// Encrypt reads all contents from 'in', extracts the pubkey
// and performs the requested encryption operation, writing
// the resulting data to 'out'.
// Returns the number of bytes written and any error that might have
// occurred.
func Encrypt(in io.Reader, out io.Writer) (int, error) {
data, err := ioutil.ReadAll(in)
if err != nil {
return -1, err
}
var myKP crypto.Keypair
if err = myKP.Generate(); err != nil {
return -1, err
}
pubkey, err := json.ExtractPublicKey(data)
if err != nil {
return -1, err
}
encrypter := myKP.Encrypter(pubkey)
walker := json.Walker{
Action: encrypter.Encrypt,
}
newdata, err := walker.Walk(data)
if err != nil {
return -1, err
}
return out.Write(newdata)
}
func (c *ctx) encrypt(value string) (string, error) {
var kp crypto.Keypair
if err := kp.Generate(); err != nil {
return "", err
}
encrypter := kp.Encrypter(c.publicKeyBytes)
v, err := encrypter.Encrypt([]byte(value))
if err != nil {
return "", err
}
return string(v), nil
}
// EncryptFileInPlace takes a path to a file on disk, which must be a valid EJSON file
// (see README.md for more on what constitutes a valid EJSON file). Any
// encryptable-but-unencrypted fields in the file will be encrypted using the
// public key embdded in the file, and the resulting text will be written over
// the file present on disk.
func EncryptFileInPlace(filePath string) (int, error) {
data, err := readFile(filePath)
if err != nil {
return -1, err
}
fileMode, err := getMode(filePath)
if err != nil {
return -1, err
}
var myKP crypto.Keypair
if err := myKP.Generate(); err != nil {
return -1, err
}
pubkey, err := json.ExtractPublicKey(data)
if err != nil {
return -1, err
}
encrypter := myKP.Encrypter(pubkey)
walker := json.Walker{
Action: encrypter.Encrypt,
}
newdata, err := walker.Walk(data)
if err != nil {
return -1, err
}
if err := writeFile(filePath, newdata, fileMode); err != nil {
return -1, err
}
return len(newdata), nil
}
