func (d *dashEscaper) Close() (err error) { if !d.atBeginningOfLine { if err = d.buffered.WriteByte(lf); err != nil { return } } sig := new(packet.Signature) sig.SigType = packet.SigTypeText sig.PubKeyAlgo = d.privateKey.PubKeyAlgo sig.Hash = d.hashType sig.CreationTime = d.config.Now() sig.IssuerKeyId = &d.privateKey.KeyId if err = sig.Sign(d.h, d.privateKey, d.config); err != nil { return } out, err := armor.Encode(d.buffered, "PGP SIGNATURE", nil) if err != nil { return } if err = sig.Serialize(out); err != nil { return } if err = out.Close(); err != nil { return } if err = d.buffered.Flush(); err != nil { return } return }
func detachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.SignatureType, config *packet.Config) (err error) { if signer.PrivateKey == nil { return errors.InvalidArgumentError("signing key doesn't have a private key") } if signer.PrivateKey.Encrypted { return errors.InvalidArgumentError("signing key is encrypted") } sig := new(packet.Signature) sig.SigType = sigType sig.PubKeyAlgo = signer.PrivateKey.PubKeyAlgo sig.Hash = config.Hash() sig.CreationTime = config.Now() sig.IssuerKeyId = &signer.PrivateKey.KeyId h, wrappedHash, err := hashForSignature(sig.Hash, sig.SigType) if err != nil { return } io.Copy(wrappedHash, message) err = sig.Sign(h, signer.PrivateKey, config) if err != nil { return } return sig.Serialize(w) }
// Given a control.Marshal'able object, encode it to the blobstore, while // also doing a detached OpenPGP signature. The objects returned (in order) // are data, commited to the blobstore, the signature for that object, commited // to the blobstore, and any error(s), finally. func (a Archive) encodeSigned(data interface{}) (*blobstore.Object, *blobstore.Object, error) { /* Right, so, the trick here is that we secretly call out to encode, * but tap it with a pipe into the signing code */ if a.signingKey == nil { return nil, nil, fmt.Errorf("No signing key loaded") } signature, err := a.Store.Create() if err != nil { return nil, nil, err } defer signature.Close() hash := sha512.New() obj, err := a.encode(data, hash) if err != nil { return nil, nil, err } sig := new(packet.Signature) sig.SigType = packet.SigTypeBinary sig.PubKeyAlgo = a.signingKey.PrivateKey.PubKeyAlgo sig.Hash = crypto.SHA512 sig.CreationTime = new(packet.Config).Now() sig.IssuerKeyId = &(a.signingKey.PrivateKey.KeyId) err = sig.Sign(hash, a.signingKey.PrivateKey, &packet.Config{ DefaultHash: crypto.SHA512, }) if err != nil { return nil, nil, err } if err := sig.Serialize(signature); err != nil { return nil, nil, err } sigObj, err := a.Store.Commit(*signature) if err != nil { return nil, nil, err } return obj, sigObj, nil }