Commit b5271f0c authored by ale's avatar ale

Make userenckey output LDIF-encoded data

parent dd491722
package main
// Encrypt/decrypt user storage encryption keys.
//
// Keys are always in the composite format used in our LDAP backend
// (<id>:<key>), base64-encoded for convenience (and for compatibility
// with LDIF binary field encoding).
import (
"bytes"
"encoding/base64"
"flag"
"fmt"
......@@ -13,6 +20,7 @@ var (
doGenKeys = flag.Bool("gen-keys", false, "generate user encryption keys with the specified curve")
doDecrypt = flag.Bool("decrypt", false, "decrypt the private key given on the command line")
password = flag.String("password", "", "password")
keyID = flag.String("id", "", "key ID")
)
func genKeys() ([]byte, []byte, error) {
......@@ -29,25 +37,37 @@ func genKeys() ([]byte, []byte, error) {
return enc, pub, err
}
func encodeWithID(key []byte) []byte {
return bytes.Join([][]byte{[]byte(*keyID), key}, []byte(":"))
}
func decodeWithoutID(enc []byte) []byte {
if n := bytes.IndexByte(enc, ':'); n > 0 {
enc = enc[n+1:]
}
return enc
}
func printLDAPField(key string, value []byte) {
fmt.Printf("%s:: %s\n", key, base64.StdEncoding.EncodeToString(value))
}
func main() {
log.SetFlags(0)
flag.Parse()
switch {
case *doGenKeys:
if *password == "" {
log.Fatal("must specify --password")
if *password == "" || *keyID == "" {
log.Fatal("must specify --password and --id")
}
priv, pub, err := genKeys()
if err != nil {
log.Fatal(err)
}
fmt.Printf(
"public key:\n%s\nprivate key (encrypted,base64): %s\n",
pub,
base64.StdEncoding.EncodeToString(priv),
)
printLDAPField("storagePublicKey", pub)
printLDAPField("storageEncryptedSecretKey", encodeWithID(priv))
case *doDecrypt:
if *password == "" {
......@@ -63,7 +83,7 @@ func main() {
if err != nil {
log.Fatalf("bad base64-encoded argument: %v", err)
}
encKeys = append(encKeys, encKey)
encKeys = append(encKeys, decodeWithoutID(encKey))
}
dec, err := userenckey.Decrypt(encKeys, []byte(*password))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment