gopenpgp: unarmor failed for pgp message: EOF

[jamesapc]

Hi, I have a issue when I encryption the message and send it into api then I receive the response in term of pgp message

then I need to decryption using : decrypt function I got error = gopenpgp: unarmor failed for pgp message: EOF

I have try to take the armored message to Decrypt tools on website with private key it work.

can anyone give me the suggestion for this issue.

my function in below:

priKey, err := crypto.NewKeyFromArmored(string(cert))
if err != nil {
response.ErrorMessage = fmt.Sprintf("Error parsing private key: %v", err)
response.IsSuccess = false
return response
}

 // Check if the key is locked
 isLocked, err := priKey.IsLocked()
 if err != nil {
		 response.ErrorMessage = fmt.Sprintf("Error checking key lock status: %v", err)
		 response.IsSuccess = false
		 return response
 }

 const passphrase = "P@ssw0rd"

 if isLocked {
unlockedKey, err := priKey.Unlock([]byte(passphrase))
if err != nil {
    response.ErrorMessage = fmt.Sprintf("Error unlocking private key: %v", err)
    response.IsSuccess = false
    return response
}
priKey = unlockedKey // Use the unlocked key for decryption
}

fmt.Println("Armored message for decryption: ", encryptedMessage)
pgpMessage, err := crypto.NewPGPMessageFromArmored(encryptedMessage)
if err != nil {
		response.ErrorMessage = fmt.Sprintf("Error parsing armored message: %v", err)
		response.IsSuccess = false
		return response
}

defer priKey.ClearPrivateParams()
decHandle, err := pgp.Decryption().DecryptionKey(priKey).DisableVerifyTimeCheck().New()
if err != nil {
	response.ErrorMessage = fmt.Sprintf("Error initializing decryption handle: %v", err)
	response.IsSuccess = false
	return response
}

decrypted, err := decHandle.Decrypt([]byte(pgpMessage.DataPacket), crypto.Armor)
if err != nil {
	response.ErrorMessage = fmt.Sprintf("Error for decrypt data: %v", err)
	response.IsSuccess = false
	return response
}

response.DecryptedMessage = decrypted.String()
response.IsSuccess = true
return response

[lubux]

Hi.
This part is not necessary:

fmt.Println("Armored message for decryption: ", encryptedMessage)
pgpMessage, err := crypto.NewPGPMessageFromArmored(encryptedMessage)
if err != nil {
...
}

Instead call:

decrypted, err := decHandle.Decrypt([]byte(encryptedMessage), crypto.Armor)

crypto.Armor indicates that the input is armored.

[jamesapc]

Thank you for your suggestion 🙇🏻‍♂️

Could you please review my function again, I tried to decrypt with private key and armored message that this repo provided in the crypto_example_test.go file

It work but when I try to use my private key and armored message that I received from encrypted step it throw error incorrect key. I try to decrypt in another tools like on website it work so confused

func (p *PGP) DecryptPGP(encryptedMessage string) PGPResponse {

	response := PGPResponse{}
	pgp := crypto.PGP()

priKey, err := crypto.NewKeyFromArmored(cert)
	if err != nil {
		response.ErrorMessage = fmt.Sprintf("Error parsing private key: %v", err)
		response.IsSuccess = false
		return response
	}
		
	 // Check if the key is locked
	 isLocked, err := priKey.IsLocked()
	 if err != nil {
			 response.ErrorMessage = fmt.Sprintf("Error checking key lock status: %v", err)
			 response.IsSuccess = false
			 return response
	 }

	 const passphrase = "P@ssw0rd"

	 if isLocked {
    unlockedKey, err := priKey.Unlock([]byte(passphrase))
    if err != nil {
        response.ErrorMessage = fmt.Sprintf("Error unlocking private key: %v", err)
        response.IsSuccess = false
        return response
    }
    priKey = unlockedKey // Use the unlocked key for decryption
	}

 	defer priKey.ClearPrivateParams()
	decHandle, err := pgp.Decryption().DecryptionKey(priKey).DisableVerifyTimeCheck().New()
	if err != nil {
		response.ErrorMessage = fmt.Sprintf("Error initializing decryption handle: %v", err)
		response.IsSuccess = false
		return response
	}

	decrypted, err := decHandle.Decrypt([]byte(encryptedMessage), crypto.Armor)
	if err != nil {
		response.ErrorMessage = fmt.Sprintf("Error for decrypt data: %v", err)
		response.IsSuccess = false
		return response
	}
	
	response.DecryptedMessage = decrypted.String()
	response.IsSuccess = true
	return response
}

Thank you 🙏🏻

[lubux]

You can try to add the InsecureAllowDecryptionWithSigningKeys() option when building the decryption handle. Might be the same cause as here: #313.

[jamesapc]

@lubux I have add the InsecureAllowDecryptionWithSigningKeys() option but it's not work for me can I share the public key and private key to you ?

I work on project k6 for performance test and it not allow for use external module they suggested about create the lib with Golang and register the function to JS module with xk6. for my progress only stuck decryption step. I think you can help my solve this one.

Thank you

[lubux]

I was able to decrypt the message with the key/message you sent me when enabling the InsecureAllowDecryptionWithSigningKeys() option. Message:testdata:

key, err := crypto.NewKeyFromArmored(yourKey)
if err != nil {}
pgp := crypto.PGP()
decryptor, err := pgp.Decryption().DecryptionKey(key).InsecureAllowDecryptionWithSigningKeys().New()
if err != nil {}
res, err := decryptor.Decrypt([]byte(yourMessgae), crypto.Armor)

[jamesapc]

Finally !! 🎉 it work. Thank you so much 🙇🏻‍♂️