func (e *Kex2Provisionee) saveKeys() error {
_, err := libkb.WriteLksSKBToKeyring(e.eddsa, e.lks, nil)
if err != nil {
return err
}
_, err = libkb.WriteLksSKBToKeyring(e.dh, e.lks, nil)
if err != nil {
return err
}
return nil
}
func (e *loginProvision) tryGPG(ctx *Context) error {
key, method, err := e.chooseGPGKeyAndMethod(ctx)
if err != nil {
return err
}
// depending on the method, get a signing key
var signingKey libkb.GenericKey
switch method {
case keybase1.GPGMethod_GPG_IMPORT:
signingKey, err = e.gpgImportKey(ctx, key.GetFingerprint())
if err != nil {
// there was an error importing the key.
// so offer to switch to using gpg to sign
// the provisioning statement:
signingKey, err = e.switchToGPGSign(ctx, key, err)
if err != nil {
return err
}
method = keybase1.GPGMethod_GPG_SIGN
}
case keybase1.GPGMethod_GPG_SIGN:
signingKey, err = e.gpgSignKey(ctx, key.GetFingerprint())
if err != nil {
return err
}
default:
return fmt.Errorf("invalid gpg provisioning method: %v", method)
}
// After obtaining login session, this will be called before the login state is released.
// It signs this new device with the selected gpg key.
var afterLogin = func(lctx libkb.LoginContext) error {
ctx.LoginContext = lctx
if err := e.makeDeviceKeysWithSigner(ctx, signingKey); err != nil {
return err
}
if err := lctx.LocalSession().SetDeviceProvisioned(e.G().Env.GetDeviceID()); err != nil {
// not a fatal error, session will stay in memory
e.G().Log.Warning("error saving session file: %s", err)
}
if method == keybase1.GPGMethod_GPG_IMPORT {
// store the key in lksec
_, err := libkb.WriteLksSKBToKeyring(e.G(), signingKey, e.lks, lctx)
if err != nil {
e.G().Log.Warning("error saving exported gpg key in lksec: %s", err)
return err
}
}
return nil
}
// need a session to continue to provision
return e.G().LoginState().LoginWithPrompt(e.arg.User.GetName(), ctx.LoginUI, ctx.SecretUI, afterLogin)
}
func (e *PGPKeyImportEngine) saveLKS(ctx *Context) (err error) {
e.G().Log.Debug("+ PGPKeyImportEngine::saveLKS")
defer func() {
e.G().Log.Debug("- PGPKeyImportEngine::saveLKS -> %v", libkb.ErrToOk(err))
}()
lks := e.arg.Lks
if lks == nil {
lks, err = libkb.NewLKSForEncrypt(ctx.SecretUI, e.me.GetUID(), e.G())
if err != nil {
return err
}
}
_, err = libkb.WriteLksSKBToKeyring(e.bundle, lks, ctx.LoginContext)
return
}
// gpg attempts to provision the device via a gpg key.
func (e *LoginProvision) gpg(ctx *Context, method keybase1.ProvisionMethod) error {
var getKey func(*Context) (libkb.GenericKey, error)
switch method {
case keybase1.ProvisionMethod_GPG_SIGN:
getKey = e.chooseGPGKey
case keybase1.ProvisionMethod_GPG_IMPORT:
getKey = e.chooseAndExportGPGKey
default:
return fmt.Errorf("invalid gpg provisioning method: %v", method)
}
key, err := getKey(ctx)
if err != nil {
return err
}
e.G().Log.Debug("using gpg key %s", key.GetKID())
// After obtaining login session, this will be called before the login state is released.
// It signs this new device with the gpg key in bundle.
var afterLogin = func(lctx libkb.LoginContext) error {
ctx.LoginContext = lctx
if err := e.makeDeviceKeysWithSigner(ctx, key); err != nil {
return err
}
if err := lctx.LocalSession().SetDeviceProvisioned(e.G().Env.GetDeviceID()); err != nil {
// not a fatal error, session will stay in memory
e.G().Log.Warning("error saving session file: %s", err)
}
if method == keybase1.ProvisionMethod_GPG_IMPORT {
// store the key in lksec
_, err := libkb.WriteLksSKBToKeyring(e.G(), key, e.lks, lctx)
if err != nil {
e.G().Log.Warning("error saving exported gpg key in lksec: %s", err)
return err
}
}
return nil
}
// need a session to continue to provision
return e.G().LoginState().LoginWithPrompt(e.user.GetName(), ctx.LoginUI, ctx.SecretUI, afterLogin)
}
