func (ast *AuthorizedState) SignState(asciiPriKey string, pripwd string) (err error) { stateString, err1 := ast.GetStateString() if err1 != nil { err = err1 return } //fmt.Println("StateString :", stateString) var opBuf bytes.Buffer var ipBuf bytes.Buffer ipBuf.WriteString(stateString) //func ArmoredDetachSignText(w io.Writer, signer *Entity, //message io.Reader, config *packet.Config) error _, priEnt, errGetPri := PrcIdSigner.GetPri(asciiPriKey, pripwd) if errGetPri != nil { err = errGetPri return } err = openpgp.ArmoredDetachSign(&opBuf, &priEnt, &ipBuf, nil) if err == nil { //fmt.Println("Detached Signature = ", string(opBuf.Bytes())) ast.AsciiSigOfState = string(opBuf.Bytes()) } else { fmt.Println("Error While Signing State", err.Error()) } return //fmt.Println("Current State", ast) }
func main() { if len(os.Args) < 2 { fmt.Printf("usage:\t%s <FINGERPRINT>\nex: \t%s 02699C276B60F27FC55C329968D63477A392B6FA\n", os.Args[0], os.Args[0]) os.Exit(1) } keyid := os.Args[1] data := "some random string to sign" secringFile, err := os.Open(FindHomedir() + "/.gnupg/secring.gpg") if err != nil { panic(err) } defer secringFile.Close() keyring, err := openpgp.ReadKeyRing(secringFile) if err != nil { err = fmt.Errorf("Keyring access failed: '%v'", err) panic(err) } // find the entity in the keyring var signer *openpgp.Entity found := false for _, entity := range keyring { fingerprint := strings.ToUpper(hex.EncodeToString(entity.PrimaryKey.Fingerprint[:])) fmt.Println("reading key with fingerprint", fingerprint) if keyid == fingerprint { signer = entity found = true fmt.Println("found a match") break } } if !found { err = fmt.Errorf("No key found for ID '%s'", keyid) panic(err) } // if private key is encrypted, attempt to decrypt it with the cached passphrase // then try with an agent or by asking the user for a passphrase if signer.PrivateKey.Encrypted { // get private key passphrase signer, err = decryptEntity(signer) if err != nil { panic(err) } } // calculate signature out := bytes.NewBuffer(nil) message := bytes.NewBufferString(data) err = openpgp.ArmoredDetachSign(out, signer, message, nil) if err != nil { err = fmt.Errorf("Signature failed: '%v'", err) panic(err) } fmt.Printf("%s\n", out) }
// Sign signs a string with a key identified by a key fingerprint or an email address func Sign(data, keyid string, secringFile io.Reader) (sig string, err error) { defer func() { if e := recover(); e != nil { err = fmt.Errorf("pgp.Sign(): %v", e) } }() keyring, err := openpgp.ReadKeyRing(secringFile) if err != nil { err = fmt.Errorf("Keyring access failed: '%v'", err) panic(err) } // find the entity in the keyring var signer *openpgp.Entity found := false for _, entity := range keyring { fingerprint := strings.ToUpper(hex.EncodeToString(entity.PrimaryKey.Fingerprint[:])) for _, ident := range entity.Identities { email := ident.UserId.Email if keyid == fingerprint || keyid == email { signer = entity found = true break } } } if !found { err = fmt.Errorf("Signer '%s' not found", keyid) panic(err) } // if private key is encrypted, attempt to decrypt it with the passphrase if signer.PrivateKey.Encrypted { // get private key passphrase signer, err = decryptEntity(signer) if err != nil { panic(err) } } // calculate signature out := bytes.NewBuffer(nil) message := bytes.NewBufferString(data) err = openpgp.ArmoredDetachSign(out, signer, message, nil) if err != nil { err = fmt.Errorf("Signature failed: '%v'", err) panic(err) } // convert the writer back to string sig, err = deArmor(out.String()) if err != nil { err = fmt.Errorf("Error converting signature to string: '%v'", err) panic(err) } return }
// signFile creates a GPG detached ASCII armored signature (.asc file) for a given file // using the given key func signFile(path string, ent *openpgp.Entity) { sigpath := path + ".asc" reader, err := os.Open(path) if err != nil { log.Fatal(err) } writer, err := os.Create(sigpath) if err != nil { log.Fatal(err) } openpgp.ArmoredDetachSign(writer, ent, reader, nil) }
func SignFile(filename, output, key string) error { entity, err := findKey(key) if err != nil { return err } in, err := os.Open(filename) if err != nil { return err } defer in.Close() out, err := os.Create(output) if err != nil { return err } defer out.Close() return openpgp.ArmoredDetachSign(out, entity, in, nil) }
func (sr *SignRequest) Sign() (signedJSON string, err error) { trimmedJSON := strings.TrimRightFunc(sr.UnsignedJSON, unicode.IsSpace) // TODO: make sure these return different things inputfail := func(msg string) (string, error) { return "", errors.New(msg) } execfail := func(msg string) (string, error) { return "", errors.New(msg) } jmap := make(map[string]interface{}) if err := json.Unmarshal([]byte(trimmedJSON), &jmap); err != nil { return inputfail("json parse error") } camliSigner, hasSigner := jmap["camliSigner"] if !hasSigner { return inputfail("json lacks \"camliSigner\" key with public key blobref") } camliSignerStr, _ := camliSigner.(string) signerBlob, ok := blob.Parse(camliSignerStr) if !ok { return inputfail("json \"camliSigner\" key is malformed or unsupported") } pubkeyReader, _, err := sr.Fetcher.Fetch(signerBlob) if err != nil { // TODO: not really either an inputfail or an execfail.. but going // with exec for now. return execfail(fmt.Sprintf("failed to find public key %s: %v", signerBlob.String(), err)) } pubk, err := openArmoredPublicKeyFile(pubkeyReader) pubkeyReader.Close() if err != nil { return execfail(fmt.Sprintf("failed to parse public key from blobref %s: %v", signerBlob.String(), err)) } // This check should be redundant if the above JSON parse succeeded, but // for explicitness... if len(trimmedJSON) == 0 || trimmedJSON[len(trimmedJSON)-1] != '}' { return inputfail("json parameter lacks trailing '}'") } trimmedJSON = trimmedJSON[0 : len(trimmedJSON)-1] // sign it entityFetcher := sr.EntityFetcher if entityFetcher == nil { file := sr.secretRingPath() if file == "" { return "", errors.New("jsonsign: no EntityFetcher, and no secret ring file defined.") } secring, err := wkfs.Open(sr.secretRingPath()) if err != nil { return "", fmt.Errorf("jsonsign: failed to open secret ring file %q: %v", sr.secretRingPath(), err) } secring.Close() // just opened to see if it's readable entityFetcher = &FileEntityFetcher{File: file} } signer, err := entityFetcher.FetchEntity(pubk.KeyIdString()) if err != nil { return "", err } var buf bytes.Buffer err = openpgp.ArmoredDetachSign( &buf, signer, strings.NewReader(trimmedJSON), &packet.Config{Time: func() time.Time { return sr.SignatureTime }}, ) if err != nil { return "", err } output := buf.String() index1 := strings.Index(output, "\n\n") index2 := strings.Index(output, "\n-----") if index1 == -1 || index2 == -1 { return execfail("Failed to parse signature from gpg.") } inner := output[index1+2 : index2] signature := strings.Replace(inner, "\n", "", -1) return fmt.Sprintf("%s,\"camliSig\":\"%s\"}\n", trimmedJSON, signature), nil }
// Sign signs a string with a key identified by a key fingerprint or an email address func Sign(data, keyid string, secringFile io.Reader) (sig string, err error) { defer func() { if e := recover(); e != nil { err = fmt.Errorf("pgp.Sign(): %v", e) } }() keyring, err := openpgp.ReadKeyRing(secringFile) if err != nil { err = fmt.Errorf("Keyring access failed: '%v'", err) panic(err) } // find the entity in the keyring var signer *openpgp.Entity found := false for _, entity := range keyring { if entity.PrivateKey == nil { panic("secring contains entity without private key data") } fingerprint := strings.ToUpper(hex.EncodeToString(entity.PrivateKey.PublicKey.Fingerprint[:])) if keyid == fingerprint { signer = entity found = true break } } if !found { err = fmt.Errorf("Signer '%s' not found", keyid) panic(err) } // if private key is encrypted, attempt to decrypt it with the cached passphrase // then try with an agent or by asking the user for a passphrase if signer.PrivateKey.Encrypted { err = signer.PrivateKey.Decrypt([]byte(cachedPassphrase)) if err != nil { var pass string // get private key passphrase signer, pass, err = decryptEntity(signer) if err != nil { panic(err) } if pass != "" { cachedPassphrase = pass } } } // calculate signature out := bytes.NewBuffer(nil) message := bytes.NewBufferString(data) err = openpgp.ArmoredDetachSign(out, signer, message, nil) if err != nil { err = fmt.Errorf("Signature failed: '%v'", err) panic(err) } // convert the writer back to string sig, err = deArmor(out.String()) if err != nil { err = fmt.Errorf("Error converting signature to string: '%v'", err) panic(err) } return }