无法使用golang的openpgp数据包签署有效的gpg密钥
发布时间:2020-12-16 19:03:27 所属栏目:大数据 来源:网络整理
导读:我想用goc语言中的私钥从ascii armor签名公钥.为此我开发了以下代码,但问题是当我检查gpg中的签名时–check-sigs由代码创建的签名显示为“bad签名“.请帮助,因为我无法弄清楚任何解决问题的方法.我已经发布了golang-nuts.我只是在学习golang我的大学项目而且
我想用goc语言中的私钥从ascii armor签名公钥.为此我开发了以下代码,但问题是当我检查gpg中的签名时–check-sigs由代码创建的签名显示为“bad签名“.请帮助,因为我无法弄清楚任何解决问题的方法.我已经发布了golang-nuts.我只是在学习golang我的大学项目而且我被困在这里,请帮忙.
// signer package main import ( "bytes" "code.google.com/p/go.crypto/openpgp" "code.google.com/p/go.crypto/openpgp/armor" "code.google.com/p/go.crypto/openpgp/packet" "fmt" ) // This function takes asciiarmored private key which will sign the public key //Public key is also ascii armored,pripwd is password of private key in string //This function will return ascii armored signed public key i.e. (pubkey+sign by prikey) func SignPubKeyPKS(asciiPub string,asciiPri string,pripwd string) (asciiSignedKey string) { //get Private key from armor _,priEnt := getPri(asciiPri,pripwd) //pripwd is the password todecrypt the private key _,pubEnt := getPub(asciiPub) //This will generate signature and add it to pubEnt usrIdstring := "" for _,uIds := range pubEnt.Identities { usrIdstring = uIds.Name } fmt.Println(usrIdstring) errSign := pubEnt.SignIdentity(usrIdstring,&priEnt,nil) if errSign != nil { fmt.Println("Signing Key ",errSign.Error()) return } asciiSignedKey = PubEntToAsciiArmor(pubEnt) return } //get packet.PublicKey and openpgp.Entity of Public Key from ascii armor func getPub(asciiPub string) (pubKey packet.PublicKey,retEntity openpgp.Entity) { read1 := bytes.NewReader([]byte(asciiPub)) entityList,errReadArm := openpgp.ReadArmoredKeyRing(read1) if errReadArm != nil { fmt.Println("Reading Pubkey ",errReadArm.Error()) return } for _,pubKeyEntity := range entityList { if pubKeyEntity.PrimaryKey != nil { pubKey = *pubKeyEntity.PrimaryKey retEntity = *pubKeyEntity } } return } //get packet.PrivateKEy and openpgp.Entity of Private Key from ascii armor func getPri(asciiPri string,pripwd string) (priKey packet.PrivateKey,priEnt openpgp.Entity) { read1 := bytes.NewReader([]byte(asciiPri)) entityList,errReadArm := openpgp.ReadArmoredKeyRing(read1) if errReadArm != nil { fmt.Println("Reading PriKey ",can_pri := range entityList { smPr := can_pri.PrivateKey retEntity := can_pri if smPr == nil { fmt.Println("No Private Key") return } priKey = *smPr errDecr := priKey.Decrypt([]byte(pripwd)) if errDecr != nil { fmt.Println("Decrypting ",errDecr.Error()) return } retEntity.PrivateKey = &priKey priEnt = *retEntity } return } //Create ASscii Armor from openpgp.Entity func PubEntToAsciiArmor(pubEnt openpgp.Entity) (asciiEntity string) { gotWriter := bytes.NewBuffer(nil) wr,errEncode := armor.Encode(gotWriter,openpgp.PublicKeyType,nil) if errEncode != nil { fmt.Println("Encoding Armor ",errEncode.Error()) return } errSerial := pubEnt.Serialize(wr) if errSerial != nil { fmt.Println("Serializing PubKey ",errSerial.Error()) } errClosing := wr.Close() if errClosing != nil { fmt.Println("Closing writer ",errClosing.Error()) } asciiEntity = gotWriter.String() return }
代码看起来大致正常,除了它确实应该更严格的错误检查.对错误进行恐慌更好,然后根本没有错误检查(因为它通常会在以后发生段错误).
问题是在code.google.com/p/go.crypto/openpgp中实现Signature.SignUserId()是错误的.它使用签署密钥的算法(用于证明子密钥属于主键)而不是签署用户ID的算法. 此外,在探索这个时,我意识到PublicKey.VerifyUserIdSignature()的实现方式只适用于自签名用户ID,因为它不使用散列中的正确公钥. 错误报告,补丁https://code.google.com/p/go/issues/detail?id=7371 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |