Example #1
0
// ExportPrivate PEM-encodes the locked private key. The private key is secured
// with the passphrase using LockKey.
func ExportPrivate(priv *PrivateKey, passphrase []byte) ([]byte, error) {
	locked, ok := LockKey(priv, passphrase)
	if !ok {
		return nil, ErrCorruptPrivateKey
	}

	block := pem.Block{
		Type: PrivateType,
		Headers: map[string]string{
			"Version": fmt.Sprintf("%s", util.VersionString()),
		},
		Bytes: locked,
	}
	return pem.EncodeToMemory(&block), nil
}
Example #2
0
func main() {
	baseFile := filepath.Join(os.Getenv("HOME"), ".secrets.db")
	doInit := flag.Bool("init", false, "initialize a new store")
	doMerge := flag.Bool("merge", false, "merge another store into this store")
	doExport := flag.Bool("export", false, "export store to PEM")
	doImport := flag.Bool("import", false, "import store from PEM")
	doMulti := flag.Bool("multi", false, "enter multiple passwords")
	doChPass := flag.Bool("c", false, "change the store's password")
	storePath := flag.String("f", baseFile, "path to password store")
	doList := flag.Bool("l", false, "list accounts")
	withMeta := flag.Bool("m", false, "include metadata")
	doRemove := flag.Bool("r", false, "remove entries")
	doStore := flag.Bool("s", false, "store password")
	clipExport := flag.Bool("x", false, "dump secrets for clipboard")
	overWrite := flag.Bool("w", false, "overwrite existing secrets")
	doVersion := flag.Bool("V", false, "display version and exit")
	scryptInteractive := flag.Bool("i", false, "use scrypt interactive")
	flag.Parse()

	if *doVersion {
		fmt.Println("secrets version", util.VersionString())
		os.Exit(0)
	}

	scryptMode := secret.ScryptStandard
	if *scryptInteractive {
		scryptMode = secret.ScryptInteractive
	}

	var cfg = &config{
		Args:      flag.Args(),
		Clip:      *clipExport,
		WithMeta:  *withMeta,
		Overwrite: *overWrite,
	}

	var cmd command
	switch {
	case *doInit:
		cmd = commandSet["init"]
		err := initStore(*storePath, scryptMode)
		if err != nil {
			util.Errorf("Failed: %v", err)
			os.Exit(1)
		}
		return
	case *doChPass:
		cmd = commandSet["passwd"]
	case *doStore:
		cmd = commandSet["store"]
	case *doRemove:
		cmd = commandSet["remove"]
	case *doList:
		cmd = commandSet["list"]
	case *doMulti:
		cmd = commandSet["multi"]
	case *doMerge:
		cmd = commandSet["merge"]
	case *doExport:
		if flag.NArg() != 1 {
			util.Errorf("No output file specified.")
		}
		err := exportStore(*storePath, flag.Arg(0))
		if err != nil {
			util.Errorf("Failed: %v", err)
			os.Exit(1)
		}
		return
	case *doImport:
		if flag.NArg() != 1 {
			util.Errorf("No input file specified.")
		}
		err := importStore(*storePath, flag.Arg(0))
		if err != nil {
			util.Errorf("Failed: %v", err)
			os.Exit(1)
		}
		return
	default:
		cmd = commandSet["show"]
	}

	if flag.NArg() < cmd.RequiredArgc {
		util.Errorf("Not enough arguments: want %d, have %d.",
			cmd.RequiredArgc, flag.NArg())
		util.Errorf("Want: %v", strings.Join(cmd.Args, ", "))
		os.Exit(1)
	}

	passwords := loadStore(*storePath, scryptMode)
	if passwords == nil {
		util.Errorf("Failed to open password store")
		os.Exit(1)
	}
	defer passwords.Zero()

	err := cmd.Run(passwords, cfg, scryptMode)
	if err != nil {
		util.Errorf("Failed: %v", err)
		os.Exit(1)
	}

	if cmd.ShouldWrite {
		passwords.Timestamp = time.Now().Unix()
		if !writeStore(passwords, *storePath, scryptMode) {
			util.Errorf("Failed to write store!")
			os.Exit(1)
		}
	}
}
Example #3
0
func main() {
	flArmour := flag.Bool("a", false, "armour output")
	flOutDir := flag.String("o", ".", "output directory")
	flOutfile := flag.String("f", "passcrypt.enc", "pack file")
	flShowManifest := flag.Bool("l", false, "list the files in the archive")
	flUnpack := flag.Bool("u", false, "unpack the archive")
	flag.BoolVar(&verbose, "v", false, "verbose mode")
	flVersion := flag.Bool("V", false, "display version and exit")
	flag.Parse()

	if *flVersion {
		fmt.Println("passcrypt version", util.VersionString())
		os.Exit(0)
	}

	if *flUnpack || *flShowManifest {
		if flag.NArg() != 1 {
			util.Errorf("Only one file may be unpacked at a time.\n")
			os.Exit(1)
		}

		in, err := ioutil.ReadFile(flag.Arg(0))
		if err != nil {
			util.Errorf("%v\n", err)
			os.Exit(1)
		}

		if p, _ := pem.Decode(in); p != nil {
			if p.Type != header {
				util.Errorf("Wrong header for archive.\n")
				os.Exit(1)
			}
			in = p.Bytes
		}

		if len(in) <= saltLength {
			util.Errorf("Invalid archive.\n")
			os.Exit(1)
		}
		salt := in[:saltLength]
		in = in[saltLength:]

		passphrase, err := readpass.PasswordPromptBytes("Password: "******"%v\n", err)
			os.Exit(1)
		}

		key := secret.DeriveKey(passphrase, salt)
		if key == nil {
			util.Errorf("Failed to derive key.n\n")
			os.Exit(1)
		}

		in, ok := secret.Decrypt(key, in)
		if !ok {
			util.Errorf("Decryption failed.\n")
			os.Exit(1)
		}
		defer util.Zero(in)

		if *flUnpack {
			err = unpackFiles(in, *flOutDir)
			if err != nil {
				util.Errorf("%v\n", err)
				os.Exit(1)
			}
		} else if *flShowManifest {
			var files []File
			_, err := asn1.Unmarshal(in, &files)
			if err != nil {
				util.Errorf("%v\n", err)
				os.Exit(1)
			}

			fmt.Println("Manifest for", flag.Arg(0))
			fmt.Printf("\n")
			for _, file := range files {
				fmt.Printf("\t%s", file.Path)
				if os.FileMode(file.Mode).IsDir() {
					fmt.Printf("/")
				}
				fmt.Printf("\n")
			}
		}
		return
	}

	if flag.NArg() == 0 {
		return
	}

	passphrase, err := readpass.PasswordPromptBytes("Password: "******"%v\n", err)
		os.Exit(1)
	}

	salt := util.RandBytes(saltLength)
	if salt == nil {
		util.Errorf("Failed to generate a random salt.\n")
		os.Exit(1)
	}

	key := secret.DeriveKey(passphrase, salt)
	if key == nil {
		util.Errorf("Failed to derive key.n\n")
		os.Exit(1)
	}

	out, err := packFiles(flag.Args())
	if err != nil {
		util.Errorf("%v\n", err)
		os.Exit(1)
	}

	var ok bool
	out, ok = secret.Encrypt(key, out)
	if !ok {
		util.Errorf("Encryption failed.\n")
		os.Exit(1)
	}

	out = append(salt, out...)

	if *flArmour {
		p := &pem.Block{
			Type:  header,
			Bytes: out,
		}
		out = pem.EncodeToMemory(p)
	}

	err = ioutil.WriteFile(*flOutfile, out, 0644)
	if err != nil {
		util.Errorf("%v\n", err)
		os.Exit(1)
	}
}
Example #4
0
func main() {
	baseFile := filepath.Join(os.Getenv("HOME"), ".otpc.db")
	doInit := flag.Bool("init", false, "initialize a new store")
	doStore := flag.Bool("s", false, "store a new two-factor token")
	storePath := flag.String("f", baseFile, "path to password store")
	otpKind := flag.String("t", "", "OTP type (TOTP, HOTP, GOOGLE)")
	doQR := flag.Bool("qr", false, "dump QR code for secret")
	doVersion := flag.Bool("V", false, "display version and exit")
	scryptInteractive := flag.Bool("i", false, "use scrypt interactive")
	flag.Parse()

	if *doVersion {
		fmt.Println("otpc version", util.VersionString())
		os.Exit(0)
	}

	scryptMode := secret.ScryptStandard
	if *scryptInteractive {
		scryptMode = secret.ScryptInteractive
	}

	var cfg = &config{
		Args:    flag.Args(),
		OTPType: parseOTPKind(*otpKind),
	}

	var cmd command
	switch {
	case *doInit:
		cmd = commandSet["init"]
		err := initStore(*storePath, scryptMode)
		if err != nil {
			util.Errorf("Failed: %v", err)
			os.Exit(1)
		}
		return
	case *doStore:
		cmd = commandSet["store"]
	case *doQR:
		cmd = commandSet["qr"]
	default:
		cmd = commandSet["show"]
	}

	if flag.NArg() < cmd.RequiredArgc {
		util.Errorf("Not enough arguments: want %d, have %d.",
			cmd.RequiredArgc, flag.NArg())
		util.Errorf("Want: %v", strings.Join(cmd.Args, ", "))
		os.Exit(1)
	}

	ps := loadStore(*storePath, scryptMode)
	if ps == nil {
		util.Errorf("Failed to open two-factor store.")
		os.Exit(1)
	}
	defer ps.Zero()

	err := cmd.Run(ps, cfg)
	if err != nil {
		util.Errorf("Failed: %v", err)
		os.Exit(1)
	}

	if cmd.ShouldWrite || cfg.Updated {
		ps.Timestamp = time.Now().Unix()
		if !writeStore(ps, *storePath, scryptMode) {
			util.Errorf("Failed to write store!")
			os.Exit(1)
		}
	}
}
Example #5
0
func main() {
	baseFile := filepath.Join(os.Getenv("HOME"), ".cu_journal")
	doInit := flag.Bool("init", false, "initialize a new store")
	currentEditor := os.Getenv("EDITOR")
	editor := flag.String("editor", currentEditor, "editor for writing entries")
	doEdit := flag.Bool("e", false, "edit entry")
	storePath := flag.String("f", baseFile, "path to journal")
	doList := flag.Bool("l", false, "list entries")
	doWrite := flag.Bool("w", false, "write new entry")
	doVersion := flag.Bool("V", false, "display version and exit")
	scryptInteractive := flag.Bool("i", false, "use scrypt interactive")
	flag.Parse()

	if *doVersion {
		fmt.Println("journal version", util.VersionString())
		os.Exit(0)
	}

	scryptMode := secret.ScryptStandard
	if *scryptInteractive {
		scryptMode = secret.ScryptInteractive
	}

	var cfg = &config{
		Args:   flag.Args(),
		Editor: *editor,
	}

	var cmd command
	switch {
	case *doInit:
		cmd = commandSet["init"]
		err := initStore(*storePath, scryptMode)
		if err != nil {
			util.Errorf("Failed: %v", err)
			os.Exit(1)
		}
		return
	case *doEdit:
		cmd = commandSet["edit"]
	case *doList:
		cmd = commandSet["list"]
	case *doWrite:
		cmd = commandSet["write"]
	default:
		cmd = commandSet["show"]
	}

	if flag.NArg() < cmd.RequiredArgc {
		util.Errorf("Not enough arguments: want %d, have %d.",
			cmd.RequiredArgc, flag.NArg())
		util.Errorf("Want: %v", strings.Join(cmd.Args, ", "))
		os.Exit(1)
	}

	passwords := loadStore(*storePath, scryptMode)
	if passwords == nil {
		util.Errorf("Failed to open password store")
		os.Exit(1)
	}
	defer passwords.Zero()

	err := cmd.Run(passwords, cfg)
	if err != nil {
		util.Errorf("Failed: %v", err)
		os.Exit(1)
	}

	if cmd.ShouldWrite {
		passwords.Timestamp = time.Now().Unix()
		if !writeStore(passwords, *storePath, scryptMode) {
			util.Errorf("Failed to write store!")
			os.Exit(1)
		}
	}
}