Esempio n. 1
0
func encryptOpenpgp(data io.Reader, recipient string, gpghome string) ([]byte, error) {
	pubkeyfile, err := os.Open(fmt.Sprintf("%s%spubring.gpg", gpghome, string(os.PathSeparator)))
	if err != nil {
		fmt.Println("Failed to open pubring", err)
		return nil, err
	}

	pubring, err := openpgp.ReadKeyRing(pubkeyfile)
	if err != nil {
		fmt.Println("Failed to open pubring", err)
		return nil, err
	}

	pubkey := findKey(pubring, recipient)

	buf := bytes.NewBuffer(nil)
	w, _ := armor.Encode(buf, "PGP MESSAGE", nil)
	plaintext, err := openpgp.Encrypt(w, []*openpgp.Entity{pubkey}, nil, nil, nil)
	if err != nil {
		return nil, err
	}
	//reader := bytes.NewReader(data)
	_, err = io.Copy(plaintext, data)
	plaintext.Close()
	w.Close()
	if err != nil {
		return nil, err
	}

	return buf.Bytes(), nil

}
Esempio n. 2
0
func processPublicKeyRing() (entity *openpgp.Entity, entitylist openpgp.EntityList) {
	// TODO: Handle a specified recipient
	// Get default public keyring location
	usr, err := user.Current()
	if err != nil {
		log.Fatal(err)
	}

	jaegerPublicKeyRing := fmt.Sprintf("%v/.gnupg/jaeger_pubring.gpg", usr.HomeDir)
	publicKeyRing := ""

	if _, err := os.Stat(jaegerPublicKeyRing); err == nil {
		publicKeyRing = jaegerPublicKeyRing
	} else {
		publicKeyRing = fmt.Sprintf("%v/.gnupg/pubring.gpg", usr.HomeDir)
	}

	debug.Printf("publicKeyRing file:", publicKeyRing)
	publicKeyRingBuffer, err := os.Open(publicKeyRing)
	if err != nil {
		panic(err)
	}
	entitylist, err = openpgp.ReadKeyRing(publicKeyRingBuffer)
	if err != nil {
		log.Fatal(err)
	}

	entity = entitylist[0]
	debug.Printf("Public key default keyring:", entity.Identities)

	return entity, entitylist
}
Esempio n. 3
0
File: gpg.go Progetto: laher/passr
func loadKeyring(keyringReader io.Reader) (openpgp.EntityList, error) {
	entityList, err := openpgp.ReadKeyRing(keyringReader)
	if err != nil {
		return entityList, err
	}
	return entityList, nil
}
Esempio n. 4
0
func LoadKeyring(path string) (openpgp.EntityList, error) {
	if path == "" {
		return nil, util.Errorf("no keyring configured")
	}
	f, err := os.Open(path)
	if err != nil {
		return nil, err
	}
	defer f.Close()

	// Accept both ASCII-armored and binary encodings
	keyring, err := openpgp.ReadArmoredKeyRing(f)
	if err != nil && err.Error() == "openpgp: invalid argument: no armored data found" {
		offset, seekErr := f.Seek(0, os.SEEK_SET)
		if offset != 0 || seekErr != nil {
			return nil, util.Errorf(
				"couldn't seek to beginning, got %d %s",
				offset,
				seekErr,
			)
		}
		keyring, err = openpgp.ReadKeyRing(f)
	}

	return keyring, err
}
Esempio n. 5
0
File: gpg.go Progetto: laher/passr
func enc(i int, keyRingHex string, keyName string, isSigned bool, filename string, message string, passphraseS string) error {
	kring, err := openpgp.ReadKeyRing(ReaderFromHex(keyRingHex))
	if err != nil {
		return err
	}
	return Encrypt(i, kring, keyName, isSigned, filename, message)
}
Esempio n. 6
0
// Encode encodes data to a base64 encoded using the secconf codec.
// data is encrypted with all public keys found in the supplied keyring.
func Encode(data []byte, keyring io.Reader) ([]byte, error) {
	entityList, err := openpgp.ReadKeyRing(keyring)
	if err != nil {
		return nil, err
	}
	return encode(data, entityList)
}
Esempio n. 7
0
func checkGPGSig(fileName string, sigFileName string) error {

	// Get a Reader for the signature file
	sigFile, err := os.Open(sigFileName)
	if err != nil {
		return err
	}
	defer sigFile.Close()

	// Get a Reader for the signature file
	file, err := os.Open(fileName)
	if err != nil {
		return err
	}
	defer file.Close()

	publicKeyBin, err := hex.DecodeString(publicKeyHex)
	if err != nil {
		return err
	}

	keyring, _ := openpgp.ReadKeyRing(bytes.NewReader(publicKeyBin))

	_, err = openpgp.CheckDetachedSignature(keyring, file, sigFile)

	return err
}
Esempio n. 8
0
func (fe *FileEntityFetcher) FetchEntity(keyId string) (*openpgp.Entity, error) {
	f, err := wkfs.Open(fe.File)
	if err != nil {
		return nil, fmt.Errorf("jsonsign: FetchEntity: %v", err)
	}
	defer f.Close()
	el, err := openpgp.ReadKeyRing(f)
	if err != nil {
		return nil, fmt.Errorf("jsonsign: openpgp.ReadKeyRing of %q: %v", fe.File, err)
	}
	for _, e := range el {
		pubk := &e.PrivateKey.PublicKey
		if pubk.KeyIdString() != keyId {
			continue
		}
		if e.PrivateKey.Encrypted {
			if err := fe.decryptEntity(e); err == nil {
				return e, nil
			} else {
				return nil, err
			}
		}
		return e, nil
	}
	return nil, fmt.Errorf("jsonsign: entity for keyid %q not found in %q", keyId, fe.File)
}
Esempio n. 9
0
func Insert(publicKeyringFile, keyName, fdir, name, pass string) error {
	message := pass
	filename := filepath.Join(fdir, fmt.Sprintf("%s.gpg", name))
	_, err := os.Stat(filename)
	if err != nil {
		if !os.IsNotExist(err) {
			return err
		}
	} else {
		return fmt.Errorf("file %s exists", filename)
	}
	keyringFileBuffer, err := os.Open(publicKeyringFile)
	if err != nil {
		return err
	}
	defer func() {
		err := keyringFileBuffer.Close()
		if err != nil {
			logrus.Errorf("Error closing file %s", err)
		}
	}()
	kring, err := openpgp.ReadKeyRing(keyringFileBuffer)
	if err != nil {
		return err
	}
	err = Encrypt(0, kring, keyName, false, filename, message)
	return err
}
Esempio n. 10
0
func findKey(key string) (*openpgp.Entity, error) {
	keyId, err := strconv.ParseUint(key, 16, 64)
	if err != nil {
		log.Printf("Unable to parse key '%s': %s\n", key, err)
		return nil, &UnknownKey{key}
	}
	f, err := os.Open(KeyringFile)
	if err != nil {
		log.Printf("Failed to open keyring: %s\n", err)
		return nil, err
	}
	defer f.Close()
	el, err := openpgp.ReadKeyRing(f)
	if err != nil {
		log.Printf("Failed to read keyring: %s\n", err)
		return nil, err
	}
	for _, entity := range el {
		if entity.PrimaryKey.KeyId&0xFFFFFFFF == keyId {
			return entity, nil
		}
		for _, key := range entity.Subkeys {
			if key.PublicKey.KeyId&0xFFFFFFFF == keyId {
				return entity, nil
			}
		}
	}
	return nil, &UnknownKey{key}
}
Esempio n. 11
0
func processSecretKeyRing() (entity *openpgp.Entity, entitylist openpgp.EntityList) {
	// Get default secret keyring location
	usr, err := user.Current()
	if err != nil {
		log.Fatal(err)
	}

	jaegerSecretKeyRing := fmt.Sprintf("%v/.gnupg/jaeger_secring.gpg", usr.HomeDir)
	secretKeyRing := ""

	if _, err := os.Stat(jaegerSecretKeyRing); err == nil {
		secretKeyRing = jaegerSecretKeyRing
	} else {
		secretKeyRing = fmt.Sprintf("%v/.gnupg/secring.gpg", usr.HomeDir)
	}

	debug.Printf("secretKeyRing file:", secretKeyRing)
	secretKeyRingBuffer, err := os.Open(secretKeyRing)
	if err != nil {
		panic(err)
	}
	entitylist, err = openpgp.ReadKeyRing(secretKeyRingBuffer)
	if err != nil {
		log.Fatal(err)
	}

	entity = entitylist[0]
	debug.Printf("Private key default keyring:", entity.Identities)

	return entity, entitylist
}
Esempio n. 12
0
func main() {
	//NewEntity("hyg", "*****@*****.**", "secfile.key")
	//return

	pubringFile, _ := os.Open("path to public keyring")
	defer pubringFile.Close()
	pubring, _ := openpgp.ReadKeyRing(pubringFile)
	//theirPublicKey := getKeyByEmail(pubring, "*****@*****.**")
	theirPublicKey := getKeyByEmail(pubring, "*****@*****.**")

	secringFile, _ := os.Open("path to private keyring")
	defer secringFile.Close()
	sevring, _ := openpgp.ReadKeyRing(secringFile)
	myPrivateKey := getKeyByEmail(sevring, "*****@*****.**")

	//theirPublicKey.Serialize(os.Stdout)
	//myPrivateKey.Serialize(os.Stdout)
	//myPrivateKey.SerializePrivate(os.Stdout, nil)

	myPrivateKey.PrivateKey.Decrypt([]byte("passphrase"))
	/*
		// bug: have to input the correct passphrase at the first time

		for myPrivateKey.PrivateKey.Encrypted {
			fmt.Print("PGP passphrase: ")
			pgppass := gopass.GetPasswd()

			myPrivateKey.PrivateKey.Decrypt([]byte(pgppass))
			if myPrivateKey.PrivateKey.Encrypted {
				fmt.Println("Incorrect. Try again or press ctrl+c to exit.")
			}
		}
	*/

	var hint openpgp.FileHints
	hint.IsBinary = false
	hint.FileName = "_CONSOLE"
	hint.ModTime = time.Now()

	w, _ := armor.Encode(os.Stdout, "PGP MESSAGE", nil)
	defer w.Close()
	plaintext, _ := openpgp.Encrypt(w, []*openpgp.Entity{theirPublicKey}, myPrivateKey, &hint, nil)
	defer plaintext.Close()

	fmt.Fprintf(plaintext, "黄勇刚在熟悉OpenPGP代码\n")
}
Esempio n. 13
0
func ReadKeyRing(keyRingName string) (openpgp.EntityList, error) {
	keyfile, err := os.Open(keyRingName)
	if err != nil {
		return nil, err
	}
	defer keyfile.Close()
	return openpgp.ReadKeyRing(keyfile)
}
Esempio n. 14
0
func EncodeWith(data []byte, keyring io.Reader, f EntityFilter) ([]byte, error) {
	entityList, err := openpgp.ReadKeyRing(keyring)
	if err != nil {
		return nil, err
	}

	return encode(data, f.Entities(entityList...))
}
Esempio n. 15
0
func loadKeyRing(ringpath string) (openpgp.EntityList, error) {
	f, err := os.Open(ringpath)
	if err != nil {
		return nil, err
	}
	defer f.Close()
	return openpgp.ReadKeyRing(f)
}
Esempio n. 16
0
func decryptOpenpgp(data io.Reader, gpghome string, pass []byte) (io.Reader, error) {
	privkeyfile, err := os.Open(fmt.Sprintf("%s%ssecring.gpg", gpghome, string(os.PathSeparator)))
	if err != nil {
		fmt.Println("Failed to open secring", err)
		return nil, err
	}

	privring, err := openpgp.ReadKeyRing(privkeyfile)
	if err != nil {
		fmt.Println("Failed to open secring", err)
		return nil, err
	}

	//reader := bytes.NewReader(data)
	//brk,_ := ioutil.ReadAll(data)
	//fmt.Println("wtf",string(brk))
	//fmt.Println("here is where eof panic")
	block, err := armor.Decode(data)
	if err != nil {
		fmt.Println(err)
		panic(err)
	}

	if len(pass) == 0 {
		fmt.Fprintf(os.Stderr, "Password: "******"")
	}

	for _, entity := range privring {
		if entity.PrivateKey != nil && entity.PrivateKey.Encrypted {
			entity.PrivateKey.Decrypt(pass)
		}

		for _, subkey := range entity.Subkeys {
			if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
				subkey.PrivateKey.Decrypt(pass)
			}
		}
	}

	md, err := openpgp.ReadMessage(block.Body, privring, nil, nil)
	if err != nil {
		return nil, err
	}

	return md.UnverifiedBody, nil

	//plaintext, err := ioutil.ReadAll(md.UnverifiedBody)
	//if err != nil {
	//		panic(err)
	//	}
	//	return plaintext, nil
}
Esempio n. 17
0
func Fuzz(data []byte) int {
	r := bytes.NewBuffer(data)

	_, err := openpgp.ReadKeyRing(r)
	if err != nil {
		return 0
	}

	return 1
}
Esempio n. 18
0
// KeyRing reads a openpgp.KeyRing from the given io.Reader which may then be
// used to validate GPG keys in RPM packages.
func KeyRing(r io.Reader) (openpgp.KeyRing, error) {
	// decode gpgkey file
	p, err := armor.Decode(r)
	if err != nil {
		return nil, err
	}

	// extract keys
	return openpgp.ReadKeyRing(p.Body)
}
Esempio n. 19
0
func (key *MasterKey) loadRing(path string) (openpgp.EntityList, error) {
	f, err := os.Open(path)
	if err != nil {
		return openpgp.EntityList{}, err
	}
	defer f.Close()
	keyring, err := openpgp.ReadKeyRing(f)
	if err != nil {
		return keyring, err
	}
	return keyring, nil
}
Esempio n. 20
0
// GetEntityFrom returns (OpenPGP) Entity values for the specified
// user's private or public key (from secring.gpg or pubring.gpg,
// respectively)
func GetEntityFrom(emailOrName, sourceFile string) (*openpgp.Entity, error) {
	// Default case: sourceFile == PUBLIC_KEYRING_FILENAME
	keyType := "public"
	keyMap := pubkeys

	if sourceFile == PRIVATE_KEYRING_FILENAME {
		keyType = "private"
		keyMap = privkeys
	}

	if key, ok := pubkeys[emailOrName]; ok {
		if DEBUG {
			log.Printf("Grabbed cached pubkey for %s\n", emailOrName)
		}
		return key, nil
	}
	ringFile, err := os.Open(sourceFile)
	if err != nil {
		return nil, fmt.Errorf("Error opening %s key file %s: %v",
			keyType, sourceFile, err)
	}
	defer ringFile.Close()

	ring, err := openpgp.ReadKeyRing(ringFile)
	if err != nil {
		return nil, fmt.Errorf("Error reading %s key file %s: %v",
			keyType, sourceFile, err)
	}
	if DEBUG {
		log.Printf("Grabbed %s key for %s off disk\n", keyType, emailOrName)
	}

	key := GetKeyByEmail(ring, emailOrName)
	if key == nil {
		key = GetKeyByName(ring, emailOrName)
	}
	if key == nil {
		e := fmt.Errorf("Couldn't find key for user %s: %v", emailOrName, err)
		return nil, e
	}

	// TODO: Is adding to this map this thread safe? Doesn't look
	// like it. Should it be?
	keyMap[emailOrName] = key
	return key, nil

	if sourceFile != PUBLIC_KEYRING_FILENAME && sourceFile != PRIVATE_KEYRING_FILENAME {
		panic("GetEntityFrom: Asking for neither private nor public key???")
	}

	return nil, fmt.Errorf("This should never happen!!!\n")
}
Esempio n. 21
0
func (ctx *SecureContext) ReadKeyRing() error {
	secringPath, _ := expandPath(ctx.SecureRingPath)
	privringFile, err := os.Open(secringPath)
	if err != nil {
		return err
	}
	defer privringFile.Close()

	ctx.PrivateRing, err = openpgp.ReadKeyRing(privringFile)
	if err != nil {
		return err
	}

	pubringPath, _ := expandPath(ctx.PubRingPath)
	pubringFile, err := os.Open(pubringPath)
	if err != nil {
		return err
	}
	defer pubringFile.Close()

	ctx.PublicRing, err = openpgp.ReadKeyRing(pubringFile)
	return err
}
Esempio n. 22
0
func runSignImage(t *testing.T, imagePath string, keyIndex int) string {
	// keys stored in tests/secring.gpg.
	keyFingerprint := ""
	switch keyIndex {
	case 1:
		keyFingerprint = "D9DCEF41"
	case 2:
		keyFingerprint = "585091E3"
	default:
		panic("unknown key")
	}

	secringFile, err := os.Open("./secring.gpg")
	if err != nil {
		t.Fatalf("Cannot open secring.gpg file: %v", err)
	}
	defer secringFile.Close()

	entityList, err := openpgp.ReadKeyRing(secringFile)
	if err != nil {
		t.Fatalf("Failed to read secring.gpg file: %v", err)
	}

	var signingEntity *openpgp.Entity
	for _, entity := range entityList {
		if entity.PrivateKey.KeyIdShortString() == keyFingerprint {
			signingEntity = entity
		}
	}

	imageFile, err := os.Open(imagePath)
	if err != nil {
		t.Fatalf("Cannot open image file %s: %v", imagePath, err)
	}
	defer imageFile.Close()

	ascPath := fmt.Sprintf("%s.asc", imagePath)
	ascFile, err := os.Create(ascPath)
	if err != nil {
		t.Fatalf("Cannot create asc file %s: %v", ascPath, err)
	}
	defer ascFile.Close()

	err = openpgp.ArmoredDetachSign(ascFile, signingEntity, imageFile, nil)
	if err != nil {
		t.Fatalf("Cannot create armored detached signature: %v", err)
	}

	return ascPath
}
Esempio n. 23
0
File: pgp.go Progetto: lbn/gorwell
func NewPGP() PGP {
	gnupg := path.Join(os.Getenv("HOME"), ".gnupg")

	// Keyring
	keyringFileBuffer, err := os.Open(path.Join(gnupg, "secring.gpg"))
	if err != nil {
		log.Fatal(err)
	}
	privateEntities, err := openpgp.ReadKeyRing(keyringFileBuffer)
	defer keyringFileBuffer.Close()

	// Keyring
	publicKeyringFile, err := os.Open(path.Join(gnupg, "pubring.gpg"))
	if err != nil {
		log.Fatal(err)
	}
	publicEntities, err := openpgp.ReadKeyRing(publicKeyringFile)
	for _, entity := range publicEntities {
		log.Println(entity)
	}
	defer publicKeyringFile.Close()

	return PGP{privateEntities, publicEntities}
}
Esempio n. 24
0
func newKeyring() (*keyring, error) {
	data, err := hex.DecodeString(keyringHex)
	if err != nil {
		return nil, err
	}

	r := bytes.NewBuffer(data)

	el, err := openpgp.ReadKeyRing(r)
	if err != nil {
		return nil, err
	}

	return &keyring{el: el}, nil
}
Esempio n. 25
0
// KeyIdFromRing returns the public keyId contained in the secret
// ring file secRing. It expects only one keyId in this secret ring
// and returns an error otherwise.
func KeyIdFromRing(secRing string) (keyId string, err error) {
	f, err := wkfs.Open(secRing)
	if err != nil {
		return "", fmt.Errorf("Could not open secret ring file %v: %v", secRing, err)
	}
	defer f.Close()
	el, err := openpgp.ReadKeyRing(f)
	if err != nil {
		return "", fmt.Errorf("Could not read secret ring file %s: %v", secRing, err)
	}
	if len(el) != 1 {
		return "", fmt.Errorf("Secret ring file %v contained %d identities; expected 1", secRing, len(el))
	}
	ent := el[0]
	return ent.PrimaryKey.KeyIdShortString(), nil
}
Esempio n. 26
0
File: sign.go Progetto: benlau/qpm
func entityFromLocal(fileName string, fingerprint string) (*openpgp.Entity, error) {

	path := os.Getenv("GNUPGHOME")
	if len(path) == 0 {
		return nil, fmt.Errorf("cound not find GNUPGHOME in ENV")
	}

	file, err := os.Open(filepath.Join(path, fileName))
	if err != nil {
		return nil, err
	}
	defer file.Close()

	keyring, err := openpgp.ReadKeyRing(file)
	if err != nil {
		return nil, err
	}

	decoded, err := hex.DecodeString(fingerprint)
	if err != nil {
		return nil, err
	}

	if len(decoded) != 20 {
		return nil, fmt.Errorf("the fingerprint is not 20 bytes")
	}

	var fp [20]byte
	copy(fp[:], decoded[:20])

	for _, entity := range keyring {

		if entity.PrimaryKey.Fingerprint != fp {
			continue
		}

		if entity != nil && entity.PrivateKey != nil && entity.PrivateKey.Encrypted {
			if err := decryptEntity(entity); err != nil {
				return nil, err
			}
			return entity, nil
		}
		return entity, nil
	}

	return nil, fmt.Errorf("entity for %s not found in %s", fingerprint, fileName)
}
Esempio n. 27
0
func validKeyForUser(userid, email string, key []byte) (ok bool) {
	el, err := openpgp.ReadKeyRing(bytes.NewBuffer(key))
	if err != nil {
		glog.Errorf("error reading keyring: %s", err)
		return false
	}
	// Check that there's only one keypair included,
	if len(el) != 1 {
		glog.Errorf("Expected one entity, got %d.\n%+v", len(el), el)
		return false
	}
	// that there's only one UID packet for the keypair,
	identities := el[0].Identities
	if len(identities) != 1 {
		glog.Errorf("Expected one identity, got %d.\n%+v", len(identities), identities)
		return false
	}
	var uidEmail string
	for _, v := range identities {
		// This loop will only execute once...
		u := v.UserId
		if u.Name != "" || u.Comment != "" {
			glog.Errorf("too many fields filled (names and comments prohibited): got %+v", u)
			return false
		}
		uidEmail = u.Email
		if uidEmail == "" || uidEmail != email {
			glog.Errorf("email address in identity did not agree with email address passed in: got %s, wanted %s", uidEmail, email)
			return false
		}
	}

	// and, finally,
	// FIXME(OSS): authentication-mechanism-specific checks.
	if userid == email {
		err = nil
	} else {
		err = fmt.Errorf("userid != email")
	}

	if err != nil {
		glog.Error(err)
		return false
	}
	return true
}
Esempio n. 28
0
func initCrypto() {
	if *uploadEncryptTo == "" {
		return
	}

	// If encrypting, the hashes are basically not known.
	*uploadNoHash = true

	f, err := os.Open(filepath.Join(gpgHome(), "pubring.gpg"))
	if err != nil {
		log.Fatalf("Can't open keyring: %v", err)
	}
	defer f.Close()

	kl, err := openpgp.ReadKeyRing(f)
	if err != nil {
		log.Fatalf("Can't read keyring: %v", err)
	}

	keyids := strings.Split(*uploadEncryptTo, ",")
	var hprefs, sprefs []uint8

	for _, w := range keyids {
		for _, e := range kl {
			if e.PrimaryKey.KeyIdShortString() == w {
				pi := primaryIdentity(e)
				ss := pi.SelfSignature

				hprefs = intersectPref(hprefs, ss.PreferredHash)
				sprefs = intersectPref(sprefs, ss.PreferredSymmetric)
				encryptKeys = append(encryptKeys, e)
			}
		}
	}

	if len(encryptKeys) != len(keyids) {
		log.Fatalf("Couldn't find all keys")
	}
	if len(hprefs) == 0 {
		log.Fatalf("No common hashes for encryption keys")
	}
	if len(sprefs) == 0 {
		log.Fatalf("No common symmetric ciphers for encryption keys")
	}
}
Esempio n. 29
0
func publicKeyEntity(keyRing string, keyId string) (*openpgp.Entity, error) {
	f, err := wkfs.Open(keyRing)
	if err != nil {
		return nil, fmt.Errorf("could not open keyRing %v: %v", keyRing, err)
	}
	defer f.Close()
	el, err := openpgp.ReadKeyRing(f)
	if err != nil {
		return nil, err
	}
	for _, e := range el {
		pubk := e.PrimaryKey
		if pubk.KeyIdShortString() == keyId {
			return e, nil
		}
	}
	return nil, fmt.Errorf("keyId %v not found in %v", keyId, keyRing)
}
Esempio n. 30
0
func secretKeyEntity(keyRing string, keyId string) (*openpgp.Entity, error) {
	f, err := wkfs.Open(keyRing)
	if err != nil {
		return nil, fmt.Errorf("could not open keyRing %v: %v", keyRing, err)
	}
	defer f.Close()
	el, err := openpgp.ReadKeyRing(f)
	if err != nil {
		return nil, err
	}
	for _, e := range el {
		pubk := &e.PrivateKey.PublicKey
		// TODO(mpl): decrypt private key if it is passphrase-encrypted
		if pubk.KeyIdShortString() == keyId {
			return e, nil
		}
	}
	return nil, fmt.Errorf("keyId %v not found in %v", keyId, keyRing)
}