Signing a gpg/pgp key using openpgp

509 views
Skip to first unread message

pruthvi...@gmail.com

unread,
Jan 29, 2014, 8:43:00 PM1/29/14
to golan...@googlegroups.com
greetings to all!
I am a student.I learned go 10 days ago and now I m hooked.As apart of the project I have to do the following.
I want to read a key from ascii armor and then sign the key with my key to show that I trust the key from armor.

I have tried the following approach using openpgp packet

//public key extracted from armor and is stored in reqpubKey of type packet.PublicKey.
var priKey *packet.PrivateKey
    read1 := bytes.NewReader([]byte(pks_pri_key_armor))
    entityList, _ := openpgp.ReadArmoredKeyRing(read1)
    for _, can_pri := range entityList {
        priKey = can_pri.PrivateKey
    }
    //private key is encrypted hence call decrypt first
    priKey.Decrypt([]byte(pripwd))
    sig := new(packet.Signature)
    //Prepare sign with our configs/////IS IT A MUST ??
    sig.Hash = crypto.SHA1
    sig.PubKeyAlgo = priKey.PubKeyAlgo
    sig.CreationTime = time.Now()
    dur := new(uint32)
    *dur = uint32(365 * 24 * 60 * 60)
    sig.SigLifetimeSecs = dur //a year
    issuerUint := new(uint64)
    *issuerUint = priKey.KeyId
    sig.IssuerKeyId = issuerUint
    sig.SigType = packet.SigTypeGenericCert
    usrIdstring = usrId.uID //contains openpgp user id string (name,email,comments)

I tried following two methods
sig.SignKey(reqPubKey, priKey, nil)
sig.SignUserId(usrIdstring, reqPubKey, priKey, nil)

Using any of the above method the  generated signature gets added to the subkey of the publickey not to the uid when checked on sks and gpg.

e.g.
On SKS it SHOULD show  following output for signing key with ID ABCD4321 (Data changed for privacy)

Type bits/keyID     cr. time   exp time   key expir

pub  1024D/1234ABCD 2012-03-30            

uid Cookie monster <coo...@example.com>
sig  sig3  1234ABCD 2002-03-30 __________ __________ [selfsig]
sig  sig   ABCD4321 2014-01-26 __________ __________ dough dealer <do...@example.com>


sub  2048g/1234ABCD 2012-03-30               
sig sbind  1234ABCD 2012-03-30  __________ __________ []

But It shows following output
Type bits/keyID     cr. time   exp time   key expir

pub  1024D/1234ABCD 2012-03-30            

uid Cookie monster <coo...@example.com>
sig  sig3  1234ABCD 2012-03-30 __________ __________ [selfsig]


sub  2048g/1234ABCD 2012-03-30               
sig sbind  1234ABCD 2012-03-30  __________ __________ []
sig  sig   ABCD4321 2014-01-26 __________ __________ dough dealer <do...@example.com>

Can any of the gpg blackbelts here can tell me what i m doing wrong over here.

agl

unread,
Jan 30, 2014, 4:16:49 PM1/30/14
to golan...@googlegroups.com
On Wednesday, January 29, 2014 8:43:00 PM UTC-5, Pruthvirajsinh Chauhan wrote:
Using any of the above method the generated signature gets added to the subkey of the publickey not to the uid when checked on sks and gpg.

Note: don't assume that the go.crypto code is correct here. It could well be a bug in the openpgp package itself.


Cheers

AGL

Pruthvirajsinh Chauhan

unread,
Jan 31, 2014, 1:00:47 AM1/31/14
to golan...@googlegroups.com
Thanks AGl for reply. 
After reading documentation once again i stumbled upon the method Entity.SignIdentity ,and using which I developed following code.Now the signatures is shown where it should be but while doing gpg --check-sigs it shows signature generated by code as bad signature.

Once again thanks for reply,but this new problem of invalid signature still persists.

func SignPubKeyPKS(asciiPub string, asciiPri string, pripwd string) (asciiSignedKey string) {
    //get Private key from armor
    _, priEnt := getPri(asciiPri, pripwd)
    _, pubEnt := getPub(asciiPub)
    usrIdstring := ""
    for _, uIds := range pubEnt.Identities {
        usrIdstring = uIds.Name
    }
    pubEnt.SignIdentity(usrIdstring, &priEnt, nil)
    asciiSignedKey = PubEntToAsciiArmor(pubEnt)
    return
}

func getPub(asciiPub string) (pubKey packet.PublicKey, retEntity openpgp.Entity) {
    read1 := bytes.NewReader([]byte(asciiPub))
    entityList, _ := openpgp.ReadArmoredKeyRing(read1)
    for _, pubKeyEntity := range entityList {
        if pubKeyEntity.PrimaryKey != nil {
            pubKey = *pubKeyEntity.PrimaryKey
            retEntity = *pubKeyEntity
        }
    }
    return
}

func getPri(asciiPri string, pripwd string) (priKey packet.PrivateKey, priEnt openpgp.Entity) {
    read1 := bytes.NewReader([]byte(asciiPri))
    entityList, _ := openpgp.ReadArmoredKeyRing(read1)
    for _, can_pri := range entityList {
        smPr := can_pri.PrivateKey
        retEntity := can_pri
        if smPr == nil {
            return
        }
        priKey = *smPr
        priKey.Decrypt([]byte(pripwd))
        retEntity.PrivateKey.Decrypt([]byte(pripwd))
        retEntity.PrivateKey = &priKey
        priEnt = *retEntity
    }
    return
}

func PubEntToAsciiArmor(pubEnt openpgp.Entity) (asciiEntity string) {
    gotWriter := bytes.NewBuffer(nil)
    wr, _ := armor.Encode(gotWriter, openpgp.PublicKeyType, nil)
    pubEnt.Serialize(wr)
    wr.Close()
    asciiEntity = gotWriter.String()
    return
Reply all
Reply to author
Forward
0 new messages