Example #1
0
func (s *SftpSession) DecryptFile(fname string) (string, error) {

	lr, err := os.Open(fname)
	if err != nil {
		return "", err
	}
	defer lr.Close()

	/*
		slurped, err := ioutil.ReadAll(lr)
		if err != nil {
			return "", err
		}
	*/

	fdecrypted := strings.TrimSuffix(fname, filepath.Ext(fname))

	lw, err := os.Create(fdecrypted)
	if err != nil {
		return "", fmt.Errorf("open file error: %s, %s\n", fdecrypted, err.Error())
	}

	var armorStart = []byte("-----BEGIN ")
	var msg *openpgp.MessageDetails
	var dcrypterr error
	buf := bufio.NewReaderSize(lr, 512)
	peek, err := buf.Peek(15)
	if err != nil {
		return "", fmt.Errorf("armor peek: %s, %s\n", fdecrypted, dcrypterr.Error())
	}

	if bytes.HasPrefix(peek, armorStart) {
		// armored
		log.Printf("armored: %s\n", fname)
		// try reading in an armored block
		dearmor, err := armor.Decode(buf)
		if err != nil {
			log.Printf("not armored: %s\n", fname)
			return "", fmt.Errorf("armor read msg error: %s, %s\n", fdecrypted, dcrypterr.Error())
		} else {
			log.Printf("armored: %s\n", fname)
			// Decrypt the dearmored message
			msg, dcrypterr = openpgp.ReadMessage(dearmor.Body, s.entityList, nil, nil)
		}
	} else {
		// Decrypt the binary message
		msg, dcrypterr = openpgp.ReadMessage(buf, s.entityList, nil, nil)
	}

	if dcrypterr != nil {
		return "", fmt.Errorf("decrypt read msg error: %s, %s\n", fdecrypted, dcrypterr.Error())
	}

	_, err = io.Copy(lw, msg.UnverifiedBody)
	if err != nil {
		return "", err
	}

	return fdecrypted, nil
}
Example #2
0
File: gpg.go Project: laher/passr
func Decrypt(index int, kring openpgp.EntityList, keyName string, isSigned bool, filename string, passphrase []byte) (string, error) {

	err := DecryptPw(kring, keyName, passphrase)
	if err != nil {
		return "", err
	}

	f2, err := os.Open(filename)
	if err != nil {
		logrus.Errorf("#%d: error in Create: %s", index, err)
		return "", err
	}

	md, err := openpgp.ReadMessage(f2, kring, nil /* no prompt */, nil)
	if err != nil {
		logrus.Errorf("#%d: error reading message: %s", index, err)
		return "", err
	}

	/*
		testTime, _ := time.Parse("2006-01-02", "2013-07-01")
			if isSigned {
				signKey, _ := kring[0].signingKey(testTime)
				expectedKeyId := signKey.PublicKey.KeyId
				if md.SignedByKeyId != expectedKeyId {
					logrus.Errorf("#%d: message signed by wrong key id, got: %d, want: %d", i, *md.SignedBy, expectedKeyId)
				}
				if md.SignedBy == nil {
					logrus.Errorf("#%d: failed to find the signing Entity", i)
				}
			}
	*/
	plaintext, err := ioutil.ReadAll(md.UnverifiedBody)
	if err != nil {
		logrus.Errorf("#%d: error reading encrypted contents: %s", index, err)
		return "", err
	}
	/*
			encryptKey, _ := kring[0].encryptionKey(testTime)
			expectedKeyId := encryptKey.PublicKey.KeyId
			if len(md.EncryptedToKeyIds) != 1 || md.EncryptedToKeyIds[0] != expectedKeyId {
				logrus.Errorf("#%d: expected message to be encrypted to %v, but got %#v", i, expectedKeyId, md.EncryptedToKeyIds)
			}

		if string(plaintext) != message {
			logrus.Errorf("#%d: got: %s, want: %s", index, string(plaintext), message)
		}
	*/

	if isSigned {
		if md.SignatureError != nil {
			logrus.Errorf("#%d: signature error: %s", index, md.SignatureError)
		}
		if md.Signature == nil {
			logrus.Error("signature missing")
		}
	}

	return string(plaintext), nil
}
Example #3
0
// Decode - this function wraps around a Decoder object to decode the passed in data.
// @param io.Reader[] src - This parameter will be used to read the encrypted data
// @param io.Writer[] dest - This parameter will be used to write the unencrypted data
func (d *Decoder) Decode(r io.Reader, w io.Writer) error {
	entitylist, err := openpgp.ReadArmoredKeyRing(bytes.NewBuffer(d.Key))
	if err != nil {
		return err
	}
	entity := entitylist[0]

	if entity.PrivateKey != nil && entity.PrivateKey.Encrypted {
		if len(d.Passphrase) == 0 {
			return errors.New("Private key is encrypted but you did not provide a passphrase")
		}
		err := entity.PrivateKey.Decrypt(d.Passphrase)
		if err != nil {
			return errors.New("Failed to decrypt private key. Did you use the wrong passphrase? (" + err.Error() + ")")
		}
	}
	for _, subkey := range entity.Subkeys {
		if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
			err := subkey.PrivateKey.Decrypt(d.Passphrase)
			if err != nil {
				return errors.New("Failed to decrypt subkey. Did you use the wrong passphrase? (" + err.Error() + ")")
			}
		}
	}

	read, err := openpgp.ReadMessage(r, entitylist, nil, nil)
	if err != nil {
		return err
	}

	_, err = io.Copy(w, read.LiteralData.Body)
	return err

}
Example #4
0
// DecryptBytes takes in base64-encoded encrypted bytes and the base64-encoded
// private key and decrypts it. A bytes.Buffer is returned to allow the caller
// to do useful thing with it (get it as a []byte, get it as a string, use it
// as an io.Reader, etc), and also because this function doesn't know if what
// comes out is binary data or a string, so let the caller decide.
func DecryptBytes(encodedCrypt, privKey string) (*bytes.Buffer, error) {
	privKeyBytes, err := base64.StdEncoding.DecodeString(privKey)
	if err != nil {
		return nil, fmt.Errorf("Error decoding base64 private key: %s", err)
	}

	cryptBytes, err := base64.StdEncoding.DecodeString(encodedCrypt)
	if err != nil {
		return nil, fmt.Errorf("Error decoding base64 crypted bytes: %s", err)
	}

	entity, err := openpgp.ReadEntity(packet.NewReader(bytes.NewBuffer(privKeyBytes)))
	if err != nil {
		return nil, fmt.Errorf("Error parsing private key: %s", err)
	}

	entityList := &openpgp.EntityList{entity}
	md, err := openpgp.ReadMessage(bytes.NewBuffer(cryptBytes), entityList, nil, nil)
	if err != nil {
		return nil, fmt.Errorf("Error decrypting the messages: %s", err)
	}

	ptBuf := bytes.NewBuffer(nil)
	ptBuf.ReadFrom(md.UnverifiedBody)

	return ptBuf, nil
}
Example #5
0
func decryptString(decryptionString string, encryptionPassphraseString string) (string, error) {
	encryptionPassphrase := []byte(encryptionPassphraseString)
	decbuf := bytes.NewBuffer([]byte(decryptionString))
	result, err := armor.Decode(decbuf)
	if err != nil {
		return "", err
	}

	alreadyPrompted := false
	md, err := openpgp.ReadMessage(result.Body, nil, func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		if alreadyPrompted {
			return nil, errors.New("Could not decrypt using passphrase")
		} else {
			alreadyPrompted = true
		}
		return encryptionPassphrase, nil
	}, nil)
	if err != nil {
		return "", err
	}

	bytes, err := ioutil.ReadAll(md.UnverifiedBody)
	if err != nil {
		return "", err
	}
	return string(bytes), nil
}
Example #6
0
func GpgDecrypt(text2decrypt string) string {
	encrypted := bytes.NewBuffer([]byte(text2decrypt))

	bin_encrypt, err := armor.Decode(encrypted)
	if err != nil {
		log.Printf("[PGP] not an armored payload: %s", err.Error())
		return ""
	}

	cleartext_md, err := openpgp.ReadMessage(bin_encrypt.Body, nil, func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		return []byte(config.GetTribeID()), nil
	}, nil)
	if err != nil {
		log.Printf("[PGP] Can't decrypt payload: %s", err.Error())
		return ""
	}

	plaintext, err := ioutil.ReadAll(cleartext_md.UnverifiedBody)
	if err != nil {
		log.Printf("[PGP] Can't read cleartext: %s", err.Error())
		return ""
	}

	return string(plaintext)
}
Example #7
0
func (o *openPGP) Decrypt(input *os.File, output *os.File, verify bool) (err error) {
	keyRing := openpgp.EntityList{}
	keyRing = append(keyRing, o.secKey)

	if o.pubKey != nil {
		keyRing = append(keyRing, o.secKey)
	}

	messageDetails, err := openpgp.ReadMessage(input, keyRing, nil, nil)

	if err != nil {
		return
	}

	_, err = io.Copy(output, messageDetails.UnverifiedBody)

	if err != nil {
		return
	}

	if verify && !(messageDetails.IsSigned && messageDetails.SignatureError == nil) {
		return errors.New("file has been decrypted but signature verification failed")
	}

	return
}
Example #8
0
func Decrypt(data string, key_file string) (string, error) {

	secretKeyring, err := os.Open(key_file)
	if err != nil {
		return nil, err
	}
	defer secretKeyring.Close()

	// Taken from crypt and adapted
	decoder := base64.NewDecoder(base64.StdEncoding, bytes.NewBufferString(data))
	entityList, err := openpgp.ReadArmoredKeyRing(secretKeyring)
	if err != nil {
		return nil, err
	}
	md, err := openpgp.ReadMessage(decoder, entityList, nil, nil)
	if err != nil {
		return nil, err
	}
	gzReader, err := gzip.NewReader(md.UnverifiedBody)
	if err != nil {
		return nil, err
	}
	defer gzReader.Close()
	bytes, err := ioutil.ReadAll(gzReader)
	if err != nil {
		return nil, err
	}
	return string(bytes), nil
}
Example #9
0
func Fuzz(data []byte) int {
	md, err := openpgp.ReadMessage(bytes.NewBuffer(data), emptyKR{},
		newPromptFunction(), nil)
	if err != nil {
		return 0
	}

	buf := new(bytes.Buffer)
	_, err = io.Copy(buf, md.UnverifiedBody)
	if err != nil {
		if _, ok := err.(pgperrors.SignatureError); ok {
			// The message structure is correct. It parsed
			// correctly, but only failed an integrity
			// check. We return 1 for it. Fully correct
			// messages will return 2 below.
			return 1
		}

		return 0
	}

	verifiedBody := buf.Bytes()
	if !bytes.Equal(plainBytes, verifiedBody) {
		// There seems to be no way of telling if an MDC was
		// checked for. If there was, we could check for that
		// and panic here. For now, we just assume that this
		// is a non-MDC protected message that has been
		// modified.
		return 1

	}

	return 2
}
Example #10
0
File: pgp.go Project: lbn/gorwell
func (client PGP) DecryptBytes(esecret []byte) []byte {
	md, err := openpgp.ReadMessage(bytes.NewBuffer(esecret), client.PrivateEntities, nil, nil)
	if err != nil {
		panic(err)
	}
	bytes, _ := ioutil.ReadAll(md.UnverifiedBody)
	return bytes
}
Example #11
0
func main() {
	flag.Parse()

	if cpuprofile != "" {
		profFD, err := os.Create(cpuprofile)
		if err != nil {
			log.Fatalf("Cpuprofile: os.Create(): %v", err)
		}

		pprof.StartCPUProfile(profFD)
		defer pprof.StopCPUProfile()
	}

	c := make(chan os.Signal, 1)
	signal.Notify(c, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP,
		syscall.SIGPIPE)
	go func() {
		<-c

		if cpuprofile != "" {
			pprof.StopCPUProfile()
		}

		// In case we had a hang, we print the stack trace here.
		buf := make([]byte, 256*1024)
		n := runtime.Stack(buf, true)
		fmt.Fprintln(os.Stderr, string(buf[0:n]))

		os.Exit(1)
	}()

	var fd *os.File = os.Stdin
	var err error
	if filename != "" {
		fd, err = os.Open(filename)
		if err != nil {
			log.Fatalf("Input: os.Open(): %v", err)
		}
		defer fd.Close()
	}

	md, err := openpgp.ReadMessage(fd, emptyKR{}, newPromptFunction(), nil)
	if err != nil {
		log.Fatalf("openpgp.ReadMessage(): %v", err)
	}
	log.Println("openpgp.ReadMessage() returned without error")

	_, err = io.Copy(os.Stdout, md.UnverifiedBody)
	if err != nil {
		log.Fatalf("Reading unverified plain text: io.Copy(): %v", err)
	}

	// Check that any authentication code for the message was
	// verified successfully
	if md.SignatureError != nil {
		log.Fatalln("Integrity Check FAILED:", md.SignatureError)
	}
}
Example #12
0
func decryptOpenpgp(data io.Reader, gpghome string, pass []byte) (io.Reader, error) {
	privkeyfile, err := os.Open(fmt.Sprintf("%s%ssecring.gpg", gpghome, string(os.PathSeparator)))
	if err != nil {
		fmt.Println("Failed to open secring", err)
		return nil, err
	}

	privring, err := openpgp.ReadKeyRing(privkeyfile)
	if err != nil {
		fmt.Println("Failed to open secring", err)
		return nil, err
	}

	//reader := bytes.NewReader(data)
	//brk,_ := ioutil.ReadAll(data)
	//fmt.Println("wtf",string(brk))
	//fmt.Println("here is where eof panic")
	block, err := armor.Decode(data)
	if err != nil {
		fmt.Println(err)
		panic(err)
	}

	if len(pass) == 0 {
		fmt.Fprintf(os.Stderr, "Password: "******"")
	}

	for _, entity := range privring {
		if entity.PrivateKey != nil && entity.PrivateKey.Encrypted {
			entity.PrivateKey.Decrypt(pass)
		}

		for _, subkey := range entity.Subkeys {
			if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
				subkey.PrivateKey.Decrypt(pass)
			}
		}
	}

	md, err := openpgp.ReadMessage(block.Body, privring, nil, nil)
	if err != nil {
		return nil, err
	}

	return md.UnverifiedBody, nil

	//plaintext, err := ioutil.ReadAll(md.UnverifiedBody)
	//if err != nil {
	//		panic(err)
	//	}
	//	return plaintext, nil
}
Example #13
0
func main() {
	encrypt_out := flag.String("out", "ciphertext.out", "Ciphertext")

	log.Println("Create key pair")
	// Create a key-pair
	entity, _ := openpgp.NewEntity("The Receiver", "testing",
		"*****@*****.**", nil)

	log.Println("Start encryption")
	config := &packet.Config{
		DefaultHash: crypto.SHA256,
	}
	file, err := os.OpenFile(*encrypt_out, os.O_WRONLY|os.O_CREATE, 0600)

	// For some reason it uses RIPEMD160 ?
	plain, err := openpgp.Encrypt(file, []*openpgp.Entity{entity},
		nil, nil, config)
	if err != nil {
		log.Fatal(err)
	}

	// Input of plaintext: a stream (as we typically would get from a
	// network stream).
	plain.Write([]byte("Hello World plaintext!\n"))
	plain.Close()

	// Decrypt
	read_file, _ := os.Open(*encrypt_out)
	keyring := openpgp.EntityList{entity}

	message, err := openpgp.ReadMessage(read_file, keyring,
		func(keys []openpgp.Key, sym bool) ([]byte, error) {
			log.Printf("Prompt got called\n")
			return nil, nil
		}, nil)
	if err != nil {
		log.Fatal(err)
	}

	// Read the encrypted file and dump plain-text to stdout.
	body_reader := message.UnverifiedBody
	buffer := make([]byte, 1024)
	for {
		n, _ := body_reader.Read(buffer)
		if n == 0 {
			break
		}
		os.Stdout.Write(buffer[0:n])
	}
	log.Println("Done.")
}
Example #14
0
func decodeBase64EncryptedMessage(s string, keyring openpgp.KeyRing) string {
	// Decrypt base64 encoded encrypted message using decrypted private key
	dec, err := base64.StdEncoding.DecodeString(s)
	if err != nil {
		log.Fatalln("ERR:", err)
	}
	debug.Printf("keyring: #%v", keyring)
	md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), keyring, nil, nil)
	if err != nil {
		log.Fatalln("ERR: Error reading message - ", err)
	}

	bytes, err := ioutil.ReadAll(md.UnverifiedBody)
	debug.Printf("md:", string(bytes))
	return string(bytes)
}
Example #15
0
func ReadEncrypted(ciphertext io.ReadCloser, el openpgp.EntityList, passphrase []byte) (io.ReadCloser, error) {
	md, err := openpgp.ReadMessage(ciphertext, el, func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		if symmetric {
			return nil, fmt.Errorf("No support for symmetrical encryption")
		}
		for _, key := range keys {
			if err := key.PrivateKey.Decrypt(passphrase); err != nil {
				return nil, ErrCannotDecryptKey
			}
			return nil, nil
		}
		return nil, ErrNoMatchingKeys
	}, nil)
	if err != nil {
		return nil, err
	}
	return &encryptedReader{ciphertext, md.UnverifiedBody}, nil
}
Example #16
0
// Decrypt uses PGP to obtain the data key from the EncryptedKey store in the MasterKey and returns it
func (key *MasterKey) Decrypt() ([]byte, error) {
	ring, err := key.secRing()
	if err != nil {
		return nil, fmt.Errorf("Could not load secring: %s", err)
	}
	block, err := armor.Decode(strings.NewReader(key.EncryptedKey))
	if err != nil {
		return nil, fmt.Errorf("Armor decoding failed: %s", err)
	}
	md, err := openpgp.ReadMessage(block.Body, ring, key.passphrasePrompt, nil)
	if err != nil {
		return nil, fmt.Errorf("Reading PGP message failed: %s", err)
	}
	if b, err := ioutil.ReadAll(md.UnverifiedBody); err == nil {
		return b, nil
	}
	return nil, fmt.Errorf("The key could not be decrypted with any of the GPG entries")
}
Example #17
0
func printMessage() {
	decbuf := bytes.NewBuffer([]byte(encryptedMessage))
	result, err := armor.Decode(decbuf)
	if err != nil {
		log.Fatal(err)
	}

	md, err := openpgp.ReadMessage(result.Body, nil, func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		return []byte("golang"), nil
	}, nil)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Println("dec version:", result.Header["Version"])
	fmt.Println("dec type:", result.Type)
	bytes, err := ioutil.ReadAll(md.UnverifiedBody)
	fmt.Println("md:", string(bytes))
}
Example #18
0
// Decrypt decrypt an encrypted message
func (g *Gpg) Decrypt(blob []byte) ([]byte, error) {

	// Open the private key file
	privateRingBuffer, err := os.Open(g.PrivateKeyring)
	if err != nil {
		return nil, err
	}
	defer privateRingBuffer.Close()

	privateRing, err := openpgp.ReadKeyRing(privateRingBuffer)
	if err != nil {
		return nil, err
	}
	privateKey := getKeyByEmail(privateRing, g.Email)

	fmt.Print("GPG Passphrase: ")
	passphrase, err := terminal.ReadPassword(0)
	fmt.Println("")

	log.Printf("[DEBUG] GPG Decrypting private key using passphrase")
	//passphraseByte := []byte(passphrase)
	privateKey.PrivateKey.Decrypt(passphrase)
	for _, subkey := range privateKey.Subkeys {
		subkey.PrivateKey.Decrypt(passphrase)
	}
	log.Printf("[DEBUG] GPG Finished decrypting private key using passphrase")

	armoredBlock, err := armor.Decode(bytes.NewReader(blob))
	if err != nil {
		return nil, err
	}

	// Decrypt it with the contents of the private key
	md, err := openpgp.ReadMessage(armoredBlock.Body, privateRing, nil, nil)
	if err != nil {
		return nil, fmt.Errorf("GPG Read message failed: %v", err)
	}
	plain, err := ioutil.ReadAll(md.UnverifiedBody)
	if err != nil {
		return nil, err
	}
	return plain, nil
}
Example #19
0
func (pkr PassphraseKeyring) ReadMessage(r io.Reader, keyring openpgp.KeyRing, prompt interface{}, config *packet.Config) (md *openpgp.MessageDetails, err error) {
	var handler Prompter
	switch t := prompt.(type) {
	case Prompter:
		handler = t
	case openpgp.PromptFunction:
		handler = NewPrompter(t)
	}

	if handler == nil {
		handler = pkr.Prompt
	}

	p := &passphrase{
		Keyring: pkr.Keyring,
		handler: handler,
		tried:   make(map[uint64]struct{}),
	}
	return openpgp.ReadMessage(r, keyring, p.check, config)
}
Example #20
0
// Decrypt an encrypted msg.
func (obj *PGP) Decrypt(encString string) (string, error) {
	entityList := openpgp.EntityList{obj.Entity}

	// decode the base64 string
	dec, err := base64.StdEncoding.DecodeString(encString)
	if err != nil {
		return "", errwrap.Wrapf(err, "fail at decoding encrypted string")
	}

	// decrypt it with the contents of the private key
	md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), entityList, nil, nil)
	if err != nil {
		return "", errwrap.Wrapf(err, "can't read message")
	}

	bytes, err := ioutil.ReadAll(md.UnverifiedBody)
	if err != nil {
		return "", errwrap.Wrapf(err, "can't read unverified body")
	}
	return string(bytes), nil
}
Example #21
0
// Deocde decodes data using the secconf codec.
func Decode(data []byte, secertKeyring io.Reader) ([]byte, error) {
	decoder := base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(data))
	entityList, err := openpgp.ReadArmoredKeyRing(secertKeyring)
	if err != nil {
		return nil, err
	}
	md, err := openpgp.ReadMessage(decoder, entityList, nil, nil)
	if err != nil {
		return nil, err
	}
	gzReader, err := gzip.NewReader(md.UnverifiedBody)
	if err != nil {
		return nil, err
	}
	defer gzReader.Close()
	bytes, err := ioutil.ReadAll(gzReader)
	if err != nil {
		return nil, err
	}
	return bytes, nil
}
Example #22
0
// DecryptData decrypts data using OpenPGP decryption.
func DecryptData(input []byte, password string) []byte {
	inputReader := bytes.NewReader(input)

	tried := false

	md, err := openpgp.ReadMessage(inputReader, nil, func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		if tried {
			return nil, errors.New("invalid password")
		}

		tried = true
		return []byte(password), nil
	}, nil)

	PanicIfErr(err)

	output, err := ioutil.ReadAll(md.UnverifiedBody)

	PanicIfErr(err)

	return output
}
Example #23
0
// UntrustedSignatureContents returns UNTRUSTED contents of the signature WITHOUT ANY VERIFICATION,
// along with a short identifier of the key used for signing.
// WARNING: The short key identifier (which correponds to "Key ID" for OpenPGP keys)
// is NOT the same as a "key identity" used in other calls ot this interface, and
// the values may have no recognizable relationship if the public key is not available.
func (m gpgSigningMechanism) UntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error) {
	// This uses the Golang-native OpenPGP implementation instead of gpgme because we are not doing any cryptography.
	md, err := openpgp.ReadMessage(bytes.NewReader(untrustedSignature), openpgp.EntityList{}, nil, nil)
	if err != nil {
		return nil, "", err
	}
	if !md.IsSigned {
		return nil, "", errors.New("The input is not a signature")
	}
	content, err := ioutil.ReadAll(md.UnverifiedBody)
	if err != nil {
		// Coverage: An error during reading the body can happen only if
		// 1) the message is encrypted, which is not our case (and we don’t give ReadMessage the key
		// to decrypt the contents anyway), or
		// 2) the message is signed AND we give ReadMessage a correspnding public key, which we don’t.
		return nil, "", err
	}

	// Uppercase the key ID for minimal consistency with the gpgme-returned fingerprints
	// (but note that key ID is a suffix of the fingerprint only for V4 keys, not V3)!
	return content, strings.ToUpper(fmt.Sprintf("%016X", md.SignedByKeyId)), nil
}
Example #24
0
// DecryptMessage is largely from
// http://chiselapp.com/user/loser/repository/auricular/artifact/e14b57f441816f449105d201e7fb429f76907c65
func DecryptMessage(recipient, cipher string) (fromId uint64, msg string, err error) {
	// if DEBUG { log.Printf("Within decryptMessage: cipher == %v\n", cipher) }
	r := bytes.NewBufferString(cipher)
	// r := strings.NewReader(cipher)
	block, err := armor.Decode(r)
	if err != nil {
		return 0, "", fmt.Errorf("Error decrypting message: %v", err)
	}

	if DEBUG {
		log.Printf("Getting entity from private keyring\n")
	}
	myPrivateKey, err := GetEntityFrom(recipient, PRIVATE_KEYRING_FILENAME)
	if err != nil {
		return 0, "", fmt.Errorf("Error getting private key for %s: %v",
			recipient, err)
	}
	entities := openpgp.EntityList([]*openpgp.Entity{myPrivateKey})
	if DEBUG {
		log.Printf("Got entities\n")
	}
	details, err := openpgp.ReadMessage(block.Body, entities, nil, nil)
	if err != nil {
		return 0, "", fmt.Errorf("Error reading message block body: %v", err)
	}

	// Read the message body
	if DEBUG {
		log.Printf("Reading raw message body\n")
	}
	raw, err := ioutil.ReadAll(details.UnverifiedBody)
	if err != nil {
		return 0, "", fmt.Errorf("Error reading decrypted message body: %v",
			err)
	}
	return details.SignedByKeyId, string(raw), nil
}
Example #25
0
File: sec.go Project: tslnc04/go-1
// Make sure to pass in a passphrase to prevent interactive prompt.
func Decrypt(e string, p []byte) (string, error) {
	if len(p) <= 0 {
		p = PrivatePrompt(c.R + "Oh really? " + c.X)
		cached_passphrase = p
	}
	b := bytes.NewBufferString(PrivKey())
	ring, err := openpgp.ReadArmoredKeyRing(b)
	if err != nil {
		return "", err
	}
	first := ring[0]
	if first.PrivateKey != nil && first.PrivateKey.Encrypted {
		err := first.PrivateKey.Decrypt(p)
		if err != nil {
			return "", err
		}
	}
	for _, subkey := range first.Subkeys {
		if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
			subkey.PrivateKey.Decrypt(p)
		}
	}
	dec, err := base64.StdEncoding.DecodeString(e)
	if err != nil {
		return "", err
	}
	md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), ring, nil, nil)
	if err != nil {
		return "", err
	}
	bytes, err := ioutil.ReadAll(md.UnverifiedBody)
	if err != nil {
		return "", err
	}
	return string(bytes), nil
}
Example #26
0
func (ctx *SecureContext) DecryptFile(filePath string) (*openpgp.MessageDetails, error) {
	secfile, err := os.Open(filePath)
	if err != nil {
		return nil, err
	}

	block, err := armor.Decode(secfile)
	if err != nil {
		return nil, err
	}

	promptCallback := func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		for _, k := range keys {
			err := k.PrivateKey.Decrypt([]byte(ctx.Password))
			if err != nil {
				return nil, err
			}
			return nil, nil
		}
		return nil, errors.New("invalid password or no private key")
	}

	return openpgp.ReadMessage(block.Body, ctx.PrivateRing, promptCallback, nil)
}
Example #27
0
File: openpgp.go Project: bndw/pick
// decrypt uses PGP to decrypt symmetrically encrypted and armored text
// with the provided password.
func (c *OpenPGPClient) Decrypt(ciphertext []byte, password []byte) (plaintext []byte, err error) {
	decbuf := bytes.NewBuffer(ciphertext)

	armorBlock, err := armor.Decode(decbuf)
	if err != nil {
		return
	}

	failed := false
	prompt := func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		// If the given passphrase isn't correct, the function will be called again, forever.
		// This method will fail fast.
		// Ref: https://godoc.org/golang.org/x/crypto/openpgp#PromptFunction
		if failed {
			return nil, &errors.SafeDecryptionFailed{}
		}

		failed = true

		return password, nil
	}

	md, err := openpgp.ReadMessage(armorBlock.Body, nil, prompt, c.packetConfig)

	if err != nil {
		return
	}

	decryptedBuf, err := ioutil.ReadAll(md.UnverifiedBody)
	if err != nil {
		return
	}

	plaintext = decryptedBuf
	return
}
Example #28
0
func parseDecryptAndTestUnsealKeys(t *testing.T,
	input, rootToken string,
	fingerprints bool,
	backupKeys map[string][]string,
	core *vault.Core) {
	decoder := base64.StdEncoding
	priv1Bytes, err := decoder.DecodeString(privKey1)
	if err != nil {
		t.Fatalf("Error decoding bytes for private key 1: %s", err)
	}
	priv2Bytes, err := decoder.DecodeString(privKey2)
	if err != nil {
		t.Fatalf("Error decoding bytes for private key 2: %s", err)
	}
	priv3Bytes, err := decoder.DecodeString(privKey3)
	if err != nil {
		t.Fatalf("Error decoding bytes for private key 3: %s", err)
	}

	privBytes := [][]byte{
		priv1Bytes,
		priv2Bytes,
		priv3Bytes,
	}

	var re *regexp.Regexp
	if fingerprints {
		re, err = regexp.Compile("\\s*Key\\s+\\d+\\s+fingerprint:\\s+([0-9a-fA-F]+);\\s+value:\\s+(.*)")
	} else {
		re, err = regexp.Compile("\\s*Key\\s+\\d+:\\s+(.*)")
	}
	if err != nil {
		t.Fatalf("Error compiling regex: %s", err)
	}
	matches := re.FindAllStringSubmatch(input, -1)
	if len(matches) != 3 {
		t.Fatalf("Unexpected number of keys returned, got %d, matches was \n\n%#v\n\n, input was \n\n%s\n\n", len(matches), matches, input)
	}

	encodedKeys := []string{}
	matchedFingerprints := []string{}
	for _, tuple := range matches {
		if fingerprints {
			if len(tuple) != 3 {
				t.Fatalf("Key not found: %#v", tuple)
			}
			matchedFingerprints = append(matchedFingerprints, tuple[1])
			encodedKeys = append(encodedKeys, tuple[2])
		} else {
			if len(tuple) != 2 {
				t.Fatalf("Key not found: %#v", tuple)
			}
			encodedKeys = append(encodedKeys, tuple[1])
		}
	}

	if backupKeys != nil && len(matchedFingerprints) != 0 {
		testMap := map[string][]string{}
		for i, v := range matchedFingerprints {
			testMap[v] = append(testMap[v], encodedKeys[i])
			sort.Strings(testMap[v])
		}
		if !reflect.DeepEqual(testMap, backupKeys) {
			t.Fatalf("test map and backup map do not match, test map is\n%#v\nbackup map is\n%#v", testMap, backupKeys)
		}
	}

	unsealKeys := []string{}
	ptBuf := bytes.NewBuffer(nil)
	for i, keyHex := range privBytes {
		if i > 2 {
			break
		}
		ptBuf.Reset()
		entity, err := openpgp.ReadEntity(packet.NewReader(bytes.NewBuffer(keyHex)))
		if err != nil {
			t.Fatalf("Error parsing private key %d: %s", i, err)
		}
		keyBytes, err := hex.DecodeString(encodedKeys[i])
		if err != nil {
			t.Fatalf("Error hex-decoding key %d: %s", i, err)
		}
		entityList := &openpgp.EntityList{entity}
		md, err := openpgp.ReadMessage(bytes.NewBuffer(keyBytes), entityList, nil, nil)
		if err != nil {
			t.Fatalf("Error decrypting with key %d (%s): %s", i, encodedKeys[i], err)
		}
		ptBuf.ReadFrom(md.UnverifiedBody)
		unsealKeys = append(unsealKeys, ptBuf.String())
	}

	err = core.Seal(rootToken)
	if err != nil {
		t.Fatalf("Error sealing vault with provided root token: %s", err)
	}

	for i, unsealKey := range unsealKeys {
		unsealBytes, err := hex.DecodeString(unsealKey)
		if err != nil {
			t.Fatalf("Error hex decoding unseal key %s: %s", unsealKey, err)
		}
		unsealed, err := core.Unseal(unsealBytes)
		if err != nil {
			t.Fatalf("Error using unseal key %s: %s", unsealKey, err)
		}
		if i >= 2 && !unsealed {
			t.Fatalf("Error: Provided two unseal keys but core is not unsealed")
		}
	}

}
Example #29
0
func main() {
	log.SetFlags(log.Ldate | log.Ltime | log.Lshortfile)

	// Parse the flags
	flag.Parse()

	// Open the private key file
	privateKeyFile, err := os.Open(*privateKey)
	if err != nil {
		log.Fatal(err)
	}

	// Parse the file
	keyring, err := openpgp.ReadArmoredKeyRing(privateKeyFile)
	if err != nil {
		log.Fatal(err)
	}

	for _, key := range keyring {
		if key.PrivateKey != nil && key.PrivateKey.Encrypted {
			if err := key.PrivateKey.Decrypt([]byte(*password)); err != nil {
				log.Fatal(err)
			}
		}

		if key.Subkeys != nil {
			for _, subkey := range key.Subkeys {
				if err := subkey.PrivateKey.Decrypt([]byte(*password)); err != nil {
					log.Fatal(err)
				}
			}
		}
	}

	// Open the email file
	emailFile, err := os.Open(*input)
	if err != nil {
		log.Fatal(err)
	}

	// Parse the email
	rootEmail, err := mail.ReadMessage(emailFile)
	if err != nil {
		log.Fatal(err)
	}

	// Print some data
	fmt.Print("Original headers:\n")
	for key, values := range rootEmail.Header {
		fmt.Printf("\t%s: %v\n", key, strings.Join(values, ", "))
	}

	// Get the Content-Type
	contentType := rootEmail.Header.Get("content-type")

	// Get the boundary
	mediaType, params, err := mime.ParseMediaType(contentType)
	if err != nil {
		log.Fatal(err)
	}

	// Parse the body
	if !strings.HasPrefix(mediaType, "multipart/") {
		log.Fatal("Email isn't multipart")
	}

	// Find the manifest and decode it
	var man *manifest.Manifest

	rootBody, err := ioutil.ReadAll(rootEmail.Body)
	if err != nil {
		log.Fatal(err)
	}

	// Create a new multipart reader
	rootReader := multipart.NewReader(bytes.NewReader(rootBody), params["boundary"])
	for {
		part, err := rootReader.NextPart()
		if err == io.EOF {
			break
		}
		if err != nil {
			log.Fatal(err)
		}

		// Add the header as this library is weird
		header := ""
		for key, values := range part.Header {
			header += key + ": " + strings.Join(values, ", ") + "\n"
		}

		body, err := ioutil.ReadAll(part)
		if err != nil {
			log.Fatal(err)
		}

		body = append([]byte(header+"\n\n"), body...)

		// Parse the email
		email, err := mail.ReadMessage(bytes.NewReader(body))
		if err != nil {
			log.Fatal(err)
		}

		mediaType, _, err := mime.ParseMediaType(email.Header.Get("content-type"))
		if err != nil {
			log.Fatal(err)
		}

		// We found the body
		if mediaType == "application/x-pgp-manifest+json" {
			block, err := armor.Decode(email.Body)
			if err != nil {
				log.Fatal(err)
			}

			body, err := ioutil.ReadAll(block.Body)
			if err != nil {
				log.Fatal(err)
			}

			md, err := openpgp.ReadMessage(bytes.NewReader(body), keyring, nil, nil)
			if err != nil {
				log.Fatal(err)
			}

			cleartext, err := ioutil.ReadAll(md.UnverifiedBody)
			if err != nil {
				log.Fatal(err)
			}

			m, err := manifest.Parse(cleartext)
			if err != nil {
				log.Fatal(err)
			}

			man = m

			// Show manifest data
			fmt.Print("Manifest headers:\n")
			for key, value := range man.Headers {
				fmt.Printf("\t%s: %s\n", key, value)
			}
			fmt.Print("Email parts in the manifest:\n")
			for _, part := range man.Parts {
				fmt.Printf("\t- Hash: %s\n", part.Hash)
				fmt.Printf("\t  ID: %s\n", part.ID)
				if part.Filename != "" {
					fmt.Printf("\t  Filename: %s\n", part.Filename)
				}
			}

			break
		}
	}

	rootReader = multipart.NewReader(bytes.NewReader(rootBody), params["boundary"])
	for {
		part, err := rootReader.NextPart()
		if err == io.EOF {
			break
		}
		if err != nil {
			log.Fatal(err)
		}

		// Add the header as this library is weird
		header := ""
		for key, values := range part.Header {
			header += key + ": " + strings.Join(values, ", ") + "\n"
		}

		body, err := ioutil.ReadAll(part)
		if err != nil {
			log.Fatal(err)
		}

		body = append([]byte(header+"\n\n"), body...)

		// Parse the email
		email, err := mail.ReadMessage(bytes.NewReader(body))
		if err != nil {
			log.Fatal(err)
		}

		mediaType, params, err := mime.ParseMediaType(email.Header.Get("content-type"))
		if err != nil {
			log.Print(email.Header.Get("content-type"))
			log.Fatal(err)
		}

		if mediaType == "multipart/alternative" {
			bodyReader := multipart.NewReader(bytes.NewReader(body), params["boundary"])
			for {
				part, err := bodyReader.NextPart()
				if err == io.EOF {
					break
				}
				if err != nil {
					log.Fatal(err)
				}

				// Add the header as this library is weird
				header := ""
				for key, values := range part.Header {
					header += key + ": " + strings.Join(values, ", ")
				}

				body, err := ioutil.ReadAll(part)
				if err != nil {
					log.Fatal(err)
				}

				body = append([]byte(header+"\n\n"), body...)

				// Parse the part
				email, err := mail.ReadMessage(bytes.NewReader(body))
				if err != nil {
					log.Fatal(err)
				}

				// Parse the content type
				mediaType, _, err := mime.ParseMediaType(email.Header.Get("content-type"))
				if err != nil {
					log.Fatal(err)
				}

				if mediaType == "application/pgp-encrypted" {
					block, err := armor.Decode(email.Body)
					if err != nil {
						log.Fatal(err)
					}

					body, err := ioutil.ReadAll(block.Body)
					if err != nil {
						log.Fatal(err)
					}

					md, err := openpgp.ReadMessage(
						bytes.NewReader(body),
						keyring,
						nil,
						nil,
					)
					if err != nil {
						log.Fatal(err)
					}

					cleartext, err := ioutil.ReadAll(md.UnverifiedBody)
					if err != nil {
						log.Fatal(err)
					}

					// Find body definition
					var bodyPart *manifest.Part
					for _, part := range man.Parts {
						if part.ID == "body" {
							bodyPart = part
						}
					}

					bodyHash := sha256.Sum256(cleartext)
					if bodyPart.Hash != hex.EncodeToString(bodyHash[:]) {
						log.Fatal("Email's body has an invalid checksum")
					}

					fmt.Print("Email's body:\n")
					for _, line := range strings.Split(string(cleartext), "\n") {
						fmt.Printf("\t%s\n", line)
					}
				}
			}
		} else if mediaType != "application/x-pgp-manifest+json" {
			contentDisposition := email.Header.Get("Content-Disposition")
			filenameIndex := strings.Index(contentDisposition, `filename="`)
			if filenameIndex == -1 {
				continue
			}

			postFilename := contentDisposition[filenameIndex+10:]
			quoteIndex := strings.Index(postFilename, `"`)
			if quoteIndex == -1 {
				continue
			}

			filename := postFilename[:quoteIndex]
			extension := filepath.Ext(filename)

			if extension != ".pgp" {
				continue
			}

			id := filename[:len(filename)-len(extension)]

			// look up filename against the deps
			var part *manifest.Part
			for _, part2 := range man.Parts {
				if part2.ID == id {
					part = part2
				}
			}

			if part == nil {
				continue
			}

			block, err := armor.Decode(email.Body)
			if err != nil {
				continue
			}

			body, err := ioutil.ReadAll(block.Body)
			if err != nil {
				log.Fatal(err)
			}

			md, err := openpgp.ReadMessage(bytes.NewReader(body), keyring, nil, nil)
			if err != nil {
				log.Fatal(err)
			}

			cleartext, err := ioutil.ReadAll(md.UnverifiedBody)
			if err != nil {
				log.Fatal(err)
			}

			bodyHash := sha256.Sum256(cleartext)
			if part.Hash != hex.EncodeToString(bodyHash[:]) {
				log.Fatal("Attachment's body has an invalid checksum")
			}

			fmt.Printf("Attachment %s:\n", id)
			fmt.Printf("\tFilename: %s\n", part.Filename)
			fmt.Printf("\tContent type: %s\n", part.ContentType)
			fmt.Print("\tBody:\n")
			for _, line := range strings.Split(string(cleartext), "\n") {
				fmt.Printf("\t\t%s\n", line)
			}
		}
	}
}
Example #30
0
func Decrypt(privateKeyFileName string, readPass readPasswordCallback, publicKeyFileName string, file string) (err error) {

	if filepath.Ext(file) != ".pgp" {
		return fmt.Errorf("quickpgp: filename to decrypt must end in .pgp")
	}

	var signer openpgp.EntityList
	if signer, err = readPublicKeyFile(publicKeyFileName); err != nil {
		return err
	}

	var recipient *openpgp.Entity
	if recipient, err = readPrivateKeyFile(privateKeyFileName, readPass); err != nil {
		return err
	}
	if recipient == nil {
		return fmt.Errorf("quickpgp: unable to read %s", privateKeyFileName)
	}

	var keyring openpgp.EntityList
	keyring = append(keyring, signer[0])
	keyring = append(keyring, recipient)

	var cipherTextFile *os.File
	if cipherTextFile, err = os.Open(file); err != nil {
		return err
	}
	defer cipherTextFile.Close()

	var cipherText io.Reader
	if p, err := armor.Decode(cipherTextFile); err == nil {
		cipherText = p.Body
	} else {
		if _, err = cipherTextFile.Seek(0, 0); err != nil {
			return err
		}
		cipherText = cipherTextFile
	}

	var md *openpgp.MessageDetails
	if md, err = openpgp.ReadMessage(cipherText, keyring, nil, nil); err != nil {
		return err
	}

	var cwd string
	if cwd, err = os.Getwd(); err != nil {
		return err
	}
	var plainTextOutput *os.File
	if plainTextOutput, err = ioutil.TempFile(cwd, ".quickpgp."); err != nil {
		return err
	}
	var cleanExit bool
	defer func() {
		if !cleanExit {
			_ = os.Remove(plainTextOutput.Name())
		}
	}()

	_, err = io.Copy(plainTextOutput, md.UnverifiedBody)
	if err != nil {
		return err
	}
	plainTextOutput.Close()
	if md.SignatureError != nil {
		return md.SignatureError
	}
	if md.Signature == nil {
		return openpgperrors.ErrUnknownIssuer
	}

	bareFilename := strings.TrimSuffix(file, filepath.Ext(file))
	if len(md.LiteralData.FileName) != 0 && md.LiteralData.FileName != bareFilename {
		fmt.Fprintf(os.Stderr, "quickpgp: suggested filename \"%s\"\n", md.LiteralData.FileName)
	}
	var finalFilename string
	if _, err := os.Stat(bareFilename); os.IsNotExist(err) {
		finalFilename = bareFilename
	} else {
		finalFilename = fmt.Sprintf("%s.%X", bareFilename, uint32(md.SignedByKeyId&0xffffffff))
		fmt.Fprintf(os.Stderr, "quickpgp: \"%s\" exists, writing to \"%s\"\n", bareFilename, finalFilename)
	}

	err = os.Rename(plainTextOutput.Name(), finalFilename)
	if err == nil {
		cleanExit = true
	}
	return err
}