func (e *Kex2Provisionee) dhKeyProof(dh libkb.GenericKey, eldestKID keybase1.KID, seqno int, linkID libkb.LinkID) (sig string, sigID keybase1.SigID, err error) {
delg := libkb.Delegator{
ExistingKey: e.eddsa,
NewKey: dh,
DelegationType: libkb.SubkeyType,
Expire: libkb.NaclDHExpireIn,
EldestKID: eldestKID,
Device: e.device,
LastSeqno: libkb.Seqno(seqno),
PrevLinkID: linkID,
SigningUser: e,
Contextified: libkb.NewContextified(e.G()),
}
jw, err := libkb.KeyProof(delg)
if err != nil {
return "", "", err
}
e.G().Log.Debug("dh key proof: %s", jw.MarshalPretty())
dhSig, dhSigID, _, err := libkb.SignJSON(jw, e.eddsa)
if err != nil {
return "", "", err
}
return dhSig, dhSigID, nil
}
// revSig generates a reverse signature using X's device key id.
func (k *KexNewDevice) revSig(eddsa libkb.NaclKeyPair) (sig string, err error) {
delg := libkb.Delegator{
ExistingKey: k.xDevKey,
NewKey: eddsa,
Me: k.args.User,
DelegationType: libkb.SibkeyType,
Expire: libkb.NaclEdDSAExpireIn,
Device: k.GetDevice(),
}
var jw *jsonw.Wrapper
if jw, err = libkb.KeyProof(delg); err != nil {
return
}
sig, _, _, err = libkb.SignJSON(jw, eddsa)
return
}
// skeletonProof generates a partial key proof structure that
// device Y can fill in.
func (e *Kex2Provisioner) skeletonProof() (string, error) {
delg := libkb.Delegator{
ExistingKey: e.signingKey,
Me: e.me,
DelegationType: libkb.SibkeyType,
Expire: libkb.NaclEdDSAExpireIn,
Contextified: libkb.NewContextified(e.G()),
}
jw, err := libkb.KeyProof(delg)
if err != nil {
return "", err
}
body, err := jw.Marshal()
if err != nil {
return "", err
}
return string(body), nil
}
