func v3KeyReader(t *testing.T) io.Reader { armorBlock, err := armor.Decode(bytes.NewBufferString(keySigV3Armor)) if err != nil { t.Fatalf("armor Decode failed: %v", err) } return armorBlock.Body }
func PGPDecrypt(source io.Reader, sink io.Writer, kr openpgp.KeyRing) (*SignatureStatus, error) { peeker := NewPeeker(source) var r io.Reader r = peeker armored, clearsigned := PGPDetect(peeker) if clearsigned { return pgpDecryptClearsign(peeker, sink, kr) } if armored { b, err := armor.Decode(r) if err != nil { return nil, err } r = b.Body } G.Log.Debug("Calling into openpgp ReadMessage for decryption") md, err := openpgp.ReadMessage(r, kr, nil, nil) if err != nil { if err == errors.ErrKeyIncorrect { return nil, PGPNoDecryptionKeyError{Msg: "unable to find decryption key for this message"} } return nil, err } if md.IsSigned { G.Log.Debug("message is signed (SignedByKeyId: %+v) (have key? %v)", md.SignedByKeyId, md.SignedBy != nil) } n, err := io.Copy(sink, md.UnverifiedBody) if err != nil { return nil, err } G.Log.Debug("PGPDecrypt: copied %d bytes to writer", n) var status SignatureStatus if md.IsSigned { status.IsSigned = true status.KeyID = md.SignedByKeyId if md.Signature != nil { status.SignatureTime = md.Signature.CreationTime } if md.SignedBy != nil { status.Entity = md.SignedBy.Entity } if md.SignatureError != nil { status.SignatureError = md.SignatureError } else { status.Verified = true } } status.RecipientKeyIDs = md.EncryptedToKeyIds return &status, nil }
func verifySig(t *testing.T, keyFile, sigFile string) { var f *os.File var err error var b *armor.Block var p packet.Packet if f, err = os.Open(keyFile); err != nil { t.Fatal(err) } defer f.Close() if b, err = armor.Decode(f); err != nil { t.Fatal(err) } if p, err = packet.Read(b.Body); err != nil { t.Fatal(err) } priv, ok := p.(*packet.PrivateKey) if !ok { t.Fatal("couldn't parse private key") } if f, err = os.Open(sigFile); err != nil { t.Fatal(err) } defer f.Close() if b, err = armor.Decode(f); err != nil { t.Fatal(err) } if p, err = packet.Read(b.Body); err != nil { t.Fatal(err) } sig, ok := p.(*packet.Signature) if !ok { t.Fatal("couldn't parse signature") } signed := sig.Hash.New() signed.Write([]byte(msg)) if err := priv.PublicKey.VerifySignature(signed, sig); err != nil { t.Fatal(err) } }
func TestECDHDecryptionNotImplemented(t *testing.T) { keys := openAndDecryptKey(t, privKey, passphrase) b, err := armor.Decode(strings.NewReader(gpgEncryption)) if err != nil { t.Fatal(err) } source := b.Body _, err = ReadMessage(source, keys, nil, nil) if err == nil { t.Fatal("expected a failure, since this feature isn't implemented yet") } }
// readArmored reads an armored block with the given type. func readArmored(r io.Reader, expectedType string) (body io.Reader, err error) { block, err := armor.Decode(r) if err != nil { return } if block.Type != expectedType { return nil, errors.InvalidArgumentError("expected '" + expectedType + "', got: " + block.Type) } return block.Body, nil }
func PGPOpenSig(armored string) (ps *ParsedSig, err error) { pso := ParsedSig{} pso.Block, err = armor.Decode(strings.NewReader(cleanPGPInput(armored))) if err != nil { return } pso.SigBody, err = ioutil.ReadAll(pso.Block.Body) if err != nil { return } ps = &pso return }
// ReadArmoredKeyRing reads one or more public/private keys from an armor keyring file. func ReadArmoredKeyRing(r io.Reader) (EntityList, error) { block, err := armor.Decode(r) if err == io.EOF { return nil, errors.InvalidArgumentError("no armored data found") } if err != nil { return nil, err } if block.Type != PublicKeyType && block.Type != PrivateKeyType { return nil, errors.InvalidArgumentError("expected public or private key block, got: " + block.Type) } return ReadKeyRing(block.Body) }
// runDetached verifies a detached signature func (e *PGPVerify) runDetached(ctx *Context) error { sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G()) if err != nil { return err } checkfn := openpgp.CheckDetachedSignature if libkb.IsArmored(e.arg.Signature) { checkfn = openpgp.CheckArmoredDetachedSignature } signer, err := checkfn(sk, e.peek, bytes.NewReader(e.arg.Signature)) if err != nil { return err } e.owner = sk.Owner() e.signStatus = &libkb.SignatureStatus{IsSigned: true} if signer != nil { e.signStatus.Verified = true e.signStatus.Entity = signer if err := e.checkSignedBy(ctx); err != nil { return err } var r io.Reader = bytes.NewReader(e.arg.Signature) if libkb.IsArmored(e.arg.Signature) { block, err := armor.Decode(r) if err != nil { return err } r = block.Body } p, err := packet.Read(r) if err != nil { return err } if val, ok := p.(*packet.Signature); ok { e.signStatus.SignatureTime = val.CreationTime } fingerprint := libkb.PGPFingerprint(signer.PrimaryKey.Fingerprint) OutputSignatureSuccess(ctx, fingerprint, sk.Owner(), e.signStatus.SignatureTime) } return nil }
// Decode finds the first clearsigned message in data and returns it, as well // as the suffix of data which remains after the message. func Decode(data []byte) (b *Block, rest []byte) { // start begins with a newline. However, at the very beginning of // the byte array, we'll accept the start string without it. rest = data if bytes.HasPrefix(data, start[1:]) { rest = rest[len(start)-1:] } else if i := bytes.Index(data, start); i >= 0 { rest = rest[i+len(start):] } else { return nil, data } // Consume the start line. _, rest = getLine(rest) var line []byte b = &Block{ Headers: make(textproto.MIMEHeader), } // Next come a series of header lines. for { // This loop terminates because getLine's second result is // always smaller than its argument. if len(rest) == 0 { return nil, data } // An empty line marks the end of the headers. if line, rest = getLine(rest); len(line) == 0 { break } i := bytes.Index(line, []byte{':'}) if i == -1 { return nil, data } key, val := line[0:i], line[i+1:] key = bytes.TrimSpace(key) val = bytes.TrimSpace(val) b.Headers.Add(string(key), string(val)) } firstLine := true for { start := rest line, rest = getLine(rest) if bytes.Equal(line, endText) { // Back up to the start of the line because armor expects to see the // header line. rest = start break } // The final CRLF isn't included in the hash so we don't write it until // we've seen the next line. if firstLine { firstLine = false } else { b.Bytes = append(b.Bytes, crlf...) } if bytes.HasPrefix(line, dashEscape) { line = line[2:] } line = bytes.TrimRight(line, " \t") b.Bytes = append(b.Bytes, line...) b.Plaintext = append(b.Plaintext, line...) b.Plaintext = append(b.Plaintext, lf) } // We want to find the extent of the armored data (including any newlines at // the end). i := bytes.Index(rest, end) if i == -1 { return nil, data } i += len(end) for i < len(rest) && (rest[i] == '\r' || rest[i] == '\n') { i++ } armored := rest[:i] rest = rest[i:] var err error b.ArmoredSignature, err = armor.Decode(bytes.NewBuffer(armored)) if err != nil { return nil, data } return b, rest }
func PGPDecrypt(g *GlobalContext, source io.Reader, sink io.Writer, kr openpgp.KeyRing) (*SignatureStatus, error) { var sc StreamClassification var err error sc, source, err = ClassifyStream(source) if err != nil { return nil, err } if sc.Format != CryptoMessageFormatPGP { return nil, WrongCryptoFormatError{ Wanted: CryptoMessageFormatPGP, Received: sc.Format, Operation: "decrypt", } } if sc.Type == CryptoMessageTypeClearSignature { return pgpDecryptClearsign(g, source, sink, kr) } if sc.Armored { b, err := armor.Decode(source) if err != nil { return nil, err } source = b.Body } g.Log.Debug("Calling into openpgp ReadMessage for decryption") md, err := openpgp.ReadMessage(source, kr, nil, nil) if err != nil { if err == errors.ErrKeyIncorrect { return nil, NoDecryptionKeyError{Msg: "unable to find a PGP decryption key for this message"} } return nil, err } if md.IsSigned { g.Log.Debug("message is signed (SignedByKeyId: %+v) (have key? %v)", md.SignedByKeyId, md.SignedBy != nil) } n, err := io.Copy(sink, md.UnverifiedBody) if err != nil { return nil, err } g.Log.Debug("PGPDecrypt: copied %d bytes to writer", n) var status SignatureStatus if md.IsSigned { status.IsSigned = true status.KeyID = md.SignedByKeyId if md.Signature != nil { status.SignatureTime = md.Signature.CreationTime } if md.SignedBy != nil { status.Entity = md.SignedBy.Entity } if md.SignatureError != nil { status.SignatureError = md.SignatureError } else { status.Verified = true } } status.RecipientKeyIDs = md.EncryptedToKeyIds return &status, nil }