func verifyDetachedSignature(key *packet.PublicKey, contentf, sigf io.Reader) error { var hashFunc crypto.Hash packets := packet.NewReader(sigf) p, err := packets.Next() if err != nil { return err } switch sig := p.(type) { case *packet.Signature: hashFunc = sig.Hash case *packet.SignatureV3: hashFunc = sig.Hash default: return errors.UnsupportedError("unrecognized signature") } h := hashFunc.New() if _, err := io.Copy(h, contentf); err != nil && err != io.EOF { return err } switch sig := p.(type) { case *packet.Signature: err = key.VerifySignature(h, sig) case *packet.SignatureV3: err = key.VerifySignatureV3(h, sig) default: panic("unreachable") } return err }
func (cs Server) validateTokenSignature(pk *packet.PublicKey, token, tokenSig string) error { sig, err := cs.receiveSignedNonce(strings.NewReader(tokenSig)) if err != nil { return err } hash := sig.Hash.New() hash.Write([]byte(token)) return pk.VerifySignature(hash, sig) }
func verifyContentSignature(content []byte, sig Signature, pubKey *packet.PublicKey) error { opgSig, ok := sig.(openpgpSignature) if !ok { panic(fmt.Errorf("not an internally supported Signature: %T", sig)) } h := openpgpConfig.Hash().New() h.Write(content) return pubKey.VerifySignature(h, opgSig.sig) }
func Verify(payload string, signature []byte, pubkey *packet.PublicKey) error { // decode and read the signature block, err := armor.Decode(bytes.NewBuffer(signature)) if err != nil { return err } pkt, err := packet.Read(block.Body) if err != nil { return err } sig, ok := pkt.(*packet.Signature) if !ok { return fmt.Errorf("could not parse the signature") } if sig.Hash != crypto.SHA256 || sig.Hash != crypto.SHA512 { return fmt.Errorf("was not a SHA-256 or SHA-512 signature") } if sig.SigType != packet.SigTypeBinary { return fmt.Errorf("was not a binary signature") } // verify the signature hash := sig.Hash.New() _, err = hash.Write([]byte(payload)) if err != nil { return err } err = pubkey.VerifySignature(hash, sig) if err != nil { return err } return nil }