// This is an entry point that largely defines "normal" miniLock behaviour.
// If sendToSender is true, then the sender's ID is added to recipients.
func EncryptFileContentsWithStrings(filename string, fileContents []byte, senderEmail, senderPassphrase string, sendToSender bool, recipientIDs ...string) (miniLockContents []byte, err error) {
var (
senderKey, this_recipient *taber.Keys
recipientKeyList []*taber.Keys
this_id string
)
senderKey, err = taber.FromEmailAndPassphrase(senderEmail, senderPassphrase)
if err != nil {
return nil, err
}
if sendToSender {
this_id, err = senderKey.EncodeID()
if err != nil {
return nil, err
}
recipientIDs = append(recipientIDs, this_id)
}
recipientKeyList = make([]*taber.Keys, 0, len(recipientIDs))
// TODO: Randomise iteration here?
for _, this_id = range recipientIDs {
this_recipient, err = taber.FromID(this_id)
if err != nil {
return nil, err
}
recipientKeyList = append(recipientKeyList, this_recipient)
}
miniLockContents, err = EncryptFileContents(filename, fileContents, senderKey, recipientKeyList...)
if err != nil {
return nil, err
}
return miniLockContents, nil
}
// ExtractDecryptInfo iterates through the header using recipientKey and
// attempts to decrypt any DecryptInfoEntry using the provided ephemeral key.
// If unsuccessful after iterating through all decryptInfo objects, returns ErrCannotDecrypt.
func (hdr *miniLockv1Header) ExtractDecryptInfo(recipientKey *taber.Keys) (nonce []byte, DI *DecryptInfoEntry, err error) {
var (
ephemKey *taber.Keys
encDI []byte
nonceS string
)
ephemKey = new(taber.Keys)
ephemKey.Public = hdr.Ephemeral
if err != nil {
return nil, nil, err
}
// Look for a DI we can decrypt with recipientKey
// TODO: Make this concurrent!
for nonceS, encDI = range hdr.DecryptInfo {
nonce, err := base64.StdEncoding.DecodeString(nonceS)
if err != nil {
return nil, nil, err
}
DI, err = DecryptDecryptInfo(encDI, nonce, ephemKey, recipientKey)
if err == ErrCannotDecrypt {
continue
} else if err != nil {
return nil, nil, err
}
recipID, err := recipientKey.EncodeID()
if err != nil {
return nil, nil, err
}
if DI.RecipientID != recipID {
return nil, nil, ErrBadRecipient
}
return nonce, DI, nil
}
return nil, nil, ErrCannotDecrypt
}
func NewDecryptInfoEntry(nonce []byte, fileinfo *FileInfo, senderKey, recipientKey *taber.Keys) (*DecryptInfoEntry, error) {
encoded_fi, err := json.Marshal(fileinfo)
if err != nil {
return nil, err
}
cipher_fi, err := senderKey.Encrypt(encoded_fi, nonce, recipientKey)
if err != nil {
return nil, err
}
senderID, err := senderKey.EncodeID()
if err != nil {
return nil, err
}
recipientID, err := recipientKey.EncodeID()
if err != nil {
return nil, err
}
return &DecryptInfoEntry{SenderID: senderID, RecipientID: recipientID, FileInfoEnc: cipher_fi}, nil
}