Exemple #1
0
func decryptSignedFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	if len(message) > 10 {
		if bytes.Equal(message[:10], []byte("-----BEGIN")) {
			p, _ := pem.Decode(message)
			if p == nil {
				return errors.New("failed to decode PEM file")
			}

			switch p.Type {
			case public.EncryptedType:
				message = p.Bytes
			default:
				return errors.New("invalid message")
			}

		}
	}

	out, ok := ks.DecryptAndVerify(cfg.Label, message)
	if !ok {
		return errors.New("decrypt failed")
	}

	err = util.WriteFile(out, cfg.Args[1])
	if err != nil {
		return err
	}
	return nil
}
Exemple #2
0
func initStore(path string, m secret.ScryptMode) error {
	passphrase, err := util.PassPrompt("Secrets passphrase> ")
	if err != nil {
		util.Errorf("Failed to read passphrase: %v", err)
		return err
	}

	if len(passphrase) == 0 {
		return fmt.Errorf("No passphrase provided.")
	}

	defer util.Zero(passphrase)
	passwords := store.NewSecretStore(passphrase)
	if passwords == nil {
		return fmt.Errorf("failed to create store")
	}

	fmt.Println("creating store...")
	fileData, ok := store.MarshalSecretStore(passwords, m)
	if !ok {
		return fmt.Errorf("failed to marshal store")
	}

	err = util.WriteFile(fileData, path)
	if err != nil {
		return err
	}

	passwords, ok = store.UnmarshalSecretStore(fileData, passphrase, m)
	if !ok {
		err = fmt.Errorf("failed to unmarshal store")
	}
	return err
}
Exemple #3
0
func cryptSignFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		util.Errorf("%v", err)
		return err
	}

	out, ok := ks.EncryptAndSignTo(cfg.Label, message)
	if !ok {
		util.Errorf("Failed to encrypt message.")
		return errors.New("signcryption failed")
	}

	if cfg.Armour {
		block := pem.Block{
			Type:  public.SignedAndEncryptedType,
			Bytes: out,
		}
		out = pem.EncodeToMemory(&block)
	}

	err = util.WriteFile(out, cfg.Args[1])
	if err != nil {
		util.Errorf("%v", err)
		return nil
	}
	return nil
}
Exemple #4
0
func encryptFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	out, ok := ks.EncryptTo(cfg.Label, message)
	if !ok {
		return errors.New("encryption failed")
	}

	if cfg.Armour {
		block := pem.Block{
			Type:  public.EncryptedType,
			Bytes: out,
		}
		out = pem.EncodeToMemory(&block)
	}

	err = util.WriteFile(out, cfg.Args[1])
	if err != nil {
		return err
	}
	return nil
}
Exemple #5
0
func exportVerified(ks *store.KeyStore, cfg *config) error {
	out, ok := ks.ExportVerified(cfg.Label)
	if !ok {
		return errors.New("failed to export verified public key")
	}

	return util.WriteFile(out, cfg.Args[0])
}
Exemple #6
0
func writeStore(ps *store.SecretStore, path string, m secret.ScryptMode) bool {
	fileData, ok := store.MarshalSecretStore(ps, m)
	if !ok {
		return false
	}

	err := util.WriteFile(fileData, path)
	if err != nil {
		util.Errorf("Write failed: %v", err)
		return false
	}
	return true
}
Exemple #7
0
func exportStore(storePath, outPath string) error {
	fileData, err := util.ReadFile(storePath)
	if err != nil {
		return err
	}

	var block = pem.Block{
		Type:  pemType,
		Bytes: fileData,
	}
	out := pem.EncodeToMemory(&block)
	return util.WriteFile(out, outPath)
}
Exemple #8
0
func decryptFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	var needVerify bool
	if len(message) > 10 {
		if bytes.Equal(message[:10], []byte("-----BEGIN")) {
			p, _ := pem.Decode(message)
			if p == nil {
				return errors.New("failed to decode PEM file")
			}

			switch p.Type {
			case public.EncryptedType:
				message = p.Bytes
			case public.SignedAndEncryptedType:
				needVerify = true
				message = p.Bytes
			default:
				return errors.New("invalid message")
			}

		}
	}

	var out []byte
	var ok bool

	if !needVerify {
		out, ok = ks.Decrypt(message)
		if !ok {
			return errors.New("decrypt failed")
		}
	} else {
		out, ok = ks.DecryptAndVerify(cfg.Label, message)
		if !ok {
			return errors.New("decrypt and verify failed")
		}
		fmt.Println("Valid signature.")
	}

	err = util.WriteFile(out, cfg.Args[1])
	if err != nil {
		return err
	}
	return nil
}
Exemple #9
0
func importStore(storePath, inPath string) error {
	fileData, err := util.ReadFile(inPath)
	if err != nil {
		return err
	}

	p, _ := pem.Decode(fileData)
	if p == nil {
		return errors.New("invalid PEM data")
	} else if p.Type != pemType {
		return errors.New("invalid PEM type")
	}

	return util.WriteFile(p.Bytes, storePath)
}
Exemple #10
0
func signFile(ks *store.KeyStore, cfg *config) error {
	message, err := util.ReadFile(cfg.Args[0])
	if err != nil {
		return err
	}

	sig, ok := ks.Sign(message)
	if !ok {
		return errors.New("signing failed")
	}

	if cfg.Armour {
		block := pem.Block{
			Type:  public.SignatureType,
			Bytes: sig,
		}
		sig = pem.EncodeToMemory(&block)
	}

	return util.WriteFile(sig, cfg.Args[1])
}
Exemple #11
0
func writeStore() bool {
	if !session.Dirty {
		return true
	}

	fmt.Printf("[+] storing secret store...\n")
	fileData, ok := store.MarshalSecretStore(session.Store, session.Scrypt)
	if !ok {
		return false
	}

	err := util.WriteFile(fileData, session.Path)
	if err != nil {
		fmt.Fprintf(os.Stderr, "[!] failed to write store to %s:\n",
			err)
		fmt.Fprintf(os.Stderr, "\t%v\n", err)
		return false
	}

	session.Dirty = false
	return true
}
Exemple #12
0
func exportSelf(ks *store.KeyStore, cfg *config) error {
	if ks.ExportKey == nil {
		return errors.New("No export key present.")
	}
	return util.WriteFile(ks.ExportKey, cfg.Args[0])
}