mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-11-18 19:31:25 +00:00
79 lines
2.8 KiB
Go
79 lines
2.8 KiB
Go
|
package helper
|
||
|
|
||
|
import (
|
||
|
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
||
|
"github.com/pkg/errors"
|
||
|
)
|
||
|
|
||
|
// SignCleartextMessageArmored signs text given a private key and its
|
||
|
// passphrase, canonicalizes and trims the newlines, and returns the
|
||
|
// PGP-compliant special armoring.
|
||
|
func SignCleartextMessageArmored(privateKey string, passphrase []byte, text string) (string, error) {
|
||
|
signingKey, err := crypto.NewKeyFromArmored(privateKey)
|
||
|
if err != nil {
|
||
|
return "", errors.Wrap(err, "gopenpgp: error in creating key object")
|
||
|
}
|
||
|
|
||
|
unlockedKey, err := signingKey.Unlock(passphrase)
|
||
|
if err != nil {
|
||
|
return "", errors.Wrap(err, "gopenpgp: error in unlocking key")
|
||
|
}
|
||
|
defer unlockedKey.ClearPrivateParams()
|
||
|
|
||
|
keyRing, err := crypto.NewKeyRing(unlockedKey)
|
||
|
if err != nil {
|
||
|
return "", errors.Wrap(err, "gopenpgp: error in creating keyring")
|
||
|
}
|
||
|
|
||
|
return SignCleartextMessage(keyRing, text)
|
||
|
}
|
||
|
|
||
|
// VerifyCleartextMessageArmored verifies PGP-compliant armored signed plain
|
||
|
// text given the public key and returns the text or err if the verification
|
||
|
// fails.
|
||
|
func VerifyCleartextMessageArmored(publicKey, armored string, verifyTime int64) (string, error) {
|
||
|
signingKey, err := crypto.NewKeyFromArmored(publicKey)
|
||
|
if err != nil {
|
||
|
return "", errors.Wrap(err, "gopenpgp: error in creating key object")
|
||
|
}
|
||
|
|
||
|
verifyKeyRing, err := crypto.NewKeyRing(signingKey)
|
||
|
if err != nil {
|
||
|
return "", errors.Wrap(err, "gopenpgp: error in creating key ring")
|
||
|
}
|
||
|
|
||
|
return VerifyCleartextMessage(verifyKeyRing, armored, verifyTime)
|
||
|
}
|
||
|
|
||
|
// SignCleartextMessage signs text given a private keyring, canonicalizes and
|
||
|
// trims the newlines, and returns the PGP-compliant special armoring.
|
||
|
func SignCleartextMessage(keyRing *crypto.KeyRing, text string) (string, error) {
|
||
|
message := crypto.NewPlainMessageFromString(text)
|
||
|
|
||
|
signature, err := keyRing.SignDetached(message)
|
||
|
if err != nil {
|
||
|
return "", errors.Wrap(err, "gopenpgp: error in signing cleartext message")
|
||
|
}
|
||
|
|
||
|
return crypto.NewClearTextMessage(message.GetBinary(), signature.GetBinary()).GetArmored()
|
||
|
}
|
||
|
|
||
|
// VerifyCleartextMessage verifies PGP-compliant armored signed plain text
|
||
|
// given the public keyring and returns the text or err if the verification
|
||
|
// fails.
|
||
|
func VerifyCleartextMessage(keyRing *crypto.KeyRing, armored string, verifyTime int64) (string, error) {
|
||
|
clearTextMessage, err := crypto.NewClearTextMessageFromArmored(armored)
|
||
|
if err != nil {
|
||
|
return "", errors.Wrap(err, "gopengpp: unable to unarmor cleartext message")
|
||
|
}
|
||
|
|
||
|
message := crypto.NewPlainMessageFromString(clearTextMessage.GetString())
|
||
|
signature := crypto.NewPGPSignature(clearTextMessage.GetBinarySignature())
|
||
|
err = keyRing.VerifyDetached(message, signature, verifyTime)
|
||
|
if err != nil {
|
||
|
return "", errors.Wrap(err, "gopengpp: unable to verify cleartext message")
|
||
|
}
|
||
|
|
||
|
return message.GetString(), nil
|
||
|
}
|