diff --git a/api/auth.go b/api/auth.go index a128bff..5882f87 100644 --- a/api/auth.go +++ b/api/auth.go @@ -57,6 +57,10 @@ func (c *Client) CheckSession(ctx context.Context) bool { // Login gets a Session and CSRF Token from Passbolt and Stores them in the Clients Cookie Jar func (c *Client) Login(ctx context.Context) error { + if c.userPrivateKey == "" { + return fmt.Errorf("Client has no Private Key") + } + privateKeyObj, err := crypto.NewKeyFromArmored(c.userPrivateKey) if err != nil { return fmt.Errorf("Parsing User Private Key: %w", err) diff --git a/api/client.go b/api/client.go index 2a7833d..210e8eb 100644 --- a/api/client.go +++ b/api/client.go @@ -36,6 +36,8 @@ type Client struct { // NewClient Returns a new Passbolt Client. // if httpClient is nil http.DefaultClient will be used. // if UserAgent is "" "goPassboltClient/1.0" will be used. +// if UserPrivateKey is "" Key Setup is Skipped to Enable using the Client for User Registration, Most other function will be broken. +// After Registration a new Client Should be Created. func NewClient(httpClient *http.Client, UserAgent, BaseURL, UserPrivateKey, UserPassword string) (*Client, error) { if httpClient == nil { httpClient = http.DefaultClient @@ -49,22 +51,24 @@ func NewClient(httpClient *http.Client, UserAgent, BaseURL, UserPrivateKey, User return nil, fmt.Errorf("Parsing Base URL: %w", err) } - // Verify that the Given Privatekey and Password are valid and work Together - privateKeyObj, err := crypto.NewKeyFromArmored(UserPrivateKey) - if err != nil { - return nil, fmt.Errorf("Unable to Create Key From UserPrivateKey string: %w", err) - } - unlockedKeyObj, err := privateKeyObj.Unlock([]byte(UserPassword)) - if err != nil { - return nil, fmt.Errorf("Unable to Unlock UserPrivateKey using UserPassword: %w", err) - } - privateKeyRing, err := crypto.NewKeyRing(unlockedKeyObj) - if err != nil { - return nil, fmt.Errorf("Unable to Create a new Key Ring using the unlocked UserPrivateKey: %w", err) - } + // Verify that the Given Privatekey and Password are valid and work Together if we were provieded one + if UserPrivateKey != "" { + privateKeyObj, err := crypto.NewKeyFromArmored(UserPrivateKey) + if err != nil { + return nil, fmt.Errorf("Unable to Create Key From UserPrivateKey string: %w", err) + } + unlockedKeyObj, err := privateKeyObj.Unlock([]byte(UserPassword)) + if err != nil { + return nil, fmt.Errorf("Unable to Unlock UserPrivateKey using UserPassword: %w", err) + } + privateKeyRing, err := crypto.NewKeyRing(unlockedKeyObj) + if err != nil { + return nil, fmt.Errorf("Unable to Create a new Key Ring using the unlocked UserPrivateKey: %w", err) + } - // Cleanup Secrets - privateKeyRing.ClearPrivateParams() + // Cleanup Secrets + privateKeyRing.ClearPrivateParams() + } // Create Client Object c := &Client{ diff --git a/api/encryption.go b/api/encryption.go index 8193115..e87537e 100644 --- a/api/encryption.go +++ b/api/encryption.go @@ -1,19 +1,34 @@ package api -import "github.com/ProtonMail/gopenpgp/v2/helper" +import ( + "fmt" + + "github.com/ProtonMail/gopenpgp/v2/helper" +) // EncryptMessage encrypts a message using the users public key and then signes the message using the users private key func (c *Client) EncryptMessage(message string) (string, error) { + if c.userPrivateKey == "" { + return "", fmt.Errorf("Client has no Private Key") + } else if c.userPublicKey == "" { + return "", fmt.Errorf("Client has no Public Key") + } return helper.EncryptSignMessageArmored(c.userPublicKey, c.userPrivateKey, c.userPassword, message) } // EncryptMessageWithPublicKey encrypts a message using the provided public key and then signes the message using the users private key func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string, error) { + if c.userPrivateKey == "" { + return "", fmt.Errorf("Client has no Private Key") + } return helper.EncryptSignMessageArmored(publickey, c.userPrivateKey, c.userPassword, message) } // DecryptMessage decrypts a message using the users Private Key func (c *Client) DecryptMessage(message string) (string, error) { + if c.userPrivateKey == "" { + return "", fmt.Errorf("Client has no Private Key") + } // We cant Verify the signature as we don't store other users public keys locally and don't know which user did encrypt it //return helper.DecryptVerifyMessageArmored(c.userPublicKey, c.userPrivateKey, c.userPassword, message) return helper.DecryptMessageArmored(c.userPrivateKey, c.userPassword, message)