// Run runs the command.
func (r *Read) Run(database store.FileStore, provider providers.Provider) error {
value, err := database.Get(*r.name)
if err != nil {
return err
}
algo := algorithms.New(value.Algorithm)
var decryptionKeyArray [32]byte
if algo.NeedsKey() {
keyCiphertext, err2 := value.GetKeyCiphertext()
if err2 != nil {
return err2
}
keyPlaintext, err2 := provider.Decrypt(keyCiphertext)
if err2 != nil {
return err2
}
copy(decryptionKeyArray[:], keyPlaintext)
}
decoded, err := value.GetCiphertext()
if err != nil {
return err
}
plaintext, err := algo.Decrypt(&decryptionKeyArray, decoded)
if err != nil {
return err
}
fmt.Printf("%s\n", plaintext)
return nil
}
// Run runs the command.
func (r *List) Run(database store.FileStore) error {
entries, err := database.GetAll()
if err != nil {
return err
}
for name := range entries {
fmt.Printf("%s\n", name)
}
return nil
}
// Run runs the command.
func (r *Get) Run(database store.FileStore) error {
value, err := database.Get(*r.name)
if err != nil {
return err
}
algo, err := algorithms.New(value.Algorithm)
if err != nil {
return err
}
var decryptionKeyArray [32]byte
if algo.NeedsKey() {
keyManager, err := keymanager.New(value.KeyManager)
if err != nil {
return err
}
keyCiphertext, err2 := value.GetKeyCiphertext()
if err2 != nil {
return err2
}
keyPlaintext, err2 := keyManager.Decrypt(keyCiphertext, *r.name)
if err2 != nil {
return err2
}
copy(decryptionKeyArray[:], keyPlaintext)
}
decoded, err := value.GetCiphertext()
if err != nil {
return err
}
plaintext, err := algo.Decrypt(&decryptionKeyArray, decoded)
if err != nil {
return err
}
if len(*r.writeTo) > 0 {
return ioutil.WriteFile(*r.writeTo, plaintext, 0644)
}
fmt.Printf("%s", plaintext)
if !bytes.HasSuffix(plaintext, []byte{'\n'}) {
fmt.Printf("\n")
}
return nil
}
func (w *Put) chooseKeyID(database store.FileStore) error {
if len(*w.keyID) != 0 {
return nil
}
existingKeys, err := database.GetKeyIds()
if err != nil && !os.IsNotExist(err) {
return err
}
if len(existingKeys) > 1 {
return errMultipleKeys
} else if len(existingKeys) == 0 {
return errNoKeySpecified
}
for keyID := range existingKeys {
fmt.Fprintf(os.Stderr, "Using existing key %s\n", keyID)
*w.keyID = keyID
break
}
return nil
}
// Run runs the command.
func (w *Put) Run(database store.FileStore) error {
var value store.Value
algo, err := algorithms.New(*w.algo)
if err != nil {
return err
}
value.Algorithm = algo.Label()
var envelopeKey keymanager.EnvelopeKey
if algo.NeedsKey() {
keyManager, err := keymanager.New(*w.keyManager)
if err != nil {
return err
}
value.KeyManager = keyManager.Label()
if err := w.chooseKeyID(database); err != nil {
return err
}
value.KeyID = *w.keyID
envelopeKey, err = keyManager.GenerateEnvelopeKey(*w.keyID, *w.name)
if err != nil {
return err
}
value.KeyCiphertext = base64.StdEncoding.EncodeToString(envelopeKey.Ciphertext)
}
plaintext, err := w.choosePlaintext()
if err != nil {
return err
}
ciphertext, err := algo.Encrypt(envelopeKey.GetPlaintext32(), plaintext)
if err != nil {
return err
}
value.Ciphertext = base64.StdEncoding.EncodeToString(ciphertext)
return database.Put(*w.name, value)
}
// Run runs the command.
func (w *Write) Run(database store.FileStore, provider providers.Provider) error {
if len(*w.keyID) == 0 {
existingKeys, err := database.GetKeyIds()
if err != nil && !os.IsNotExist(err) {
return err
}
if len(existingKeys) > 1 {
return errMultipleKeys
} else if len(existingKeys) == 0 {
return errNoKeySpecified
}
for keyID := range existingKeys {
fmt.Fprintf(os.Stderr, "Using existing key %s\n", keyID)
*w.keyID = keyID
break
}
}
envelopeKey, err := provider.GenerateEnvelopeKey(*w.keyID)
if err != nil {
return err
}
box := algorithms.New(*w.algo)
ciphertext, err := box.Encrypt(envelopeKey.GetPlaintext32(), []byte(*w.value))
if err != nil {
return err
}
encoded := base64.StdEncoding.EncodeToString(ciphertext)
value := store.Value{
Algorithm: box.Label(),
KeyID: *w.keyID,
KeyCiphertext: base64.StdEncoding.EncodeToString(envelopeKey.Ciphertext),
Ciphertext: encoded,
}
return database.Put(*w.name, value)
}