Exemple #1
0
// Run starts the engine.
func (e *PGPDecrypt) Run(ctx *Context) (err error) {
	e.G().Log.Debug("+ PGPDecrypt::Run")
	defer func() {
		e.G().Log.Debug("- PGPDecrypt::Run %s", err)
	}()

	e.G().Log.Debug("| ScanKeys")

	sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G())
	if err != nil {
		return err
	}
	e.G().Log.Debug("| PGPDecrypt")
	e.signStatus, err = libkb.PGPDecrypt(e.arg.Source, e.arg.Sink, sk)
	if err != nil {
		return err
	}

	e.G().Log.Debug("| Sink Close")
	if err = e.arg.Sink.Close(); err != nil {
		return err
	}

	e.owner = sk.Owner()

	if len(e.arg.SignedBy) > 0 {
		e.arg.AssertSigned = true
	}
	if !e.arg.AssertSigned {
		e.G().Log.Debug("Not checking signature status (AssertSigned == false)")
		return nil
	}

	e.G().Log.Debug("PGPDecrypt: signStatus: %+v", e.signStatus)

	if !e.signStatus.IsSigned {
		return libkb.BadSigError{E: "no signature in message"}
	}
	if !e.signStatus.Verified {
		return e.signStatus.SignatureError
	}

	e.G().Log.Debug("| checkSignedBy")
	if err = e.checkSignedBy(ctx); err != nil {
		return err
	}

	if e.signStatus.Entity == nil {
		return libkb.NoKeyError{Msg: fmt.Sprintf("In signature verification: no public key found for PGP ID %x", e.signStatus.KeyID)}
	}

	bundle := libkb.NewPGPKeyBundle(e.signStatus.Entity)
	OutputSignatureSuccess(ctx, bundle.GetFingerprint(), e.owner, e.signStatus.SignatureTime)
	return nil
}
Exemple #2
0
func sigVer(ss *libkb.SignatureStatus, owner *libkb.User) keybase1.PGPSigVerification {
	var res keybase1.PGPSigVerification
	if ss.IsSigned {
		res.IsSigned = ss.IsSigned
		res.Verified = ss.Verified
		if owner != nil {
			signer := owner.Export()
			if signer != nil {
				res.Signer = *signer
			}
		}
		if ss.Entity != nil {
			bundle := libkb.NewPGPKeyBundle(ss.Entity)
			res.SignKey = bundle.Export()
		}
	}
	return res
}
Exemple #3
0
// Run starts the engine.
func (e *PGPDecrypt) Run(ctx *Context) (err error) {
	defer e.G().Trace("PGPDecrypt::Run", func() error { return err })()

	e.G().Log.Debug("| ScanKeys")
	sk, err := NewScanKeys(ctx.SecretUI, e.G())
	if err != nil {
		return err
	}
	e.G().Log.Debug("| PGPDecrypt")
	e.signStatus, err = libkb.PGPDecrypt(e.G(), e.arg.Source, e.arg.Sink, sk)
	if err != nil {
		return err
	}

	e.G().Log.Debug("| Sink Close")
	if err = e.arg.Sink.Close(); err != nil {
		return err
	}

	e.owner = sk.Owner()

	if len(e.arg.SignedBy) > 0 {
		e.arg.AssertSigned = true
	}

	if !e.signStatus.IsSigned {
		if !e.arg.AssertSigned {
			return nil
		}
		return libkb.BadSigError{E: "no signature in message"}
	}
	if !e.signStatus.Verified {
		return e.signStatus.SignatureError
	}

	// message is signed and verified

	if len(e.arg.SignedBy) > 0 {
		// identify the SignedBy assertion
		arg := NewIdentifyArg(e.arg.SignedBy, false, false)
		eng := NewIdentify(arg, e.G())
		if err := RunEngine(eng, ctx); err != nil {
			return err
		}
		signByUser := eng.User()
		if signByUser == nil {
			// this shouldn't happen (engine should return an error in this state)
			// but just in case:
			return libkb.ErrNilUser
		}

		if !signByUser.Equal(e.owner) {
			return libkb.BadSigError{
				E: fmt.Sprintf("Signer %q did not match signed by assertion %q", e.owner.GetName(), e.arg.SignedBy),
			}
		}
	} else {
		// identify the signer
		arg := NewIdentifyArg(e.owner.GetName(), false, false)
		eng := NewIdentify(arg, e.G())
		if err := RunEngine(eng, ctx); err != nil {
			return err
		}
	}

	if e.signStatus.Entity == nil {
		return libkb.NoKeyError{Msg: fmt.Sprintf("In signature verification: no public key found for PGP ID %x", e.signStatus.KeyID)}
	}

	bundle := libkb.NewPGPKeyBundle(e.G(), e.signStatus.Entity)
	OutputSignatureSuccess(ctx, bundle.GetFingerprint(), e.owner, e.signStatus.SignatureTime)
	return nil
}