Fix format of email address for saltpack (keybase#22807)

* Fix format of email address for saltpack

* Improve SBSAssertion if it's an email assertion

* Double golangci-lint timeout

Jenkinsfile

@@ -516,7 +516,7 @@ def testGoBuilds(prefix, packagesToTest) {
       println("Running golangci-lint on new code")
       fetchChangeTarget()
       def BASE_COMMIT_HASH = getBaseCommitHash()
-      timeout(activity: true, time: 360, unit: 'SECONDS') {
+      timeout(activity: true, time: 720, unit: 'SECONDS') {
         sh "go list -f '{{.Dir}}' ./...  | fgrep -v kbfs | fgrep -v protocol | xargs realpath --relative-to=. | xargs golangci-lint run --new-from-rev ${BASE_COMMIT_HASH} --deadline 5m0s"
       }
     }

go/engine/saltpack_encrypt.go

@@ -133,6 +133,19 @@ func (e *SaltpackEncrypt) Run(m libkb.MetaContext) (err error) {
 
 	e.UsedSBS, e.SBSAssertion = kf.UsedUnresolvedSBSAssertion()
 
+	if e.UsedSBS {
+		actx := m.G().MakeAssertionContext(m)
+		expr, err := libkb.AssertionParse(actx, e.SBSAssertion)
+		if err == nil {
+			social, err := expr.ToSocialAssertion()
+			if err == nil && social.Service == "email" {
+				// email assertions are pretty ugly, so just return
+				// the "User" part for easier handling upstream.
+				e.SBSAssertion = social.User
+			}
+		}
+	}
+
 	// This flag determines whether saltpack is used in signcryption (false)
 	// vs encryption (true) format.
 	encryptionOnlyMode := false

shared/actions/crypto.tsx

@@ -34,6 +34,10 @@ const onSetRecipients = (state: TypedState, _: TeamBuildingGen.FinishedTeamBuild
   const usernames = users.map(user => {
     // If we're encrypting to service account that is not proven on keybase set
     // (SBS) then we *must* encrypt to ourselves
+    if (user.serviceId == 'email') {
+      hasSBS = true
+      return `[${user.username}]@email`
+    }
     if (user.serviceId !== 'keybase') {
       hasSBS = true
       return `${user.username}@${user.serviceId}`