lysann/passforios-gopenpgp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve docs for keyrings (#2)

Browse source
This commit is contained in:
wussler 2019-05-15 14:36:04 +02:00 committed by Daniel Huigens
parent 7d9930b8e0
commit b3047cee4d
2 changed files with 21 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

31
crypto/keyring.go
View file

@ -54,7 +54,7 @@ type Signature struct {
md *openpgp.MessageDetails md *openpgp.MessageDetails
} }
// SignedString wraps string with Signature // SignedString wraps string with a Signature
type SignedString struct { type SignedString struct {
String string String string
Signed *Signature Signed *Signature
@ -108,12 +108,12 @@ type KeyRing struct {
FirstKeyID string FirstKeyID string
} }
// GetEntities returns openpgp entities contained in this KeyRing // GetEntities returns openpgp entities contained in this KeyRing.
func (kr *KeyRing) GetEntities() openpgp.EntityList { func (kr *KeyRing) GetEntities() openpgp.EntityList {
return kr.entities return kr.entities
} }
// GetSigningEntity returns first private signing entity from keyring // GetSigningEntity returns first private unlocked signing entity from keyring.
func (kr *KeyRing) GetSigningEntity(passphrase string) (*openpgp.Entity, error) { func (kr *KeyRing) GetSigningEntity(passphrase string) (*openpgp.Entity, error) {
var signEntity *openpgp.Entity var signEntity *openpgp.Entity
@ -138,8 +138,8 @@ func (kr *KeyRing) GetSigningEntity(passphrase string) (*openpgp.Entity, error)
} }
// Encrypt encrypts data to this keyring's owner. If sign is not nil, it also // Encrypt encrypts data to this keyring's owner. If sign is not nil, it also
// signs data with it. sign must be unlock to be able to sign data, if it's not // signs data with it. The keyring sign must be unlocked to be able to sign data,
// the case an error will be returned. // if not an error will be returned.
func (kr *KeyRing) Encrypt(w io.Writer, sign *KeyRing, filename string, canonicalizeText bool) (io.WriteCloser, error) { func (kr *KeyRing) Encrypt(w io.Writer, sign *KeyRing, filename string, canonicalizeText bool) (io.WriteCloser, error) {
// The API returns keys sorted by descending priority // The API returns keys sorted by descending priority
// Only encrypt to the first one // Only encrypt to the first one
@ -211,6 +211,7 @@ func (w *armorEncryptWriter) Close() (err error) {
} }
// EncryptArmored encrypts and armors data to the keyring's owner. // EncryptArmored encrypts and armors data to the keyring's owner.
// Wrapper of Encrypt.
func (kr *KeyRing) EncryptArmored(w io.Writer, sign *KeyRing) (wc io.WriteCloser, err error) { func (kr *KeyRing) EncryptArmored(w io.Writer, sign *KeyRing) (wc io.WriteCloser, err error) {
aw, err := armorUtils.ArmorWithTypeBuffered(w, constants.PGPMessageHeader) aw, err := armorUtils.ArmorWithTypeBuffered(w, constants.PGPMessageHeader)
if err != nil { if err != nil {
@ -228,6 +229,7 @@ func (kr *KeyRing) EncryptArmored(w io.Writer, sign *KeyRing) (wc io.WriteCloser
} }
// EncryptString encrypts and armors a string to the keyring's owner. // EncryptString encrypts and armors a string to the keyring's owner.
// Wrapper of Encrypt.
func (kr *KeyRing) EncryptString(s string, sign *KeyRing) (encrypted string, err error) { func (kr *KeyRing) EncryptString(s string, sign *KeyRing) (encrypted string, err error) {
var b bytes.Buffer var b bytes.Buffer
w, err := kr.EncryptArmored(&b, sign) w, err := kr.EncryptArmored(&b, sign)
@ -246,7 +248,8 @@ func (kr *KeyRing) EncryptString(s string, sign *KeyRing) (encrypted string, err
return return
} }
// EncryptSymmetric data using generated symmetric key encrypted with this KeyRing // EncryptSymmetric data using generated symmetric key encrypted with this KeyRing.
// Wrapper of Encrypt.
func (kr *KeyRing) EncryptSymmetric(textToEncrypt string, canonicalizeText bool) (outSplit *models.EncryptedSplit, func (kr *KeyRing) EncryptSymmetric(textToEncrypt string, canonicalizeText bool) (outSplit *models.EncryptedSplit,
err error) { err error) {
@ -271,7 +274,7 @@ func (kr *KeyRing) EncryptSymmetric(textToEncrypt string, canonicalizeText bool)
// DecryptString decrypts an armored string sent to the keypair's owner. // DecryptString decrypts an armored string sent to the keypair's owner.
// If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors), // If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors),
// contents are still provided if library clients wish to process this message further // contents are still provided if library clients wish to process this message further.
func (kr *KeyRing) DecryptString(encrypted string) (SignedString, error) { func (kr *KeyRing) DecryptString(encrypted string) (SignedString, error) {
r, signed, err := kr.DecryptArmored(strings.NewReader(encrypted)) r, signed, err := kr.DecryptArmored(strings.NewReader(encrypted))
if err != nil && err != pgperrors.ErrSignatureExpired { if err != nil && err != pgperrors.ErrSignatureExpired {
@ -289,7 +292,7 @@ func (kr *KeyRing) DecryptString(encrypted string) (SignedString, error) {
// DecryptStringIfNeeded data if has armored PGP message format, if not return original data. // DecryptStringIfNeeded data if has armored PGP message format, if not return original data.
// If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors), // If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors),
// contents are still provided if library clients wish to process this message further // contents are still provided if library clients wish to process this message further.
func (kr *KeyRing) DecryptStringIfNeeded(data string) (decrypted string, err error) { func (kr *KeyRing) DecryptStringIfNeeded(data string) (decrypted string, err error) {
if re := regexp.MustCompile("^-----BEGIN " + constants.PGPMessageHeader + "-----(?s:.+)-----END " + if re := regexp.MustCompile("^-----BEGIN " + constants.PGPMessageHeader + "-----(?s:.+)-----END " +
constants.PGPMessageHeader + "-----"); re.MatchString(data) { constants.PGPMessageHeader + "-----"); re.MatchString(data) {
@ -352,7 +355,7 @@ func (kr *KeyRing) Unlock(passphrase []byte) error {
// Decrypt decrypts a message sent to the keypair's owner. If the message is not // Decrypt decrypts a message sent to the keypair's owner. If the message is not
// signed, signed will be nil. // signed, signed will be nil.
// If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors), // If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors),
// contents are still provided if library clients wish to process this message further // contents are still provided if library clients wish to process this message further.
func (kr *KeyRing) Decrypt(r io.Reader) (decrypted io.Reader, signed *Signature, err error) { func (kr *KeyRing) Decrypt(r io.Reader) (decrypted io.Reader, signed *Signature, err error) {
md, err := openpgp.ReadMessage(r, kr.entities, nil, nil) md, err := openpgp.ReadMessage(r, kr.entities, nil, nil)
if err != nil && err != pgperrors.ErrSignatureExpired { if err != nil && err != pgperrors.ErrSignatureExpired {
@ -368,7 +371,7 @@ func (kr *KeyRing) Decrypt(r io.Reader) (decrypted io.Reader, signed *Signature,
// DecryptArmored decrypts an armored message sent to the keypair's owner. // DecryptArmored decrypts an armored message sent to the keypair's owner.
// If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors), // If error is errors.ErrSignatureExpired (from golang.org/x/crypto/openpgp/errors),
// contents are still provided if library clients wish to process this message further // contents are still provided if library clients wish to process this message further.
func (kr *KeyRing) DecryptArmored(r io.Reader) (decrypted io.Reader, signed *Signature, err error) { func (kr *KeyRing) DecryptArmored(r io.Reader) (decrypted io.Reader, signed *Signature, err error) {
block, err := armor.Decode(r) block, err := armor.Decode(r)
if err != nil && err != pgperrors.ErrSignatureExpired { if err != nil && err != pgperrors.ErrSignatureExpired {
@ -434,7 +437,7 @@ func (kr *KeyRing) GetPublicKey() (b []byte, err error) {
return return
} }
// GetFingerprint gets the fingerprint from the keyring // GetFingerprint gets the fingerprint from the keyring.
func (kr *KeyRing) GetFingerprint() (string, error) { func (kr *KeyRing) GetFingerprint() (string, error) {
for _, entity := range kr.entities { for _, entity := range kr.entities {
fp := entity.PrimaryKey.Fingerprint fp := entity.PrimaryKey.Fingerprint
@ -443,7 +446,7 @@ func (kr *KeyRing) GetFingerprint() (string, error) {
return "", errors.New("can't find public key") return "", errors.New("can't find public key")
} }
// CheckPassphrase checks if private key passphrase ok // CheckPassphrase checks if private key passphrase is correct for every sub key.
func (kr *KeyRing) CheckPassphrase(passphrase string) bool { func (kr *KeyRing) CheckPassphrase(passphrase string) bool {
var keys []*packet.PrivateKey var keys []*packet.PrivateKey
@ -582,7 +585,7 @@ func (kr *KeyRing) Identities() []*Identity {
return identities return identities
} }
// KeyIds returns array of IDs of keys in this KeyRing // KeyIds returns array of IDs of keys in this KeyRing.
func (kr *KeyRing) KeyIds() []uint64 { func (kr *KeyRing) KeyIds() []uint64 {
var res []uint64 var res []uint64
for _, e := range kr.entities { for _, e := range kr.entities {
@ -607,7 +610,7 @@ func ReadKeyRing(r io.Reader) (kr *KeyRing, err error) {
// FilterExpiredKeys takes a given KeyRing list and it returns only those // FilterExpiredKeys takes a given KeyRing list and it returns only those
// KeyRings which contain at least, one unexpired Key. It returns only unexpired // KeyRings which contain at least, one unexpired Key. It returns only unexpired
// parts of these KeyRings // parts of these KeyRings.
func FilterExpiredKeys(contactKeys []*KeyRing) (filteredKeys []*KeyRing, err error) { func FilterExpiredKeys(contactKeys []*KeyRing) (filteredKeys []*KeyRing, err error) {
now := time.Now() now := time.Now()
hasExpiredEntity := false hasExpiredEntity := false

10
crypto/sign_detached.go
View file

@ -14,7 +14,7 @@ import (
"golang.org/x/crypto/openpgp/packet" "golang.org/x/crypto/openpgp/packet"
) )
// SignTextDetached signs detached text type // SignTextDetached creates an armored detached signature of a given string.
func (kr *KeyRing) SignTextDetached(plainText string, passphrase string, trimNewlines bool) (string, error) { func (kr *KeyRing) SignTextDetached(plainText string, passphrase string, trimNewlines bool) (string, error) {
signEntity, err := kr.GetSigningEntity(passphrase) signEntity, err := kr.GetSigningEntity(passphrase)
if err != nil { if err != nil {
@ -38,7 +38,7 @@ func (kr *KeyRing) SignTextDetached(plainText string, passphrase string, trimNew
return outBuf.String(), nil return outBuf.String(), nil
} }
// SignBinDetached Signs detached bin data using string key // SignBinDetached creates an armored detached signature of binary data.
func (kr *KeyRing) SignBinDetached(plainData []byte, passphrase string) (string, error) { func (kr *KeyRing) SignBinDetached(plainData []byte, passphrase string) (string, error) {
//sign with 0x00 //sign with 0x00
signEntity, err := kr.GetSigningEntity(passphrase) signEntity, err := kr.GetSigningEntity(passphrase)
@ -59,8 +59,7 @@ func (kr *KeyRing) SignBinDetached(plainData []byte, passphrase string) (string,
return outBuf.String(), nil return outBuf.String(), nil
} }
// VerifyTextDetachedSig verifies detached text // VerifyTextDetachedSig verifies an armored detached signature given the plaintext as a string.
// - check if signature is valid using a given publicKey in binary format
func (kr *KeyRing) VerifyTextDetachedSig( func (kr *KeyRing) VerifyTextDetachedSig(
signature string, plainText string, verifyTime int64, trimNewlines bool, signature string, plainText string, verifyTime int64, trimNewlines bool,
) (bool, error) { ) (bool, error) {
@ -72,8 +71,7 @@ func (kr *KeyRing) VerifyTextDetachedSig(
return verifySignature(kr.GetEntities(), origText, signature, verifyTime) return verifySignature(kr.GetEntities(), origText, signature, verifyTime)
} }
// VerifyBinDetachedSig verifies detached text in binary format // VerifyBinDetachedSig verifies an armored detached signature given the plaintext as binary data.
// - check if signature is valid using a given publicKey in binary format
func (kr *KeyRing) VerifyBinDetachedSig(signature string, plainData []byte, verifyTime int64) (bool, error) { func (kr *KeyRing) VerifyBinDetachedSig(signature string, plainData []byte, verifyTime int64) (bool, error) {
origText := bytes.NewReader(plainData) origText := bytes.NewReader(plainData)