无法使用golang的openpgp数据包签署有效的gpg密钥
发布时间:2020-12-16 19:03:27 所属栏目:大数据 来源:网络整理
导读:我想用goc语言中的私钥从ascii armor签名公钥.为此我开发了以下代码,但问题是当我检查gpg中的签名时–check-sigs由代码创建的签名显示为“bad签名“.请帮助,因为我无法弄清楚任何解决问题的方法.我已经发布了golang-nuts.我只是在学习golang我的大学项目而且
|
我想用goc语言中的私钥从ascii armor签名公钥.为此我开发了以下代码,但问题是当我检查gpg中的签名时–check-sigs由代码创建的签名显示为“bad签名“.请帮助,因为我无法弄清楚任何解决问题的方法.我已经发布了golang-nuts.我只是在学习golang我的大学项目而且我被困在这里,请帮忙.
// signer
package main
import (
"bytes"
"code.google.com/p/go.crypto/openpgp"
"code.google.com/p/go.crypto/openpgp/armor"
"code.google.com/p/go.crypto/openpgp/packet"
"fmt"
)
// This function takes asciiarmored private key which will sign the public key
//Public key is also ascii armored,pripwd is password of private key in string
//This function will return ascii armored signed public key i.e. (pubkey+sign by prikey)
func SignPubKeyPKS(asciiPub string,asciiPri string,pripwd string) (asciiSignedKey string) {
//get Private key from armor
_,priEnt := getPri(asciiPri,pripwd) //pripwd is the password todecrypt the private key
_,pubEnt := getPub(asciiPub) //This will generate signature and add it to pubEnt
usrIdstring := ""
for _,uIds := range pubEnt.Identities {
usrIdstring = uIds.Name
}
fmt.Println(usrIdstring)
errSign := pubEnt.SignIdentity(usrIdstring,&priEnt,nil)
if errSign != nil {
fmt.Println("Signing Key ",errSign.Error())
return
}
asciiSignedKey = PubEntToAsciiArmor(pubEnt)
return
}
//get packet.PublicKey and openpgp.Entity of Public Key from ascii armor
func getPub(asciiPub string) (pubKey packet.PublicKey,retEntity openpgp.Entity) {
read1 := bytes.NewReader([]byte(asciiPub))
entityList,errReadArm := openpgp.ReadArmoredKeyRing(read1)
if errReadArm != nil {
fmt.Println("Reading Pubkey ",errReadArm.Error())
return
}
for _,pubKeyEntity := range entityList {
if pubKeyEntity.PrimaryKey != nil {
pubKey = *pubKeyEntity.PrimaryKey
retEntity = *pubKeyEntity
}
}
return
}
//get packet.PrivateKEy and openpgp.Entity of Private Key from ascii armor
func getPri(asciiPri string,pripwd string) (priKey packet.PrivateKey,priEnt openpgp.Entity) {
read1 := bytes.NewReader([]byte(asciiPri))
entityList,errReadArm := openpgp.ReadArmoredKeyRing(read1)
if errReadArm != nil {
fmt.Println("Reading PriKey ",can_pri := range entityList {
smPr := can_pri.PrivateKey
retEntity := can_pri
if smPr == nil {
fmt.Println("No Private Key")
return
}
priKey = *smPr
errDecr := priKey.Decrypt([]byte(pripwd))
if errDecr != nil {
fmt.Println("Decrypting ",errDecr.Error())
return
}
retEntity.PrivateKey = &priKey
priEnt = *retEntity
}
return
}
//Create ASscii Armor from openpgp.Entity
func PubEntToAsciiArmor(pubEnt openpgp.Entity) (asciiEntity string) {
gotWriter := bytes.NewBuffer(nil)
wr,errEncode := armor.Encode(gotWriter,openpgp.PublicKeyType,nil)
if errEncode != nil {
fmt.Println("Encoding Armor ",errEncode.Error())
return
}
errSerial := pubEnt.Serialize(wr)
if errSerial != nil {
fmt.Println("Serializing PubKey ",errSerial.Error())
}
errClosing := wr.Close()
if errClosing != nil {
fmt.Println("Closing writer ",errClosing.Error())
}
asciiEntity = gotWriter.String()
return
}
代码看起来大致正常,除了它确实应该更严格的错误检查.对错误进行恐慌更好,然后根本没有错误检查(因为它通常会在以后发生段错误).
问题是在code.google.com/p/go.crypto/openpgp中实现Signature.SignUserId()是错误的.它使用签署密钥的算法(用于证明子密钥属于主键)而不是签署用户ID的算法. 此外,在探索这个时,我意识到PublicKey.VerifyUserIdSignature()的实现方式只适用于自签名用户ID,因为它不使用散列中的正确公钥. 错误报告,补丁https://code.google.com/p/go/issues/detail?id=7371 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |