FRE-681: Fix code review findings - body flag, PGP encryption, passphrase handling
- cmd/mail.go: Fix duplicate --body/--body-file flag binding (both used bodyFile) - internal/mail/client.go: Add PGP encryption to Send via EncryptBody, add passphrase to MoveToTrash and SendDraft - internal/mail/pgp.go: Store armored private key, add getUnlockedKeyRing helper, fix Decrypt/SignData/EncryptAndSign/DecryptAttachment to use passphrase via key.Unlock - internal/mail/pgp.go: Add EncryptBody method for Send encryption with sender key - cmd/draft.go: Update SendDraft call to include passphrase parameter
This commit is contained in:
Senior Engineer
@@ -8,8 +8,9 @@ import (
|
||||
)
|
||||
|
||||
type PGPKeyRing struct {
|
||||
PrivateKey *crypto.Key
|
||||
PublicKey []byte
|
||||
PrivateKey *crypto.Key
|
||||
PublicKey []byte
|
||||
PrivateKeyData string
|
||||
}
|
||||
|
||||
type PGPService struct {
|
||||
@@ -29,8 +30,9 @@ func NewPGPService(privateKeyArmored string) (*PGPService, error) {
|
||||
|
||||
return &PGPService{
|
||||
keyRing: &PGPKeyRing{
|
||||
PrivateKey: privateKey,
|
||||
PublicKey: publicKey,
|
||||
PrivateKey: privateKey,
|
||||
PublicKey: publicKey,
|
||||
PrivateKeyData: privateKeyArmored,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
@@ -56,6 +58,42 @@ func (s *PGPService) Encrypt(plaintext string, recipientPublicKey *crypto.Key) (
|
||||
return armored, nil
|
||||
}
|
||||
|
||||
func (s *PGPService) EncryptBody(plaintext string, passphrase string) (string, error) {
|
||||
pgpMessage := crypto.NewPlainMessage([]byte(plaintext))
|
||||
|
||||
pubKeyBytes, err := s.keyRing.PrivateKey.GetPublicKey()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to get public key: %w", err)
|
||||
}
|
||||
|
||||
pubKey, err := crypto.NewKeyFromArmored(string(pubKeyBytes))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to parse public key: %w", err)
|
||||
}
|
||||
|
||||
recipientKeyRing, err := crypto.NewKeyRing(pubKey)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create encryption key ring: %w", err)
|
||||
}
|
||||
|
||||
signingKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create signing key ring: %w", err)
|
||||
}
|
||||
|
||||
encrypted, err := recipientKeyRing.Encrypt(pgpMessage, signingKeyRing)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to encrypt body: %w", err)
|
||||
}
|
||||
|
||||
armored, err := encrypted.GetArmored()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to armor encrypted body: %w", err)
|
||||
}
|
||||
|
||||
return armored, nil
|
||||
}
|
||||
|
||||
func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto.Key, passphrase string) (string, error) {
|
||||
pgpMessage := crypto.NewPlainMessage([]byte(plaintext))
|
||||
|
||||
@@ -64,7 +102,7 @@ func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto
|
||||
return "", fmt.Errorf("failed to create recipient key ring: %w", err)
|
||||
}
|
||||
|
||||
signingKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey)
|
||||
signingKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create signing key ring: %w", err)
|
||||
}
|
||||
@@ -82,13 +120,30 @@ func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto
|
||||
return armored, nil
|
||||
}
|
||||
|
||||
func (s *PGPService) getUnlockedKeyRing(passphrase string) (*crypto.KeyRing, error) {
|
||||
key, err := crypto.NewKeyFromArmored(s.keyRing.PrivateKeyData)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to parse private key: %w", err)
|
||||
}
|
||||
|
||||
if passphrase != "" {
|
||||
unlockedKey, err := key.Unlock([]byte(passphrase))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to unlock private key: %w", err)
|
||||
}
|
||||
key = unlockedKey
|
||||
}
|
||||
|
||||
return crypto.NewKeyRing(key)
|
||||
}
|
||||
|
||||
func (s *PGPService) Decrypt(encrypted string, passphrase string) (string, error) {
|
||||
pgpMessage, err := crypto.NewPGPMessageFromArmored(encrypted)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to parse encrypted message: %w", err)
|
||||
}
|
||||
|
||||
decryptionKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey)
|
||||
decryptionKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create decryption key ring: %w", err)
|
||||
}
|
||||
@@ -133,7 +188,7 @@ func (s *PGPService) GetFingerprint() (string, error) {
|
||||
func (s *PGPService) SignData(data []byte, passphrase string) (string, error) {
|
||||
pgpMessage := crypto.NewPlainMessage(data)
|
||||
|
||||
signingKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey)
|
||||
signingKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create signing key ring: %w", err)
|
||||
}
|
||||
@@ -190,7 +245,7 @@ func (s *PGPService) DecryptAttachment(attachment *Attachment, passphrase string
|
||||
return nil, fmt.Errorf("no keys available for attachment decryption")
|
||||
}
|
||||
|
||||
decryptionKeyRing, err := crypto.NewKeyRing(s.keyRing.PrivateKey)
|
||||
decryptionKeyRing, err := s.getUnlockedKeyRing(passphrase)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create decryption key ring: %w", err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user