func (e *DeviceKeygen) appendEldest(ds []libkb.Delegator, ctx *Context, pargs *DeviceKeygenPushArgs) []libkb.Delegator {
if e.pushErr != nil {
return ds
}
var d libkb.Delegator
d, e.pushErr = e.naclSignGen.Push(ctx.LoginContext, true)
if e.pushErr == nil {
d.SetGlobalContext(e.G())
return append(ds, d)
}
return ds
}
func (e *DeviceKeygen) appendEncKey(ds []libkb.Delegator, ctx *Context, signer libkb.GenericKey, eldestKID keybase1.KID, user *libkb.User) []libkb.Delegator {
if e.pushErr != nil {
return ds
}
e.naclEncGen.UpdateArg(signer, eldestKID, false, user)
var d libkb.Delegator
d, e.pushErr = e.naclEncGen.Push(ctx.LoginContext, true)
if e.pushErr == nil {
d.SetGlobalContext(e.G())
return append(ds, d)
}
return ds
}
func (e *DeviceKeygen) appendSibkey(ds []libkb.Delegator, ctx *Context, pargs *DeviceKeygenPushArgs) []libkb.Delegator {
if e.pushErr != nil {
return ds
}
var d libkb.Delegator
e.naclSignGen.UpdateArg(pargs.Signer, pargs.EldestKID, true, pargs.User)
d, e.pushErr = e.naclSignGen.Push(ctx.LoginContext, true)
if e.pushErr == nil {
d.SetGlobalContext(e.G())
return append(ds, d)
}
return ds
}
func (k *KexProvisioner) handlePleaseSign(ctx *Context, m *kex.Msg) error {
eddsa := m.Args().SigningKey
sig := m.Args().Sig
keypair := libkb.NaclSigningKeyPair{Public: eddsa}
sigPayload, _, err := keypair.VerifyStringAndExtract(sig)
if err != nil {
return err
}
k.G().Log.Debug("Got PleaseSign() on verified JSON blob %s\n", string(sigPayload))
// k.deviceSibkey is public only
if k.sigKey == nil {
var err error
arg := libkb.SecretKeyArg{
Me: k.user,
KeyType: libkb.DeviceSigningKeyType,
}
k.sigKey, err = k.G().Keyrings.GetSecretKeyWithPrompt(nil, arg, k.engctx.SecretUI, "new device install")
if err != nil {
return err
}
}
jw, err := jsonw.Unmarshal(sigPayload)
if err != nil {
return err
}
var newKID keybase1.KID
var newKey libkb.GenericKey
if newKID, err = libkb.GetKID(jw.AtPath("body.sibkey.kid")); err != nil {
return err
}
if newKey, err = libkb.ImportKeypairFromKID(newKID); err != nil {
return err
}
if err = k.verifyPleaseSign(jw, newKID); err != nil {
return err
}
if err = jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewString(sig)); err != nil {
return err
}
del := libkb.Delegator{
NewKey: newKey,
ExistingKey: k.sigKey,
Me: k.user,
Expire: libkb.NaclEdDSAExpireIn,
DelegationType: libkb.SibkeyType,
EldestKID: k.user.GetEldestKID(),
Contextified: libkb.NewContextified(k.G()),
}
if err = del.CheckArgs(); err != nil {
return err
}
if err = del.SignAndPost(ctx.LoginContext, jw); err != nil {
return err
}
return nil
}
func (e *PGPUpdateEngine) Run(ctx *Context) error {
if e.all && len(e.selectedFingerprints) > 0 {
return fmt.Errorf("Cannot use explicit fingerprints with --all.")
}
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
fingerprints := me.GetActivePGPFingerprints(false /* not just sibkeys */)
if len(fingerprints) > 1 && !e.all && len(e.selectedFingerprints) == 0 {
return fmt.Errorf("You have more than one PGP key. To update all of them, use --all.")
}
gpgCLI := libkb.NewGpgCLI(libkb.GpgCLIArg{
LogUI: ctx.LogUI,
})
err = gpgCLI.Configure()
if err != nil {
return err
}
del := libkb.Delegator{
DelegationType: libkb.PGPUpdateType,
Me: me,
Expire: libkb.KeyExpireIn,
Contextified: libkb.NewContextified(e.G()),
}
err = del.LoadSigningKey(ctx.LoginContext, ctx.SecretUI)
if err != nil {
return err
}
for _, fingerprint := range fingerprints {
if len(e.selectedFingerprints) > 0 && !e.selectedFingerprints[fingerprint.String()] {
ctx.LogUI.Warning("Skipping update for key %s", fingerprint.String())
continue
}
bundle, err := gpgCLI.ImportKey(false /* secret */, fingerprint)
if err != nil {
_, isNoKey := err.(libkb.NoKeyError)
if isNoKey {
ctx.LogUI.Warning(
"No key matching fingerprint %s found in the GPG keyring.",
fingerprint.String())
continue
} else {
return err
}
}
del.NewKey = bundle
ctx.LogUI.Info("Posting update for key %s.", fingerprint.String())
if err := del.Run(ctx.LoginContext); err != nil {
if appStatusErr, ok := err.(libkb.AppStatusError); ok && appStatusErr.Code == libkb.SCKeyDuplicateUpdate {
ctx.LogUI.Info("Key was already up to date.")
e.duplicatedFingerprints = append(e.duplicatedFingerprints, fingerprint)
continue
}
return err
}
ctx.LogUI.Info("Update succeeded for key %s.", fingerprint)
}
return nil
}