// ExportKeys exports this sync's keys to the given path, protecting them with
// the given password.
func (s *SyncInfo) ExportKeys(outPath, pw string) error {
salt, err := gocrypt.SecureBytes(aes.KeyLength)
if err != nil {
return &ErrSync{"Unable to get salt for export", err}
}
exportKeys := generatePbkdf2KeyCombo(pw, salt)
origBuf := memstream.New()
origBuf.Write(s.Keys().CryptoKey)
origBuf.Write(s.Keys().AuthKey)
origBuf.Rewind()
encryptedBuf := memstream.New()
encryptedBuf.Write(salt)
_, _, err = aes.Encrypt(origBuf, encryptedBuf, exportKeys)
if err != nil {
return &ErrSync{"Unable to encrypt keys", err}
}
encoded := gocrypt.BytesToB64(encryptedBuf.Bytes())
err = ioutil.WriteFile(outPath, []byte(encoded), 0770)
if err != nil {
return &ErrSync{"Unable to open key file", err}
}
return nil
}
// newIV generates a new, cryptographically secure IV for use with
func newIV() (gocrypt.IV, error) {
return gocrypt.SecureBytes(aes.BlockSize)
}
// NewKey generates a new random, cryptographically secure gocrypt.Key for use with
// Encrypt and Decrypt.
func NewKey() (gocrypt.Key, error) {
return gocrypt.SecureBytes(KeyLength)
}