func (ast *AuthorizedState) SignState(asciiPriKey string, pripwd string) (err error) {
stateString, err1 := ast.GetStateString()
if err1 != nil {
err = err1
return
}
//fmt.Println("StateString :", stateString)
var opBuf bytes.Buffer
var ipBuf bytes.Buffer
ipBuf.WriteString(stateString)
//func ArmoredDetachSignText(w io.Writer, signer *Entity,
//message io.Reader, config *packet.Config) error
_, priEnt, errGetPri := PrcIdSigner.GetPri(asciiPriKey, pripwd)
if errGetPri != nil {
err = errGetPri
return
}
err = openpgp.ArmoredDetachSign(&opBuf, &priEnt, &ipBuf, nil)
if err == nil {
//fmt.Println("Detached Signature = ", string(opBuf.Bytes()))
ast.AsciiSigOfState = string(opBuf.Bytes())
} else {
fmt.Println("Error While Signing State", err.Error())
}
return
//fmt.Println("Current State", ast)
}
func main() {
if len(os.Args) < 2 {
fmt.Printf("usage:\t%s <FINGERPRINT>\nex: \t%s 02699C276B60F27FC55C329968D63477A392B6FA\n",
os.Args[0], os.Args[0])
os.Exit(1)
}
keyid := os.Args[1]
data := "some random string to sign"
secringFile, err := os.Open(FindHomedir() + "/.gnupg/secring.gpg")
if err != nil {
panic(err)
}
defer secringFile.Close()
keyring, err := openpgp.ReadKeyRing(secringFile)
if err != nil {
err = fmt.Errorf("Keyring access failed: '%v'", err)
panic(err)
}
// find the entity in the keyring
var signer *openpgp.Entity
found := false
for _, entity := range keyring {
fingerprint := strings.ToUpper(hex.EncodeToString(entity.PrimaryKey.Fingerprint[:]))
fmt.Println("reading key with fingerprint", fingerprint)
if keyid == fingerprint {
signer = entity
found = true
fmt.Println("found a match")
break
}
}
if !found {
err = fmt.Errorf("No key found for ID '%s'", keyid)
panic(err)
}
// if private key is encrypted, attempt to decrypt it with the cached passphrase
// then try with an agent or by asking the user for a passphrase
if signer.PrivateKey.Encrypted {
// get private key passphrase
signer, err = decryptEntity(signer)
if err != nil {
panic(err)
}
}
// calculate signature
out := bytes.NewBuffer(nil)
message := bytes.NewBufferString(data)
err = openpgp.ArmoredDetachSign(out, signer, message, nil)
if err != nil {
err = fmt.Errorf("Signature failed: '%v'", err)
panic(err)
}
fmt.Printf("%s\n", out)
}
// Sign signs a string with a key identified by a key fingerprint or an email address
func Sign(data, keyid string, secringFile io.Reader) (sig string, err error) {
defer func() {
if e := recover(); e != nil {
err = fmt.Errorf("pgp.Sign(): %v", e)
}
}()
keyring, err := openpgp.ReadKeyRing(secringFile)
if err != nil {
err = fmt.Errorf("Keyring access failed: '%v'", err)
panic(err)
}
// find the entity in the keyring
var signer *openpgp.Entity
found := false
for _, entity := range keyring {
fingerprint := strings.ToUpper(hex.EncodeToString(entity.PrimaryKey.Fingerprint[:]))
for _, ident := range entity.Identities {
email := ident.UserId.Email
if keyid == fingerprint || keyid == email {
signer = entity
found = true
break
}
}
}
if !found {
err = fmt.Errorf("Signer '%s' not found", keyid)
panic(err)
}
// if private key is encrypted, attempt to decrypt it with the passphrase
if signer.PrivateKey.Encrypted {
// get private key passphrase
signer, err = decryptEntity(signer)
if err != nil {
panic(err)
}
}
// calculate signature
out := bytes.NewBuffer(nil)
message := bytes.NewBufferString(data)
err = openpgp.ArmoredDetachSign(out, signer, message, nil)
if err != nil {
err = fmt.Errorf("Signature failed: '%v'", err)
panic(err)
}
// convert the writer back to string
sig, err = deArmor(out.String())
if err != nil {
err = fmt.Errorf("Error converting signature to string: '%v'", err)
panic(err)
}
return
}
// signFile creates a GPG detached ASCII armored signature (.asc file) for a given file
// using the given key
func signFile(path string, ent *openpgp.Entity) {
sigpath := path + ".asc"
reader, err := os.Open(path)
if err != nil {
log.Fatal(err)
}
writer, err := os.Create(sigpath)
if err != nil {
log.Fatal(err)
}
openpgp.ArmoredDetachSign(writer, ent, reader, nil)
}
func SignFile(filename, output, key string) error {
entity, err := findKey(key)
if err != nil {
return err
}
in, err := os.Open(filename)
if err != nil {
return err
}
defer in.Close()
out, err := os.Create(output)
if err != nil {
return err
}
defer out.Close()
return openpgp.ArmoredDetachSign(out, entity, in, nil)
}
func (sr *SignRequest) Sign() (signedJSON string, err error) {
trimmedJSON := strings.TrimRightFunc(sr.UnsignedJSON, unicode.IsSpace)
// TODO: make sure these return different things
inputfail := func(msg string) (string, error) {
return "", errors.New(msg)
}
execfail := func(msg string) (string, error) {
return "", errors.New(msg)
}
jmap := make(map[string]interface{})
if err := json.Unmarshal([]byte(trimmedJSON), &jmap); err != nil {
return inputfail("json parse error")
}
camliSigner, hasSigner := jmap["camliSigner"]
if !hasSigner {
return inputfail("json lacks \"camliSigner\" key with public key blobref")
}
camliSignerStr, _ := camliSigner.(string)
signerBlob, ok := blob.Parse(camliSignerStr)
if !ok {
return inputfail("json \"camliSigner\" key is malformed or unsupported")
}
pubkeyReader, _, err := sr.Fetcher.Fetch(signerBlob)
if err != nil {
// TODO: not really either an inputfail or an execfail.. but going
// with exec for now.
return execfail(fmt.Sprintf("failed to find public key %s: %v", signerBlob.String(), err))
}
pubk, err := openArmoredPublicKeyFile(pubkeyReader)
pubkeyReader.Close()
if err != nil {
return execfail(fmt.Sprintf("failed to parse public key from blobref %s: %v", signerBlob.String(), err))
}
// This check should be redundant if the above JSON parse succeeded, but
// for explicitness...
if len(trimmedJSON) == 0 || trimmedJSON[len(trimmedJSON)-1] != '}' {
return inputfail("json parameter lacks trailing '}'")
}
trimmedJSON = trimmedJSON[0 : len(trimmedJSON)-1]
// sign it
entityFetcher := sr.EntityFetcher
if entityFetcher == nil {
file := sr.secretRingPath()
if file == "" {
return "", errors.New("jsonsign: no EntityFetcher, and no secret ring file defined.")
}
secring, err := wkfs.Open(sr.secretRingPath())
if err != nil {
return "", fmt.Errorf("jsonsign: failed to open secret ring file %q: %v", sr.secretRingPath(), err)
}
secring.Close() // just opened to see if it's readable
entityFetcher = &FileEntityFetcher{File: file}
}
signer, err := entityFetcher.FetchEntity(pubk.KeyIdString())
if err != nil {
return "", err
}
var buf bytes.Buffer
err = openpgp.ArmoredDetachSign(
&buf,
signer,
strings.NewReader(trimmedJSON),
&packet.Config{Time: func() time.Time { return sr.SignatureTime }},
)
if err != nil {
return "", err
}
output := buf.String()
index1 := strings.Index(output, "\n\n")
index2 := strings.Index(output, "\n-----")
if index1 == -1 || index2 == -1 {
return execfail("Failed to parse signature from gpg.")
}
inner := output[index1+2 : index2]
signature := strings.Replace(inner, "\n", "", -1)
return fmt.Sprintf("%s,\"camliSig\":\"%s\"}\n", trimmedJSON, signature), nil
}
// Sign signs a string with a key identified by a key fingerprint or an email address
func Sign(data, keyid string, secringFile io.Reader) (sig string, err error) {
defer func() {
if e := recover(); e != nil {
err = fmt.Errorf("pgp.Sign(): %v", e)
}
}()
keyring, err := openpgp.ReadKeyRing(secringFile)
if err != nil {
err = fmt.Errorf("Keyring access failed: '%v'", err)
panic(err)
}
// find the entity in the keyring
var signer *openpgp.Entity
found := false
for _, entity := range keyring {
if entity.PrivateKey == nil {
panic("secring contains entity without private key data")
}
fingerprint := strings.ToUpper(hex.EncodeToString(entity.PrivateKey.PublicKey.Fingerprint[:]))
if keyid == fingerprint {
signer = entity
found = true
break
}
}
if !found {
err = fmt.Errorf("Signer '%s' not found", keyid)
panic(err)
}
// if private key is encrypted, attempt to decrypt it with the cached passphrase
// then try with an agent or by asking the user for a passphrase
if signer.PrivateKey.Encrypted {
err = signer.PrivateKey.Decrypt([]byte(cachedPassphrase))
if err != nil {
var pass string
// get private key passphrase
signer, pass, err = decryptEntity(signer)
if err != nil {
panic(err)
}
if pass != "" {
cachedPassphrase = pass
}
}
}
// calculate signature
out := bytes.NewBuffer(nil)
message := bytes.NewBufferString(data)
err = openpgp.ArmoredDetachSign(out, signer, message, nil)
if err != nil {
err = fmt.Errorf("Signature failed: '%v'", err)
panic(err)
}
// convert the writer back to string
sig, err = deArmor(out.String())
if err != nil {
err = fmt.Errorf("Error converting signature to string: '%v'", err)
panic(err)
}
return
}
