forked from keybase/client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
generickey.go
124 lines (105 loc) · 3.22 KB
/
generickey.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
// Copyright 2015 Keybase, Inc. All rights reserved. Use of
// this source code is governed by the included BSD license.
package libkb
import (
"fmt"
"strings"
keybase1 "github.com/keybase/client/go/protocol"
triplesec "github.com/keybase/go-triplesec"
)
type AlgoType int
type GenericKey interface {
GetKID() keybase1.KID
GetFingerprintP() *PGPFingerprint
GetAlgoType() AlgoType
// Sign to an ASCII signature (which includes the message
// itself) and return it, along with a derived ID.
SignToString(msg []byte) (sig string, id keybase1.SigID, err error)
// Verify that the given signature is valid and extracts the
// embedded message from it. Also returns the signature ID.
VerifyStringAndExtract(sig string) (msg []byte, id keybase1.SigID, err error)
// Verify that the given signature is valid and that its
// embedded message matches the given one. Also returns the
// signature ID.
VerifyString(sig string, msg []byte) (id keybase1.SigID, err error)
// Encrypt to an ASCII armored encryption; optionally include a sender's
// (private) key so that we can provably see who sent the message.
EncryptToString(plaintext []byte, sender GenericKey) (ciphertext string, err error)
// Decrypt the output of Encrypt above; provide the plaintext and also
// the KID of the key that sent the message (if applicable).
DecryptFromString(ciphertext string) (msg []byte, sender keybase1.KID, err error)
ToServerSKB(gc *GlobalContext, ts *triplesec.Cipher, gen PassphraseGeneration) (*SKB, error)
ToLksSKB(lks *LKSec) (*SKB, error)
VerboseDescription() string
CheckSecretKey() error
CanSign() bool
CanEncrypt() bool
CanDecrypt() bool
HasSecretKey() bool
Encode() (string, error) // encode public key to string
}
func CanEncrypt(key GenericKey) bool {
switch key.(type) {
case NaclDHKeyPair:
return true
case *PGPKeyBundle:
return true
default:
return false
}
}
func WriteLksSKBToKeyring(g *GlobalContext, k GenericKey, lks *LKSec, lctx LoginContext) (*SKB, error) {
skb, err := k.ToLksSKB(lks)
if err != nil {
return nil, fmt.Errorf("k.ToLksSKB() error: %s", err)
}
if err := skbPushAndSave(g, skb, lctx); err != nil {
return nil, err
}
return skb, nil
}
func skbPushAndSave(g *GlobalContext, skb *SKB, lctx LoginContext) error {
if lctx != nil {
kr, err := lctx.Keyring()
if err != nil {
return err
}
return kr.PushAndSave(skb)
}
var err error
kerr := g.LoginState().Keyring(func(ring *SKBKeyringFile) {
err = ring.PushAndSave(skb)
}, "PushAndSave")
if kerr != nil {
return kerr
}
if err != nil {
return err
}
return nil
}
// Any valid key matches the empty string.
func KeyMatchesQuery(key GenericKey, q string, exact bool) bool {
if key.GetKID().Match(q, exact) {
return true
}
return key.GetFingerprintP().Match(q, exact)
}
func IsPGP(key GenericKey) bool {
_, ok := key.(*PGPKeyBundle)
return ok
}
func ParseGenericKey(bundle string) (GenericKey, error) {
if isPGPBundle(bundle) {
// PGP key
return ReadOneKeyFromString(bundle)
}
// NaCl key
return ImportKeypairFromKID(keybase1.KIDFromString(bundle))
}
func isPGPBundle(armored string) bool {
return strings.HasPrefix(armored, "-----BEGIN PGP")
}
func GenericKeyEqual(k1, k2 GenericKey) bool {
return k1.GetKID().Equal(k2.GetKID())
}