Launcher, app/base, sentry, update service

2025-12-15 14:56:42 +00:00 · 2020-11-23 11:56:57 +01:00
parent 6fffb460b8
commit dc3f61acee
164 changed files with 5368 additions and 4039 deletions
--- a/pkg/signature/signature.go
+++ b/pkg/signature/signature.go
@ -0,0 +1,43 @@
+// Copyright (c) 2021 Proton Technologies AG
+//
+// This file is part of ProtonMail Bridge.
+//
+// ProtonMail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// ProtonMail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with ProtonMail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+// Package signature implements functions to verify files by their detached signatures.
+package signature
+
+import (
+	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/pkg/errors"
+)
+
+// Verify verifies the given file by its signature using the given armored public key.
+func Verify(fileBytes, sigBytes []byte, pubKey string) error {
+	key, err := crypto.NewKeyFromArmored(pubKey)
+	if err != nil {
+		return errors.Wrap(err, "failed to load key")
+	}
+
+	kr, err := crypto.NewKeyRing(key)
+	if err != nil {
+		return errors.Wrap(err, "failed to create keyring")
+	}
+
+	return kr.VerifyDetached(
+		crypto.NewPlainMessage(fileBytes),
+		crypto.NewPGPSignature(sigBytes),
+		crypto.GetUnixTime(),
+	)
+}