// Run runs the command. func (r *Read) Run(database store.FileStore, provider providers.Provider) error { value, err := database.Get(*r.name) if err != nil { return err } algo := algorithms.New(value.Algorithm) var decryptionKeyArray [32]byte if algo.NeedsKey() { keyCiphertext, err2 := value.GetKeyCiphertext() if err2 != nil { return err2 } keyPlaintext, err2 := provider.Decrypt(keyCiphertext) if err2 != nil { return err2 } copy(decryptionKeyArray[:], keyPlaintext) } decoded, err := value.GetCiphertext() if err != nil { return err } plaintext, err := algo.Decrypt(&decryptionKeyArray, decoded) if err != nil { return err } fmt.Printf("%s\n", plaintext) return nil }
// Run runs the command. func (r *List) Run(database store.FileStore) error { entries, err := database.GetAll() if err != nil { return err } for name := range entries { fmt.Printf("%s\n", name) } return nil }
// Run runs the command. func (r *Get) Run(database store.FileStore) error { value, err := database.Get(*r.name) if err != nil { return err } algo, err := algorithms.New(value.Algorithm) if err != nil { return err } var decryptionKeyArray [32]byte if algo.NeedsKey() { keyManager, err := keymanager.New(value.KeyManager) if err != nil { return err } keyCiphertext, err2 := value.GetKeyCiphertext() if err2 != nil { return err2 } keyPlaintext, err2 := keyManager.Decrypt(keyCiphertext, *r.name) if err2 != nil { return err2 } copy(decryptionKeyArray[:], keyPlaintext) } decoded, err := value.GetCiphertext() if err != nil { return err } plaintext, err := algo.Decrypt(&decryptionKeyArray, decoded) if err != nil { return err } if len(*r.writeTo) > 0 { return ioutil.WriteFile(*r.writeTo, plaintext, 0644) } fmt.Printf("%s", plaintext) if !bytes.HasSuffix(plaintext, []byte{'\n'}) { fmt.Printf("\n") } return nil }
func (w *Put) chooseKeyID(database store.FileStore) error { if len(*w.keyID) != 0 { return nil } existingKeys, err := database.GetKeyIds() if err != nil && !os.IsNotExist(err) { return err } if len(existingKeys) > 1 { return errMultipleKeys } else if len(existingKeys) == 0 { return errNoKeySpecified } for keyID := range existingKeys { fmt.Fprintf(os.Stderr, "Using existing key %s\n", keyID) *w.keyID = keyID break } return nil }
// Run runs the command. func (w *Put) Run(database store.FileStore) error { var value store.Value algo, err := algorithms.New(*w.algo) if err != nil { return err } value.Algorithm = algo.Label() var envelopeKey keymanager.EnvelopeKey if algo.NeedsKey() { keyManager, err := keymanager.New(*w.keyManager) if err != nil { return err } value.KeyManager = keyManager.Label() if err := w.chooseKeyID(database); err != nil { return err } value.KeyID = *w.keyID envelopeKey, err = keyManager.GenerateEnvelopeKey(*w.keyID, *w.name) if err != nil { return err } value.KeyCiphertext = base64.StdEncoding.EncodeToString(envelopeKey.Ciphertext) } plaintext, err := w.choosePlaintext() if err != nil { return err } ciphertext, err := algo.Encrypt(envelopeKey.GetPlaintext32(), plaintext) if err != nil { return err } value.Ciphertext = base64.StdEncoding.EncodeToString(ciphertext) return database.Put(*w.name, value) }
// Run runs the command. func (w *Write) Run(database store.FileStore, provider providers.Provider) error { if len(*w.keyID) == 0 { existingKeys, err := database.GetKeyIds() if err != nil && !os.IsNotExist(err) { return err } if len(existingKeys) > 1 { return errMultipleKeys } else if len(existingKeys) == 0 { return errNoKeySpecified } for keyID := range existingKeys { fmt.Fprintf(os.Stderr, "Using existing key %s\n", keyID) *w.keyID = keyID break } } envelopeKey, err := provider.GenerateEnvelopeKey(*w.keyID) if err != nil { return err } box := algorithms.New(*w.algo) ciphertext, err := box.Encrypt(envelopeKey.GetPlaintext32(), []byte(*w.value)) if err != nil { return err } encoded := base64.StdEncoding.EncodeToString(ciphertext) value := store.Value{ Algorithm: box.Label(), KeyID: *w.keyID, KeyCiphertext: base64.StdEncoding.EncodeToString(envelopeKey.Ciphertext), Ciphertext: encoded, } return database.Put(*w.name, value) }