func decryptSignedFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
if len(message) > 10 {
if bytes.Equal(message[:10], []byte("-----BEGIN")) {
p, _ := pem.Decode(message)
if p == nil {
return errors.New("failed to decode PEM file")
}
switch p.Type {
case public.EncryptedType:
message = p.Bytes
default:
return errors.New("invalid message")
}
}
}
out, ok := ks.DecryptAndVerify(cfg.Label, message)
if !ok {
return errors.New("decrypt failed")
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
return err
}
return nil
}
func decryptFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
var needVerify bool
if len(message) > 10 {
if bytes.Equal(message[:10], []byte("-----BEGIN")) {
p, _ := pem.Decode(message)
if p == nil {
return errors.New("failed to decode PEM file")
}
switch p.Type {
case public.EncryptedType:
message = p.Bytes
case public.SignedAndEncryptedType:
needVerify = true
message = p.Bytes
default:
return errors.New("invalid message")
}
}
}
var out []byte
var ok bool
if !needVerify {
out, ok = ks.Decrypt(message)
if !ok {
return errors.New("decrypt failed")
}
} else {
out, ok = ks.DecryptAndVerify(cfg.Label, message)
if !ok {
return errors.New("decrypt and verify failed")
}
fmt.Println("Valid signature.")
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
return err
}
return nil
}