func getEncrypted(key, keyring string, store backend.Store) ([]byte, error) {
var (
value []byte
passring keyctl.Keyring
pkr prompt.PassphraseKeyring
)
kr, err := os.Open(secretKeyring)
if err != nil {
return value, err
}
defer kr.Close()
data, err := store.Get(key)
if err != nil {
return value, err
}
if passring, err = SessionKeyring(); err == nil {
pkr = prompt.PassphraseKeyring{Keyring: passring}
}
if passring != nil {
pkr.Prompt = prompt.NewPrompter(prompt.PassphrasePrompt)
value, err = secconf.DecodeVia(data, kr, pkr)
} else {
value, err = secconf.Decode(data, kr)
}
if err != nil {
return value, err
}
return value, err
}
func listEncrypted(key, keyring string, store backend.Store) (backend.KVPairs, error) {
var (
passring keyctl.Keyring
pkr prompt.PassphraseKeyring
)
kr, err := os.Open(secretKeyring)
if err != nil {
return nil, err
}
defer kr.Close()
data, err := store.List(key)
if err != nil {
return nil, err
}
if passring, err = SessionKeyring(); err == nil {
pkr = prompt.PassphraseKeyring{Keyring: passring}
pkr.Prompt = prompt.NewPrompter(prompt.PassphrasePrompt)
}
for i, kv := range data {
if passring != nil {
data[i].Value, err = secconf.DecodeVia(kv.Value, kr, pkr)
} else {
data[i].Value, err = secconf.Decode(kv.Value, kr)
}
kr.Seek(0, 0)
if err != nil {
return nil, err
}
}
return data, err
}
// Deocde decodes data using the secconf codec.
func DecodeVia(data []byte, secertKeyring io.Reader, p keyctl.PassphraseKeyring) ([]byte, error) {
decoder := base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(data))
entityList, err := openpgp.ReadKeyRing(secertKeyring)
if err != nil {
return nil, err
}
md, err := p.ReadMessage(decoder, entityList, nil, nil)
if err != nil {
return nil, err
}
gzReader, err := gzip.NewReader(md.UnverifiedBody)
if err != nil {
return nil, err
}
defer gzReader.Close()
bytes, err := ioutil.ReadAll(gzReader)
if err != nil {
return nil, err
}
return bytes, nil
}