speatzle/go-passbolt
1
0
Fork 0
mirror of https://github.com/passbolt/go-passbolt.git synced 2025-05-10 01:48:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

encryption.go update to gopenpgp v3

Browse source
This commit is contained in:
Samuel Lorch 2025-03-13 17:39:12 +01:00
parent 1c4ccb28ac
commit e189e2babc
1 changed files with 121 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

133
api/encryption.go
View file

@ -3,33 +3,142 @@ package api
import ( import (
"fmt" "fmt"
"github.com/ProtonMail/gopenpgp/v2/helper" "github.com/ProtonMail/gopenpgp/v3/crypto"
) )
// EncryptMessage encrypts a message using the users public key and then signes the message using the users private key // EncryptMessage encrypts a message using the users public key and then signes the message using the users private key
func (c *Client) EncryptMessage(message string) (string, error) { func (c *Client) EncryptMessage(message string) (string, error) {
if c.userPrivateKey == "" { key, err := c.getPrivateKey(c.userPrivateKey, c.userPassword)
return "", fmt.Errorf("Client has no Private Key") if err != nil {
} else if c.userPublicKey == "" { return "", fmt.Errorf("Get Private Key: %w", err)
return "", fmt.Errorf("Client has no Public Key")
} }
return helper.EncryptSignMessageArmored(c.userPublicKey, c.userPrivateKey, c.userPassword, message)
defer key.ClearPrivateParams()
encHandle, err := c.pgp.Encryption().SigningKey(key).Recipient(key).New()
if err != nil {
return "", fmt.Errorf("New Encryptor: %w", err)
}
defer encHandle.ClearPrivateParams()
encMessage, err := encHandle.Encrypt([]byte(message))
if err != nil {
return "", fmt.Errorf("Encrypt Message: %w", err)
}
encArmor, err := encMessage.Armor()
if err != nil {
return "", fmt.Errorf("Armor Message: %w", err)
}
return encArmor, nil
} }
// EncryptMessageWithPublicKey encrypts a message using the provided public key and then signes the message using the users private key // EncryptMessageWithPublicKey encrypts a message using the provided public key and then signes the message using the users private key
func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string, error) { func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string, error) {
if c.userPrivateKey == "" { key, err := c.getPrivateKey(c.userPrivateKey, c.userPassword)
return "", fmt.Errorf("Client has no Private Key") if err != nil {
return "", fmt.Errorf("Get Private Key: %w", err)
} }
return helper.EncryptSignMessageArmored(publickey, c.userPrivateKey, c.userPassword, message)
defer key.ClearPrivateParams()
publicKey, err := crypto.NewKeyFromArmored(publickey)
if err != nil {
return "", fmt.Errorf("Get Public Key: %w", err)
}
encHandle, err := c.pgp.Encryption().SigningKey(key).Recipient(publicKey).New()
if err != nil {
return "", fmt.Errorf("New Encryptor: %w", err)
}
defer encHandle.ClearPrivateParams()
encMessage, err := encHandle.Encrypt([]byte(message))
if err != nil {
return "", fmt.Errorf("Encrypt Message: %w", err)
}
encArmor, err := encMessage.Armor()
if err != nil {
return "", fmt.Errorf("Armor Message: %w", err)
}
return encArmor, nil
} }
// DecryptMessage decrypts a message using the users Private Key // DecryptMessage decrypts a message using the users Private Key
func (c *Client) DecryptMessage(message string) (string, error) { func (c *Client) DecryptMessage(message string) (string, error) {
if c.userPrivateKey == "" { key, err := c.getPrivateKey(c.userPrivateKey, c.userPassword)
return "", fmt.Errorf("Client has no Private Key") if err != nil {
return "", fmt.Errorf("Get Private Key: %w", err)
} }
defer key.ClearPrivateParams()
decHandle, err := c.pgp.Decryption().DecryptionKey(key).New()
if err != nil {
return "", fmt.Errorf("New Decryptor: %w", err)
}
defer decHandle.ClearPrivateParams()
res, err := decHandle.Decrypt([]byte(message), crypto.Armor)
if err != nil {
return "", fmt.Errorf("Decrypt Message: %w", err)
}
// We cant Verify the signature as we don't store other users public keys locally and don't know which user did encrypt it // We cant Verify the signature as we don't store other users public keys locally and don't know which user did encrypt it
//return helper.DecryptVerifyMessageArmored(c.userPublicKey, c.userPrivateKey, c.userPassword, message) //return helper.DecryptVerifyMessageArmored(c.userPublicKey, c.userPrivateKey, c.userPassword, message)
return helper.DecryptMessageArmored(c.userPrivateKey, c.userPassword, message)
return res.String(), nil
}
// TODO change []byte to string?
func (c *Client) DecryptMessageWithPrivateKey(privateKey string, passphrase []byte, ciphertextArmored string) (string, error) {
key, err := c.getPrivateKey(privateKey, passphrase)
if err != nil {
return "", fmt.Errorf("Get Private Key: %w", err)
}
defer key.ClearPrivateParams()
decHandle, err := c.pgp.Decryption().DecryptionKey(key).New()
if err != nil {
return "", fmt.Errorf("New Decryptor: %w", err)
}
defer decHandle.ClearPrivateParams()
res, err := decHandle.Decrypt([]byte(ciphertextArmored), crypto.Armor)
if err != nil {
return "", fmt.Errorf("Decrypt: %w", err)
}
return string(res.Bytes()), nil
}
func (c *Client) getPrivateKey(privateKey string, passphrase []byte) (*crypto.Key, error) {
if c.userPrivateKey == "" {
return nil, fmt.Errorf("Client has no Private Key")
}
key, err := crypto.NewKeyFromArmored(privateKey)
if err != nil {
return nil, fmt.Errorf("Key From Armored: %w", err)
}
locked, err := key.IsLocked()
if err != nil {
return nil, fmt.Errorf("Is Key Locked: %w", err)
}
if locked {
unlocked, err := key.Unlock(passphrase)
if err != nil {
return nil, fmt.Errorf("Unlock Key: %w", err)
}
return unlocked, nil
}
return key, nil
} }