Beispiel #1
0
func verifyFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	sig, err := util.ReadFile(cfg.Args[1])
	if err != nil {
		return err
	}

	if len(sig) > 10 {
		if bytes.Equal(sig[:10], []byte("-----BEGIN")) {
			p, _ := pem.Decode(sig)
			if p == nil {
				return errors.New("failed to decode PEM file")
			}

			switch p.Type {
			case public.SignatureType:
				sig = p.Bytes
			default:
				return errors.New("invalid message")
			}

		}
	}

	if ks.Verify(cfg.Label, message, sig) {
		fmt.Println("Signature: OK")
	} else {
		fmt.Println("Signature: INVALID")
	}
	return nil
}
Beispiel #2
0
func loadStore(path string, m secret.ScryptMode) *store.SecretStore {
	passphrase, err := util.PassPrompt("Secrets passphrase> ")
	if err != nil {
		util.Errorf("Failed to read passphrase: %v", err)
		return nil
	}

	var passwords *store.SecretStore
	if ok, _ := util.Exists(path); ok {
		defer util.Zero(passphrase)
		fileData, err := util.ReadFile(path)
		if err != nil {
			util.Errorf("%v", err)
			return nil
		}
		var ok bool
		passwords, ok = store.UnmarshalSecretStore(fileData, passphrase, m)
		if !ok {
			return nil
		}
		return passwords
	}
	util.Errorf("could not find %s", path)
	return nil
}
Beispiel #3
0
func merge(ps *store.SecretStore, cfg *config, m secret.ScryptMode) error {
	otherPath := cfg.Args[0]
	passphrase, err := util.PassPrompt("Passphrase for other store> ")
	if err != nil {
		return err
	}

	otherData, err := util.ReadFile(otherPath)
	if err != nil {
		return err
	}

	otherStore, ok := store.UnmarshalSecretStore(otherData, passphrase, m)
	if !ok {
		return errors.New("failed to open other password store")
	}

	mergeList := ps.Merge(otherStore)
	fmt.Printf("%+v\n", mergeList)
	if len(mergeList) > 0 {
		sort.Strings(mergeList)
		for _, label := range mergeList {
			fmt.Printf("Merged '%s'\n", label)
		}
	}
	return nil
}
Beispiel #4
0
func importVerified(ks *store.KeyStore, cfg *config) error {
	keyData, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	if cfg.Label == "self" {
		cfg.Label, err = util.ReadLine("Label: ")
		if err != nil {
			return err
		}
	}

	if !ks.ImportVerifiedKey(cfg.Label, keyData) {
		return errors.New("verified import failed")
	}

	vkey, err := store.ParseVerifiedKey(keyData)
	if err != nil {
		return err
	}

	label, ok := ks.FindPublic(vkey.Signer)
	if !ok {
		return errors.New("invalid signer on key")

	}

	fmt.Printf("Imported public key signed by '%s'.\n", label)
	return nil
}
Beispiel #5
0
func decryptSignedFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	if len(message) > 10 {
		if bytes.Equal(message[:10], []byte("-----BEGIN")) {
			p, _ := pem.Decode(message)
			if p == nil {
				return errors.New("failed to decode PEM file")
			}

			switch p.Type {
			case public.EncryptedType:
				message = p.Bytes
			default:
				return errors.New("invalid message")
			}

		}
	}

	out, ok := ks.DecryptAndVerify(cfg.Label, message)
	if !ok {
		return errors.New("decrypt failed")
	}

	err = util.WriteFile(out, cfg.Args[1])
	if err != nil {
		return err
	}
	return nil
}
Beispiel #6
0
func cryptSignFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		util.Errorf("%v", err)
		return err
	}

	out, ok := ks.EncryptAndSignTo(cfg.Label, message)
	if !ok {
		util.Errorf("Failed to encrypt message.")
		return errors.New("signcryption failed")
	}

	if cfg.Armour {
		block := pem.Block{
			Type:  public.SignedAndEncryptedType,
			Bytes: out,
		}
		out = pem.EncodeToMemory(&block)
	}

	err = util.WriteFile(out, cfg.Args[1])
	if err != nil {
		util.Errorf("%v", err)
		return nil
	}
	return nil
}
Beispiel #7
0
func encryptFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	out, ok := ks.EncryptTo(cfg.Label, message)
	if !ok {
		return errors.New("encryption failed")
	}

	if cfg.Armour {
		block := pem.Block{
			Type:  public.EncryptedType,
			Bytes: out,
		}
		out = pem.EncodeToMemory(&block)
	}

	err = util.WriteFile(out, cfg.Args[1])
	if err != nil {
		return err
	}
	return nil
}
Beispiel #8
0
func importUntrusted(ks *store.KeyStore, cfg *config) error {
	fmt.Println("*****************************************")
	fmt.Println("*** WARNING: IMPORTING UNTRUSTED KEYS ***")
	fmt.Println("*****************************************")

	keyData, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	vkey, err := store.ParseVerifiedKey(keyData)
	if err != nil {
		return err
	}

	if vkey.IsSelfSigned() {
		fmt.Println("Key is self-signed.")
	} else {
		fmt.Println("Unrecognised signature.")
	}

	h := sha256.New()
	h.Write(vkey.Public)
	fmt.Printf("Fingerprint: %x\n", h.Sum(nil))

	for {
		line, err := util.ReadLine("\nAre you sure you want to import this key? (yes or no) ")
		if err != nil {
			return nil
		}
		if line == "yes" {
			fmt.Println("As you wish.")
			break
		} else if line == "no" {
			return errors.New("canceled by user")
		} else {
			fmt.Println("Please enter either 'yes' or 'no'.")
		}
	}

	if cfg.Label == "self" {
		cfg.Label, err = util.ReadLine("Label: ")
		if err != nil {
			return err
		}
	}

	if !ks.AddKey(cfg.Label, vkey.Public, nil) {
		return errors.New("failed to add new key")
	}
	return nil
}
Beispiel #9
0
func exportStore(storePath, outPath string) error {
	fileData, err := util.ReadFile(storePath)
	if err != nil {
		return err
	}

	var block = pem.Block{
		Type:  pemType,
		Bytes: fileData,
	}
	out := pem.EncodeToMemory(&block)
	return util.WriteFile(out, outPath)
}
Beispiel #10
0
func decryptFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	var needVerify bool
	if len(message) > 10 {
		if bytes.Equal(message[:10], []byte("-----BEGIN")) {
			p, _ := pem.Decode(message)
			if p == nil {
				return errors.New("failed to decode PEM file")
			}

			switch p.Type {
			case public.EncryptedType:
				message = p.Bytes
			case public.SignedAndEncryptedType:
				needVerify = true
				message = p.Bytes
			default:
				return errors.New("invalid message")
			}

		}
	}

	var out []byte
	var ok bool

	if !needVerify {
		out, ok = ks.Decrypt(message)
		if !ok {
			return errors.New("decrypt failed")
		}
	} else {
		out, ok = ks.DecryptAndVerify(cfg.Label, message)
		if !ok {
			return errors.New("decrypt and verify failed")
		}
		fmt.Println("Valid signature.")
	}

	err = util.WriteFile(out, cfg.Args[1])
	if err != nil {
		return err
	}
	return nil
}
Beispiel #11
0
func importStore(storePath, inPath string) error {
	fileData, err := util.ReadFile(inPath)
	if err != nil {
		return err
	}

	p, _ := pem.Decode(fileData)
	if p == nil {
		return errors.New("invalid PEM data")
	} else if p.Type != pemType {
		return errors.New("invalid PEM type")
	}

	return util.WriteFile(p.Bytes, storePath)
}
Beispiel #12
0
func signFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	sig, ok := ks.Sign(message)
	if !ok {
		return errors.New("signing failed")
	}

	if cfg.Armour {
		block := pem.Block{
			Type:  public.SignatureType,
			Bytes: sig,
		}
		sig = pem.EncodeToMemory(&block)
	}

	return util.WriteFile(sig, cfg.Args[1])
}