Checking passphrase correctness

Question

Checking passphrase correctness

arieroos opened this issue 3 years ago · 2 comments

Hi all

I need some help.

I'm working on a product where we store the private key, and the user keeps the passphrase to the said key. To encrypt/decrypt some data, the user then provides the passphrase. I need to check whether the passphrase the user provided is correct. Currently I do it like this:

key, err = key.Unlock([]byte(input.Passphrase))
if err != nil {
	if strings.Contains(err.Error(), "private key checksum failure") {
		log.Infof("Passphrase probably invalid, PGP Error: %s", err.Error())
		return "", &WrongPassphraseError{}
	}
	return "", errors.Wrap(err, "could not unlock key")
}

Is this the correct way of doing it? Is there some better way? Is there another case in which I can get a checksum failure (maybe if a private key got corrupted during storage)?

Answer 1 · 2022-08-19T08:27:54.000Z

Hi @arieroos, sorry for not seeing this before. All recent v4 keys use a sha-1 checksum inside the private key, therefore it's almost certain that this error is triggered by a bad passphrase.

My recommendation is on any error from key.Unlock() you can return an error like wrong passphrase or invalid key, since the errors are private key parsing issues.

Answer 2 · 2023-05-10T10:06:08.000Z

Hi @wussler

Sorry for taking so long to reply. Thanks for the response.