func decryptSignedFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
if len(message) > 10 {
if bytes.Equal(message[:10], []byte("-----BEGIN")) {
p, _ := pem.Decode(message)
if p == nil {
return errors.New("failed to decode PEM file")
}
switch p.Type {
case public.EncryptedType:
message = p.Bytes
default:
return errors.New("invalid message")
}
}
}
out, ok := ks.DecryptAndVerify(cfg.Label, message)
if !ok {
return errors.New("decrypt failed")
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
return err
}
return nil
}
func initStore(path string, m secret.ScryptMode) error {
passphrase, err := util.PassPrompt("Secrets passphrase> ")
if err != nil {
util.Errorf("Failed to read passphrase: %v", err)
return err
}
if len(passphrase) == 0 {
return fmt.Errorf("No passphrase provided.")
}
defer util.Zero(passphrase)
passwords := store.NewSecretStore(passphrase)
if passwords == nil {
return fmt.Errorf("failed to create store")
}
fmt.Println("creating store...")
fileData, ok := store.MarshalSecretStore(passwords, m)
if !ok {
return fmt.Errorf("failed to marshal store")
}
err = util.WriteFile(fileData, path)
if err != nil {
return err
}
passwords, ok = store.UnmarshalSecretStore(fileData, passphrase, m)
if !ok {
err = fmt.Errorf("failed to unmarshal store")
}
return err
}
func cryptSignFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
util.Errorf("%v", err)
return err
}
out, ok := ks.EncryptAndSignTo(cfg.Label, message)
if !ok {
util.Errorf("Failed to encrypt message.")
return errors.New("signcryption failed")
}
if cfg.Armour {
block := pem.Block{
Type: public.SignedAndEncryptedType,
Bytes: out,
}
out = pem.EncodeToMemory(&block)
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
util.Errorf("%v", err)
return nil
}
return nil
}
func encryptFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
out, ok := ks.EncryptTo(cfg.Label, message)
if !ok {
return errors.New("encryption failed")
}
if cfg.Armour {
block := pem.Block{
Type: public.EncryptedType,
Bytes: out,
}
out = pem.EncodeToMemory(&block)
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
return err
}
return nil
}
func exportVerified(ks *store.KeyStore, cfg *config) error {
out, ok := ks.ExportVerified(cfg.Label)
if !ok {
return errors.New("failed to export verified public key")
}
return util.WriteFile(out, cfg.Args[0])
}
func writeStore(ps *store.SecretStore, path string, m secret.ScryptMode) bool {
fileData, ok := store.MarshalSecretStore(ps, m)
if !ok {
return false
}
err := util.WriteFile(fileData, path)
if err != nil {
util.Errorf("Write failed: %v", err)
return false
}
return true
}
func exportStore(storePath, outPath string) error {
fileData, err := util.ReadFile(storePath)
if err != nil {
return err
}
var block = pem.Block{
Type: pemType,
Bytes: fileData,
}
out := pem.EncodeToMemory(&block)
return util.WriteFile(out, outPath)
}
func decryptFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
var needVerify bool
if len(message) > 10 {
if bytes.Equal(message[:10], []byte("-----BEGIN")) {
p, _ := pem.Decode(message)
if p == nil {
return errors.New("failed to decode PEM file")
}
switch p.Type {
case public.EncryptedType:
message = p.Bytes
case public.SignedAndEncryptedType:
needVerify = true
message = p.Bytes
default:
return errors.New("invalid message")
}
}
}
var out []byte
var ok bool
if !needVerify {
out, ok = ks.Decrypt(message)
if !ok {
return errors.New("decrypt failed")
}
} else {
out, ok = ks.DecryptAndVerify(cfg.Label, message)
if !ok {
return errors.New("decrypt and verify failed")
}
fmt.Println("Valid signature.")
}
err = util.WriteFile(out, cfg.Args[1])
if err != nil {
return err
}
return nil
}
func importStore(storePath, inPath string) error {
fileData, err := util.ReadFile(inPath)
if err != nil {
return err
}
p, _ := pem.Decode(fileData)
if p == nil {
return errors.New("invalid PEM data")
} else if p.Type != pemType {
return errors.New("invalid PEM type")
}
return util.WriteFile(p.Bytes, storePath)
}
func signFile(ks *store.KeyStore, cfg *config) error {
message, err := util.ReadFile(cfg.Args[0])
if err != nil {
return err
}
sig, ok := ks.Sign(message)
if !ok {
return errors.New("signing failed")
}
if cfg.Armour {
block := pem.Block{
Type: public.SignatureType,
Bytes: sig,
}
sig = pem.EncodeToMemory(&block)
}
return util.WriteFile(sig, cfg.Args[1])
}
func writeStore() bool {
if !session.Dirty {
return true
}
fmt.Printf("[+] storing secret store...\n")
fileData, ok := store.MarshalSecretStore(session.Store, session.Scrypt)
if !ok {
return false
}
err := util.WriteFile(fileData, session.Path)
if err != nil {
fmt.Fprintf(os.Stderr, "[!] failed to write store to %s:\n",
err)
fmt.Fprintf(os.Stderr, "\t%v\n", err)
return false
}
session.Dirty = false
return true
}
func exportSelf(ks *store.KeyStore, cfg *config) error {
if ks.ExportKey == nil {
return errors.New("No export key present.")
}
return util.WriteFile(ks.ExportKey, cfg.Args[0])
}