lysann/passforios-gopenpgp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve documentation for checking

Browse source
This commit is contained in:
Aron Wussler 2020-01-10 20:45:41 +01:00
parent 958f3166e5
commit 3f33c71496
2 changed files with 36 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

32
README.md
View file

@ -327,13 +327,13 @@ A session key can be generated, encrypted to a Asymmetric/Symmetric key packet a
sessionKey, err := crypto.GenerateSessionKey() sessionKey, err := crypto.GenerateSessionKey()
keyPacket, err := publicKey.EncryptSessionKey(sessionKey) keyPacket, err := publicKeyRing.EncryptSessionKey(sessionKey)
keyPacketSymm, err := crypto.EncryptSessionKeyWithPassword(sessionKey, password) keyPacketSymm, err := crypto.EncryptSessionKeyWithPassword(sessionKey, password)
``` ```
`KeyPacket` is a `[]byte` containing the session key encrypted with the private key or password. `KeyPacket` is a `[]byte` containing the session key encrypted with the private key or password.
```go ```go
decodedKeyPacket, err := privateKey.DecryptSessionKey(keyPacket) decodedKeyPacket, err := privateKeyRing.DecryptSessionKey(keyPacket)
decodedSymmKeyPacket, err := crypto.DecryptSessionKeyWithPassword(keyPacketSymm, password) decodedSymmKeyPacket, err := crypto.DecryptSessionKeyWithPassword(keyPacketSymm, password)
``` ```
`decodedKeyPacket` and `decodedSymmKeyPacket` are objects of type `*SymmetricKey` that can `decodedKeyPacket` and `decodedSymmKeyPacket` are objects of type `*SymmetricKey` that can
@ -342,10 +342,10 @@ be used to decrypt the corresponding symmetrically encrypted data packets:
```go ```go
var message = crypto.NewPlainMessage(data) var message = crypto.NewPlainMessage(data)
// Encrypt data with password // Encrypt data with session key
dataPacket, err := sessionKey.Encrypt(message) dataPacket, err := sessionKey.Encrypt(message)
// Decrypt data with password // Decrypt data with session key
decrypted, err := sessionKey.Decrypt(password, dataPacket) decrypted, err := sessionKey.Decrypt(password, dataPacket)
//Original message in decrypted.GetBinary() //Original message in decrypted.GetBinary()
@ -362,4 +362,26 @@ pgpMessage := pgpSplitMessage.GetPGPMessage()
newPGPSplitMessage, err := pgpMessage.SeparateKeyAndData() newPGPSplitMessage, err := pgpMessage.SeparateKeyAndData()
// Key Packet is in newPGPSplitMessage.GetKeyPacket() // Key Packet is in newPGPSplitMessage.GetKeyPacket()
// Data Packet is in newPGPSplitMessage.GetDataPacket() // Data Packet is in newPGPSplitMessage.GetDataPacket()
``` ```
### Checking keys
In order to check that the primary key is valid the `Key#Check` function can be used.
This operation is as of 2.0.0 fairly expensive, as it requires a signature operation.
It will be improved in the future versions, and possibly expanded to the subkeys, that are
for now assumed to be correct thanks to the binding signature.
```go
const privkey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
...
-----END PGP PRIVATE KEY BLOCK-----` // Encrypted private key
const passphrase = []byte("LongSecret") // Private key passphrase
privateKeyObj, err := crypto.NewKeyFromArmored(privkey)
unlockedKeyObj = privateKeyObj.Unlock(passphrase)
isVerified, _ := unlockedKeyObj.Check();
if !isVerified {
// Handle broken keys
}
```
This function runs on unlocked private keys, and it will return an error if called with public keys
or locked keys.

9
crypto/key.go
View file

@ -271,6 +271,15 @@ func (key *Key) Check() (bool, error) {
return false, errors.New("gopenpgp: can check only private key") return false, errors.New("gopenpgp: can check only private key")
} }
unlocked, err := key.IsUnlocked()
if err != nil {
return false, err
}
if !unlocked {
return false, errors.New("gopenpgp: key is not unlocked")
}
var signBuf bytes.Buffer var signBuf bytes.Buffer
if err = openpgp.DetachSign(&signBuf, key.entity, testReader, nil); err != nil { if err = openpgp.DetachSign(&signBuf, key.entity, testReader, nil); err != nil {