1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/* This example demonstrates how to use the low-level interface to
create a signed message. */
#define _GNU_SOURCE
/* Roughly glibc compatible error reporting. */
#define error(S, E, F, ...) do { \
fprintf (stderr, (F), __VA_ARGS__); \
int s = (S), e = (E); \
if (e) { fprintf (stderr, ": %s", strerror (e)); } \
fprintf (stderr, "\n"); \
fflush (stderr); \
if (s) { exit (s); } \
} while (0)
#include <assert.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sequoia/openpgp.h>
int
main (int argc, char **argv)
{
pgp_error_t err;
pgp_cert_t cert;
pgp_writer_t sink;
pgp_writer_t armor_writer;
pgp_writer_stack_t writer = NULL;
pgp_policy_t policy = pgp_standard_policy ();
if (argc != 2)
error (1, 0, "Usage: %s <keyfile> <plain >cipher", argv[0]);
cert = pgp_cert_from_file (&err, argv[1]);
if (cert == NULL)
error (1, 0, "pgp_cert_from_file: %s", pgp_error_to_string (err));
/* Iterate over the cert and get the signing key. */
pgp_signer_t signer;
{
pgp_cert_valid_key_iter_t iter;
pgp_valid_key_amalgamation_t ka;
pgp_key_t key;
pgp_key_pair_t signing_keypair;
iter = pgp_cert_valid_key_iter (cert, policy, 0);
pgp_cert_valid_key_iter_alive (iter);
pgp_cert_valid_key_iter_revoked (iter, false);
pgp_cert_valid_key_iter_for_signing (iter);
pgp_cert_valid_key_iter_unencrypted_secret (iter);
ka = pgp_cert_valid_key_iter_next(iter, NULL, NULL);
if (ka == NULL)
error (1, 0, "%s has no signing-capable (sub)key", argv[1]);
key = pgp_valid_key_amalgamation_key (ka);
assert (pgp_key_has_unencrypted_secret (key));
signing_keypair =
pgp_key_into_key_pair (NULL, pgp_key_clone (key));
assert (signing_keypair);
signer = pgp_key_pair_as_signer (/* consumes */ signing_keypair);
pgp_key_free (key);
pgp_valid_key_amalgamation_free (ka);
pgp_cert_valid_key_iter_free (iter);
}
sink = pgp_writer_from_fd (STDOUT_FILENO);
armor_writer = pgp_armor_writer_new (&err, sink, PGP_ARMOR_KIND_MESSAGE,
NULL, 0);
writer = pgp_writer_stack_message (armor_writer);
writer = pgp_signer_new (&err, writer, /* consumes */ &signer, 1, 0);
if (writer == NULL)
error (1, 0, "pgp_signer_new: %s", pgp_error_to_string (err));
writer = pgp_literal_writer_new (&err, writer);
if (writer == NULL)
error (1, 0, "pgp_literal_writer_new: %s", pgp_error_to_string (err));
size_t nread;
uint8_t buf[4096];
while ((nread = fread (buf, 1, sizeof buf, stdin)))
{
uint8_t *b = buf;
while (nread)
{
ssize_t written;
written = pgp_writer_stack_write (&err, writer, b, nread);
if (written < 0)
error (1, 0, "pgp_writer_stack_write: %s", pgp_error_to_string (err));
b += written;
nread -= written;
}
}
if (pgp_writer_stack_finalize (&err, writer))
error (1, 0, "pgp_writer_stack_write: %s", pgp_error_to_string (err));
if (pgp_armor_writer_finalize (&err, armor_writer))
error (1, 0, "pgp_armor_writer_finalize: %s", pgp_error_to_string (err));
pgp_writer_free (sink);
pgp_cert_free (cert);
pgp_policy_free (policy);
return 0;
}
|
