commit 256f0110c440b956ac19af2b57b70e8cf3a6ad5b
parent 15a02dcdfc1dd1cf5b6b0eb22d7c278bdca097b9
Author: Sean Enck <sean@ttypty.com>
Date: Sun, 21 Aug 2022 10:00:11 -0400
moved rekey
Diffstat:
5 files changed, 78 insertions(+), 58 deletions(-)
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
VERSION := development
DESTDIR :=
BUILD := bin/
-TARGETS := $(BUILD)lb $(BUILD)lb-rekey $(BUILD)lb-totp
+TARGETS := $(BUILD)lb $(BUILD)lb-totp
LIBEXEC := $(DESTDIR)libexec/lockbox/
MAIN := $(DESTDIR)bin/lb
TESTDIR := $(sort $(dir $(wildcard internal/**/*_test.go)))
diff --git a/cmd/lb-rekey/main.go b/cmd/lb-rekey/main.go
@@ -1,46 +0,0 @@
-// rekey an entire lockbox.
-package main
-
-import (
- "flag"
- "fmt"
- "strings"
-
- "github.com/enckse/lockbox/internal/encrypt"
- "github.com/enckse/lockbox/internal/misc"
- "github.com/enckse/lockbox/internal/store"
-)
-
-func main() {
- inKey := flag.String("inkey", "", "input encryption key to read current values")
- outKey := flag.String("outkey", "", "output encryption key to update values with")
- inMode := flag.String("inmode", "", "input encryption key mode")
- outMode := flag.String("outmode", "", "output encryption key mode")
- flag.Parse()
- found, err := store.NewFileSystemStore().List(store.ViewOptions{})
- if err != nil {
- misc.Die("failed finding entries", err)
- }
- inOpts := encrypt.LockboxOptions{Key: *inKey, KeyMode: *inMode}
- outOpts := encrypt.LockboxOptions{Key: *outKey, KeyMode: *outMode}
- for _, file := range found {
- fmt.Printf("rekeying: %s\n", file)
- inOpts.File = file
- in, err := encrypt.NewLockbox(inOpts)
- if err != nil {
- misc.Die("unable to make input lockbox", err)
- }
- decrypt, err := in.Decrypt()
- if err != nil {
- misc.Die("failed to process file decryption", err)
- }
- outOpts.File = file
- out, err := encrypt.NewLockbox(outOpts)
- if err != nil {
- misc.Die("unable to make output lockbox", err)
- }
- if err := out.Encrypt([]byte(strings.TrimSpace(string(decrypt)))); err != nil {
- misc.Die("failed to encrypt file", err)
- }
- }
-}
diff --git a/cmd/lb/main.go b/cmd/lb/main.go
@@ -23,6 +23,10 @@ var (
libExec = ""
)
+type (
+ callbackFunction func([]string) error
+)
+
func getEntry(fs store.FileSystem, args []string, idx int) string {
if len(args) != idx+1 {
misc.Die("invalid entry given", errors.New("specific entry required"))
@@ -30,6 +34,18 @@ func getEntry(fs store.FileSystem, args []string, idx int) string {
return fs.NewPath(args[idx])
}
+func internalCallback(name string) callbackFunction {
+ switch name {
+ case "gitdiff":
+ return subcommands.GitDiff
+ case "rekey":
+ return subcommands.Rekey
+ case "rw":
+ return subcommands.ReadWrite
+ }
+ return nil
+}
+
func main() {
args := os.Args
if len(args) < 2 {
@@ -163,17 +179,17 @@ func main() {
if err := subcommands.ClearClipboardCallback(); err != nil {
misc.Die("failed to handle clipboard clear", err)
}
- case "gitdiff":
- if err := subcommands.GitDiff(args[2:]); err != nil {
- misc.Die("git-diff failed", err)
- }
- case "rw":
- if err := subcommands.ReadWrite(args[2:]); err != nil {
- misc.Die("read/write failed", err)
- }
default:
+ a := args[2:]
+ callback := internalCallback(command)
+ if callback != nil {
+ if err := callback(a); err != nil {
+ misc.Die(fmt.Sprintf("%s command failure", command), err)
+ }
+ return
+ }
lib := inputs.EnvOrDefault(inputs.LibExecEnv, libExec)
- if err := subcommands.LibExecCallback(subcommands.LibExecOptions{Directory: lib, Command: command, Args: args[2:]}); err != nil {
+ if err := subcommands.LibExecCallback(subcommands.LibExecOptions{Directory: lib, Command: command, Args: a}); err != nil {
misc.Die("subcommand failed", err)
}
}
diff --git a/internal/subcommands/rekey.go b/internal/subcommands/rekey.go
@@ -0,0 +1,50 @@
+// Package subcommands handles rekeying.
+package subcommands
+
+import (
+ "flag"
+ "fmt"
+ "strings"
+
+ "github.com/enckse/lockbox/internal/encrypt"
+ "github.com/enckse/lockbox/internal/store"
+)
+
+// Rekey handles rekeying a lockbox entirely.
+func Rekey(args []string) error {
+ flags := flag.NewFlagSet("rekey", flag.ExitOnError)
+ inKey := flags.String("inkey", "", "input encryption key to read current values")
+ outKey := flags.String("outkey", "", "output encryption key to update values with")
+ inMode := flags.String("inmode", "", "input encryption key mode")
+ outMode := flags.String("outmode", "", "output encryption key mode")
+ if err := flags.Parse(args); err != nil {
+ return err
+ }
+ found, err := store.NewFileSystemStore().List(store.ViewOptions{})
+ if err != nil {
+ return err
+ }
+ inOpts := encrypt.LockboxOptions{Key: *inKey, KeyMode: *inMode}
+ outOpts := encrypt.LockboxOptions{Key: *outKey, KeyMode: *outMode}
+ for _, file := range found {
+ fmt.Printf("rekeying: %s\n", file)
+ inOpts.File = file
+ in, err := encrypt.NewLockbox(inOpts)
+ if err != nil {
+ return err
+ }
+ decrypt, err := in.Decrypt()
+ if err != nil {
+ return err
+ }
+ outOpts.File = file
+ out, err := encrypt.NewLockbox(outOpts)
+ if err != nil {
+ return err
+ }
+ if err := out.Encrypt([]byte(strings.TrimSpace(string(decrypt)))); err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/tests/run.sh b/tests/run.sh
@@ -34,7 +34,7 @@ _run() {
"$BIN/lb" dump -yes '***'
echo -e "test3\ntest4" | "$BIN/lb" insert keys2/three
"$BIN/lb" ls
- "$BIN/lb-rekey"
+ "$BIN/lb" "rekey"
yes 2>/dev/null | "$BIN/lb" rm keys/one
echo
"$BIN/lb" list
@@ -51,7 +51,7 @@ _run() {
yes 2>/dev/null | "$BIN/lb" rm test/totp
echo
LOCKBOX_KEY="invalid" "$BIN/lb" show keys/one2
- "$BIN/lb-rekey" -outkey "test" -outmode "plaintext"
+ "$BIN/lb" "rekey" -outkey "test" -outmode "plaintext"
"$BIN/lb" rw -file bin/lb/keys/one2.lb -key "test" -keymode "plaintext" -mode "decrypt"
}
