func (e *PaperKeyGen) makeSigKey(seed []byte) error { pub, priv, err := ed25519.GenerateKey(bytes.NewBuffer(seed)) if err != nil { return err } var key libkb.NaclSigningKeyPair copy(key.Public[:], (*pub)[:]) key.Private = &libkb.NaclSigningKeyPrivate{} copy(key.Private[:], (*priv)[:]) e.sigKey = key return nil }
func TestSecretKeys(t *testing.T) { tc := SetupEngineTest(t, "secretkeys") defer tc.Cleanup() u := CreateAndSignupFakeUser(tc, "sk") ctx := &Context{ LogUI: tc.G.UI.GetLogUI(), SecretUI: u.NewSecretUI(), } // Get the secret keys. e := NewSecretKeysEngine(tc.G) err := RunEngine(e, ctx) if err != nil { t.Fatal(err) } signing := e.Result().Signing // Now we want to check that the keys we got actually belong to the user. // Below we just do this check with the signing key, since it's easier to // derive the public key. // Build the signing keypair. To do this, we exploit the fact that a NaCl // public signing key is the last 32 bytes of the private signing key. var public libkb.NaclSigningKeyPublic copy(public[:], signing[32:]) pair := libkb.NaclSigningKeyPair{ Public: public, } // Check the signing keypair's KID is in the user's KeyFamily. testUser, err := libkb.LoadUser(libkb.LoadUserArg{ Name: u.Username, }) if err != nil { t.Fatal(err) } if found := testUser.GetKeyFamily().AllKIDs[pair.GetKID()]; !found { t.Fatalf("Failed to find %s in the user's key family.", pair.GetKID().String()) } }
func (k *KexProvisioner) handlePleaseSign(ctx *Context, m *kex.Msg) error { eddsa := m.Args().SigningKey sig := m.Args().Sig keypair := libkb.NaclSigningKeyPair{Public: eddsa} sigPayload, _, err := keypair.VerifyStringAndExtract(sig) if err != nil { return err } k.G().Log.Debug("Got PleaseSign() on verified JSON blob %s\n", string(sigPayload)) // k.deviceSibkey is public only if k.sigKey == nil { var err error arg := libkb.SecretKeyArg{ Me: k.user, KeyType: libkb.DeviceSigningKeyType, } k.sigKey, err = k.G().Keyrings.GetSecretKeyWithPrompt(nil, arg, k.engctx.SecretUI, "new device install") if err != nil { return err } } jw, err := jsonw.Unmarshal(sigPayload) if err != nil { return err } var newKID keybase1.KID var newKey libkb.GenericKey if newKID, err = libkb.GetKID(jw.AtPath("body.sibkey.kid")); err != nil { return err } if newKey, err = libkb.ImportKeypairFromKID(newKID); err != nil { return err } if err = k.verifyPleaseSign(jw, newKID); err != nil { return err } if err = jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewString(sig)); err != nil { return err } del := libkb.Delegator{ NewKey: newKey, ExistingKey: k.sigKey, Me: k.user, Expire: libkb.NaclEdDSAExpireIn, DelegationType: libkb.SibkeyType, EldestKID: k.user.GetEldestKID(), Contextified: libkb.NewContextified(k.G()), } if err = del.CheckArgs(); err != nil { return err } if err = del.SignAndPost(ctx.LoginContext, jw); err != nil { return err } return nil }