| 147 | } |
| 148 | |
| 149 | func (k *Key) loadPrivate(repo repository.RepoKeyring) error { |
| 150 | item, err := repo.Keyring().Get(k.public.KeyIdString()) |
| 151 | if err == repository.ErrKeyringKeyNotFound { |
| 152 | return errNoPrivateKey |
| 153 | } |
| 154 | if err != nil { |
| 155 | return err |
| 156 | } |
| 157 | |
| 158 | block, err := armor.Decode(bytes.NewReader(item.Data)) |
| 159 | if err == io.EOF { |
| 160 | return fmt.Errorf("no armored data found") |
| 161 | } |
| 162 | if err != nil { |
| 163 | return err |
| 164 | } |
| 165 | |
| 166 | if block.Type != openpgp.PrivateKeyType { |
| 167 | return fmt.Errorf("invalid key type") |
| 168 | } |
| 169 | |
| 170 | p, err := packet.Read(block.Body) |
| 171 | if err != nil { |
| 172 | return errors.Wrap(err, "failed to read private key packet") |
| 173 | } |
| 174 | |
| 175 | private, ok := p.(*packet.PrivateKey) |
| 176 | if !ok { |
| 177 | return errors.New("got no packet.privateKey") |
| 178 | } |
| 179 | |
| 180 | // The armored format doesn't include the creation time, which makes the round-trip data not being fully equal. |
| 181 | // We don't care about the creation time so we can set it to the zero value. |
| 182 | private.CreationTime = time.Time{} |
| 183 | |
| 184 | k.private = private |
| 185 | return nil |
| 186 | } |
| 187 | |
| 188 | // ensurePrivateKey attempt to load the corresponding private key if it is not loaded already. |
| 189 | // If no private key is found, returns errNoPrivateKey |