// This is used by SaltpackDecrypt as well.
func getPaperKey(g *libkb.GlobalContext, ctx *Context) (*keypair, error) {
passphrase, err := libkb.GetPaperKeyPassphrase(g, ctx.SecretUI, "")
if err != nil {
return nil, err
}
paperPhrase, err := libkb.NewPaperKeyPhraseCheckVersion(g, passphrase)
if err != nil {
return nil, err
}
bkarg := &PaperKeyGenArg{
Passphrase: paperPhrase,
SkipPush: true,
}
bkeng := NewPaperKeyGen(bkarg, g)
if err := RunEngine(bkeng, ctx); err != nil {
return nil, err
}
kp := &keypair{sigKey: bkeng.SigKey(), encKey: bkeng.EncKey()}
if err := g.LoginState().Account(func(a *libkb.Account) {
a.SetUnlockedPaperKey(kp.sigKey, kp.encKey)
}, "UnlockedPaperKey"); err != nil {
return nil, err
}
return kp, nil
}
// findPaperKeys checks if the user has paper backup keys. If he/she
// does, it prompts for a paperkey phrase. This is used to
// regenerate paper keys, which are then matched against the
// paper keys found in the keyfamily.
func findPaperKeys(ctx *Context, g *libkb.GlobalContext, me *libkb.User) (*keypair, error) {
cki := me.GetComputedKeyInfos()
if cki == nil {
return nil, fmt.Errorf("no computed key infos")
}
bdevs := cki.PaperDevices()
if len(bdevs) == 0 {
return nil, libkb.NoPaperKeysError{}
}
passphrase, err := libkb.GetPaperKeyPassphrase(ctx.SecretUI, me.GetName())
if err != nil {
return nil, err
}
paperPhrase := libkb.NewPaperKeyPhrase(passphrase)
version, err := paperPhrase.Version()
if err != nil {
return nil, err
}
if version != libkb.PaperKeyVersion {
g.Log.Debug("paper version mismatch: generated paper key version = %d, libkb version = %d", version, libkb.PaperKeyVersion)
return nil, libkb.KeyVersionError{}
}
bkarg := &PaperKeyGenArg{
Passphrase: libkb.NewPaperKeyPhrase(passphrase),
SkipPush: true,
Me: me,
}
bkeng := NewPaperKeyGen(bkarg, g)
if err := RunEngine(bkeng, ctx); err != nil {
return nil, err
}
sigKey := bkeng.SigKey()
encKey := bkeng.EncKey()
var match bool
ckf := me.GetComputedKeyFamily()
for _, bdev := range bdevs {
sk, err := ckf.GetSibkeyForDevice(bdev.ID)
if err != nil {
continue
}
ek, err := ckf.GetEncryptionSubkeyForDevice(bdev.ID)
if err != nil {
continue
}
if sk.GetKID().Equal(sigKey.GetKID()) && ek.GetKID().Equal(encKey.GetKID()) {
match = true
break
}
}
if !match {
return nil, libkb.PassphraseError{Msg: "no matching paper backup keys found"}
}
return &keypair{sigKey: sigKey, encKey: encKey}, nil
}