peridot/vendor/github.com/ProtonMail/gopenpgp/v2/helper/cleartext.go

79 lines
2.8 KiB
Go
Raw Normal View History

2022-07-07 20:11:50 +00:00
package helper
import (
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/pkg/errors"
)
// SignCleartextMessageArmored signs text given a private key and its
// passphrase, canonicalizes and trims the newlines, and returns the
// PGP-compliant special armoring.
func SignCleartextMessageArmored(privateKey string, passphrase []byte, text string) (string, error) {
signingKey, err := crypto.NewKeyFromArmored(privateKey)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: error in creating key object")
}
unlockedKey, err := signingKey.Unlock(passphrase)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: error in unlocking key")
}
defer unlockedKey.ClearPrivateParams()
keyRing, err := crypto.NewKeyRing(unlockedKey)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: error in creating keyring")
}
return SignCleartextMessage(keyRing, text)
}
// VerifyCleartextMessageArmored verifies PGP-compliant armored signed plain
// text given the public key and returns the text or err if the verification
// fails.
func VerifyCleartextMessageArmored(publicKey, armored string, verifyTime int64) (string, error) {
signingKey, err := crypto.NewKeyFromArmored(publicKey)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: error in creating key object")
}
verifyKeyRing, err := crypto.NewKeyRing(signingKey)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: error in creating key ring")
}
return VerifyCleartextMessage(verifyKeyRing, armored, verifyTime)
}
// SignCleartextMessage signs text given a private keyring, canonicalizes and
// trims the newlines, and returns the PGP-compliant special armoring.
func SignCleartextMessage(keyRing *crypto.KeyRing, text string) (string, error) {
message := crypto.NewPlainMessageFromString(text)
signature, err := keyRing.SignDetached(message)
if err != nil {
return "", errors.Wrap(err, "gopenpgp: error in signing cleartext message")
}
return crypto.NewClearTextMessage(message.GetBinary(), signature.GetBinary()).GetArmored()
}
// VerifyCleartextMessage verifies PGP-compliant armored signed plain text
// given the public keyring and returns the text or err if the verification
// fails.
func VerifyCleartextMessage(keyRing *crypto.KeyRing, armored string, verifyTime int64) (string, error) {
clearTextMessage, err := crypto.NewClearTextMessageFromArmored(armored)
if err != nil {
return "", errors.Wrap(err, "gopengpp: unable to unarmor cleartext message")
}
message := crypto.NewPlainMessageFromString(clearTextMessage.GetString())
signature := crypto.NewPGPSignature(clearTextMessage.GetBinarySignature())
err = keyRing.VerifyDetached(message, signature, verifyTime)
if err != nil {
return "", errors.Wrap(err, "gopengpp: unable to verify cleartext message")
}
return message.GetString(), nil
}