无法使用golang的openpgp数据包签署有效的gpg密钥

I want to sign a public key from ascii armor with a private key in go language.For that I developed following code but the problem is when I check the signature in gpg --check-sigs the signature created by code is shown as "bad Signature".Please Help as I cant figure out any way of solving it.I have already postd on golang-nuts.I am just learning golang for my college project and I am stuck here,Please help.

    // signer
package main

import (
    "bytes"
    "code.google.com/p/go.crypto/openpgp"
    "code.google.com/p/go.crypto/openpgp/armor"
    "code.google.com/p/go.crypto/openpgp/packet"
    "fmt"
)

// This function takes asciiarmored private key which will sign the public key
//Public key is also ascii armored,pripwd is password of private key in string
//This function will return ascii armored signed public key i.e. (pubkey+sign by prikey)
func SignPubKeyPKS(asciiPub string, asciiPri string, pripwd string) (asciiSignedKey string) {
    //get Private key from armor
    _, priEnt := getPri(asciiPri, pripwd) //pripwd is the password todecrypt the private key
    _, pubEnt := getPub(asciiPub)         //This will generate signature and add it to pubEnt
    usrIdstring := ""
    for _, uIds := range pubEnt.Identities {
        usrIdstring = uIds.Name

    }
    fmt.Println(usrIdstring)
    errSign := pubEnt.SignIdentity(usrIdstring, &priEnt, nil)
    if errSign != nil {
        fmt.Println("Signing Key ", errSign.Error())
        return
    }
    asciiSignedKey = PubEntToAsciiArmor(pubEnt)
    return
}

//get packet.PublicKey and openpgp.Entity of Public Key from ascii armor
func getPub(asciiPub string) (pubKey packet.PublicKey, retEntity openpgp.Entity) {
    read1 := bytes.NewReader([]byte(asciiPub))
    entityList, errReadArm := openpgp.ReadArmoredKeyRing(read1)
    if errReadArm != nil {
        fmt.Println("Reading Pubkey ", errReadArm.Error())
        return
    }
    for _, pubKeyEntity := range entityList {
        if pubKeyEntity.PrimaryKey != nil {
            pubKey = *pubKeyEntity.PrimaryKey
            retEntity = *pubKeyEntity
        }
    }
    return
}

//get packet.PrivateKEy and openpgp.Entity of Private Key from ascii armor
func getPri(asciiPri string, pripwd string) (priKey packet.PrivateKey, priEnt openpgp.Entity) {
    read1 := bytes.NewReader([]byte(asciiPri))
    entityList, errReadArm := openpgp.ReadArmoredKeyRing(read1)
    if errReadArm != nil {
        fmt.Println("Reading PriKey ", errReadArm.Error())
        return
    }
    for _, can_pri := range entityList {
        smPr := can_pri.PrivateKey
        retEntity := can_pri
        if smPr == nil {
            fmt.Println("No Private Key")
            return
        }

        priKey = *smPr

        errDecr := priKey.Decrypt([]byte(pripwd))
        if errDecr != nil {
            fmt.Println("Decrypting ", errDecr.Error())
            return
        }
        retEntity.PrivateKey = &priKey
        priEnt = *retEntity
    }
    return
}

//Create ASscii Armor from openpgp.Entity
func PubEntToAsciiArmor(pubEnt openpgp.Entity) (asciiEntity string) {
    gotWriter := bytes.NewBuffer(nil)
    wr, errEncode := armor.Encode(gotWriter, openpgp.PublicKeyType, nil)
    if errEncode != nil {
        fmt.Println("Encoding Armor ", errEncode.Error())
        return
    }
    errSerial := pubEnt.Serialize(wr)
    if errSerial != nil {
        fmt.Println("Serializing PubKey ", errSerial.Error())
    }
    errClosing := wr.Close()
    if errClosing != nil {
        fmt.Println("Closing writer ", errClosing.Error())
    }
    asciiEntity = gotWriter.String()
    return
}
douza19870617
douza19870617 还可以在code.google.com/p/go/issues/detail?id=7241上查看go的openpgp/armor输出中的装甲差异
6 年多之前 回复

1个回答



该代码看起来大致上还可以,只是在进行错误检查时确实应该更加严格。 对错误进行恐慌要好于根本不进行任何错误检查(因为有时通常会在以后进行段错误检查)。</ p>

问题在于 Signature.SignUserId()</ code的实现 > code.google.com/p/go.crypto/openpgp </ code>内部错误。 它使用的是对密钥进行签名的算法(用于证明子密钥属于主密钥),而不是对用户ID进行签名的算法。</ p>

此外,在探索时 我意识到 PublicKey.VerifyUserIdSignature()</ code>的实现方式仅适用于自签名用户ID,因为它没有在哈希中使用正确的公钥。</ p >

错误报告,补丁为 https:// code.google.com/p/go/issues/detail?id=7371 </ p>
</ div>

展开原文

原文

The code looks roughly ok, except that it really should be stricter with error checking. Panicking on error is better then no error checking at all (because it will usually segfault sometimes later).

The problem is that the implementation of Signature.SignUserId() inside code.google.com/p/go.crypto/openpgp is wrong. It is using the algorithm that signs a key (which is use to certify that the subkey belongs to the primary key) instead of the algorithm that signs a user id.

In addition, while exploring this I realized that PublicKey.VerifyUserIdSignature() is implemented in such a way that it only works for self-signed user ids, because it doesn't use the right public key in the hash.

Bug report, with patch https://code.google.com/p/go/issues/detail?id=7371

douyu7210
douyu7210 谢谢您的回复,很抱歉,我非常忙于考试,因此无法回复。我还在code.google.com/p/go/issues/detail?id=7241指出了go的openpgp / armor输出中的装甲差异。 代码。再次感谢您指出问题的原因。
6 年多之前 回复
立即提问