Auto-commit 2026-04-27 19:13
This commit is contained in:
@@ -36,19 +36,54 @@ func NewPGPService(privateKeyArmored string) (*PGPService, error) {
|
||||
}
|
||||
|
||||
func (s *PGPService) Encrypt(plaintext string, recipientPublicKey *crypto.Key) (string, error) {
|
||||
return plaintext, nil
|
||||
pgpMessage, err := crypto.NewPlainMessage([]byte(plaintext))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create PGP message: %w", err)
|
||||
}
|
||||
|
||||
encrypted, err := pgpMessage.Encrypt(recipientPublicKey)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to encrypt: %w", err)
|
||||
}
|
||||
|
||||
return encrypted.GetArmored()
|
||||
}
|
||||
|
||||
func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto.Key, passphrase string) (string, error) {
|
||||
return s.Encrypt(plaintext, recipientPublicKey)
|
||||
pgpMessage, err := crypto.NewPlainMessage([]byte(plaintext))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create PGP message: %w", err)
|
||||
}
|
||||
|
||||
encrypted, err := pgpMessage.EncryptAndSign(recipientPublicKey, s.keyRing.PrivateKey, []byte(passphrase))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to encrypt and sign: %w", err)
|
||||
}
|
||||
|
||||
return encrypted.GetArmored()
|
||||
}
|
||||
|
||||
func (s *PGPService) Decrypt(encrypted string, passphrase string) (string, error) {
|
||||
return encrypted, nil
|
||||
armoredKey, err := crypto.NewKeyFromArmored(encrypted)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to parse armored key: %w", err)
|
||||
}
|
||||
|
||||
pgpMessage, err := crypto.NewPlainMessageFromString(armoredKey.GetArmored())
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to parse encrypted message: %w", err)
|
||||
}
|
||||
|
||||
decrypted, err := pgpMessage.Decrypt(s.keyRing.PrivateKey, []byte(passphrase))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to decrypt: %w", err)
|
||||
}
|
||||
|
||||
return string(decrypted.GetBinary()), nil
|
||||
}
|
||||
|
||||
func (s *PGPService) GenerateKeyPair(email string, passphrase string) (privateKey, publicKey string, err error) {
|
||||
key, err := crypto.GenerateKey(email, passphrase, "RSA", 2048)
|
||||
key, err := crypto.GenerateKey(email, passphrase, "RSA", 4096)
|
||||
if err != nil {
|
||||
return "", "", fmt.Errorf("failed to generate key pair: %w", err)
|
||||
}
|
||||
@@ -77,7 +112,17 @@ func (s *PGPService) GetFingerprint() (string, error) {
|
||||
}
|
||||
|
||||
func (s *PGPService) SignData(data []byte, passphrase string) (string, error) {
|
||||
return string(data), nil
|
||||
pgpMessage, err := crypto.NewPlainMessage(data)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create PGP message: %w", err)
|
||||
}
|
||||
|
||||
signed, err := pgpMessage.Sign(s.keyRing.PrivateKey, []byte(passphrase))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to sign data: %w", err)
|
||||
}
|
||||
|
||||
return signed.GetArmored()
|
||||
}
|
||||
|
||||
func (s *PGPService) EncryptAttachment(data []byte, recipientPublicKey *crypto.Key) (*Attachment, error) {
|
||||
@@ -86,16 +131,32 @@ func (s *PGPService) EncryptAttachment(data []byte, recipientPublicKey *crypto.K
|
||||
return nil, fmt.Errorf("failed to generate symmetric key: %w", err)
|
||||
}
|
||||
|
||||
encData := make([]byte, len(data))
|
||||
copy(encData, data)
|
||||
symKeyRing, err := crypto.NewKeyFromArmored(recipientPublicKey.GetArmored())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to parse recipient key: %w", err)
|
||||
}
|
||||
|
||||
encKey := make([]byte, len(symKey))
|
||||
copy(encKey, symKey)
|
||||
pgpMessage, err := crypto.NewPlainMessage(data)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create PGP message: %w", err)
|
||||
}
|
||||
|
||||
encrypted, err := pgpMessage.Encrypt(symKeyRing)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to encrypt attachment: %w", err)
|
||||
}
|
||||
|
||||
encData := []byte(encrypted.GetBinary())
|
||||
|
||||
encryptedSymKey, err := symKeyRing.Encrypt(symKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to encrypt symmetric key: %w", err)
|
||||
}
|
||||
|
||||
return &Attachment{
|
||||
DataEnc: string(encData),
|
||||
Keys: []AttachmentKey{{
|
||||
DataEnc: string(encKey),
|
||||
DataEnc: string(encryptedSymKey.GetBinary()),
|
||||
}},
|
||||
}, nil
|
||||
}
|
||||
@@ -105,8 +166,25 @@ func (s *PGPService) DecryptAttachment(attachment *Attachment, passphrase string
|
||||
return nil, fmt.Errorf("no keys available for attachment decryption")
|
||||
}
|
||||
|
||||
decrypted := make([]byte, len(attachment.DataEnc))
|
||||
copy(decrypted, attachment.DataEnc)
|
||||
encryptedSymKey, err := crypto.NewKeyFromArmored(string(attachment.Keys[0].DataEnc))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to parse encrypted symmetric key: %w", err)
|
||||
}
|
||||
|
||||
return decrypted, nil
|
||||
symKey, err := encryptedSymKey.Decrypt([]byte(passphrase))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to decrypt symmetric key: %w", err)
|
||||
}
|
||||
|
||||
pgpMessage, err := crypto.NewPlainMessage([]byte(attachment.DataEnc))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create PGP message: %w", err)
|
||||
}
|
||||
|
||||
decrypted, err := pgpMessage.DecryptWithKey(s.keyRing.PrivateKey, symKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to decrypt attachment: %w", err)
|
||||
}
|
||||
|
||||
return decrypted.GetBinary(), nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user