-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
generickey.go
115 lines (94 loc) · 3.17 KB
/
generickey.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// Copyright 2015 Keybase, Inc. All rights reserved. Use of
// this source code is governed by the included BSD license.
package libkb
import (
"strings"
"github.com/keybase/client/go/kbcrypto"
keybase1 "github.com/keybase/client/go/protocol/keybase1"
)
type VerifyContext interface {
Debug(format string, args ...interface{})
}
type RawPublicKey []byte
type RawPrivateKey []byte
type GenericKey interface {
GetKID() keybase1.KID
GetBinaryKID() keybase1.BinaryKID
GetAlgoType() kbcrypto.AlgoType
// Sign to an ASCII signature (which includes the message
// itself) and return it, along with a derived ID.
SignToString(msg []byte) (sig string, id keybase1.SigIDBase, err error)
// Verify that the given signature is valid and extracts the
// embedded message from it. Also returns the signature ID.
VerifyStringAndExtract(ctx VerifyContext, sig string) (msg []byte, id keybase1.SigIDBase, err error)
// Verify that the given signature is valid and that its
// embedded message matches the given one. Also returns the
// signature ID.
VerifyString(ctx VerifyContext, sig string, msg []byte) (id keybase1.SigIDBase, err error)
// Encrypt to an ASCII armored encryption; optionally include a sender's
// (private) key so that we can provably see who sent the message.
EncryptToString(plaintext []byte, sender GenericKey) (ciphertext string, err error)
// Decrypt the output of Encrypt above; provide the plaintext and also
// the KID of the key that sent the message (if applicable).
DecryptFromString(ciphertext string) (msg []byte, sender keybase1.KID, err error)
// Derive a secret key from a DH secret key
SecretSymmetricKey(reason EncryptionReason) (NaclSecretBoxKey, error)
VerboseDescription() string
CheckSecretKey() error
CanSign() bool
CanEncrypt() bool
CanDecrypt() bool
HasSecretKey() bool
Encode() (string, error) // encode public key to string
// ExportPublicAndPrivate to special-purpose types so there is no way we can
// accidentally reverse them.
ExportPublicAndPrivate() (public RawPublicKey, private RawPrivateKey, err error)
}
func CanEncrypt(key GenericKey) bool {
switch key.(type) {
case NaclDHKeyPair:
return true
case *PGPKeyBundle:
return true
default:
return false
}
}
func skbPushAndSave(m MetaContext, skb *SKB) (err error) {
defer m.Trace("skbPushAndSave", &err)()
ring, err := m.Keyring()
if err != nil {
return err
}
err = ring.PushAndSave(skb)
if err != nil {
return err
}
return nil
}
// Any valid key matches the empty string.
func KeyMatchesQuery(key GenericKey, q string, exact bool) bool {
if key.GetKID().Match(q, exact) {
return true
}
return GetPGPFingerprintFromGenericKey(key).Match(q, exact)
}
func IsPGP(key GenericKey) bool {
_, ok := key.(*PGPKeyBundle)
return ok
}
func ParseGenericKey(bundle string) (GenericKey, *Warnings, error) {
if isPGPBundle(bundle) {
// PGP key
return ReadOneKeyFromStringLiberal(bundle)
}
// NaCl key
key, err := ImportKeypairFromKID(keybase1.KIDFromString(bundle))
return key, &Warnings{}, err
}
func isPGPBundle(armored string) bool {
return strings.HasPrefix(armored, "-----BEGIN PGP")
}
func GenericKeyEqual(k1, k2 GenericKey) bool {
return k1.GetKID().Equal(k2.GetKID())
}