github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/libkb/generickey.go (about) 1 // Copyright 2015 Keybase, Inc. All rights reserved. Use of 2 // this source code is governed by the included BSD license. 3 4 package libkb 5 6 import ( 7 "strings" 8 9 "github.com/keybase/client/go/kbcrypto" 10 keybase1 "github.com/keybase/client/go/protocol/keybase1" 11 ) 12 13 type VerifyContext interface { 14 Debug(format string, args ...interface{}) 15 } 16 17 type RawPublicKey []byte 18 type RawPrivateKey []byte 19 20 type GenericKey interface { 21 GetKID() keybase1.KID 22 GetBinaryKID() keybase1.BinaryKID 23 GetAlgoType() kbcrypto.AlgoType 24 25 // Sign to an ASCII signature (which includes the message 26 // itself) and return it, along with a derived ID. 27 SignToString(msg []byte) (sig string, id keybase1.SigIDBase, err error) 28 29 // Verify that the given signature is valid and extracts the 30 // embedded message from it. Also returns the signature ID. 31 VerifyStringAndExtract(ctx VerifyContext, sig string) (msg []byte, id keybase1.SigIDBase, err error) 32 33 // Verify that the given signature is valid and that its 34 // embedded message matches the given one. Also returns the 35 // signature ID. 36 VerifyString(ctx VerifyContext, sig string, msg []byte) (id keybase1.SigIDBase, err error) 37 38 // Encrypt to an ASCII armored encryption; optionally include a sender's 39 // (private) key so that we can provably see who sent the message. 40 EncryptToString(plaintext []byte, sender GenericKey) (ciphertext string, err error) 41 42 // Decrypt the output of Encrypt above; provide the plaintext and also 43 // the KID of the key that sent the message (if applicable). 44 DecryptFromString(ciphertext string) (msg []byte, sender keybase1.KID, err error) 45 46 // Derive a secret key from a DH secret key 47 SecretSymmetricKey(reason EncryptionReason) (NaclSecretBoxKey, error) 48 49 VerboseDescription() string 50 CheckSecretKey() error 51 CanSign() bool 52 CanEncrypt() bool 53 CanDecrypt() bool 54 HasSecretKey() bool 55 Encode() (string, error) // encode public key to string 56 57 // ExportPublicAndPrivate to special-purpose types so there is no way we can 58 // accidentally reverse them. 59 ExportPublicAndPrivate() (public RawPublicKey, private RawPrivateKey, err error) 60 } 61 62 func CanEncrypt(key GenericKey) bool { 63 switch key.(type) { 64 case NaclDHKeyPair: 65 return true 66 case *PGPKeyBundle: 67 return true 68 default: 69 return false 70 } 71 } 72 73 func skbPushAndSave(m MetaContext, skb *SKB) (err error) { 74 defer m.Trace("skbPushAndSave", &err)() 75 ring, err := m.Keyring() 76 if err != nil { 77 return err 78 } 79 err = ring.PushAndSave(skb) 80 if err != nil { 81 return err 82 } 83 return nil 84 } 85 86 // Any valid key matches the empty string. 87 func KeyMatchesQuery(key GenericKey, q string, exact bool) bool { 88 if key.GetKID().Match(q, exact) { 89 return true 90 } 91 return GetPGPFingerprintFromGenericKey(key).Match(q, exact) 92 } 93 94 func IsPGP(key GenericKey) bool { 95 _, ok := key.(*PGPKeyBundle) 96 return ok 97 } 98 99 func ParseGenericKey(bundle string) (GenericKey, *Warnings, error) { 100 if isPGPBundle(bundle) { 101 // PGP key 102 return ReadOneKeyFromStringLiberal(bundle) 103 } 104 // NaCl key 105 key, err := ImportKeypairFromKID(keybase1.KIDFromString(bundle)) 106 return key, &Warnings{}, err 107 } 108 109 func isPGPBundle(armored string) bool { 110 return strings.HasPrefix(armored, "-----BEGIN PGP") 111 } 112 113 func GenericKeyEqual(k1, k2 GenericKey) bool { 114 return k1.GetKID().Equal(k2.GetKID()) 115 }