3 changed files with 39 additions and 192 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,6 @@
 # Generate age keys from passphrase

+## Description
 This utility (age-passgen) generates secret and public keys (into stdout) from your entered passphrase or piped stdin
 Strong password highly recomended

@ -9,6 +10,5 @@ Exact amount of required characters can be calculated by formula: $\lceil 256 /


 ## TODO
- [X] piped/terminal output as raw/verbose
- [X] handle broken pipe signal since program will so much depend on pipes
- [ ] option to read hex number that will be used instead of hash of password (usefull if user already has sha 256 hash of smth or want to use something else as input instead)
+[X] piped/terminal output as raw/verbose
+[ ] handle broken pipe signal since program will so much depend on pipes
--- a/cmd/age-passgen/main.go
+++ b/cmd/age-passgen/main.go
@ -1,18 +1,14 @@
 package main

 import (
-	"encoding/hex"
 	"errors"
 	"flag"
 	"fmt"
 	"io"
 	"log"
 	"os"
-	"os/signal"
 	"slices"
 	"strconv"
-	"strings"
-	"syscall"
 	"time"
 	"unsafe"

@ -35,7 +31,6 @@ Options:
    -o, --output OUTPUT       Write the result to the file at path OUTPUT.
    --raw-output              Print stripped keys (without additional text or comments)
    --entropy-level VALUE     Manages required strenght of password (more info down below)
-    --input-type TYPE         Type of input from stdin. Can be 'password' (default), 'hash', 'raw'

 Mostly similar to age-keygen
 Required password strenght can be changes via --entropy-level flag. Possible values
@ -49,145 +44,7 @@ Each word or number is mapped following this list:
 - stupid         - no limit
 `

-type InputType int
-
-const (
-	InputPassword InputType = iota
-	InputHash
-	InputRaw
-)
-
-type Flags struct {
-	RawOutput    bool
-	OutputFile   string
-	EntropyLevel int
-	InputType    InputType
-}
-
 func main() {
-	setSystemSignalHandlers()
-	flags, err := parseFlags()
-	if err != nil {
-		errorf("error while parsing arguments: %s\n", err)
-	}
-
-	var secretKey [curve25519.ScalarSize]byte
-	if flags.InputType == InputPassword {
-		secretKey, err = getInputPassword(flags.EntropyLevel)
-		if err != nil {
-			errorf("Failed to get password, error: %s\n", err)
-		}
-	} else if flags.InputType == InputHash {
-		secretKey, err = getInputHash()
-		if err != nil {
-			errorf("Failed to read hash, error: %s\n", err)
-		}
-	} else if flags.InputType == InputRaw {
-		secretKey, err = getInputRaw()
-		if err != nil {
-			errorf("Failed to read raw data, error: %s\n", err)
-		}
-	} else {
-		errorf("No such input type implemented!!!")
-	}
-
-	k, err := newX25519IdentityFromScalar(secretKey[:])
-	if err != nil {
-		errorf("internal error: %v", err)
-	}
-
-	// if user is not seeing private keyfile, which also contains public key,
-	// also duplicate public key it to stderr,
-	// but if user sees public key via stdout, no need for duplication
-	if flags.OutputFile != "" {
-		if !flags.RawOutput {
-			fmt.Printf("Public key: %s\n", k.Recipient())
-		} else {
-			fmt.Printf("%s", k.Recipient())
-		}
-	}
-
-	output := os.Stdout
-	if flags.OutputFile != "" {
-		output, err = os.Create(flags.OutputFile)
-		if err != nil {
-			errorf("failed to create output file, error: %s", err)
-		}
-	}
-
-	err = writeSecretKey(output, k, !flags.RawOutput)
-	if err != nil {
-		fmt.Printf("Failed to write secret key to file, error: %s\n", err)
-	}
-}
-
-func getInputPassword(entropyLevel int) ([curve25519.ScalarSize]byte, error) {
-	passbytes, err := getPasswordBytes()
-	if err != nil {
-		return [curve25519.ScalarSize]byte{}, err
-	}
-	valid := isEntropyValid(passbytes, entropyLevel)
-	if !valid {
-		return [curve25519.ScalarSize]byte{}, errors.New("You should choose stroger password!!! (or change entropy level, read more with --help)\n")
-	}
-
-	return sha256.Sum256(passbytes), nil
-}
-
-func getInputHash() ([curve25519.ScalarSize]byte, error) {
-	hashStringBytes, err := getPasswordBytes()
-	if err != nil {
-		return [curve25519.ScalarSize]byte{}, err
-	}
-	hashString := strings.TrimSpace(string(hashStringBytes))
-	passbytes, err := hex.DecodeString(hashString)
-	if err != nil {
-		fmt.Printf("HEXSTR:%s|\n", hashString)
-		return [curve25519.ScalarSize]byte{}, errors.New(fmt.Sprintf("Unable to decode hash, error: %s\n", err))
-	}
-	if len(passbytes) != curve25519.ScalarSize {
-		return [curve25519.ScalarSize]byte{}, errors.New(fmt.Sprintf("Wrong input lenght of sha256 hash! (may be it is not a hash at all) Expected %d bytes, got: %d\n", curve25519.ScalarSize, len(passbytes)))
-	}
-
-	// making `possibly` stack allocated out of the one in heap
-	var key [curve25519.ScalarSize]byte
-	copy(key[:], passbytes)
-
-	return key, nil
-}
-
-func getInputRaw() ([curve25519.ScalarSize]byte, error) {
-	passbytes, err := getPasswordBytes()
-	if err != nil {
-		return [curve25519.ScalarSize]byte{}, err
-	}
-	if len(passbytes) != curve25519.ScalarSize {
-		return [curve25519.ScalarSize]byte{}, errors.New(fmt.Sprintf("Wrong amount of entered data! Expected %d bytes, got: %d\n", curve25519.ScalarSize, len(passbytes)))
-	}
-
-	// making `possibly` stack allocated out of the one in heap
-	var key [curve25519.ScalarSize]byte
-	copy(key[:], passbytes)
-
-	return key, nil
-}
-
-func setSystemSignalHandlers() {
-	go handleSigpipe()
-}
-
-func handleSigpipe() {
-	c := make(chan os.Signal, 1)
-	signal.Notify(c, os.Interrupt, syscall.SIGPIPE)
-
-	<-c
-
-	errorf("Recieved SIGPIPE. Check if your programs that give input or recieve input do not stops before this one")
-
-	os.Exit(1)
-}
-
-func parseFlags() (*Flags, error) {
 	log.SetFlags(0)
 	flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s", usage) }

@ -195,47 +52,58 @@ func parseFlags() (*Flags, error) {
 		rawOutput    bool
 		outputFile   string
 		entropyLevel string
-		inputType    string
 	)

 	flag.BoolVar(&rawOutput, "raw-output", false, "Print stripped keys (without additional text or comments)")
 	flag.StringVar(&outputFile, "o", "", "Write the result to the file at path OUTPUT")
 	flag.StringVar(&outputFile, "output", "", "Write the result to the file at path OUTPUT")
 	flag.StringVar(&entropyLevel, "entropy-level", "medium", "Manages required strenght of password. Read more in --help")
-	flag.StringVar(&inputType, "input-type", "password", "Type of input from stdin. Can be 'password' (default), 'hash', 'raw'")
 	flag.Parse()

 	eLevel, err := parseEntropyLevel(entropyLevel)
 	if err != nil {
-		return nil, err
+		errorf("error while parsing --entropy-level argument: %s\n", err)
 	}

-	iType, err := parseInputType(inputType)
+	passbytes, err := getPasswordBytes()
 	if err != nil {
-		return nil, err
+		errorf("Failed to get password, error: %s\n", err)
+	}
+	valid := isEntropyValid(passbytes, eLevel)
+	if !valid {
+		errorf("You should choose stroger password!!! (or change entropy level, read more with --help)\n")
 	}

-	return &Flags{
-		RawOutput:    rawOutput,
-		OutputFile:   outputFile,
-		EntropyLevel: eLevel,
-		InputType:    iType,
-	}, nil
-}
+	sum := sha256.Sum256(passbytes)

-func parseInputType(inputType string) (InputType, error) {
-	m := map[string]InputType{
-		"password": InputPassword,
-		"hash":     InputHash,
-		"raw":      InputRaw,
+	k, err := newX25519IdentityFromScalar(sum[:])
+	if err != nil {
+		errorf("internal error: %v", err)
 	}

-	iType, ok := m[inputType]
-	if !ok {
-		return InputPassword, errors.New("wrong input type")
+	// if user is not seeing private keyfile, which also contains public key,
+	// also duplicate public key it to stderr,
+	// but if user sees public key via stdout, no need for duplication
+	if outputFile != "" {
+		if !rawOutput {
+			fmt.Printf("Public key: %s\n", k.Recipient())
+		} else {
+			fmt.Printf("%s", k.Recipient())
+		}
 	}

-	return iType, nil
+	output := os.Stdout
+	if outputFile != "" {
+		output, err = os.Create(outputFile)
+		if err != nil {
+			errorf("failed to create output file, error: %s", err)
+		}
+	}
+
+	err = writeSecretKey(output, k, !rawOutput)
+	if err != nil {
+		fmt.Printf("Failed to write secret key to file, error: %s\n", err)
+	}
 }

 func parseEntropyLevel(entropyLevel string) (int, error) {
@ -266,17 +134,10 @@ func isEntropyValid(passbytes []byte, entropyLevel int) bool {

 func getPasswordBytes() ([]byte, error) {
 	if term.IsTerminal(int(os.Stdin.Fd())) {
-		oldState, err := term.MakeRaw(0)
-		defer term.Restore(0, oldState)
-
-		screen := struct {
-			io.Reader
-			io.Writer
-		}{os.Stdin, os.Stdout}
-		t := term.NewTerminal(screen, "")
-		pass, err := t.ReadPassword("Enter pass: ")
-
-		return []byte(pass), err
+		fmt.Fprintf(os.Stderr, "Enter password: ")
+		passbytes, err := term.ReadPassword(int(os.Stdin.Fd()))
+		fmt.Println()
+		return passbytes, err
 	} else {
 		return io.ReadAll(os.Stdin)
 	}
--- a/flake.nix
+++ b/flake.nix
@ -8,20 +8,6 @@
                let pkgs = nixpkgs.legacyPackages.${system}; in
                {
                    devShells.default = import ./shell.nix { inherit pkgs; };
-
-                    packages.default = pkgs.buildGoModule {
-                        pname = "age-passgen";
-                        version = "unversioned";
-
-                        src = ./.;
-
-                        vendorHash = "sha256-Y6R8c9PzRq0tJ0b06f0LuFfrdFvxQ7h/86a6gg6UOro=";
-                    };
-
-                    apps.default = {
-                        type = "app";
-                        program = "${self.packages.${system}.default}/bin/age-passgen";
-                    };
                }
            );
 }