func verifySig(t *testing.T, keyFile, sigFile string) {
var f *os.File
var err error
var b *armor.Block
var p packet.Packet
if f, err = os.Open(keyFile); err != nil {
t.Fatal(err)
}
defer f.Close()
if b, err = armor.Decode(f); err != nil {
t.Fatal(err)
}
if p, err = packet.Read(b.Body); err != nil {
t.Fatal(err)
}
priv, ok := p.(*packet.PrivateKey)
if !ok {
t.Fatal("couldn't parse private key")
}
if f, err = os.Open(sigFile); err != nil {
t.Fatal(err)
}
defer f.Close()
if b, err = armor.Decode(f); err != nil {
t.Fatal(err)
}
if p, err = packet.Read(b.Body); err != nil {
t.Fatal(err)
}
sig, ok := p.(*packet.Signature)
if !ok {
t.Fatal("couldn't parse signature")
}
signed := sig.Hash.New()
signed.Write([]byte(msg))
if err := priv.PublicKey.VerifySignature(signed, sig); err != nil {
t.Fatal(err)
}
}
// runClearsign verifies a clearsign signature
func (e *PGPVerify) runClearsign(ctx *Context) error {
// clearsign decode only works with the whole data slice, not a reader
// so have to read it all here:
msg, err := ioutil.ReadAll(e.peek)
if err != nil {
return err
}
b, _ := clearsign.Decode(msg)
if b == nil {
return errors.New("Unable to decode clearsigned message")
}
sigBody, err := ioutil.ReadAll(b.ArmoredSignature.Body)
if err != nil {
return err
}
sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G())
if err != nil {
return err
}
signer, err := openpgp.CheckDetachedSignature(sk, bytes.NewReader(b.Bytes), bytes.NewReader(sigBody))
if err != nil {
return fmt.Errorf("Check sig error: %s", err)
}
e.owner = sk.Owner()
e.signStatus = &libkb.SignatureStatus{IsSigned: true}
if signer != nil {
e.signStatus.Verified = true
e.signStatus.Entity = signer
if err := e.checkSignedBy(ctx); err != nil {
return err
}
p, err := packet.Read(bytes.NewReader(sigBody))
if err != nil {
return err
}
if val, ok := p.(*packet.Signature); ok {
e.signStatus.SignatureTime = val.CreationTime
}
fingerprint := libkb.PGPFingerprint(signer.PrimaryKey.Fingerprint)
OutputSignatureSuccess(ctx, fingerprint, sk.Owner(), e.signStatus.SignatureTime)
}
return nil
}
// runDetached verifies a detached signature
func (e *PGPVerify) runDetached(ctx *Context) error {
sk, err := NewScanKeys(ctx.SecretUI, ctx.IdentifyUI, &e.arg.TrackOptions, e.G())
if err != nil {
return err
}
checkfn := openpgp.CheckDetachedSignature
if libkb.IsArmored(e.arg.Signature) {
checkfn = openpgp.CheckArmoredDetachedSignature
}
signer, err := checkfn(sk, e.peek, bytes.NewReader(e.arg.Signature))
if err != nil {
return err
}
e.owner = sk.Owner()
e.signStatus = &libkb.SignatureStatus{IsSigned: true}
if signer != nil {
e.signStatus.Verified = true
e.signStatus.Entity = signer
if err := e.checkSignedBy(ctx); err != nil {
return err
}
var r io.Reader = bytes.NewReader(e.arg.Signature)
if libkb.IsArmored(e.arg.Signature) {
block, err := armor.Decode(r)
if err != nil {
return err
}
r = block.Body
}
p, err := packet.Read(r)
if err != nil {
return err
}
if val, ok := p.(*packet.Signature); ok {
e.signStatus.SignatureTime = val.CreationTime
}
fingerprint := libkb.PGPFingerprint(signer.PrimaryKey.Fingerprint)
OutputSignatureSuccess(ctx, fingerprint, sk.Owner(), e.signStatus.SignatureTime)
}
return nil
}
func signWithKeyFile(t *testing.T, name, password string) {
f, err := os.Open(name)
if err != nil {
t.Fatal(err)
}
defer f.Close()
es, err := ReadArmoredKeyRing(f)
if err != nil {
t.Fatal(err)
}
// Cycle through all entities we find a signing key.
for _, e := range es {
if err = e.PrivateKey.Decrypt([]byte(password)); err != nil {
continue
}
buf := new(bytes.Buffer)
if err = DetachSign(buf, e, strings.NewReader(msg), nil); err == nil {
p, err := packet.Read(buf)
if err != nil {
t.Fatal(err)
}
sig, ok := p.(*packet.Signature)
if !ok {
t.Fatal("couldn't parse signature from buffer")
}
signed := sig.Hash.New()
signed.Write([]byte(msg))
if err := e.PrimaryKey.VerifySignature(signed, sig); err != nil {
t.Fatal(err)
}
break
}
}
if err != nil {
t.Fatal(err)
}
}