mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-11-24 14:11:25 +00:00
80 lines
2.8 KiB
Go
80 lines
2.8 KiB
Go
package helper
|
|
|
|
import (
|
|
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
|
"github.com/ProtonMail/gopenpgp/v2/internal"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// SignCleartextMessageArmored signs text given a private key and its
|
|
// passphrase, canonicalizes and trims the newlines, and returns the
|
|
// PGP-compliant special armoring.
|
|
func SignCleartextMessageArmored(privateKey string, passphrase []byte, text string) (string, error) {
|
|
signingKey, err := crypto.NewKeyFromArmored(privateKey)
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "gopenpgp: error in creating key object")
|
|
}
|
|
|
|
unlockedKey, err := signingKey.Unlock(passphrase)
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "gopenpgp: error in unlocking key")
|
|
}
|
|
defer unlockedKey.ClearPrivateParams()
|
|
|
|
keyRing, err := crypto.NewKeyRing(unlockedKey)
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "gopenpgp: error in creating keyring")
|
|
}
|
|
|
|
return SignCleartextMessage(keyRing, text)
|
|
}
|
|
|
|
// VerifyCleartextMessageArmored verifies PGP-compliant armored signed plain
|
|
// text given the public key and returns the text or err if the verification
|
|
// fails.
|
|
func VerifyCleartextMessageArmored(publicKey, armored string, verifyTime int64) (string, error) {
|
|
signingKey, err := crypto.NewKeyFromArmored(publicKey)
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "gopenpgp: error in creating key object")
|
|
}
|
|
|
|
verifyKeyRing, err := crypto.NewKeyRing(signingKey)
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "gopenpgp: error in creating key ring")
|
|
}
|
|
|
|
return VerifyCleartextMessage(verifyKeyRing, armored, verifyTime)
|
|
}
|
|
|
|
// SignCleartextMessage signs text given a private keyring, canonicalizes and
|
|
// trims the newlines, and returns the PGP-compliant special armoring.
|
|
func SignCleartextMessage(keyRing *crypto.KeyRing, text string) (string, error) {
|
|
message := crypto.NewPlainMessageFromString(internal.TrimEachLine(text))
|
|
|
|
signature, err := keyRing.SignDetached(message)
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "gopenpgp: error in signing cleartext message")
|
|
}
|
|
|
|
return crypto.NewClearTextMessage(message.GetBinary(), signature.GetBinary()).GetArmored()
|
|
}
|
|
|
|
// VerifyCleartextMessage verifies PGP-compliant armored signed plain text
|
|
// given the public keyring and returns the text or err if the verification
|
|
// fails.
|
|
func VerifyCleartextMessage(keyRing *crypto.KeyRing, armored string, verifyTime int64) (string, error) {
|
|
clearTextMessage, err := crypto.NewClearTextMessageFromArmored(armored)
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "gopengpp: unable to unarmor cleartext message")
|
|
}
|
|
|
|
message := crypto.NewPlainMessageFromString(internal.TrimEachLine(clearTextMessage.GetString()))
|
|
signature := crypto.NewPGPSignature(clearTextMessage.GetBinarySignature())
|
|
err = keyRing.VerifyDetached(message, signature, verifyTime)
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "gopengpp: unable to verify cleartext message")
|
|
}
|
|
|
|
return message.GetString(), nil
|
|
}
|