Esempio n. 1
0
func verifySig(t *testing.T, keyFile, sigFile string) {
	var f *os.File
	var err error
	var b *armor.Block
	var p packet.Packet

	if f, err = os.Open(keyFile); err != nil {
		t.Fatal(err)
	}
	defer f.Close()

	if b, err = armor.Decode(f); err != nil {
		t.Fatal(err)
	}
	if p, err = packet.Read(b.Body); err != nil {
		t.Fatal(err)
	}

	priv, ok := p.(*packet.PrivateKey)
	if !ok {
		t.Fatal("couldn't parse private key")
	}

	if f, err = os.Open(sigFile); err != nil {
		t.Fatal(err)
	}
	defer f.Close()

	if b, err = armor.Decode(f); err != nil {
		t.Fatal(err)
	}
	if p, err = packet.Read(b.Body); err != nil {
		t.Fatal(err)
	}

	sig, ok := p.(*packet.Signature)
	if !ok {
		t.Fatal("couldn't parse signature")
	}

	signed := sig.Hash.New()
	signed.Write([]byte(msg))
	if err := priv.PublicKey.VerifySignature(signed, sig); err != nil {
		t.Fatal(err)
	}
}
Esempio n. 2
0
// runClearsign verifies a clearsign signature
func (e *PGPVerify) runClearsign(ctx *Context) error {
	// clearsign decode only works with the whole data slice, not a reader
	// so have to read it all here:
	msg, err := ioutil.ReadAll(e.peek)
	if err != nil {
		return err
	}
	b, _ := clearsign.Decode(msg)
	if b == nil {
		return errors.New("Unable to decode clearsigned message")
	}

	sigBody, err := ioutil.ReadAll(b.ArmoredSignature.Body)
	if err != nil {
		return err
	}

	sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G())
	if err != nil {
		return err
	}

	signer, err := openpgp.CheckDetachedSignature(sk, bytes.NewReader(b.Bytes), bytes.NewReader(sigBody))
	if err != nil {
		return fmt.Errorf("Check sig error: %s", err)
	}

	e.owner = sk.Owner()
	e.signStatus = &libkb.SignatureStatus{IsSigned: true}

	if signer != nil {
		e.signStatus.Verified = true
		e.signStatus.Entity = signer
		if err := e.checkSignedBy(ctx); err != nil {
			return err
		}

		p, err := packet.Read(bytes.NewReader(sigBody))
		if err != nil {
			return err
		}

		if val, ok := p.(*packet.Signature); ok {
			e.signStatus.SignatureTime = val.CreationTime
		}

		fingerprint := libkb.PGPFingerprint(signer.PrimaryKey.Fingerprint)
		OutputSignatureSuccess(ctx, fingerprint, sk.Owner(), e.signStatus.SignatureTime)
	}

	return nil
}
Esempio n. 3
0
// runDetached verifies a detached signature
func (e *PGPVerify) runDetached(ctx *Context) error {
	sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G())
	if err != nil {
		return err
	}
	checkfn := openpgp.CheckDetachedSignature
	if libkb.IsArmored(e.arg.Signature) {
		checkfn = openpgp.CheckArmoredDetachedSignature
	}
	signer, err := checkfn(sk, e.peek, bytes.NewReader(e.arg.Signature))
	if err != nil {
		return err
	}

	e.owner = sk.Owner()
	e.signStatus = &libkb.SignatureStatus{IsSigned: true}

	if signer != nil {
		e.signStatus.Verified = true
		e.signStatus.Entity = signer
		if err := e.checkSignedBy(ctx); err != nil {
			return err
		}

		var r io.Reader = bytes.NewReader(e.arg.Signature)
		if libkb.IsArmored(e.arg.Signature) {
			block, err := armor.Decode(r)
			if err != nil {
				return err
			}
			r = block.Body
		}

		p, err := packet.Read(r)
		if err != nil {
			return err
		}

		if val, ok := p.(*packet.Signature); ok {
			e.signStatus.SignatureTime = val.CreationTime
		}

		fingerprint := libkb.PGPFingerprint(signer.PrimaryKey.Fingerprint)
		OutputSignatureSuccess(ctx, fingerprint, sk.Owner(), e.signStatus.SignatureTime)
	}

	return nil
}
Esempio n. 4
0
func signWithKeyFile(t *testing.T, name, password string) {
	f, err := os.Open(name)
	if err != nil {
		t.Fatal(err)
	}
	defer f.Close()

	es, err := ReadArmoredKeyRing(f)
	if err != nil {
		t.Fatal(err)
	}

	// Cycle through all entities we find a signing key.
	for _, e := range es {
		if err = e.PrivateKey.Decrypt([]byte(password)); err != nil {
			continue
		}

		buf := new(bytes.Buffer)
		if err = DetachSign(buf, e, strings.NewReader(msg), nil); err == nil {
			p, err := packet.Read(buf)
			if err != nil {
				t.Fatal(err)
			}
			sig, ok := p.(*packet.Signature)
			if !ok {
				t.Fatal("couldn't parse signature from buffer")
			}
			signed := sig.Hash.New()
			signed.Write([]byte(msg))
			if err := e.PrimaryKey.VerifySignature(signed, sig); err != nil {
				t.Fatal(err)
			}

			break
		}
	}
	if err != nil {
		t.Fatal(err)
	}
}