func verifyFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
sig, err := util.ReadFile(cfg.Args[1])
if err != nil {
return err
}
if len(sig) > 10 {
if bytes.Equal(sig[:10], []byte("-----BEGIN")) {
p, _ := pem.Decode(sig)
if p == nil {
return errors.New("failed to decode PEM file")
}
switch p.Type {
case public.SignatureType:
sig = p.Bytes
default:
return errors.New("invalid message")
}
}
}
if ks.Verify(cfg.Label, message, sig) {
fmt.Println("Signature: OK")
} else {
fmt.Println("Signature: INVALID")
}
return nil
}
func loadStore(path string, m secret.ScryptMode) *store.SecretStore {
passphrase, err := util.PassPrompt("Secrets passphrase> ")
if err != nil {
util.Errorf("Failed to read passphrase: %v", err)
return nil
}
var passwords *store.SecretStore
if ok, _ := util.Exists(path); ok {
defer util.Zero(passphrase)
fileData, err := util.ReadFile(path)
if err != nil {
util.Errorf("%v", err)
return nil
}
var ok bool
passwords, ok = store.UnmarshalSecretStore(fileData, passphrase, m)
if !ok {
return nil
}
return passwords
}
util.Errorf("could not find %s", path)
return nil
}
func merge(ps *store.SecretStore, cfg *config, m secret.ScryptMode) error {
otherPath := cfg.Args[0]
passphrase, err := util.PassPrompt("Passphrase for other store> ")
if err != nil {
return err
}
otherData, err := util.ReadFile(otherPath)
if err != nil {
return err
}
otherStore, ok := store.UnmarshalSecretStore(otherData, passphrase, m)
if !ok {
return errors.New("failed to open other password store")
}
mergeList := ps.Merge(otherStore)
fmt.Printf("%+v\n", mergeList)
if len(mergeList) > 0 {
sort.Strings(mergeList)
for _, label := range mergeList {
fmt.Printf("Merged '%s'\n", label)
}
}
return nil
}
func importVerified(ks *store.KeyStore, cfg *config) error {
keyData, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
if cfg.Label == "self" {
cfg.Label, err = util.ReadLine("Label: ")
if err != nil {
return err
}
}
if !ks.ImportVerifiedKey(cfg.Label, keyData) {
return errors.New("verified import failed")
}
vkey, err := store.ParseVerifiedKey(keyData)
if err != nil {
return err
}
label, ok := ks.FindPublic(vkey.Signer)
if !ok {
return errors.New("invalid signer on key")
}
fmt.Printf("Imported public key signed by '%s'.\n", label)
return nil
}
func decryptSignedFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
if len(message) > 10 {
if bytes.Equal(message[:10], []byte("-----BEGIN")) {
p, _ := pem.Decode(message)
if p == nil {
return errors.New("failed to decode PEM file")
}
switch p.Type {
case public.EncryptedType:
message = p.Bytes
default:
return errors.New("invalid message")
}
}
}
out, ok := ks.DecryptAndVerify(cfg.Label, message)
if !ok {
return errors.New("decrypt failed")
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
return err
}
return nil
}
func cryptSignFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
util.Errorf("%v", err)
return err
}
out, ok := ks.EncryptAndSignTo(cfg.Label, message)
if !ok {
util.Errorf("Failed to encrypt message.")
return errors.New("signcryption failed")
}
if cfg.Armour {
block := pem.Block{
Type: public.SignedAndEncryptedType,
Bytes: out,
}
out = pem.EncodeToMemory(&block)
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
util.Errorf("%v", err)
return nil
}
return nil
}
func encryptFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
out, ok := ks.EncryptTo(cfg.Label, message)
if !ok {
return errors.New("encryption failed")
}
if cfg.Armour {
block := pem.Block{
Type: public.EncryptedType,
Bytes: out,
}
out = pem.EncodeToMemory(&block)
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
return err
}
return nil
}
func importUntrusted(ks *store.KeyStore, cfg *config) error {
fmt.Println("*****************************************")
fmt.Println("*** WARNING: IMPORTING UNTRUSTED KEYS ***")
fmt.Println("*****************************************")
keyData, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
vkey, err := store.ParseVerifiedKey(keyData)
if err != nil {
return err
}
if vkey.IsSelfSigned() {
fmt.Println("Key is self-signed.")
} else {
fmt.Println("Unrecognised signature.")
}
h := sha256.New()
h.Write(vkey.Public)
fmt.Printf("Fingerprint: %x\n", h.Sum(nil))
for {
line, err := util.ReadLine("\nAre you sure you want to import this key? (yes or no) ")
if err != nil {
return nil
}
if line == "yes" {
fmt.Println("As you wish.")
break
} else if line == "no" {
return errors.New("canceled by user")
} else {
fmt.Println("Please enter either 'yes' or 'no'.")
}
}
if cfg.Label == "self" {
cfg.Label, err = util.ReadLine("Label: ")
if err != nil {
return err
}
}
if !ks.AddKey(cfg.Label, vkey.Public, nil) {
return errors.New("failed to add new key")
}
return nil
}
func exportStore(storePath, outPath string) error {
fileData, err := util.ReadFile(storePath)
if err != nil {
return err
}
var block = pem.Block{
Type: pemType,
Bytes: fileData,
}
out := pem.EncodeToMemory(&block)
return util.WriteFile(out, outPath)
}
func decryptFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
var needVerify bool
if len(message) > 10 {
if bytes.Equal(message[:10], []byte("-----BEGIN")) {
p, _ := pem.Decode(message)
if p == nil {
return errors.New("failed to decode PEM file")
}
switch p.Type {
case public.EncryptedType:
message = p.Bytes
case public.SignedAndEncryptedType:
needVerify = true
message = p.Bytes
default:
return errors.New("invalid message")
}
}
}
var out []byte
var ok bool
if !needVerify {
out, ok = ks.Decrypt(message)
if !ok {
return errors.New("decrypt failed")
}
} else {
out, ok = ks.DecryptAndVerify(cfg.Label, message)
if !ok {
return errors.New("decrypt and verify failed")
}
fmt.Println("Valid signature.")
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
return err
}
return nil
}
func importStore(storePath, inPath string) error {
fileData, err := util.ReadFile(inPath)
if err != nil {
return err
}
p, _ := pem.Decode(fileData)
if p == nil {
return errors.New("invalid PEM data")
} else if p.Type != pemType {
return errors.New("invalid PEM type")
}
return util.WriteFile(p.Bytes, storePath)
}
func signFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
sig, ok := ks.Sign(message)
if !ok {
return errors.New("signing failed")
}
if cfg.Armour {
block := pem.Block{
Type: public.SignatureType,
Bytes: sig,
}
sig = pem.EncodeToMemory(&block)
}
return util.WriteFile(sig, cfg.Args[1])
}