func testParse(t *testing.T, input []byte, expected, expectedPlaintext string) { b, rest := Decode(input) if b == nil { t.Fatal("failed to decode clearsign message") } if !bytes.Equal(rest, []byte("trailing")) { t.Errorf("unexpected remaining bytes returned: %s", string(rest)) } if b.ArmoredSignature.Type != "PGP SIGNATURE" { t.Errorf("bad armor type, got:%s, want:PGP SIGNATURE", b.ArmoredSignature.Type) } if !bytes.Equal(b.Bytes, []byte(expected)) { t.Errorf("bad body, got:%x want:%x", b.Bytes, expected) } if !bytes.Equal(b.Plaintext, []byte(expectedPlaintext)) { t.Errorf("bad plaintext, got:%x want:%x", b.Plaintext, expectedPlaintext) } keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey)) if err != nil { t.Errorf("failed to parse public key: %s", err) } if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil { t.Errorf("failed to check signature: %s", err) } }
func pgpDecryptClearsign(source io.Reader, sink io.Writer, kr openpgp.KeyRing) (*SignatureStatus, error) { // clearsign decode only works with the whole data slice, not a reader // so have to read it all here: msg, err := ioutil.ReadAll(source) if err != nil { return nil, err } b, _ := clearsign.Decode(msg) if b == nil { return nil, fmt.Errorf("Unable to decode clearsigned message") } signer, err := openpgp.CheckDetachedSignature(kr, bytes.NewReader(b.Bytes), b.ArmoredSignature.Body) if err != nil { return nil, fmt.Errorf("Check sig error: %s", err) } n, err := io.Copy(sink, bytes.NewReader(b.Plaintext)) if err != nil { return nil, err } G.Log.Debug("PGPDecrypt: copied %d bytes to writer", n) var status SignatureStatus if signer == nil { return &status, nil } status.IsSigned = true status.Verified = true status.Entity = signer return &status, nil }
// runClearsign verifies a clearsign signature func (e *PGPVerify) runClearsign(ctx *Context) error { // clearsign decode only works with the whole data slice, not a reader // so have to read it all here: msg, err := ioutil.ReadAll(e.peek) if err != nil { return err } b, _ := clearsign.Decode(msg) if b == nil { return errors.New("Unable to decode clearsigned message") } sigBody, err := ioutil.ReadAll(b.ArmoredSignature.Body) if err != nil { return err } sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G()) if err != nil { return err } signer, err := openpgp.CheckDetachedSignature(sk, bytes.NewReader(b.Bytes), bytes.NewReader(sigBody)) if err != nil { return fmt.Errorf("Check sig error: %s", err) } e.owner = sk.Owner() e.signStatus = &libkb.SignatureStatus{IsSigned: true} if signer != nil { e.signStatus.Verified = true e.signStatus.Entity = signer if err := e.checkSignedBy(ctx); err != nil { return err } p, err := packet.Read(bytes.NewReader(sigBody)) if err != nil { return err } if val, ok := p.(*packet.Signature); ok { e.signStatus.SignatureTime = val.CreationTime } fingerprint := libkb.PGPFingerprint(signer.PrimaryKey.Fingerprint) OutputSignatureSuccess(ctx, fingerprint, sk.Owner(), e.signStatus.SignatureTime) } return nil }
func TestSigning(t *testing.T) { keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey)) if err != nil { t.Errorf("failed to parse public key: %s", err) } for i, test := range signingTests { var buf bytes.Buffer plaintext, err := Encode(&buf, keyring[0].PrivateKey, nil) if err != nil { t.Errorf("#%d: error from Encode: %s", i, err) continue } if _, err := plaintext.Write([]byte(test.in)); err != nil { t.Errorf("#%d: error from Write: %s", i, err) continue } if err := plaintext.Close(); err != nil { t.Fatalf("#%d: error from Close: %s", i, err) continue } b, _ := Decode(buf.Bytes()) if b == nil { t.Errorf("#%d: failed to decode clearsign message", i) continue } if !bytes.Equal(b.Bytes, []byte(test.signed)) { t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Bytes, test.signed) continue } if !bytes.Equal(b.Plaintext, []byte(test.plaintext)) { t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Plaintext, test.plaintext) continue } if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil { t.Errorf("#%d: failed to check signature: %s", i, err) } } }