func encryptOpenpgp(data io.Reader, recipient string, gpghome string) ([]byte, error) {
pubkeyfile, err := os.Open(fmt.Sprintf("%s%spubring.gpg", gpghome, string(os.PathSeparator)))
if err != nil {
fmt.Println("Failed to open pubring", err)
return nil, err
}
pubring, err := openpgp.ReadKeyRing(pubkeyfile)
if err != nil {
fmt.Println("Failed to open pubring", err)
return nil, err
}
pubkey := findKey(pubring, recipient)
buf := bytes.NewBuffer(nil)
w, _ := armor.Encode(buf, "PGP MESSAGE", nil)
plaintext, err := openpgp.Encrypt(w, []*openpgp.Entity{pubkey}, nil, nil, nil)
if err != nil {
return nil, err
}
//reader := bytes.NewReader(data)
_, err = io.Copy(plaintext, data)
plaintext.Close()
w.Close()
if err != nil {
return nil, err
}
return buf.Bytes(), nil
}
func processPublicKeyRing() (entity *openpgp.Entity, entitylist openpgp.EntityList) {
// TODO: Handle a specified recipient
// Get default public keyring location
usr, err := user.Current()
if err != nil {
log.Fatal(err)
}
jaegerPublicKeyRing := fmt.Sprintf("%v/.gnupg/jaeger_pubring.gpg", usr.HomeDir)
publicKeyRing := ""
if _, err := os.Stat(jaegerPublicKeyRing); err == nil {
publicKeyRing = jaegerPublicKeyRing
} else {
publicKeyRing = fmt.Sprintf("%v/.gnupg/pubring.gpg", usr.HomeDir)
}
debug.Printf("publicKeyRing file:", publicKeyRing)
publicKeyRingBuffer, err := os.Open(publicKeyRing)
if err != nil {
panic(err)
}
entitylist, err = openpgp.ReadKeyRing(publicKeyRingBuffer)
if err != nil {
log.Fatal(err)
}
entity = entitylist[0]
debug.Printf("Public key default keyring:", entity.Identities)
return entity, entitylist
}
func loadKeyring(keyringReader io.Reader) (openpgp.EntityList, error) {
entityList, err := openpgp.ReadKeyRing(keyringReader)
if err != nil {
return entityList, err
}
return entityList, nil
}
func LoadKeyring(path string) (openpgp.EntityList, error) {
if path == "" {
return nil, util.Errorf("no keyring configured")
}
f, err := os.Open(path)
if err != nil {
return nil, err
}
defer f.Close()
// Accept both ASCII-armored and binary encodings
keyring, err := openpgp.ReadArmoredKeyRing(f)
if err != nil && err.Error() == "openpgp: invalid argument: no armored data found" {
offset, seekErr := f.Seek(0, os.SEEK_SET)
if offset != 0 || seekErr != nil {
return nil, util.Errorf(
"couldn't seek to beginning, got %d %s",
offset,
seekErr,
)
}
keyring, err = openpgp.ReadKeyRing(f)
}
return keyring, err
}
func enc(i int, keyRingHex string, keyName string, isSigned bool, filename string, message string, passphraseS string) error {
kring, err := openpgp.ReadKeyRing(ReaderFromHex(keyRingHex))
if err != nil {
return err
}
return Encrypt(i, kring, keyName, isSigned, filename, message)
}
// Encode encodes data to a base64 encoded using the secconf codec.
// data is encrypted with all public keys found in the supplied keyring.
func Encode(data []byte, keyring io.Reader) ([]byte, error) {
entityList, err := openpgp.ReadKeyRing(keyring)
if err != nil {
return nil, err
}
return encode(data, entityList)
}
func checkGPGSig(fileName string, sigFileName string) error {
// Get a Reader for the signature file
sigFile, err := os.Open(sigFileName)
if err != nil {
return err
}
defer sigFile.Close()
// Get a Reader for the signature file
file, err := os.Open(fileName)
if err != nil {
return err
}
defer file.Close()
publicKeyBin, err := hex.DecodeString(publicKeyHex)
if err != nil {
return err
}
keyring, _ := openpgp.ReadKeyRing(bytes.NewReader(publicKeyBin))
_, err = openpgp.CheckDetachedSignature(keyring, file, sigFile)
return err
}
func (fe *FileEntityFetcher) FetchEntity(keyId string) (*openpgp.Entity, error) {
f, err := wkfs.Open(fe.File)
if err != nil {
return nil, fmt.Errorf("jsonsign: FetchEntity: %v", err)
}
defer f.Close()
el, err := openpgp.ReadKeyRing(f)
if err != nil {
return nil, fmt.Errorf("jsonsign: openpgp.ReadKeyRing of %q: %v", fe.File, err)
}
for _, e := range el {
pubk := &e.PrivateKey.PublicKey
if pubk.KeyIdString() != keyId {
continue
}
if e.PrivateKey.Encrypted {
if err := fe.decryptEntity(e); err == nil {
return e, nil
} else {
return nil, err
}
}
return e, nil
}
return nil, fmt.Errorf("jsonsign: entity for keyid %q not found in %q", keyId, fe.File)
}
func Insert(publicKeyringFile, keyName, fdir, name, pass string) error {
message := pass
filename := filepath.Join(fdir, fmt.Sprintf("%s.gpg", name))
_, err := os.Stat(filename)
if err != nil {
if !os.IsNotExist(err) {
return err
}
} else {
return fmt.Errorf("file %s exists", filename)
}
keyringFileBuffer, err := os.Open(publicKeyringFile)
if err != nil {
return err
}
defer func() {
err := keyringFileBuffer.Close()
if err != nil {
logrus.Errorf("Error closing file %s", err)
}
}()
kring, err := openpgp.ReadKeyRing(keyringFileBuffer)
if err != nil {
return err
}
err = Encrypt(0, kring, keyName, false, filename, message)
return err
}
func findKey(key string) (*openpgp.Entity, error) {
keyId, err := strconv.ParseUint(key, 16, 64)
if err != nil {
log.Printf("Unable to parse key '%s': %s\n", key, err)
return nil, &UnknownKey{key}
}
f, err := os.Open(KeyringFile)
if err != nil {
log.Printf("Failed to open keyring: %s\n", err)
return nil, err
}
defer f.Close()
el, err := openpgp.ReadKeyRing(f)
if err != nil {
log.Printf("Failed to read keyring: %s\n", err)
return nil, err
}
for _, entity := range el {
if entity.PrimaryKey.KeyId&0xFFFFFFFF == keyId {
return entity, nil
}
for _, key := range entity.Subkeys {
if key.PublicKey.KeyId&0xFFFFFFFF == keyId {
return entity, nil
}
}
}
return nil, &UnknownKey{key}
}
func processSecretKeyRing() (entity *openpgp.Entity, entitylist openpgp.EntityList) {
// Get default secret keyring location
usr, err := user.Current()
if err != nil {
log.Fatal(err)
}
jaegerSecretKeyRing := fmt.Sprintf("%v/.gnupg/jaeger_secring.gpg", usr.HomeDir)
secretKeyRing := ""
if _, err := os.Stat(jaegerSecretKeyRing); err == nil {
secretKeyRing = jaegerSecretKeyRing
} else {
secretKeyRing = fmt.Sprintf("%v/.gnupg/secring.gpg", usr.HomeDir)
}
debug.Printf("secretKeyRing file:", secretKeyRing)
secretKeyRingBuffer, err := os.Open(secretKeyRing)
if err != nil {
panic(err)
}
entitylist, err = openpgp.ReadKeyRing(secretKeyRingBuffer)
if err != nil {
log.Fatal(err)
}
entity = entitylist[0]
debug.Printf("Private key default keyring:", entity.Identities)
return entity, entitylist
}
func main() {
//NewEntity("hyg", "*****@*****.**", "secfile.key")
//return
pubringFile, _ := os.Open("path to public keyring")
defer pubringFile.Close()
pubring, _ := openpgp.ReadKeyRing(pubringFile)
//theirPublicKey := getKeyByEmail(pubring, "*****@*****.**")
theirPublicKey := getKeyByEmail(pubring, "*****@*****.**")
secringFile, _ := os.Open("path to private keyring")
defer secringFile.Close()
sevring, _ := openpgp.ReadKeyRing(secringFile)
myPrivateKey := getKeyByEmail(sevring, "*****@*****.**")
//theirPublicKey.Serialize(os.Stdout)
//myPrivateKey.Serialize(os.Stdout)
//myPrivateKey.SerializePrivate(os.Stdout, nil)
myPrivateKey.PrivateKey.Decrypt([]byte("passphrase"))
/*
// bug: have to input the correct passphrase at the first time
for myPrivateKey.PrivateKey.Encrypted {
fmt.Print("PGP passphrase: ")
pgppass := gopass.GetPasswd()
myPrivateKey.PrivateKey.Decrypt([]byte(pgppass))
if myPrivateKey.PrivateKey.Encrypted {
fmt.Println("Incorrect. Try again or press ctrl+c to exit.")
}
}
*/
var hint openpgp.FileHints
hint.IsBinary = false
hint.FileName = "_CONSOLE"
hint.ModTime = time.Now()
w, _ := armor.Encode(os.Stdout, "PGP MESSAGE", nil)
defer w.Close()
plaintext, _ := openpgp.Encrypt(w, []*openpgp.Entity{theirPublicKey}, myPrivateKey, &hint, nil)
defer plaintext.Close()
fmt.Fprintf(plaintext, "黄勇刚在熟悉OpenPGP代码\n")
}
func ReadKeyRing(keyRingName string) (openpgp.EntityList, error) {
keyfile, err := os.Open(keyRingName)
if err != nil {
return nil, err
}
defer keyfile.Close()
return openpgp.ReadKeyRing(keyfile)
}
func EncodeWith(data []byte, keyring io.Reader, f EntityFilter) ([]byte, error) {
entityList, err := openpgp.ReadKeyRing(keyring)
if err != nil {
return nil, err
}
return encode(data, f.Entities(entityList...))
}
func loadKeyRing(ringpath string) (openpgp.EntityList, error) {
f, err := os.Open(ringpath)
if err != nil {
return nil, err
}
defer f.Close()
return openpgp.ReadKeyRing(f)
}
func decryptOpenpgp(data io.Reader, gpghome string, pass []byte) (io.Reader, error) {
privkeyfile, err := os.Open(fmt.Sprintf("%s%ssecring.gpg", gpghome, string(os.PathSeparator)))
if err != nil {
fmt.Println("Failed to open secring", err)
return nil, err
}
privring, err := openpgp.ReadKeyRing(privkeyfile)
if err != nil {
fmt.Println("Failed to open secring", err)
return nil, err
}
//reader := bytes.NewReader(data)
//brk,_ := ioutil.ReadAll(data)
//fmt.Println("wtf",string(brk))
//fmt.Println("here is where eof panic")
block, err := armor.Decode(data)
if err != nil {
fmt.Println(err)
panic(err)
}
if len(pass) == 0 {
fmt.Fprintf(os.Stderr, "Password: "******"")
}
for _, entity := range privring {
if entity.PrivateKey != nil && entity.PrivateKey.Encrypted {
entity.PrivateKey.Decrypt(pass)
}
for _, subkey := range entity.Subkeys {
if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
subkey.PrivateKey.Decrypt(pass)
}
}
}
md, err := openpgp.ReadMessage(block.Body, privring, nil, nil)
if err != nil {
return nil, err
}
return md.UnverifiedBody, nil
//plaintext, err := ioutil.ReadAll(md.UnverifiedBody)
//if err != nil {
// panic(err)
// }
// return plaintext, nil
}
func Fuzz(data []byte) int {
r := bytes.NewBuffer(data)
_, err := openpgp.ReadKeyRing(r)
if err != nil {
return 0
}
return 1
}
// KeyRing reads a openpgp.KeyRing from the given io.Reader which may then be
// used to validate GPG keys in RPM packages.
func KeyRing(r io.Reader) (openpgp.KeyRing, error) {
// decode gpgkey file
p, err := armor.Decode(r)
if err != nil {
return nil, err
}
// extract keys
return openpgp.ReadKeyRing(p.Body)
}
func (key *MasterKey) loadRing(path string) (openpgp.EntityList, error) {
f, err := os.Open(path)
if err != nil {
return openpgp.EntityList{}, err
}
defer f.Close()
keyring, err := openpgp.ReadKeyRing(f)
if err != nil {
return keyring, err
}
return keyring, nil
}
// GetEntityFrom returns (OpenPGP) Entity values for the specified
// user's private or public key (from secring.gpg or pubring.gpg,
// respectively)
func GetEntityFrom(emailOrName, sourceFile string) (*openpgp.Entity, error) {
// Default case: sourceFile == PUBLIC_KEYRING_FILENAME
keyType := "public"
keyMap := pubkeys
if sourceFile == PRIVATE_KEYRING_FILENAME {
keyType = "private"
keyMap = privkeys
}
if key, ok := pubkeys[emailOrName]; ok {
if DEBUG {
log.Printf("Grabbed cached pubkey for %s\n", emailOrName)
}
return key, nil
}
ringFile, err := os.Open(sourceFile)
if err != nil {
return nil, fmt.Errorf("Error opening %s key file %s: %v",
keyType, sourceFile, err)
}
defer ringFile.Close()
ring, err := openpgp.ReadKeyRing(ringFile)
if err != nil {
return nil, fmt.Errorf("Error reading %s key file %s: %v",
keyType, sourceFile, err)
}
if DEBUG {
log.Printf("Grabbed %s key for %s off disk\n", keyType, emailOrName)
}
key := GetKeyByEmail(ring, emailOrName)
if key == nil {
key = GetKeyByName(ring, emailOrName)
}
if key == nil {
e := fmt.Errorf("Couldn't find key for user %s: %v", emailOrName, err)
return nil, e
}
// TODO: Is adding to this map this thread safe? Doesn't look
// like it. Should it be?
keyMap[emailOrName] = key
return key, nil
if sourceFile != PUBLIC_KEYRING_FILENAME && sourceFile != PRIVATE_KEYRING_FILENAME {
panic("GetEntityFrom: Asking for neither private nor public key???")
}
return nil, fmt.Errorf("This should never happen!!!\n")
}
func (ctx *SecureContext) ReadKeyRing() error {
secringPath, _ := expandPath(ctx.SecureRingPath)
privringFile, err := os.Open(secringPath)
if err != nil {
return err
}
defer privringFile.Close()
ctx.PrivateRing, err = openpgp.ReadKeyRing(privringFile)
if err != nil {
return err
}
pubringPath, _ := expandPath(ctx.PubRingPath)
pubringFile, err := os.Open(pubringPath)
if err != nil {
return err
}
defer pubringFile.Close()
ctx.PublicRing, err = openpgp.ReadKeyRing(pubringFile)
return err
}
func runSignImage(t *testing.T, imagePath string, keyIndex int) string {
// keys stored in tests/secring.gpg.
keyFingerprint := ""
switch keyIndex {
case 1:
keyFingerprint = "D9DCEF41"
case 2:
keyFingerprint = "585091E3"
default:
panic("unknown key")
}
secringFile, err := os.Open("./secring.gpg")
if err != nil {
t.Fatalf("Cannot open secring.gpg file: %v", err)
}
defer secringFile.Close()
entityList, err := openpgp.ReadKeyRing(secringFile)
if err != nil {
t.Fatalf("Failed to read secring.gpg file: %v", err)
}
var signingEntity *openpgp.Entity
for _, entity := range entityList {
if entity.PrivateKey.KeyIdShortString() == keyFingerprint {
signingEntity = entity
}
}
imageFile, err := os.Open(imagePath)
if err != nil {
t.Fatalf("Cannot open image file %s: %v", imagePath, err)
}
defer imageFile.Close()
ascPath := fmt.Sprintf("%s.asc", imagePath)
ascFile, err := os.Create(ascPath)
if err != nil {
t.Fatalf("Cannot create asc file %s: %v", ascPath, err)
}
defer ascFile.Close()
err = openpgp.ArmoredDetachSign(ascFile, signingEntity, imageFile, nil)
if err != nil {
t.Fatalf("Cannot create armored detached signature: %v", err)
}
return ascPath
}
func NewPGP() PGP {
gnupg := path.Join(os.Getenv("HOME"), ".gnupg")
// Keyring
keyringFileBuffer, err := os.Open(path.Join(gnupg, "secring.gpg"))
if err != nil {
log.Fatal(err)
}
privateEntities, err := openpgp.ReadKeyRing(keyringFileBuffer)
defer keyringFileBuffer.Close()
// Keyring
publicKeyringFile, err := os.Open(path.Join(gnupg, "pubring.gpg"))
if err != nil {
log.Fatal(err)
}
publicEntities, err := openpgp.ReadKeyRing(publicKeyringFile)
for _, entity := range publicEntities {
log.Println(entity)
}
defer publicKeyringFile.Close()
return PGP{privateEntities, publicEntities}
}
func newKeyring() (*keyring, error) {
data, err := hex.DecodeString(keyringHex)
if err != nil {
return nil, err
}
r := bytes.NewBuffer(data)
el, err := openpgp.ReadKeyRing(r)
if err != nil {
return nil, err
}
return &keyring{el: el}, nil
}
// KeyIdFromRing returns the public keyId contained in the secret
// ring file secRing. It expects only one keyId in this secret ring
// and returns an error otherwise.
func KeyIdFromRing(secRing string) (keyId string, err error) {
f, err := wkfs.Open(secRing)
if err != nil {
return "", fmt.Errorf("Could not open secret ring file %v: %v", secRing, err)
}
defer f.Close()
el, err := openpgp.ReadKeyRing(f)
if err != nil {
return "", fmt.Errorf("Could not read secret ring file %s: %v", secRing, err)
}
if len(el) != 1 {
return "", fmt.Errorf("Secret ring file %v contained %d identities; expected 1", secRing, len(el))
}
ent := el[0]
return ent.PrimaryKey.KeyIdShortString(), nil
}
func entityFromLocal(fileName string, fingerprint string) (*openpgp.Entity, error) {
path := os.Getenv("GNUPGHOME")
if len(path) == 0 {
return nil, fmt.Errorf("cound not find GNUPGHOME in ENV")
}
file, err := os.Open(filepath.Join(path, fileName))
if err != nil {
return nil, err
}
defer file.Close()
keyring, err := openpgp.ReadKeyRing(file)
if err != nil {
return nil, err
}
decoded, err := hex.DecodeString(fingerprint)
if err != nil {
return nil, err
}
if len(decoded) != 20 {
return nil, fmt.Errorf("the fingerprint is not 20 bytes")
}
var fp [20]byte
copy(fp[:], decoded[:20])
for _, entity := range keyring {
if entity.PrimaryKey.Fingerprint != fp {
continue
}
if entity != nil && entity.PrivateKey != nil && entity.PrivateKey.Encrypted {
if err := decryptEntity(entity); err != nil {
return nil, err
}
return entity, nil
}
return entity, nil
}
return nil, fmt.Errorf("entity for %s not found in %s", fingerprint, fileName)
}
func validKeyForUser(userid, email string, key []byte) (ok bool) {
el, err := openpgp.ReadKeyRing(bytes.NewBuffer(key))
if err != nil {
glog.Errorf("error reading keyring: %s", err)
return false
}
// Check that there's only one keypair included,
if len(el) != 1 {
glog.Errorf("Expected one entity, got %d.\n%+v", len(el), el)
return false
}
// that there's only one UID packet for the keypair,
identities := el[0].Identities
if len(identities) != 1 {
glog.Errorf("Expected one identity, got %d.\n%+v", len(identities), identities)
return false
}
var uidEmail string
for _, v := range identities {
// This loop will only execute once...
u := v.UserId
if u.Name != "" || u.Comment != "" {
glog.Errorf("too many fields filled (names and comments prohibited): got %+v", u)
return false
}
uidEmail = u.Email
if uidEmail == "" || uidEmail != email {
glog.Errorf("email address in identity did not agree with email address passed in: got %s, wanted %s", uidEmail, email)
return false
}
}
// and, finally,
// FIXME(OSS): authentication-mechanism-specific checks.
if userid == email {
err = nil
} else {
err = fmt.Errorf("userid != email")
}
if err != nil {
glog.Error(err)
return false
}
return true
}
func initCrypto() {
if *uploadEncryptTo == "" {
return
}
// If encrypting, the hashes are basically not known.
*uploadNoHash = true
f, err := os.Open(filepath.Join(gpgHome(), "pubring.gpg"))
if err != nil {
log.Fatalf("Can't open keyring: %v", err)
}
defer f.Close()
kl, err := openpgp.ReadKeyRing(f)
if err != nil {
log.Fatalf("Can't read keyring: %v", err)
}
keyids := strings.Split(*uploadEncryptTo, ",")
var hprefs, sprefs []uint8
for _, w := range keyids {
for _, e := range kl {
if e.PrimaryKey.KeyIdShortString() == w {
pi := primaryIdentity(e)
ss := pi.SelfSignature
hprefs = intersectPref(hprefs, ss.PreferredHash)
sprefs = intersectPref(sprefs, ss.PreferredSymmetric)
encryptKeys = append(encryptKeys, e)
}
}
}
if len(encryptKeys) != len(keyids) {
log.Fatalf("Couldn't find all keys")
}
if len(hprefs) == 0 {
log.Fatalf("No common hashes for encryption keys")
}
if len(sprefs) == 0 {
log.Fatalf("No common symmetric ciphers for encryption keys")
}
}
func publicKeyEntity(keyRing string, keyId string) (*openpgp.Entity, error) {
f, err := wkfs.Open(keyRing)
if err != nil {
return nil, fmt.Errorf("could not open keyRing %v: %v", keyRing, err)
}
defer f.Close()
el, err := openpgp.ReadKeyRing(f)
if err != nil {
return nil, err
}
for _, e := range el {
pubk := e.PrimaryKey
if pubk.KeyIdShortString() == keyId {
return e, nil
}
}
return nil, fmt.Errorf("keyId %v not found in %v", keyId, keyRing)
}
func secretKeyEntity(keyRing string, keyId string) (*openpgp.Entity, error) {
f, err := wkfs.Open(keyRing)
if err != nil {
return nil, fmt.Errorf("could not open keyRing %v: %v", keyRing, err)
}
defer f.Close()
el, err := openpgp.ReadKeyRing(f)
if err != nil {
return nil, err
}
for _, e := range el {
pubk := &e.PrivateKey.PublicKey
// TODO(mpl): decrypt private key if it is passphrase-encrypted
if pubk.KeyIdShortString() == keyId {
return e, nil
}
}
return nil, fmt.Errorf("keyId %v not found in %v", keyId, keyRing)
}
