mirror of
https://github.com/gchq/CyberChef.git
synced 2025-05-07 15:07:11 -04:00
Add 2 PGP ops for signing/verifying detached sigs
This commit is contained in:
toby
parent
3bdad1d3d0
commit
d279d16ce0
2 changed files with 170 additions and 0 deletions
|
|
@ -3230,6 +3230,47 @@ var OperationConfig = {
|
|||
}
|
||||
]
|
||||
},
|
||||
"Sign PGP Detached": {
|
||||
description: "",
|
||||
run: PGP.runSignDetached,
|
||||
inputType: "string",
|
||||
outputType: "HTML",
|
||||
args: [
|
||||
{
|
||||
name: "Private key",
|
||||
type: "text",
|
||||
value: "",
|
||||
},
|
||||
{
|
||||
name: "Private key password",
|
||||
type: "string",
|
||||
value: "",
|
||||
},
|
||||
]
|
||||
},
|
||||
"Verify PGP Detached": {
|
||||
description: "",
|
||||
run: PGP.runVerifyDetached,
|
||||
inputType: "string",
|
||||
outputType: "string",
|
||||
args: [
|
||||
{
|
||||
name: "Public key",
|
||||
type: "text",
|
||||
value: "",
|
||||
},
|
||||
{
|
||||
name: "ASCII armored signature",
|
||||
type: "text",
|
||||
value: "",
|
||||
},
|
||||
{
|
||||
name: "Display message in output",
|
||||
type: "boolean",
|
||||
value: true,
|
||||
}
|
||||
]
|
||||
},
|
||||
"Sign PGP Cleartext": {
|
||||
description: "Input: An ASCII-Armored PGP private key (and optionally, the password needed to decrypt the private key).<br><br>This operation uses PGP to produce a digital signature.<br><br>Pretty Good Privacy is an encryption standard (OpenPGP) used for encrypting, decrypting, and signing messages.<br><br>This function relies on OpenPGP.js for the implementation of PGP.<br><br>See more at https://openpgpjs.org/",
|
||||
run: PGP.runSignCleartext,
|
||||
|
|
|
|||
|
|
@ -240,6 +240,135 @@ var PGP = {
|
|||
},
|
||||
|
||||
|
||||
/**
|
||||
* Signs the input using PGP and outputs the plaintext, the raw PGP signature, and the ASCII armored signature files.
|
||||
*
|
||||
* @param {string} input - data to be signed
|
||||
* @param {Object[]} args
|
||||
* @returns {HTML}
|
||||
*/
|
||||
runSignDetached: function (input, args) {
|
||||
var privateKey = args[0],
|
||||
password = args[1];
|
||||
|
||||
return new Promise(function(resolve, reject) {
|
||||
try {
|
||||
var privateKeys = openpgp.key.readArmored(privateKey).keys;
|
||||
} catch (err) {
|
||||
return reject("Could not read private key: " + err);
|
||||
}
|
||||
|
||||
if (password) {
|
||||
privateKeys[0].decrypt(password);
|
||||
}
|
||||
if (privateKeys[0].primaryKey.encrypted !== null) {
|
||||
return reject("Could not decrypt private key.");
|
||||
}
|
||||
|
||||
var bytes = openpgp.util.str2Uint8Array(input);
|
||||
var message = openpgp.message.fromBinary(bytes);
|
||||
|
||||
var signedMessage = message.sign(privateKeys);
|
||||
var signature = signedMessage.packets.filterByTag(openpgp.enums.packet.signature);
|
||||
var rawSignatureBytes = signature.write();
|
||||
|
||||
var armoredMessage = openpgp.armor.encode(
|
||||
openpgp.enums.armor.message,
|
||||
rawSignatureBytes
|
||||
);
|
||||
armoredMessage = armoredMessage.replace(
|
||||
"-----BEGIN PGP MESSAGE-----\r\n",
|
||||
"-----BEGIN PGP SIGNATURE-----\r\n"
|
||||
);
|
||||
armoredMessage = armoredMessage.replace(
|
||||
"-----END PGP MESSAGE-----\r\n",
|
||||
"-----END PGP SIGNATURE-----\r\n"
|
||||
);
|
||||
|
||||
var files = [{
|
||||
fileName: "msg",
|
||||
size: input.length,
|
||||
contents: input,
|
||||
bytes: bytes,
|
||||
}, {
|
||||
fileName: "msg.asc",
|
||||
size: armoredMessage.length,
|
||||
contents: armoredMessage,
|
||||
bytes: openpgp.util.str2Uint8Array(armoredMessage),
|
||||
}, {
|
||||
fileName: "msg.sig",
|
||||
size: rawSignatureBytes.length,
|
||||
contents: "Binary file",
|
||||
bytes: rawSignatureBytes,
|
||||
}];
|
||||
|
||||
resolve(Utils.displayFilesAsHTML(files));
|
||||
});
|
||||
},
|
||||
|
||||
|
||||
/**
|
||||
* Verifies the signature and input using PGP.
|
||||
*
|
||||
* @param {string} input - signed input to verify
|
||||
* @param {Object[]} args
|
||||
* @returns {string} - "true" or "false" depending on the validity of the signature
|
||||
*/
|
||||
runVerifyDetached: function (input, args) {
|
||||
var publicKey = args[0],
|
||||
armoredSignature = args[1],
|
||||
displayDecrypt = args[2];
|
||||
|
||||
return new Promise(function(resolve, reject) {
|
||||
try {
|
||||
var publicKeys = openpgp.key.readArmored(publicKey).keys;
|
||||
} catch (err) {
|
||||
return reject("Could not read public key: " + err);
|
||||
}
|
||||
|
||||
try {
|
||||
var message = openpgp.message.readSignedContent(
|
||||
input,
|
||||
armoredSignature
|
||||
);
|
||||
} catch (err) {
|
||||
return reject("Could not read armored signature or message: " + err);
|
||||
}
|
||||
|
||||
|
||||
var verification = {
|
||||
verified: false,
|
||||
author: publicKeys[0].users[0].userId.userid,
|
||||
date: "",
|
||||
keyID: "",
|
||||
message: "",
|
||||
};
|
||||
|
||||
Promise.resolve(message.verify(publicKeys))
|
||||
.then(function(signatures) {
|
||||
if (signatures && signatures.length) {
|
||||
verification.verified = !!signatures[0].valid;
|
||||
verification.keyID = signatures[0].keyid.toHex();
|
||||
}
|
||||
|
||||
resolve([
|
||||
"Verified: " + verification.verified,
|
||||
"Key ID: " + verification.keyID,
|
||||
"Signed on: " + verification.date,
|
||||
"Signed by: " + verification.author,
|
||||
"Signed with: ",
|
||||
"\n",
|
||||
displayDecrypt && verification.verified ? input : "",
|
||||
].join("\n"));
|
||||
|
||||
})
|
||||
.catch(function(err) {
|
||||
reject("Could not verify message: " + err);
|
||||
});
|
||||
});
|
||||
},
|
||||
|
||||
|
||||
/**
|
||||
* Clearsigns the input using PGP.
|
||||
*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue