add reciever id to signature
This commit is contained in:
parent
69559f41ca
commit
1ca4ecd476
SSH key fingerprint:
SHA256:rOmjD81ZIhKdCkFWS9UIKdBi4UByF5x3hRH/0YeXsPI
1 changed files with 4 additions and 5 deletions
|
|
@ -201,9 +201,8 @@ func (k *KeyStore) GetClientTLSConfig() *tls.Config {
|
||||||
return tlsConfig
|
return tlsConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content []byte) ([]byte, error) {
|
func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, recieverId string, reciever, content []byte) ([]byte, error) {
|
||||||
// Digital envolope
|
// Digital envolope
|
||||||
|
|
||||||
// Create a random symmetric key
|
// Create a random symmetric key
|
||||||
dataKey := make([]byte, 32)
|
dataKey := make([]byte, 32)
|
||||||
if _, err := rand.Read(dataKey); err != nil {
|
if _, err := rand.Read(dataKey); err != nil {
|
||||||
|
|
@ -221,7 +220,7 @@ func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content
|
||||||
}
|
}
|
||||||
|
|
||||||
// sign the message and append the signature
|
// sign the message and append the signature
|
||||||
hashedContent := sha256.Sum256(content)
|
hashedContent := sha256.Sum256(append(content, []byte(recieverId)...))
|
||||||
signature, err := rsa.SignPKCS1v15(nil, k.privKey, crypto.SHA256, hashedContent[:])
|
signature, err := rsa.SignPKCS1v15(nil, k.privKey, crypto.SHA256, hashedContent[:])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
@ -237,7 +236,7 @@ func (k KeyStore) EncryptMessageContent(receiverCert *x509.Certificate, content
|
||||||
return pair(encryptedDataKey, ciphertext), nil
|
return pair(encryptedDataKey, ciphertext), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k KeyStore) DecryptMessageContent(senderCert *x509.Certificate, cipherContent []byte) ([]byte, error) {
|
func (k KeyStore) DecryptMessageContent(senderCert *x509.Certificate, recieverId string, cipherContent []byte) ([]byte, error) {
|
||||||
encryptedDataKey, encryptedMsg := unPair(cipherContent)
|
encryptedDataKey, encryptedMsg := unPair(cipherContent)
|
||||||
dataKey, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, k.GetPrivKey(), encryptedDataKey, nil)
|
dataKey, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, k.GetPrivKey(), encryptedDataKey, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -256,7 +255,7 @@ func (k KeyStore) DecryptMessageContent(senderCert *x509.Certificate, cipherCont
|
||||||
}
|
}
|
||||||
// check signature with sender public key
|
// check signature with sender public key
|
||||||
signature, content := unPair(contentAndSig)
|
signature, content := unPair(contentAndSig)
|
||||||
hashedContent := sha256.Sum256(content)
|
hashedContent := sha256.Sum256(append(content, []byte(recieverId)...))
|
||||||
senderKey := senderCert.PublicKey.(*rsa.PublicKey)
|
senderKey := senderCert.PublicKey.(*rsa.PublicKey)
|
||||||
if err := rsa.VerifyPKCS1v15(senderKey, crypto.SHA256, hashedContent[:], signature); err != nil {
|
if err := rsa.VerifyPKCS1v15(senderKey, crypto.SHA256, hashedContent[:], signature); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue