peridot/vendor/github.com/ProtonMail/gopenpgp/v2/helper/key.go

64 lines
1.8 KiB
Go
Raw Permalink Normal View History

2022-07-07 20:11:50 +00:00
package helper
import (
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/pkg/errors"
)
// UpdatePrivateKeyPassphrase decrypts the given armored privateKey with oldPassphrase,
// re-encrypts it with newPassphrase, and returns the new armored key.
func UpdatePrivateKeyPassphrase(
privateKey string,
oldPassphrase, newPassphrase []byte,
) (string, error) {
key, err := crypto.NewKeyFromArmored(privateKey)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: unable to parse key")
}
unlocked, err := key.Unlock(oldPassphrase)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: unable to unlock old key")
}
defer unlocked.ClearPrivateParams()
locked, err := unlocked.Lock(newPassphrase)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: unable to lock new key")
}
armored, err := locked.Armor()
if err != nil {
return "", errors.Wrap(err, "gopenpgp: unable to armor new key")
}
return armored, nil
}
// GenerateKey generates a key of the given keyType ("rsa" or "x25519"), encrypts it, and returns an armored string.
// If keyType is "rsa", bits is the RSA bitsize of the key.
// If keyType is "x25519" bits is unused.
func GenerateKey(name, email string, passphrase []byte, keyType string, bits int) (string, error) {
key, err := crypto.GenerateKey(name, email, keyType, bits)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: unable to generate new key")
}
defer key.ClearPrivateParams()
locked, err := key.Lock(passphrase)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: unable to lock new key")
}
return locked.Armor()
}
func GetSHA256Fingerprints(publicKey string) ([]string, error) {
key, err := crypto.NewKeyFromArmored(publicKey)
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to parse key")
}
return key.GetSHA256Fingerprints(), nil
}