func decryptFile(ks *store.KeyStore, cfg *config) error { message, err := util.ReadFile(cfg.Args[0]) if err != nil { return err } var needVerify bool if len(message) > 10 { if bytes.Equal(message[:10], []byte("-----BEGIN")) { p, _ := pem.Decode(message) if p == nil { return errors.New("failed to decode PEM file") } switch p.Type { case public.EncryptedType: message = p.Bytes case public.SignedAndEncryptedType: needVerify = true message = p.Bytes default: return errors.New("invalid message") } } } var out []byte var ok bool if !needVerify { out, ok = ks.Decrypt(message) if !ok { return errors.New("decrypt failed") } } else { out, ok = ks.DecryptAndVerify(cfg.Label, message) if !ok { return errors.New("decrypt and verify failed") } fmt.Println("Valid signature.") } err = util.WriteFile(out, cfg.Args[1]) if err != nil { return err } return nil }