("Couldn't find all keys") } if len(hprefs) == 0 { log.Fatalf("No common hashes for encryption keys") } if len(sprefs) == 0 { log.Fatalf("No common symmetric ciphers for encryption keys") } }
func publicKeyEntity(keyRing string, keyId string) (*openpgp.Entity, error) { f, err := wkfs.Open(keyRing) if err != nil { return nil, fmt.Errorf("could not open keyRing %v: %v", keyRing, err) } defer f.Close() el, err := openpgp.ReadKeyRing(f) if err != nil { return nil, err } for _, e := range el { pubk := e.PrimaryKey if pubk.KeyIdShortString() == keyId { return e, nil } } return nil, fmt.Errorf("keyId %v not found in %v", keyId, keyRing) }
func secretKeyEntity(keyRing string, keyId string) (*openpgp.Entity, error) { f, err := wkfs.Open(keyRing) if err != nil { return nil, fmt.Errorf("could not open keyRing %v: %v", keyRing, err) } defer f.Close() el, err := openpgp.ReadKeyRing(f) if err != nil { return nil, err } for _, e := range el { pubk := &e.PrivateKey.PublicKey // TODO(mpl): decrypt private key if it is passphrase-encrypted if pubk.KeyIdShortString() == keyId { return e, nil } } return nil, fmt.Errorf("keyId %v not found in %v", keyId, keyRing) }