func writeVerifyTest(dir string) { fulldir := TESTDATA + dir r := dkeyczar.NewFileReader(fulldir) signer, _ := dkeyczar.NewSigner(r) signature, _ := signer.Sign([]byte(PLAINTEXT)) fmt.Println(` check_verify(readers.FileReader("` + fulldir + `"), "` + dir + `", "` + PLAINTEXT + `", "` + signature + `", )`) attachedSig, _ := signer.AttachedSign([]byte(PLAINTEXT), []byte{0, 1, 2, 3, 4, 5, 6, 7}) fmt.Println(` check_attached_verify(readers.FileReader("` + fulldir + `"), "` + dir + `", "` + PLAINTEXT + `", "` + attachedSig + `", "\x00\x01\x02\x03\x04\x05\x06\x07", )`) attachedSig, _ = signer.AttachedSign([]byte(PLAINTEXT), nil) fmt.Println(` check_attached_verify(readers.FileReader("` + fulldir + `"), "` + dir + `", "` + PLAINTEXT + `", "` + attachedSig + `", None )`) unversionedSig, _ := signer.UnversionedSign([]byte(PLAINTEXT)) fmt.Println(` check_unversioned_verify(readers.FileReader("` + fulldir + `"), "` + dir + `", "` + PLAINTEXT + `", "` + unversionedSig + `", )`) }
func writeKeyczartTest(dir string) { fulldir := TESTDATA + dir km := dkeyczar.NewKeyManager() r := dkeyczar.NewFileReader(fulldir) km.Load(r) json := km.ToJSONs(nil) fmt.Println(` meta = """` + json[0] + `""" keys={`) for i := 1; i < len(json); i++ { fmt.Println(" " + strconv.Itoa(i) + `: """` + json[i] + `""",`) } fmt.Println(`} r = JSONReader(meta, keys)`) signer, _ := dkeyczar.NewSigner(r) if signer != nil { signature, _ := signer.Sign([]byte(PLAINTEXT)) fmt.Println( `check_verify(r, "json ` + dir + `", "` + PLAINTEXT + `", "` + signature + `", )`) } else { crypter, _ := dkeyczar.NewCrypter(r) ciphertext, _ := crypter.Encrypt([]byte(PLAINTEXT)) fmt.Println( `check_decrypt(r, "json ` + dir + `", "` + PLAINTEXT + `", "` + ciphertext + `", )`) } }
func main() { //value string `short:"" long:"" description:""` var createOpts struct { Location string `short:"l" long:"location" description:"The location of the key set."` Purpose string `short:"o" long:"purpose" description:"The purpose of the key set (sign|crypt)."` Name string `short:"n" long:"name" description:"The key set name."` Asymmetric string `short:"a" long:"asymmetric" description:"Use asymmetric algorithm (dsa|rsa)."` } var addKeyOpts struct { Location string `short:"l" long:"location" description:"The location of the key set."` Status string `short:"s" long:"status" description:"The status (active|primary)."` Size int `short:"b" long:"size" description:"The key size in bits."` Crypter string `short:"c" long:"crypter" description:"The location of the crypter key set to crypt the main key set."` } var promoteOpts struct { Location string `short:"l" long:"location" description:"The location of the key set."` Version int `short:"v" long:"version" default:"0" description:"The key version."` } var demoteOpts struct { Location string `short:"l" long:"location" description:"The location of the key set."` Version int `short:"v" long:"version" default:"0" description:"The key version."` } var revokeOpts struct { Location string `short:"l" long:"location" description:"The location of the key set."` Version int `short:"v" long:"version" default:"0" description:"The key version."` } var pubKeyOpts struct { Location string `short:"l" long:"location" description:"The location of the key set."` Destination string `short:"d" long:"destination" description:"The destination location of the operation."` Crypter string `short:"c" long:"crypter" description:"The location of the crypter key set to crypt the main key set."` } var useKeyOpts struct { Format string `long:"format" description:"Output usage for key (crypt|sign|sign-timeout|sign-vanilla|sign-attached|crypt-session|crypt-signedsession)."` Location string `short:"l" long:"location" description:"The location of the key set."` Location2 string `long:"location2" description:"The location of the 2nd key set."` Destination string `short:"d" long:"destination" description:"The destination location of the operation."` Destination2 string `long:"destination2" description:"The second destination location of the operation."` Crypter string `short:"c" long:"crypter" description:"The location of the crypter key set to crypt the main key set."` Crypter2 string `short:"c" long:"crypter2" description:"The location of the crypter key set to crypt the 2nd key set."` } parser := flags.NewNamedParser("dkeyczart", flags.Default) parser.AddCommand("create", "Create a new key set.", "Create a new key set.", &createOpts) parser.AddCommand("addkey", "Add a new key to an existing key set.", "Add a new key to an existing key set.", &addKeyOpts) parser.AddCommand("promote", "Promote a given key version from the key set.", "Promote a given key version from the key set.", &promoteOpts) parser.AddCommand("demote", "Demote a given key version from the key set.", "Demote a given key version from the key set.", &demoteOpts) parser.AddCommand("revoke", "Revoke a given key version from the key set.", "Revoke a given key version from the key set.", &revokeOpts) parser.AddCommand("pubkey", "Extracts public keys to a new key set.", "Extracts public keys to a new key set.", &pubKeyOpts) parser.AddCommand("usekey", "Uses keyset to encrypt or sign a message.", "Uses keyset to encrypt or sign a message.", &useKeyOpts) args, err := parser.Parse() if err != nil { os.Exit(1) } command := os.Args[1] km := dkeyczar.NewKeyManager() switch command { case "create": keypurpose := dkeyczar.P_TEST switch createOpts.Purpose { case "crypt": keypurpose = dkeyczar.P_DECRYPT_AND_ENCRYPT case "sign": keypurpose = dkeyczar.P_SIGN_AND_VERIFY case "": fmt.Println("must provide a purpose with --purpose") return default: fmt.Println("unknown cryptographic purpose:", createOpts.Purpose) return } if createOpts.Asymmetric != "" && createOpts.Asymmetric != "dsa" && createOpts.Asymmetric != "rsa" { fmt.Println("unknown asymmetric key type:", createOpts.Asymmetric) return } keytype := dkeyczar.T_AES switch { case keypurpose == dkeyczar.P_DECRYPT_AND_ENCRYPT && createOpts.Asymmetric == "": keytype = dkeyczar.T_AES case keypurpose == dkeyczar.P_DECRYPT_AND_ENCRYPT && createOpts.Asymmetric == "rsa": keytype = dkeyczar.T_RSA_PRIV case keypurpose == dkeyczar.P_SIGN_AND_VERIFY && createOpts.Asymmetric == "": keytype = dkeyczar.T_HMAC_SHA1 case keypurpose == dkeyczar.P_SIGN_AND_VERIFY && createOpts.Asymmetric == "rsa": keytype = dkeyczar.T_RSA_PRIV case keypurpose == dkeyczar.P_SIGN_AND_VERIFY && createOpts.Asymmetric == "dsa": keytype = dkeyczar.T_DSA_PRIV default: fmt.Println("unknown or invalid purpose/asymmetric combination:", createOpts.Purpose, "/", createOpts.Asymmetric) return } km.Create(createOpts.Name, keypurpose, keytype) Save(createOpts.Location, km, nil) case "promote": if !loadLocationReader(km, promoteOpts.Location, nil) { return } if promoteOpts.Version == 0 { fmt.Println("must provide a version with --version") return } km.Promote(promoteOpts.Version) Update(promoteOpts.Location, km, nil) case "demote": if !loadLocationReader(km, demoteOpts.Location, nil) { return } if demoteOpts.Version == 0 { fmt.Println("must provide a version with --version") return } km.Demote(demoteOpts.Version) Update(demoteOpts.Location, km, nil) case "addkey": c := loadCrypter(addKeyOpts.Crypter) if !loadLocationReader(km, addKeyOpts.Location, c) { return } status := dkeyczar.S_ACTIVE switch addKeyOpts.Status { case "": // FIXME: really, want to do: status = (km.kz.primary == -1 ? S_PRIMARY : S_ACTIVE) status = dkeyczar.S_ACTIVE case "primary": status = dkeyczar.S_PRIMARY case "active": status = dkeyczar.S_ACTIVE case "inactive": status = dkeyczar.S_INACTIVE default: fmt.Println("unknown status:", addKeyOpts.Status) return } err := km.AddKey(uint(addKeyOpts.Size), status) if err != nil { fmt.Println("error adding key:", err) return } Update(addKeyOpts.Location, km, c) case "pubkey": if !loadLocationReader(km, pubKeyOpts.Location, nil) { return } kpub := km.PubKeys() Save(pubKeyOpts.Destination, kpub, nil) // doesn't make sense to encrypt a public key return case "usekey": c := loadCrypter(useKeyOpts.Crypter) r := loadReader(useKeyOpts.Location, c) if r == nil { return } var output string var output2 string if len(args) == 0 { fmt.Println("must provide input") return } input := []byte(args[0]) switch useKeyOpts.Format { case "crypt": encrypter, _ := dkeyczar.NewEncrypter(r) output, _ = encrypter.Encrypt(input) case "sign": signer, _ := dkeyczar.NewSigner(r) output, _ = signer.Sign(input) case "sign-timeout": if len(args) < 2 { fmt.Println("must provide date") } t, _ := time.Parse(time.RFC3339, args[1]) ticks := t.Unix() * 1000 signer, _ := dkeyczar.NewSigner(r) output, _ = signer.TimeoutSign(input, ticks) case "sign-unversioned": signer, _ := dkeyczar.NewSigner(r) output, _ = signer.UnversionedSign(input) case "sign-attached": nonce := "" if len(args) > 1 { nonce = args[1] } signer, _ := dkeyczar.NewSigner(r) output, _ = signer.AttachedSign(input, []byte(nonce)) case "crypt-session": e, err := dkeyczar.NewEncrypter(r) if err != nil { fmt.Println(err) } var se dkeyczar.Crypter se, output, err = dkeyczar.NewSessionEncrypter(e) if err != nil { fmt.Println(err) } output2, err = se.Encrypt(input) if err != nil { fmt.Println(err) } case "crypt-signedsession": c2 := loadCrypter(useKeyOpts.Crypter2) r2 := loadReader(useKeyOpts.Location2, c2) e, err := dkeyczar.NewEncrypter(r) if err != nil { fmt.Println(err) } s, err := dkeyczar.NewSigner(r2) if err != nil { fmt.Println(err) } var se dkeyczar.SignedEncrypter se, output, err = dkeyczar.NewSignedSessionEncrypter(e, s) if err != nil { fmt.Println(err) } output2, err = se.Encrypt(input) if err != nil { fmt.Println(err) } default: fmt.Println("must provide a format with --format") return } if useKeyOpts.Destination == "" { fmt.Println("must provide a destination with --destination") return } ioutil.WriteFile(useKeyOpts.Destination, []byte(output), 0600) if output2 != "" { if useKeyOpts.Destination2 == "" { fmt.Println("must provide a Destination2 with --destination2") return } ioutil.WriteFile(useKeyOpts.Destination2, []byte(output2), 0600) } return } }