/
gpg.go
44 lines (39 loc) · 1.24 KB
/
gpg.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
package aci
import (
"errors"
"fmt"
"io"
"io/ioutil"
"log"
"github.com/coreos/rocket/Godeps/_workspace/src/golang.org/x/crypto/openpgp"
)
// TODO(jonboulle): support detached signatures
// LoadSignedData reads PGP encrypted data from the given Reader, using the
// provided keyring (EntityList). The entire decrypted bytestream is
// returned, and/or any error encountered.
// TODO(jonboulle): support symmetric decryption
func LoadSignedData(signed io.Reader, kr openpgp.EntityList) ([]byte, error) {
md, err := openpgp.ReadMessage(signed, kr, nil, nil)
if err != nil {
return nil, err
}
if md.IsSymmetricallyEncrypted {
return nil, errors.New("symmetric encryption not yet supported")
}
// Signature cannot be verified until body is read
data, err := ioutil.ReadAll(md.UnverifiedBody)
if err != nil {
return nil, fmt.Errorf("error reading body: %v", err)
}
if md.IsSigned && md.SignedBy != nil {
// Once EOF has been seen, the following fields are
// valid. (An authentication code failure is reported as a
// SignatureError error when reading from UnverifiedBody.)
//
if md.SignatureError != nil {
return nil, fmt.Errorf("signature error: %v", md.SignatureError)
}
log.Println("message signature OK")
}
return data, nil
}