// keyPassphraseChange changes the passphrase for a private key based on ID func (k *keyCommander) keyPassphraseChange(cmd *cobra.Command, args []string) error { if len(args) < 1 { cmd.Usage() return fmt.Errorf("must specify the key ID of the key to change the passphrase of") } config, err := k.configGetter() if err != nil { return err } ks, err := k.getKeyStores(config, true, false) if err != nil { return err } keyID := args[0] // This is an invalid ID if len(keyID) != notary.SHA256HexSize { return fmt.Errorf("invalid key ID provided: %s", keyID) } // Find which keyStore we should replace the key password in, and replace if we find it var foundKeyStore trustmanager.KeyStore var privKey data.PrivateKey var keyInfo trustmanager.KeyInfo var cs *cryptoservice.CryptoService for _, keyStore := range ks { cs = cryptoservice.NewCryptoService(keyStore) if privKey, _, err = cs.GetPrivateKey(keyID); err == nil { foundKeyStore = keyStore break } } if foundKeyStore == nil { return fmt.Errorf("could not retrieve local key for key ID provided: %s", keyID) } // Must use a different passphrase retriever to avoid caching the // unlocking passphrase and reusing that. passChangeRetriever := k.getRetriever() var addingKeyStore trustmanager.KeyStore switch foundKeyStore.Name() { case "yubikey": addingKeyStore, err = getYubiStore(nil, passChangeRetriever) keyInfo = trustmanager.KeyInfo{Role: data.CanonicalRootRole} default: addingKeyStore, err = trustmanager.NewKeyFileStore(config.GetString("trust_dir"), passChangeRetriever) if err != nil { return err } keyInfo, err = foundKeyStore.GetKeyInfo(keyID) } if err != nil { return err } err = addingKeyStore.AddKey(keyInfo, privKey) if err != nil { return err } cmd.Printf("\nSuccessfully updated passphrase for key ID: %s\n", keyID) return nil }