Golang Openpgp [HELP]

Can anyone show me a code snippet where the user decrypts a message with there private key returning a signed message with say a specific address for that user think WHM. Im not sure if I understand correctly will this be done via subkey’s? Something like this?

// ReadEntity reads an entity (public key, identities, subkeys etc) from the
// given Reader.
func ReadEntity(packets *packet.Reader) (*Entity, error) {
e := new(Entity)
e.Identities = make(map[string]*Identity)

p, err := packets.Next()
if err != nil {
return nil, err
}

var ok bool
if e.PrimaryKey, ok = p.(*packet.PublicKey); !ok {
if e.PrivateKey, ok = p.(*packet.PrivateKey); !ok {
packets.Unread(p)
return nil, errors.StructuralError(“first packet was not a public/private key”)
}
e.PrimaryKey = &e.PrivateKey.PublicKey
}

if !e.PrimaryKey.PubKeyAlgo.CanSign() {
return nil, errors.StructuralError(“primary key cannot be used for signatures”)
}

var revocations []*packet.Signature
EachPacket:
for {
p, err := packets.Next()
if err == io.EOF {
break
} else if err != nil {
return nil, err
}

switch pkt := p.(type) {
case *packet.UserId:
if err := addUserID(e, packets, pkt); err != nil {
return nil, err
}
case *packet.Signature:
if pkt.SigType == packet.SigTypeKeyRevocation {
revocations = append(revocations, pkt)
} else if pkt.SigType == packet.SigTypeDirectSignature {
// TODO: RFC4880 5.2.1 permits signatures
// directly on keys (eg. to bind additional
// revocation keys).
}
// Else, ignoring the signature as it does not follow anything
// we would know to attach it to.
case *packet.PrivateKey:
if pkt.IsSubkey == false {
packets.Unread(p)
break EachPacket
}
err = addSubkey(e, packets, &pkt.PublicKey, pkt)
if err != nil {
return nil, err
}
case *packet.PublicKey:
if pkt.IsSubkey == false {
packets.Unread(p)
break EachPacket
}
err = addSubkey(e, packets, pkt, nil)
if err != nil {
return nil, err
}
default:
// we ignore unknown packets
}
}

if len(e.Identities) == 0 {
return nil, errors.StructuralError(“entity without any identities”)
}

for _, revocation := range revocations {
err = e.PrimaryKey.VerifyRevocationSignature(revocation)
if err == nil {
e.Revocations = append(e.Revocations, revocation)
} else {
// TODO: RFC 4880 5.2.3.15 defines revocation keys.
return nil, errors.StructuralError(“revocation signature signed by alternate key”)
}
}

return e, nil
}

func addUserID(e *Entity, packets *packet.Reader, pkt *packet.UserId) error {
// Make a new Identity object, that we might wind up throwing away.
// We’ll only add it if we get a valid self-signature over this
// userID.
identity := new(Identity)
identity.Name = pkt.Id
identity.UserId = pkt

for {
p, err := packets.Next()
if err == io.EOF {
break
} else if err != nil {
return err
}

sig, ok := p.(*packet.Signature)
if !ok {
packets.Unread(p)
break
}

if (sig.SigType == packet.SigTypePositiveCert || sig.SigType == packet.SigTypeGenericCert) && sig.IssuerKeyId != nil && *sig.IssuerKeyId == e.PrimaryKey.KeyId {
if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil {
return errors.StructuralError(“user ID self-signature invalid: ” + err.Error())
}
identity.SelfSignature = sig
e.Identities[pkt.Id] = identity
} else {
identity.Signatures = append(identity.Signatures, sig)
}
}

return nil
}

func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *packet.PrivateKey) error {
var subKey Subkey
subKey.PublicKey = pub
subKey.PrivateKey = priv

for {
p, err := packets.Next()
if err == io.EOF {
break
} else if err != nil {
return errors.StructuralError(“subkey signature invalid: ” + err.Error())
}

sig, ok := p.(*packet.Signature)
if !ok {
packets.Unread(p)
break
}

if sig.SigType != packet.SigTypeSubkeyBinding && sig.SigType != packet.SigTypeSubkeyRevocation {
return errors.StructuralError(“subkey signature with wrong type”)
}

if err := e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, sig); err != nil {
return errors.StructuralError(“subkey signature invalid: ” + err.Error())
}

switch sig.SigType {
case packet.SigTypeSubkeyRevocation:
subKey.Sig = sig
case packet.SigTypeSubkeyBinding:

if shouldReplaceSubkeySig(subKey.Sig, sig) {
subKey.Sig = sig
}
}
}

if subKey.Sig == nil {
return errors.StructuralError(“subkey packet not followed by signature”)
}

e.Subkeys = append(e.Subkeys, subKey)

return nil
}

func shouldReplaceSubkeySig(existingSig, potentialNewSig *packet.Signature) bool {
if potentialNewSig == nil {
return false
}

if existingSig == nil {
return true
}

if existingSig.SigType == packet.SigTypeSubkeyRevocation {
return false // never override a revocation signature
}

return potentialNewSig.CreationTime.After(existingSig.CreationTime)
}

// ReadArmoredKeyRing reads one or more public/private keys from an armor keyring file.
func ReadArmoredKeyRing(r io.Reader) (EntityList, error) {
block, err := armor.Decode(r)
if err == io.EOF {
return nil, errors.InvalidArgumentError(“no armored data found”)
}
if err != nil {
return nil, err
}
if block.Type != PublicKeyType && block.Type != PrivateKeyType {
return nil, errors.InvalidArgumentError(“expected public or private key block, got: ” + block.Type)
}

return ReadKeyRing(block.Body)

Source link

guest
0 Comments
Inline Feedbacks
View all comments

Recent Posts

DeepMarket

Hello, do anyone have any experience with “DeepMarket: your secure shopping”? Thanks in advance

Read More »

what's going on here?

Since BD closed and some other vendors got busted, what has happened to the domestic scene? The prices have rocketed. The bulk deals are negligible.

Read More »