Encrypt session key to multiple keys in keyring. (#59)

`EncryptSessionKey` now creates encrypted key packet for each valid key in keyring. Co-authored-by: Aron Wussler <aron@wussler.it>
2020-07-10 00:31:57 +07:00 · 2020-07-10 00:31:57 +07:00 · b38f993c25
commit b38f993c25
parent a232124b70
5 changed files with 33 additions and 11 deletions
--- a/crypto/keyring_session.go
+++ b/crypto/keyring_session.go
@ -48,26 +48,26 @@ func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)
 // publicKey and returns a binary public-key encrypted session key packet.
 func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error) {
 	outbuf := &bytes.Buffer{}
-
 	cf, err := sk.GetCipherFunc()
 	if err != nil {
 		return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key")
 	}

-	var pub *packet.PublicKey
+	var pubKeys []*packet.PublicKey
 	for _, e := range keyRing.entities {
 		if encryptionKey, ok := e.EncryptionKey(getNow()); ok {
-			pub = encryptionKey.PublicKey
-			break
+			pubKeys = append(pubKeys, encryptionKey.PublicKey)
 		}
 	}
-	if pub == nil {
+	if len(pubKeys) == 0 {
 		return nil, errors.New("cannot set key: no public key available")
 	}

-	if err := packet.SerializeEncryptedKey(outbuf, pub, cf, sk.Key, nil); err != nil {
-		err = fmt.Errorf("gopenpgp: cannot set key: %v", err)
-		return nil, err
+	for _, pub := range pubKeys {
+		if err := packet.SerializeEncryptedKey(outbuf, pub, cf, sk.Key, nil); err != nil {
+			err = fmt.Errorf("gopenpgp: cannot set key: %v", err)
+			return nil, err
+		}
 	}
 	return outbuf.Bytes(), nil
 }
--- a/crypto/sessionkey_test.go
+++ b/crypto/sessionkey_test.go
@ -44,6 +44,21 @@ func TestAsymmetricKeyPacket(t *testing.T) {
 	assert.Exactly(t, testSessionKey, outputSymmetricKey)
 }

+func TestMultipleAsymmetricKeyPacket(t *testing.T) {
+	keyPacket, err := keyRingTestMultiple.EncryptSessionKey(testSessionKey)
+	if err != nil {
+		t.Fatal("Expected no error while generating key packet, got:", err)
+	}
+
+	// Password defined in keyring_test
+	outputSymmetricKey, err := keyRingTestMultiple.DecryptSessionKey(keyPacket)
+	if err != nil {
+		t.Fatal("Expected no error while decrypting key packet, got:", err)
+	}
+
+	assert.Exactly(t, testSessionKey, outputSymmetricKey)
+}
+
 func TestSymmetricKeyPacket(t *testing.T) {
 	password := []byte("I like encryption")

@ -90,7 +105,8 @@ func TestDataPacketEncryption(t *testing.T) {
 	assert.Exactly(t, message.GetString(), decrypted.GetString())

 	// Encrypt session key
-	keyPacket, err := keyRingTestPublic.EncryptSessionKey(testSessionKey)
+	assert.Exactly(t, 3, len(keyRingTestMultiple.entities))
+	keyPacket, err := keyRingTestMultiple.EncryptSessionKey(testSessionKey)
 	if err != nil {
 		t.Fatal("Unable to encrypt key packet, got:", err)
 	}
@ -108,6 +124,9 @@ func TestDataPacketEncryption(t *testing.T) {
 	if err != nil {
 		t.Fatal("Unable to unarmor pgp message, got:", err)
 	}
+	ids, ok := pgpMessage.getEncryptionKeyIDs()
+	assert.True(t, ok)
+	assert.Exactly(t, 3, len(ids))

 	// Test if final decryption succeeds
 	finalMessage, err := keyRingTestPrivate.Decrypt(pgpMessage, nil, 0)