1 // Package key implements epoint key pair generation and handling.
3 // An epoint key is an OpenPGP signing key that contains a self-signed
4 // user id packet which matches
5 // "Issuer (<denomination>)"
7 // "Holder of <issuer fpr> (<denomination>)"
9 // The OpenPGP DSA key material is generated from a random seed using
10 // a deterministic algorithm. (The self-signature is not deterministic
11 // but the key material and thus the fingerprint is.)
12 // This makes it possible to represent an obligation issuer or holder key
13 // pair with a few bits of secret random seed.
14 // (The user id only needs to be set up correctly when the key is uploaded
15 // to the epoint server, it is not required for signing draft documents.)
22 "crypto/openpgp/packet"
30 // TODO: keep denomination only in issuer key?
33 const P = "A4D2B9575C25F0E622B8694387128A793E1AD27D12FFF4B5BA11A37CEFD31C935BCBB0A944581A6E6DA12986FCBA9D666607D71D365C286B9BCB57F6D938BE74982B7D770CE438F03B0A20ABA02E5691458C39D96E6E86AE564176ED1A6DFBAFB6EE7674CC5EDCF9FEB6158471FB3FAB53BA1CE1BA64C5626B9E8585FCEF5D31"
34 const Q = "FFFFFFFFFFFFFFFFFFFF254EAF9E7916D607AAAF"
35 const G = "7EA5C898777BE4BB29DCDC47289E718F7274C9CD7E570D3D552F3B3EE43C3DEF7BA68E57786926520CCAC71DBA13F37C4064395D5AF3334A04ABD8CED5E7FF476C661953936E8ADDE96A39D8C4AC1080A2BE3FE863A24B08BD43827E54AFADA72433704EA3C12E50E5BD08C130C68A1402FC20DA79CFE0DE931C414348D32B10"
37 func PrivKey(r []byte) *dsa.PrivateKey {
38 priv := new(dsa.PrivateKey)
39 priv.Parameters.P, _ = new(big.Int).SetString(P, 16)
40 priv.Parameters.Q, _ = new(big.Int).SetString(Q, 16)
41 priv.Parameters.G, _ = new(big.Int).SetString(G, 16)
49 if x.Sign() == 1 && x.Cmp(priv.Q) < 0 {
56 priv.Y.Exp(priv.G, x, priv.P)
60 func GenKey() (priv *dsa.PrivateKey, err error) {
61 x := make([]byte, len(Q)/2)
62 _, err = io.ReadFull(rand.Reader, x)
67 // NewEntity returns an Entity that contains a fresh DSA private key with a
68 // single identity composed of the given full name, comment and email, any of
69 // which may be empty but must not contain any of "()<>\x00".
70 func NewEntity(priv *dsa.PrivateKey, currentTimeSecs int64, name, comment, email string) (e *openpgp.Entity, err error) {
71 uid := packet.NewUserId(name, comment, email)
73 return nil, fmt.Errorf("NewEntity: invalid argument: user id field contained invalid characters")
75 t := uint32(currentTimeSecs)
77 PrimaryKey: packet.NewDSAPublicKey(t, &priv.PublicKey, false /* not a subkey */ ),
78 PrivateKey: packet.NewDSAPrivateKey(t, priv, false /* not a subkey */ ),
79 Identities: make(map[string]*openpgp.Identity),
82 e.Identities[uid.Id] = &openpgp.Identity{
85 SelfSignature: &packet.Signature{
87 SigType: packet.SigTypePositiveCert,
88 PubKeyAlgo: packet.PubKeyAlgoDSA,
90 IsPrimaryId: &isPrimaryId,
94 IssuerKeyId: &e.PrimaryKey.KeyId,
98 e.Subkeys = make([]Subkey, 1)
99 e.Subkeys[0] = Subkey{
100 PublicKey: packet.NewRSAPublicKey(t, &encryptingPriv.PublicKey, true),
101 PrivateKey: packet.NewRSAPrivateKey(t, encryptingPriv, true),
102 Sig: &packet.Signature{
104 SigType: packet.SigTypeSubkeyBinding,
105 PubKeyAlgo: packet.PubKeyAlgoRSA,
108 FlagEncryptStorage: true,
109 FlagEncryptCommunications: true,
110 IssuerKeyId: &e.PrimaryKey.KeyId,
117 // simple key generation for obligation issuer clients
118 func NewIssuerEntity(r []byte, denomination string) (e *openpgp.Entity, err error) {
119 return NewEntity(PrivKey(r), 0, "Issuer", denomination, "")
121 // simple key generation for obligation holder clients
122 func NewHolderEntity(r []byte, issuer, denomination string) (e *openpgp.Entity, err error) {
123 return NewEntity(PrivKey(r), 0, "Holder of "+issuer, denomination, "")
126 // check the issuer and denomination associated with the given pgp key
127 func CheckEntity(e *openpgp.Entity) (isIssuer bool, issuer, denomination string, err error) {
128 // TODO: allow non-epoint uids
129 if len(e.Identities) != 1 {
130 err = fmt.Errorf("CheckEntity: expected one identity")
133 for _, i := range e.Identities {
134 denomination = i.UserId.Comment
135 if i.UserId.Name == "Issuer" {
137 issuer = fmt.Sprintf("%X", e.PrimaryKey.Fingerprint)
140 prefix := "Holder of "
141 if i.UserId.Name[:len(prefix)] == prefix {
142 issuer = i.UserId.Name[len(prefix):]
147 err = fmt.Errorf("CheckENtity: invalid userid")