func decryptCiphertext(keysrc KeySource, ctext io.Reader, passphrase []byte) ([]byte, *DecryptionStatus) {
status := new(DecryptionStatus)
md, err := openpgp.ReadMessage(ctext, keysrc.GetSecretKeyRing(), createPromptFunction(passphrase), openpgpConfig)
if err == nil {
status.Code = DecryptSuccess
b := new(bytes.Buffer)
b.ReadFrom(md.UnverifiedBody)
if md.IsSigned {
processSignature(md, status)
}
return b.Bytes(), status
}
if err == pgperr.ErrKeyIncorrect {
status.Code = DecryptFailedNoPrivateKey
return nil, status
}
if e, ok := err.(PassphraseNeededError); ok {
status.Code = DecryptPassphraseNeeded
status.KeyIds = e.KeyIds
return nil, status
}
status.Code = DecryptFailed
status.FailureMessage = "error decrypting message: " + err.Error()
return nil, status
}
func (f *unpgpFilter) Link(r io.Reader) error {
log.Print("openpgp.ReadMessage")
message, err := openpgp.ReadMessage(r, f.keyRing, nil, nil)
if err != nil {
return err
}
f.r = message.UnverifiedBody
return nil
}
func decrypt(ringPath string, input io.Reader) (io.Reader, error) {
ringFile, err := os.Open(ringPath)
if err != nil {
return nil, err
}
defer ringFile.Close()
ring, err := openpgp.ReadKeyRing(ringFile)
if err != nil {
return nil, err
}
var keyToTry, attempt int
var triedCache bool
promptFunc := openpgp.PromptFunction(func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
if keyToTry >= len(keys) {
return nil, fmt.Errorf("no more keys to try")
}
if attempt > 2 {
attempt = 0
keyToTry++
return nil, nil
}
defer func() { attempt++ }()
key := keys[keyToTry]
fingerprint := fmt.Sprintf("%X", key.PublicKey.Fingerprint)
if !triedCache {
triedCache = true
if cachedPass, _ := passphrase.GetPassphrase(fingerprint, "", "", "", false, false); cachedPass != "" {
if err := key.PrivateKey.Decrypt([]byte(cachedPass)); err == nil {
return nil, nil
}
}
}
passphrase.ClearCachedPassphrase(fingerprint)
prompt := ""
description := fmt.Sprintf("Key %s; attempt %d", key.PublicKey.KeyIdShortString(), attempt+1)
passwd, err := passphrase.GetPassphrase(fingerprint, prompt, description, "", true, false)
if err != nil {
return nil, err
}
key.PrivateKey.Decrypt([]byte(passwd))
return nil, nil
})
msgDetails, err := openpgp.ReadMessage(input, ring, promptFunc, nil)
if err != nil {
return nil, err
}
return msgDetails.UnverifiedBody, nil
}
// Decrypt tries to decrypt an OpenPGP armored block using the provided decryption keys
// and passphrase. If succesfull the plain content of the block is returned as []byte.
func Decrypt(d []byte, decryptionKeys *openpgp.EntityList, passphrase string) ([]byte, error) {
var armoredBlock *armor.Block
var message *openpgp.MessageDetails
var plain []byte
var err error
if d == nil {
return nil, nil
}
// Decode the OpenPGP armored block
armoredBlock, err = armor.Decode(bytes.NewReader(d))
if err != nil {
return nil, err
}
// Extract the message from the OpenPGP armored block
message, err = openpgp.ReadMessage(armoredBlock.Body, decryptionKeys,
func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
kp := []byte(passphrase)
if symmetric {
return kp, nil
}
for _, k := range keys {
err := k.PrivateKey.Decrypt(kp)
if err == nil {
// If no error were returned, we could succesfully
// decrypt the message using the provided private key
return nil, nil
}
}
return nil, fmt.Errorf("Unable to decrypt trousseau data store. " +
"Invalid passphrase supplied.")
},
nil)
if err != nil {
return nil, fmt.Errorf("unable to decrypt trousseau data store. " +
"No private key able to decrypt it found in your keyring.")
}
// Read the plain message bytes
plain, err = ioutil.ReadAll(message.UnverifiedBody)
if err != nil {
return nil, err
}
return plain, err
}
func NewDecrypter(ciphertextReader io.ReadCloser, key string) (decrypter io.Reader, err error) {
prompt := func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
return []byte(key), nil
}
details, err := openpgp.ReadMessage(ciphertextReader, nil, prompt, nil)
if err != nil {
decrypter = nil
return
}
decrypter = Decrypter{details}
return
}
func decodeBase64EncryptedMessage(s string, keyring openpgp.KeyRing) string {
// Decrypt base64 encoded encrypted message using decrypted private key
dec, err := base64.StdEncoding.DecodeString(s)
if err != nil {
log.Fatalln("ERR:", err)
}
debug.Printf("keyring: #%v", keyring)
md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), keyring, nil, nil)
if err != nil {
log.Fatalln("ERR: Error reading message - ", err)
}
bytes, err := ioutil.ReadAll(md.UnverifiedBody)
debug.Printf("md:", string(bytes))
return string(bytes)
}
// Deocde decodes data using the secconf codec.
func Decode(data []byte, secertKeyring io.Reader) ([]byte, error) {
decoder := base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(data))
entityList, err := openpgp.ReadArmoredKeyRing(secertKeyring)
if err != nil {
return nil, err
}
md, err := openpgp.ReadMessage(decoder, entityList, nil, nil)
if err != nil {
return nil, err
}
gzReader, err := gzip.NewReader(md.UnverifiedBody)
if err != nil {
return nil, err
}
defer gzReader.Close()
bytes, err := ioutil.ReadAll(gzReader)
if err != nil {
return nil, err
}
return bytes, nil
}
func decrypt(s string) (string, error) {
if s == "" {
return "", nil
}
raw, err := armor.Decode(strings.NewReader(s))
if err != nil {
return "", err
}
d, err := openpgp.ReadMessage(raw.Body, keys,
func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
kp := []byte(password)
if symmetric {
return kp, nil
}
for _, k := range keys {
err := k.PrivateKey.Decrypt(kp)
if err == nil {
return nil, nil
}
}
return nil, fmt.Errorf("Whether no valid private key for" +
"store decryption was available or " +
"supplied password was invalid")
},
nil)
if err != nil {
return "", err
}
bytes, err := ioutil.ReadAll(d.UnverifiedBody)
return string(bytes), err
}
func Decrypt(decryptionKeys *openpgp.EntityList, s, passphrase string) ([]byte, error) {
if s == "" {
return nil, nil
}
armorBlock, err := armor.Decode(strings.NewReader(s))
if err != nil {
return nil, err
}
d, err := openpgp.ReadMessage(armorBlock.Body, decryptionKeys,
func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
kp := []byte(passphrase)
if symmetric {
return kp, nil
}
for _, k := range keys {
err := k.PrivateKey.Decrypt(kp)
if err == nil {
return nil, nil
}
}
return nil, fmt.Errorf("Unable to decrypt trousseau data store. " +
"Invalid passphrase supplied.")
},
nil)
if err != nil {
return nil, err
}
bytes, err := ioutil.ReadAll(d.UnverifiedBody)
return bytes, err
}
