Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cannot sign a valid gpg key using golang's openpgp packet

I want to sign a public key from ascii armor with a private key in go language.For that I developed following code but the problem is when I check the signature in gpg --check-sigs the signature created by code is shown as "bad Signature".Please Help as I cant figure out any way of solving it.I have already postd on golang-nuts.I am just learning golang for my college project and I am stuck here,Please help.

    // signer
package main

import (
    "bytes"
    "code.google.com/p/go.crypto/openpgp"
    "code.google.com/p/go.crypto/openpgp/armor"
    "code.google.com/p/go.crypto/openpgp/packet"
    "fmt"
)

// This function takes asciiarmored private key which will sign the public key
//Public key is also ascii armored,pripwd is password of private key in string
//This function will return ascii armored signed public key i.e. (pubkey+sign by prikey)
func SignPubKeyPKS(asciiPub string, asciiPri string, pripwd string) (asciiSignedKey string) {
    //get Private key from armor
    _, priEnt := getPri(asciiPri, pripwd) //pripwd is the password todecrypt the private key
    _, pubEnt := getPub(asciiPub)         //This will generate signature and add it to pubEnt
    usrIdstring := ""
    for _, uIds := range pubEnt.Identities {
        usrIdstring = uIds.Name

    }
    fmt.Println(usrIdstring)
    errSign := pubEnt.SignIdentity(usrIdstring, &priEnt, nil)
    if errSign != nil {
        fmt.Println("Signing Key ", errSign.Error())
        return
    }
    asciiSignedKey = PubEntToAsciiArmor(pubEnt)
    return
}

//get packet.PublicKey and openpgp.Entity of Public Key from ascii armor
func getPub(asciiPub string) (pubKey packet.PublicKey, retEntity openpgp.Entity) {
    read1 := bytes.NewReader([]byte(asciiPub))
    entityList, errReadArm := openpgp.ReadArmoredKeyRing(read1)
    if errReadArm != nil {
        fmt.Println("Reading Pubkey ", errReadArm.Error())
        return
    }
    for _, pubKeyEntity := range entityList {
        if pubKeyEntity.PrimaryKey != nil {
            pubKey = *pubKeyEntity.PrimaryKey
            retEntity = *pubKeyEntity
        }
    }
    return
}

//get packet.PrivateKEy and openpgp.Entity of Private Key from ascii armor
func getPri(asciiPri string, pripwd string) (priKey packet.PrivateKey, priEnt openpgp.Entity) {
    read1 := bytes.NewReader([]byte(asciiPri))
    entityList, errReadArm := openpgp.ReadArmoredKeyRing(read1)
    if errReadArm != nil {
        fmt.Println("Reading PriKey ", errReadArm.Error())
        return
    }
    for _, can_pri := range entityList {
        smPr := can_pri.PrivateKey
        retEntity := can_pri
        if smPr == nil {
            fmt.Println("No Private Key")
            return
        }

        priKey = *smPr

        errDecr := priKey.Decrypt([]byte(pripwd))
        if errDecr != nil {
            fmt.Println("Decrypting ", errDecr.Error())
            return
        }
        retEntity.PrivateKey = &priKey
        priEnt = *retEntity
    }
    return
}

//Create ASscii Armor from openpgp.Entity
func PubEntToAsciiArmor(pubEnt openpgp.Entity) (asciiEntity string) {
    gotWriter := bytes.NewBuffer(nil)
    wr, errEncode := armor.Encode(gotWriter, openpgp.PublicKeyType, nil)
    if errEncode != nil {
        fmt.Println("Encoding Armor ", errEncode.Error())
        return
    }
    errSerial := pubEnt.Serialize(wr)
    if errSerial != nil {
        fmt.Println("Serializing PubKey ", errSerial.Error())
    }
    errClosing := wr.Close()
    if errClosing != nil {
        fmt.Println("Closing writer ", errClosing.Error())
    }
    asciiEntity = gotWriter.String()
    return
}
like image 267
Pruthviraj Chauhan Avatar asked Oct 21 '22 15:10

Pruthviraj Chauhan


1 Answers

The code looks roughly ok, except that it really should be stricter with error checking. Panicking on error is better then no error checking at all (because it will usually segfault sometimes later).

The problem is that the implementation of Signature.SignUserId() inside code.google.com/p/go.crypto/openpgp is wrong. It is using the algorithm that signs a key (which is use to certify that the subkey belongs to the primary key) instead of the algorithm that signs a user id.

In addition, while exploring this I realized that PublicKey.VerifyUserIdSignature() is implemented in such a way that it only works for self-signed user ids, because it doesn't use the right public key in the hash.

Bug report, with patch https://code.google.com/p/go/issues/detail?id=7371

like image 84
Damien Tournoud Avatar answered Oct 23 '22 23:10

Damien Tournoud