func Import(password, filename string) (mk *MetaKey, err error) {
b64in, err := ioutil.ReadFile(filename)
if err != nil {
return
}
in, err := armour.DecodeBase64(b64in)
if err != nil {
return
}
salt := in[:hash.SaltLength]
in = in[hash.SaltLength:]
key := binaryKeyFromDerivedKey(
hash.DeriveKeyWithSalt(password, salt))
dec, err := armour.Decrypt(key, in)
if err != nil {
return
}
h := dec[:hash.HashLen]
dec = dec[hash.HashLen:]
if !bytes.Equal(h, hash.New(dec).Digest()) {
err = fmt.Errorf("invalid digest")
return
}
buf := bytes.NewBuffer(dec)
return Read(buf)
}
func decrypt(w http.ResponseWriter, upload *Upload) {
salt := upload.Data[:hash.SaltLength]
enc := upload.Data[hash.SaltLength:]
key := hash.DeriveKeyWithSalt(upload.Password, salt)
if key == nil {
serverError(w, "failed to generate key")
return
}
dec, err := symmetric.Decrypt(key.Key, enc)
if err != nil {
serverError(w, "encryption failure: "+err.Error())
return
}
w.Header().Add("content-type", "application/octet-stream")
w.Header().Add("content-disposition", "attachment; filename="+upload.Name)
w.Write(dec)
}
func decryptFile(inFile, outFile, passphrase string) (err error) {
salt := make([]byte, hash.SaltLength)
inReader, err := os.Open(inFile)
if err != nil {
return
}
defer inReader.Close()
outWriter, err := os.Create(outFile)
if err != nil {
return
}
defer outWriter.Close()
_, err = io.ReadFull(inReader, salt)
if err != nil {
return
}
key := hash.DeriveKeyWithSalt(passphrase, salt)
err = symmetric.DecryptReader(key.Key, inReader, outWriter)
return
}
