func (d *dashEscaper) Close() (err error) {
if !d.atBeginningOfLine {
if err = d.buffered.WriteByte(lf); err != nil {
return
}
}
sig := new(packet.Signature)
sig.SigType = packet.SigTypeText
sig.PubKeyAlgo = d.privateKey.PubKeyAlgo
sig.Hash = d.hashType
sig.CreationTime = d.config.Now()
sig.IssuerKeyId = &d.privateKey.KeyId
if err = sig.Sign(d.h, d.privateKey, d.config); err != nil {
return
}
out, err := armor.Encode(d.buffered, "PGP SIGNATURE", nil)
if err != nil {
return
}
if err = sig.Serialize(out); err != nil {
return
}
if err = out.Close(); err != nil {
return
}
if err = d.buffered.Flush(); err != nil {
return
}
return
}
func detachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.SignatureType, config *packet.Config) (err error) {
if signer.PrivateKey == nil {
return errors.InvalidArgumentError("signing key doesn't have a private key")
}
if signer.PrivateKey.Encrypted {
return errors.InvalidArgumentError("signing key is encrypted")
}
sig := new(packet.Signature)
sig.SigType = sigType
sig.PubKeyAlgo = signer.PrivateKey.PubKeyAlgo
sig.Hash = config.Hash()
sig.CreationTime = config.Now()
sig.IssuerKeyId = &signer.PrivateKey.KeyId
h, wrappedHash, err := hashForSignature(sig.Hash, sig.SigType)
if err != nil {
return
}
io.Copy(wrappedHash, message)
err = sig.Sign(h, signer.PrivateKey, config)
if err != nil {
return
}
return sig.Serialize(w)
}
// Given a control.Marshal'able object, encode it to the blobstore, while
// also doing a detached OpenPGP signature. The objects returned (in order)
// are data, commited to the blobstore, the signature for that object, commited
// to the blobstore, and any error(s), finally.
func (a Archive) encodeSigned(data interface{}) (*blobstore.Object, *blobstore.Object, error) {
/* Right, so, the trick here is that we secretly call out to encode,
* but tap it with a pipe into the signing code */
if a.signingKey == nil {
return nil, nil, fmt.Errorf("No signing key loaded")
}
signature, err := a.Store.Create()
if err != nil {
return nil, nil, err
}
defer signature.Close()
hash := sha512.New()
obj, err := a.encode(data, hash)
if err != nil {
return nil, nil, err
}
sig := new(packet.Signature)
sig.SigType = packet.SigTypeBinary
sig.PubKeyAlgo = a.signingKey.PrivateKey.PubKeyAlgo
sig.Hash = crypto.SHA512
sig.CreationTime = new(packet.Config).Now()
sig.IssuerKeyId = &(a.signingKey.PrivateKey.KeyId)
err = sig.Sign(hash, a.signingKey.PrivateKey, &packet.Config{
DefaultHash: crypto.SHA512,
})
if err != nil {
return nil, nil, err
}
if err := sig.Serialize(signature); err != nil {
return nil, nil, err
}
sigObj, err := a.Store.Commit(*signature)
if err != nil {
return nil, nil, err
}
return obj, sigObj, nil
}
