func CreateCrypto(c *cli.Context) (*secure.AesGCM, error) {
keyPath := c.String("key-path")
if keyPath == "" {
usr, err := user.Current()
if err != nil {
fmt.Println(err.Error())
}
keyPath = usr.HomeDir + "/.rss/key"
}
key, err := ioutil.ReadFile(keyPath)
if err != nil {
fmt.Printf("Unable to read key file: %s\n%s\n", keyPath, err.Error())
return nil, err
}
key = bytes.Trim(key, "\n")
secretPbkdf := secure.NewPbkdf2(key, 16)
crypto, err := secure.NewAesGCM(secretPbkdf)
if err != nil {
fmt.Printf("Error creating crypto: %s\n", err)
return nil, err
}
return crypto, nil
}
func createCrypto(logger lager.Logger, secret string) *secure.AesGCM {
// generate secure encryption key using key derivation function (pbkdf2)
secretPbkdf2 := secure.NewPbkdf2([]byte(secret), 16)
crypto, err := secure.NewAesGCM(secretPbkdf2)
if err != nil {
logger.Fatal("error-creating-route-service-crypto", err)
}
return crypto
}
BeforeEach(func() {
var err error
// valid key size
key = []byte("super-secret-key")
Expect(err).ToNot(HaveOccurred())
aesGcm, err = secure.NewAesGCM(key)
Expect(err).ToNot(HaveOccurred())
})
Describe("NewPbkdf2", func() {
Context("when a plaintext secret is provided", func() {
Context("when password length is less than desired key len", func() {
It("generates an encryption key of desired ken length", func() {
k := secure.NewPbkdf2([]byte(""), 16)
Expect(k).To(HaveLen(16))
k = secure.NewPbkdf2([]byte("short-key"), 16)
Expect(k).To(HaveLen(16))
k = secure.NewPbkdf2([]byte("1234678901234567890abc"), 16)
Expect(k).To(HaveLen(16))
k = secure.NewPbkdf2([]byte("short-key"), 32)
Expect(k).To(HaveLen(32))
})
})
Context("when password length is greater than desired key len", func() {
It("generates an encryption key of desired ken length", func() {