// runClearsign verifies a clearsign signature func (e *PGPVerify) runClearsign(ctx *Context) error { // clearsign decode only works with the whole data slice, not a reader // so have to read it all here: msg, err := ioutil.ReadAll(e.peek) if err != nil { return err } b, _ := clearsign.Decode(msg) if b == nil { return errors.New("Unable to decode clearsigned message") } sigBody, err := ioutil.ReadAll(b.ArmoredSignature.Body) if err != nil { return err } sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G()) if err != nil { return err } signer, err := openpgp.CheckDetachedSignature(sk, bytes.NewReader(b.Bytes), bytes.NewReader(sigBody)) if err != nil { return fmt.Errorf("Check sig error: %s", err) } e.owner = sk.Owner() e.signStatus = &libkb.SignatureStatus{IsSigned: true} if signer != nil { e.signStatus.Verified = true e.signStatus.Entity = signer if err := e.checkSignedBy(ctx); err != nil { return err } p, err := packet.Read(bytes.NewReader(sigBody)) if err != nil { return err } if val, ok := p.(*packet.Signature); ok { e.signStatus.SignatureTime = val.CreationTime } fingerprint := libkb.PGPFingerprint(signer.PrimaryKey.Fingerprint) OutputSignatureSuccess(ctx, fingerprint, sk.Owner(), e.signStatus.SignatureTime) } return nil }
// runDetached verifies a detached signature func (e *PGPVerify) runDetached(ctx *Context) error { sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G()) if err != nil { return err } checkfn := openpgp.CheckDetachedSignature if libkb.IsArmored(e.arg.Signature) { checkfn = openpgp.CheckArmoredDetachedSignature } signer, err := checkfn(sk, e.peek, bytes.NewReader(e.arg.Signature)) if err != nil { return err } e.owner = sk.Owner() e.signStatus = &libkb.SignatureStatus{IsSigned: true} if signer != nil { e.signStatus.Verified = true e.signStatus.Entity = signer if err := e.checkSignedBy(ctx); err != nil { return err } var r io.Reader = bytes.NewReader(e.arg.Signature) if libkb.IsArmored(e.arg.Signature) { block, err := armor.Decode(r) if err != nil { return err } r = block.Body } p, err := packet.Read(r) if err != nil { return err } if val, ok := p.(*packet.Signature); ok { e.signStatus.SignatureTime = val.CreationTime } fingerprint := libkb.PGPFingerprint(signer.PrimaryKey.Fingerprint) OutputSignatureSuccess(ctx, fingerprint, sk.Owner(), e.signStatus.SignatureTime) } return nil }