Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot specify filename when encrypting + signing #289

Open
WordsmithCreativity opened this issue Jul 18, 2024 · 4 comments
Open

Cannot specify filename when encrypting + signing #289

WordsmithCreativity opened this issue Jul 18, 2024 · 4 comments

Comments

@WordsmithCreativity
Copy link

In both v2 and v3 of the library there is no possibility to specify a filename when both signing and encrypting a file.

This would mimic the behavior of gpg as such:

$ gpg --encrypt --sign -r XXX test.txt
$ gpg --list-packets test.txt.gpg
...
:literal data packet:
	mode b (62), created 1721297550, name="test.txt",
	raw data: 9 bytes
...
:signature packet: algo 1, keyid XXX
...

I've altered the https://github.com/ProtonMail/gopenpgp/blob/main/helper/sign_detached.go#L14 function slightly to allow my use-case as such:

func SignAndEncryptWithFileName(publicKey string, privateKey string, passphrase []byte, plaintext string, filename string) (string, error) {
	var privateKeyObj, unlockedKeyObj *crypto.Key
	var publicKeyRing, privateKeyRing *crypto.KeyRing
	var pgpMessage *crypto.PGPMessage
	var ciphertext string

	var message = crypto.NewPlainMessageFromFile([]byte(plaintext), filename, uint32(crypto.GetUnixTime()))

	publicKeyObj, err := crypto.NewKeyFromArmored(publicKey)
	if err != nil {
		return "", err
	}

	publicKeyRing, err = crypto.NewKeyRing(publicKeyObj)
	if err != nil {
		return "", err
	}

	if privateKeyObj, err = crypto.NewKeyFromArmored(privateKey); err != nil {
		return "", errors.New("gopenpgp: unable to read key")
	}

	if unlockedKeyObj, err = privateKeyObj.Unlock(passphrase); err != nil {
		return "", errors.New("gopenpgp: unable to unlock key")
	}
	defer unlockedKeyObj.ClearPrivateParams()

	if privateKeyRing, err = crypto.NewKeyRing(unlockedKeyObj); err != nil {
		return "", errors.New("gopenpgp: unable to create new keyring")
	}

	if pgpMessage, err = publicKeyRing.Encrypt(message, privateKeyRing); err != nil {
		return "", errors.New("gopenpgp: unable to encrypt message")
	}

	if ciphertext, err = pgpMessage.GetArmored(); err != nil {
		return "", errors.New("gopenpgp: unable to armor ciphertext")
	}

	return ciphertext, nil
}

Can this be made possible via the exposed functions?
@inputvalidation
Copy link

I'm also experiencing this issue, any chance this could be implemented? Or do you otherwise welcome a PR to introduce this?

@clncy
Copy link

clncy commented Oct 5, 2024

+1 I'm also interested in this feature

@inputvalidation
Copy link

I'm also experiencing this issue, any chance this could be implemented? Or do you otherwise welcome a PR to introduce this?

I would appreciate some feedback on this if you have a minute?

@lubux
Copy link
Contributor

lubux commented Nov 20, 2024

Hi 👋 The name field in the literal data packet is not included in signatures and ,thus, is malleable. GopenPGP follows RFC 9580's recommendation:

It SHOULD set the filename to the empty string (encoded as a single zero octet) and the timestamp to zero (encoded as four zero octets).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lubux @clncy @inputvalidation @WordsmithCreativity