Ejemplo n.º 1
0
Archivo: ejson.go Proyecto: 40a/ejson
// Encrypt reads all contents from 'in', extracts the pubkey
// and performs the requested encryption operation, writing
// the resulting data to 'out'.
// Returns the number of bytes written and any error that might have
// occurred.
func Encrypt(in io.Reader, out io.Writer) (int, error) {
	data, err := ioutil.ReadAll(in)
	if err != nil {
		return -1, err
	}

	var myKP crypto.Keypair
	if err = myKP.Generate(); err != nil {
		return -1, err
	}

	pubkey, err := json.ExtractPublicKey(data)
	if err != nil {
		return -1, err
	}

	encrypter := myKP.Encrypter(pubkey)
	walker := json.Walker{
		Action: encrypter.Encrypt,
	}

	newdata, err := walker.Walk(data)
	if err != nil {
		return -1, err
	}

	return out.Write(newdata)
}
Ejemplo n.º 2
0
Archivo: ejson.go Proyecto: 40a/ejson
// Decrypt reads an ejson stream from 'in' and writes the decrypted data to 'out'.
// The private key is expected to be under 'keydir'.
// Returns error upon failure, or nil on success.
func Decrypt(in io.Reader, out io.Writer, keydir string) error {
	data, err := ioutil.ReadAll(in)
	if err != nil {
		return err
	}

	pubkey, err := json.ExtractPublicKey(data)
	if err != nil {
		return err
	}

	privkey, err := findPrivateKey(pubkey, keydir)
	if err != nil {
		return err
	}

	myKP := crypto.Keypair{
		Public:  pubkey,
		Private: privkey,
	}

	decrypter := myKP.Decrypter()
	walker := json.Walker{
		Action: decrypter.Decrypt,
	}

	newdata, err := walker.Walk(data)
	if err != nil {
		return err
	}

	_, err = out.Write(newdata)

	return err
}
Ejemplo n.º 3
0
// DecryptFile takes a path to an encrypted EJSON file and decrypts it to
// STDOUT. If any keys in the file are encryptable but currently-unencrypted,
// ejson will print an error and exit non-zero, as this condition probably
// indicates that a plaintext secret was committed to source control, and
// requires manual intervention to rotate.
//
// The public key used to encrypt the values is embedded in the referenced
// document, and the matching private key is searched for in keydir. There must
// exist a file in keydir whose name is the public key from the EJSON document,
// and whose contents are the corresponding private key. See README.md for more
// details on this.
func DecryptFile(filePath, keydir string) (string, error) {
	data, err := readFile(filePath)
	if err != nil {
		return "", err
	}

	pubkey, err := json.ExtractPublicKey(data)
	if err != nil {
		return "", err
	}

	privkey, err := findPrivateKey(pubkey, keydir)
	if err != nil {
		return "", err
	}

	myKP := crypto.Keypair{
		Public:  pubkey,
		Private: privkey,
	}

	decrypter := myKP.Decrypter()
	walker := json.Walker{
		Action: decrypter.Decrypt,
	}

	newdata, err := walker.Walk(data)
	if err != nil {
		return "", err
	}

	return string(newdata), nil
}
Ejemplo n.º 4
0
func (c *ctx) decrypt(value string) (string, error) {
	kp := crypto.Keypair{
		Public:  c.publicKeyBytes,
		Private: c.privateKeyBytes,
	}

	decrypter := kp.Decrypter()

	v, err := decrypter.Decrypt([]byte(value))
	if err != nil {
		return "", err
	}

	return string(v), nil
}
Ejemplo n.º 5
0
func (c *ctx) encrypt(value string) (string, error) {
	var kp crypto.Keypair

	if err := kp.Generate(); err != nil {
		return "", err
	}

	encrypter := kp.Encrypter(c.publicKeyBytes)

	v, err := encrypter.Encrypt([]byte(value))
	if err != nil {
		return "", err
	}

	return string(v), nil
}
Ejemplo n.º 6
0
Archivo: ejson.go Proyecto: 40a/ejson
// GenerateKeypair is used to create a new ejson keypair. It returns the keys as
// hex-encoded strings, suitable for printing to the screen. hex.DecodeString
// can be used to load the true representation if necessary.
func GenerateKeypair() (pub string, priv string, err error) {
	var kp crypto.Keypair
	if err := kp.Generate(); err != nil {
		return "", "", err
	}
	return kp.PublicString(), kp.PrivateString(), nil
}
Ejemplo n.º 7
0
// EncryptFileInPlace takes a path to a file on disk, which must be a valid EJSON file
// (see README.md for more on what constitutes a valid EJSON file). Any
// encryptable-but-unencrypted fields in the file will be encrypted using the
// public key embdded in the file, and the resulting text will be written over
// the file present on disk.
func EncryptFileInPlace(filePath string) (int, error) {
	data, err := readFile(filePath)
	if err != nil {
		return -1, err
	}

	fileMode, err := getMode(filePath)
	if err != nil {
		return -1, err
	}

	var myKP crypto.Keypair
	if err := myKP.Generate(); err != nil {
		return -1, err
	}

	pubkey, err := json.ExtractPublicKey(data)
	if err != nil {
		return -1, err
	}

	encrypter := myKP.Encrypter(pubkey)
	walker := json.Walker{
		Action: encrypter.Encrypt,
	}

	newdata, err := walker.Walk(data)
	if err != nil {
		return -1, err
	}

	if err := writeFile(filePath, newdata, fileMode); err != nil {
		return -1, err
	}

	return len(newdata), nil
}