package meowlib import ( "encoding/base64" "time" "github.com/ProtonMail/gopenpgp/v2/crypto" "github.com/ProtonMail/gopenpgp/v2/helper" "github.com/pkg/errors" "github.com/rs/zerolog/log" ) type KeyPair struct { Public string `json:"public,omitempty"` Private string `json:"private,omitempty"` Generated time.Time `json:"generated,omitempty"` } type KeysArray []KeyPair func NewKeyPair() KeyPair { var kp KeyPair keys, err := crypto.GenerateKey("name", "mail", "x25519", 0) if err != nil { log.Error().Msg("Key generation failed") } kp.Generated = time.Now() pub, err := keys.GetArmoredPublicKey() if err != nil { log.Error().Msg("Public key extraction failed") } kp.Public = base64.StdEncoding.EncodeToString([]byte(pub)) priv, err := keys.Armor() if err != nil { log.Error().Msg("Private key extraction failed") } kp.Private = base64.StdEncoding.EncodeToString([]byte(priv)) return kp } func (Kp *KeyPair) GetCryptoKeyObject() *crypto.Key { priv, err := base64.StdEncoding.DecodeString(Kp.Private) if err != nil { log.Error().Msg("Create key from armoured b64 failed") } key, err := crypto.NewKeyFromArmored(string(priv)) if err != nil { log.Error().Msg("Create key from armoured failed") } return key } func AsymEncrypt(publicKey string, data []byte) ([]byte, error) { pub, err := base64.StdEncoding.DecodeString(publicKey) if err != nil { log.Error().Msg("Message encryption b64 failed") } ciphertext, err := encryptMessage(string(pub), crypto.NewPlainMessage(data)) if err != nil { log.Error().Msg("Message encryption failed") return nil, err } return ciphertext.GetBinary(), err } func AsymDecrypt(PrivateKey string, data []byte) ([]byte, error) { priv, err := base64.StdEncoding.DecodeString(PrivateKey) if err != nil { log.Error().Msg("Message decryption b64 failed") } decrypted, err := decryptMessage(string(priv), nil, crypto.NewPGPMessage(data)) if err != nil { log.Error().Msg("Message decryption failed") } return decrypted.GetBinary(), err } func AsymEncryptArmored(PublicKey string, data []byte) ([]byte, error) { pub, err := base64.StdEncoding.DecodeString(PublicKey) if err != nil { log.Error().Msg("Message encryption b64 failed") } armor, err := helper.EncryptBinaryMessageArmored(string(pub), data) if err != nil { log.Error().Msg("Message encryption failed") } return []byte(armor), err } func AsymDecryptArmored(PrivateKey string, data []byte) ([]byte, error) { priv, err := base64.StdEncoding.DecodeString(PrivateKey) if err != nil { log.Error().Msg("Message decryption b64 failed") } decrypted, err := helper.DecryptBinaryMessageArmored(string(priv), nil, string(data)) if err != nil { log.Error().Msg("Message decryption failed") } return []byte(decrypted), err } /* func AsymEncryptAndSign_helpers(PublicEncryptionKey string, PrivateSignatureKey string, data []byte) (*EncryptedMessage, error) { var enc EncryptedMessage pub, err := base64.StdEncoding.DecodeString(PublicEncryptionKey) if err != nil { log.Error().Msg("Message encryption and sign b64 failed") } priv, err := base64.StdEncoding.DecodeString(PrivateSignatureKey) if err != nil { log.Error().Msg("Message encryption and sign b64 failed") } encrypted, signature, err := helper.EncryptSignBinaryDetached(string(pub), string(priv), nil, data) if err != nil { log.Error().Msg("Message encryption and sign failed") } enc.data = []byte(encrypted) enc.signature = []byte(signature) return &enc, err } func AsymDecryptAndCheck_helpers(MyPrivateEncryptionKey string, MyContactPublicKey string, data []byte, Signature []byte) (DecryptedMessage []byte, err error) { priv, err := base64.StdEncoding.DecodeString(MyPrivateEncryptionKey) if err != nil { log.Error().Msg("Message decryption and sign b64 failed") } pub, err := base64.StdEncoding.DecodeString(MyContactPublicKey) if err != nil { log.Error().Msg("Message decryption and sign b64 failed") } DecryptedMessage, err = helper.DecryptVerifyBinaryDetached(string(pub), string(priv), nil, data, string(Signature)) if err != nil { log.Error().Msg("Message decryption and sign failed") } return DecryptedMessage, err } */ func encryptMessage(key string, message *crypto.PlainMessage) (*crypto.PGPMessage, error) { publicKeyRing, err := createPublicKeyRing(key) if err != nil { return nil, err } ciphertext, err := publicKeyRing.Encrypt(message, nil) if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to encrypt message") } return ciphertext, nil } func decryptMessage(privateKey string, passphrase []byte, ciphertext *crypto.PGPMessage) (*crypto.PlainMessage, error) { privateKeyObj, err := crypto.NewKeyFromArmored(privateKey) if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to parse the private key") } privateKeyUnlocked, err := privateKeyObj.Unlock(passphrase) if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to unlock key") } defer privateKeyUnlocked.ClearPrivateParams() privateKeyRing, err := crypto.NewKeyRing(privateKeyUnlocked) if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to create the private key ring") } message, err := privateKeyRing.Decrypt(ciphertext, nil, 0) if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to decrypt message") } return message, nil } func createPublicKeyRing(publicKey string) (*crypto.KeyRing, error) { publicKeyObj, err := crypto.NewKeyFromArmored(publicKey) if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to parse public key") } if publicKeyObj.IsPrivate() { publicKeyObj, err = publicKeyObj.ToPublic() if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to extract public key from private key") } } publicKeyRing, err := crypto.NewKeyRing(publicKeyObj) if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to create new keyring") } return publicKeyRing, nil } func AsymEncryptAndSign(PublicEncryptionKey string, PrivateSignatureKey string, data []byte) (*EncryptedMessage, error) { var enc EncryptedMessage pub, err := base64.StdEncoding.DecodeString(PublicEncryptionKey) if err != nil { log.Error().Msg("Message encryption and sign b64 failed") return nil, err } priv, err := base64.StdEncoding.DecodeString(PrivateSignatureKey) if err != nil { log.Error().Msg("Message encryption and sign b64 failed") return nil, err } ciphertext, signature, err := encryptAndSignMessage(string(pub), string(priv), crypto.NewPlainMessage(data)) if err != nil { log.Error().Msg("Message encryption failed") return nil, err } enc.Data = ciphertext.GetBinary() enc.Signature = []byte(signature) return &enc, err } func AsymDecryptAndCheck(MyPrivateEncryptionKey string, MyContactPublicKey string, data []byte, Signature []byte) (DecryptedMessage []byte, err error) { priv, err := base64.StdEncoding.DecodeString(MyPrivateEncryptionKey) if err != nil { log.Error().Msg("Message decryption and sign b64 failed") return nil, err } pub, err := base64.StdEncoding.DecodeString(MyContactPublicKey) if err != nil { log.Error().Msg("Message decryption and sign b64 failed") return nil, err } DecryptedMessage, err = decryptAndCheckMessage(string(pub), string(priv), crypto.NewPGPMessage(data), crypto.NewPGPSignature(Signature)) if err != nil { log.Error().Msg("Message decryption and sign failed") return nil, err } return DecryptedMessage, err } func encryptAndSignMessage(pub string, priv string, message *crypto.PlainMessage) (*crypto.PGPMessage, []byte, error) { var privateKeyObj, unlockedKeyObj *crypto.Key var privateKeyRing *crypto.KeyRing publicKeyRing, err := createPublicKeyRing(pub) if err != nil { return nil, nil, err } if err != nil { return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt message") } if privateKeyObj, err = crypto.NewKeyFromArmored(priv); err != nil { return nil, nil, errors.Wrap(err, "gopenpgp: unable to parse private key") } if unlockedKeyObj, err = privateKeyObj.Unlock(nil); err != nil { return nil, nil, errors.Wrap(err, "gopenpgp: unable to unlock key") } defer unlockedKeyObj.ClearPrivateParams() if privateKeyRing, err = crypto.NewKeyRing(unlockedKeyObj); err != nil { return nil, nil, errors.Wrap(err, "gopenpgp: unable to create private keyring") } ciphertext, err := publicKeyRing.Encrypt(message, nil) if err != nil { return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt message") } signature, err := privateKeyRing.SignDetached(message) if err != nil { return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt message") } return ciphertext, signature.GetBinary(), nil } func decryptAndCheckMessage(pub string, priv string, message *crypto.PGPMessage, signature *crypto.PGPSignature) ([]byte, error) { var privateKeyObj, unlockedKeyObj *crypto.Key var privateKeyRing *crypto.KeyRing publicKeyRing, err := createPublicKeyRing(pub) if err != nil { return nil, err } if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to encrypt message") } if privateKeyObj, err = crypto.NewKeyFromArmored(priv); err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to parse private key") } if unlockedKeyObj, err = privateKeyObj.Unlock(nil); err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to unlock key") } defer unlockedKeyObj.ClearPrivateParams() if privateKeyRing, err = crypto.NewKeyRing(unlockedKeyObj); err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to create private keyring") } plainmessage, err := privateKeyRing.Decrypt(message, nil, 0) if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to decrypt message") } err = publicKeyRing.VerifyDetached(plainmessage, signature, crypto.GetUnixTime()) if err != nil { return nil, errors.Wrap(err, "gopenpgp: unable to check message signature") } return plainmessage.GetBinary(), nil }