homelab/sigtool
2
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions
sigtool/sign/keys.go

546 lines
12 KiB
Go
Raw Permalink Normal View History

Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
// keys.go -- Ed25519 keys management
//
// (c) 2016 Sudhi Herle <sudhi@herle.net>
//
// Licensing Terms: GPLv2
//
// If you need a commercial license for this work, please contact
// the author.
//
// This software does not come with any express or implied
// warranty; it is provided "as is". No claim is made to its
// suitability for any purpose.
// This file implements:
// - key generation, and key I/O
// - sign/verify of files and byte strings
package sign
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/sha256"
"crypto/sha512"
"encoding/base64"
"encoding/binary"
"fmt"
"hash"
"io/ioutil"
"math/big"
"os"
Ed "crypto/ed25519"
"golang.org/x/crypto/scrypt"
"gopkg.in/yaml.v2"
"github.com/opencoff/go-utils"
)
// Private Ed25519 key
type PrivateKey struct {
Sk []byte
// Encryption key: Curve25519 point corresponding to this Ed25519 key
ck []byte
// Cached copy of the public key
pk *PublicKey
}
// Public Ed25519 key
type PublicKey struct {
Pk []byte
// Comment string
Comment string
// Curve25519 point corresponding to this Ed25519 key
ck []byte
hash []byte
}
// Length of Ed25519 Public Key Hash
const PKHashLength = 16
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// constants we use in this module
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
const (
// Scrypt parameters
_N int = 1 << 19
_r int = 8
_p int = 1
// Algorithm used in the encrypted private key
sk_algo = "scrypt-sha256"
sig_algo = "sha512-ed25519"
)
// Encrypted Private key
type serializedPrivKey struct {
Comment string `yaml:"comment,omitempty"`
// Encrypted Sk
Esk string `yaml:"esk"`
Salt string `yaml:"salt,omitempty"`
// Algorithm used for checksum and KDF
Algo string `yaml:"algo,omitempty"`
// These are params for scrypt.Key()
// CPU Cost parameter; must be a power of 2
N int `yaml:"Z,flow,omitempty"`
// r * p should be less than 2^30
R int `yaml:"r,flow,omitempty"`
P int `yaml:"p,flow,omitempty"`
}
// serialized representation of public key
type serializedPubKey struct {
Comment string `yaml:"comment,omitempty"`
Pk string `yaml:"pk"`
Hash string `yaml:"hash"`
}
// Serialized signature
type signature struct {
Comment string `yaml:"comment,omitempty"`
Pkhash string `yaml:"pkhash,omitempty"`
Signature string `yaml:"signature"`
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// given a public key, generate a deterministic short-hash of it.
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
func pkhash(pk []byte) []byte {
z := sha256.Sum256(pk)
return z[:PKHashLength]
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// NewPrivateKey generates a new Ed25519 private key
func NewPrivateKey() (*PrivateKey, error) {
pkb, skb, err := Ed.GenerateKey(rand.Reader)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
if err != nil {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return nil, err
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
sk := &PrivateKey{
Sk: []byte(skb),
pk: &PublicKey{
Pk: []byte(pkb),
hash: pkhash([]byte(pkb)),
},
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return sk, nil
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
// Read the private key in 'fn', optionally decrypting it using
// password 'pw' and create new instance of PrivateKey
func ReadPrivateKey(fn string, getpw func() ([]byte, error)) (*PrivateKey, error) {
yml, err := ioutil.ReadFile(fn)
if err != nil {
return nil, err
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
var sk PrivateKey
if err = sk.UnmarshalBinary(yml, getpw); err != nil {
return nil, err
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return &sk, nil
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// Make a private key from bytes 'yml' using optional caller provided
// getpw() function to read the password if needed.
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
// are assumed to be serialized version of the private key.
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
func MakePrivateKey(yml []byte, getpw func() ([]byte, error)) (*PrivateKey, error) {
var sk PrivateKey
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
err := sk.UnmarshalBinary(yml, getpw)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
if err != nil {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return nil, err
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return &sk, nil
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// make a PrivateKey from a byte array containing ed25519 raw SK
func makePrivateKeyFromBytes(sk *PrivateKey, buf []byte) error {
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
if len(buf) != 64 {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return fmt.Errorf("private key is malformed (len %d!)", len(buf))
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
skb := make([]byte, 64)
copy(skb, buf)
edsk := Ed.PrivateKey(skb)
edpk := edsk.Public().(Ed.PublicKey)
pk := &PublicKey{
Pk: []byte(edpk),
hash: pkhash([]byte(edpk)),
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
sk.Sk = skb
sk.pk = pk
return nil
}
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
/*
// Make a private key from 64-bytes of extended Ed25519 key
func PrivateKeyFromBytes(buf []byte) (*PrivateKey, error) {
var sk PrivateKey
return makePrivateKeyFromBytes(&sk, buf)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
*/
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
// Given a secret key, return the corresponding Public Key
func (sk *PrivateKey) PublicKey() *PublicKey {
return sk.pk
}
// Convert an Ed25519 Private Key to Curve25519 Private key
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
func (sk *PrivateKey) ToCurve25519SK() []byte {
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
if sk.ck == nil {
var ek [64]byte
h := sha512.New()
h.Write(sk.Sk[:32])
h.Sum(ek[:0])
sk.ck = clamp(ek[:32])
}
return sk.ck
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// Serialize the private key to file 'fn' using human readable
// 'comment' and encrypt the key with supplied passphrase 'pw'.
func (sk *PrivateKey) Serialize(fn, comment string, ovwrite bool, pw []byte) error {
b, err := sk.MarshalBinary(comment, pw)
if err == nil {
return writeFile(fn, b, ovwrite, 0600)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return err
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// MarshalBinary marshals the private key with a caller provided
// passphrase 'pw' and human readable 'comment'
func (sk *PrivateKey) MarshalBinary(comment string, pw []byte) ([]byte, error) {
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
// expand the password into 64 bytes
pass := sha512.Sum512(pw)
salt := make([]byte, 32)
Better handling of sender verification * Sender identity is never shared in the encrypted payload * Sender signs the data-encryption key via Ed25519 if sender-auth is desired; else a "signature" of all zeroes is used. In either case, this signature is encrypted with the same data-encryption key. * cleaned up stale code and updated tests
2020-03-23 10:44:40 -07:00
randRead(salt)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
// "32" == Length of AES-256 key
key, err := scrypt.Key(pass[:], salt, _N, _r, _p, 32)
if err != nil {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return nil, fmt.Errorf("marshal: can't derive scrypt key: %s", err)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
aes, err := aes.NewCipher(key)
if err != nil {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return nil, fmt.Errorf("marshal: %s", err)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
ae, err := cipher.NewGCM(aes)
if err != nil {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return nil, fmt.Errorf("marshal: %s", err)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
tl := ae.Overhead()
buf := make([]byte, tl+len(sk.Sk))
esk := ae.Seal(buf[:0], salt[:ae.NonceSize()], sk.Sk, nil)
enc := base64.StdEncoding.EncodeToString
ssk := serializedPrivKey{
Comment: comment,
Esk: enc(esk),
Salt: enc(salt),
Algo: sk_algo,
N: _N,
R: _r,
P: _p,
}
// We won't protect the Scrypt parameters with the hash above
// because it is not needed. If the parameters are wrong, the
// derived key will be wrong and thus, the hash will not match.
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return yaml.Marshal(&ssk)
}
// UnmarshalBinary unmarshals the private key and optionally invokes the
// caller provided getpw() function to read the password if needed. If the
// input byte stream 'b' is an OpenSSH ed25519 key, this function transparently
// decodes it.
func (sk *PrivateKey) UnmarshalBinary(b []byte, getpw func() ([]byte, error)) error {
if bytes.Index(b, []byte("OPENSSH PRIVATE KEY-")) > 0 {
xk, err := parseSSHPrivateKey(b, getpw)
if err != nil {
return err
}
*sk = *xk
return nil
}
var pw []byte
if getpw != nil {
var err error
pw, err = getpw()
if err != nil {
return err
}
}
// We take short passwords and extend them
pwb := sha512.Sum512(pw)
var ssk serializedPrivKey
err := yaml.Unmarshal(b, &ssk)
if err != nil {
return fmt.Errorf("unmarshal priv key: can't parse YAML: %s", err)
}
if len(ssk.Salt) == 0 || len(ssk.Esk) == 0 {
return fmt.Errorf("unmarshal priv key: not YAML format")
}
b64 := base64.StdEncoding.DecodeString
salt, err := b64(ssk.Salt)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
if err != nil {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return fmt.Errorf("unmarshal priv key: can't decode salt: %s", err)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
esk, err := b64(ssk.Esk)
if err != nil {
return fmt.Errorf("unmarshal priv key: can't decode key: %s", err)
}
// "32" == Length of AES-256 key
key, err := scrypt.Key(pwb[:], salt, ssk.N, ssk.R, ssk.P, 32)
if err != nil {
return fmt.Errorf("unmarshal priv key: can't derive key: %s", err)
}
aes, err := aes.NewCipher(key)
if err != nil {
return fmt.Errorf("unmarshal priv key: aes failure: %s", err)
}
ae, err := cipher.NewGCM(aes)
if err != nil {
return fmt.Errorf("unmarshal priv key: aes failure: %s", err)
}
skb := make([]byte, 64)
skb, err = ae.Open(skb[:0], salt[:ae.NonceSize()], esk, nil)
if err != nil {
return fmt.Errorf("unmarshal priv key: wrong password")
}
return makePrivateKeyFromBytes(sk, skb)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
// --- Public Key Methods ---
// Read the public key from 'fn' and create new instance of
// PublicKey
func ReadPublicKey(fn string) (*PublicKey, error) {
var err error
var yml []byte
if yml, err = ioutil.ReadFile(fn); err != nil {
return nil, err
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
var pk PublicKey
if err = pk.UnmarshalBinary(yml); err != nil {
return nil, err
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return &pk, nil
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
// Parse a serialized public in 'yml' and return the resulting
// public key instance
func MakePublicKey(yml []byte) (*PublicKey, error) {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
var pk PublicKey
if err := pk.UnmarshalBinary(yml); err != nil {
return nil, err
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return &pk, nil
}
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
func makePublicKeyFromBytes(pk *PublicKey, b []byte) error {
if len(b) != 32 {
return fmt.Errorf("public key is malformed (len %d!)", len(b))
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
pk.Pk = make([]byte, 32)
pk.hash = pkhash(b)
copy(pk.Pk, b)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return nil
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
/*
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
// Make a public key from a byte string
func PublicKeyFromBytes(b []byte) (*PublicKey, error) {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
var pk PublicKey
makePublicKeyFromBytes(&pk, b)
}
*/
// Serialize a PublicKey into file 'fn' with a human readable 'comment'.
// If 'ovwrite' is true, overwrite the file if it exists.
func (pk *PublicKey) Serialize(fn, comment string, ovwrite bool) error {
out, err := pk.MarshalBinary(comment)
if err == nil {
return writeFile(fn, out, ovwrite, 0644)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return err
}
// from github.com/FiloSottile/age
var curve25519P, _ = new(big.Int).SetString("57896044618658097711785492504343953926634992332820282019728792003956564819949", 10)
// Convert an Ed25519 Public Key to Curve25519 public key
// from github.com/FiloSottile/age
func (pk *PublicKey) ToCurve25519PK() []byte {
if pk.ck != nil {
return pk.ck
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// ed25519.PublicKey is a little endian representation of the y-coordinate,
// with the most significant bit set based on the sign of the x-ccordinate.
bigEndianY := make([]byte, Ed.PublicKeySize)
for i, b := range pk.Pk {
bigEndianY[Ed.PublicKeySize-i-1] = b
}
bigEndianY[0] &= 0b0111_1111
// The Montgomery u-coordinate is derived through the bilinear map
//
// u = (1 + y) / (1 - y)
//
// See https://blog.filippo.io/using-ed25519-keys-for-encryption.
y := new(big.Int).SetBytes(bigEndianY)
denom := big.NewInt(1)
denom.ModInverse(denom.Sub(denom, y), curve25519P) // 1 / (1 - y)
u := y.Mul(y.Add(y, big.NewInt(1)), denom)
u.Mod(u, curve25519P)
out := make([]byte, 32)
uBytes := u.Bytes()
n := len(uBytes)
for i, b := range uBytes {
out[n-i-1] = b
}
pk.ck = out
return out
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// Public Key Hash
func (pk *PublicKey) Hash() []byte {
return pk.hash
}
// MarshalBinary marshals a PublicKey into a byte array
func (pk *PublicKey) MarshalBinary(comment string) ([]byte, error) {
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
b64 := base64.StdEncoding.EncodeToString
spk := &serializedPubKey{
Comment: comment,
Pk: b64(pk.Pk),
Hash: b64(pk.hash),
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return yaml.Marshal(spk)
}
// UnmarshalBinary constructs a PublicKey from a previously
// marshaled byte stream instance. In addition, it is also
// capable of parsing an OpenSSH ed25519 public key.
func (pk *PublicKey) UnmarshalBinary(yml []byte) error {
// first try to parse as a ssh key
if xk, err := parseSSHPublicKey(yml); err == nil {
*pk = *xk
return nil
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// OK Yaml it is.
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
var spk serializedPubKey
var err error
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
if err = yaml.Unmarshal(yml, &spk); err != nil {
return fmt.Errorf("can't parse YAML: %s", err)
}
if len(spk.Pk) == 0 {
return fmt.Errorf("sign: not a YAML public key")
}
b64 := base64.StdEncoding.DecodeString
var pkb []byte
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
if pkb, err = b64(spk.Pk); err != nil {
return fmt.Errorf("can't decode YAML:Pk: %s", err)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return makePublicKeyFromBytes(pk, pkb)
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
// -- Internal Utility Functions --
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
// Simple function to reliably write data to a file.
// Does MORE than ioutil.WriteFile() - in that it doesn't trash the
// existing file with an incomplete write.
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
func writeFile(fn string, b []byte, ovwrite bool, mode uint32) error {
sf, err := NewSafeFile(fn, ovwrite, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, os.FileMode(mode))
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
if err != nil {
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return err
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
defer sf.Abort() // always cleanup on error
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
sf.Write(b)
return sf.Close()
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
// Generate file checksum out of hash function h
func fileCksum(fn string, h hash.Hash) ([]byte, error) {
fd, err := os.Open(fn)
if err != nil {
return nil, fmt.Errorf("can't open %s: %s", fn, err)
}
defer fd.Close()
sz, err := utils.MmapReader(fd, 0, 0, h)
if err != nil {
return nil, err
}
var b [8]byte
binary.BigEndian.PutUint64(b[:], uint64(sz))
h.Write(b[:])
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests
2022-04-29 21:36:39 +05:30
return h.Sum(nil)[:], nil
Major breaking changes: Reworked file encryption scheme * all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
2020-03-20 17:40:52 -07:00
}
func clamp(k []byte) []byte {
k[0] &= 248
k[31] &= 127
k[31] |= 64
return k
}
// EOF
// vim: noexpandtab:ts=8:sw=8:tw=92:
Reference in a new issue Copy permalink