14439a6479
Now logic for output looks like: password from stdin (stays as was) keys: private to stdout OR private to file (via -o flag) and public to stdout stderr for errors and password prompt
134 lines
3.1 KiB
Go
134 lines
3.1 KiB
Go
package main
|
|
|
|
import (
|
|
"errors"
|
|
"flag"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"os"
|
|
"time"
|
|
"unsafe"
|
|
|
|
"golang.org/x/term"
|
|
|
|
"crypto/sha256"
|
|
"golang.org/x/crypto/curve25519"
|
|
|
|
"filippo.io/age"
|
|
)
|
|
|
|
type X25519Identity struct {
|
|
secretKey, ourPublicKey []byte
|
|
}
|
|
|
|
const usage = `Usage:
|
|
age-gen-passphrase [-o OUTPUT] [--raw-input]
|
|
|
|
Options:
|
|
-o, --output OUTPUT Write the result to the file at path OUTPUT.
|
|
--raw-output Print stripped keys (without additional text or comments)
|
|
|
|
Everything is similar to age-keygen`
|
|
|
|
func main() {
|
|
log.SetFlags(0)
|
|
flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n", usage) }
|
|
|
|
var (
|
|
rawOutput bool
|
|
outputFile string
|
|
)
|
|
|
|
flag.BoolVar(&rawOutput, "raw-output", false, "Print stripped keys (without additional text or comments)")
|
|
flag.StringVar(&outputFile, "o", "", "Write the result to the file at path OUTPUT")
|
|
flag.StringVar(&outputFile, "output", "", "Write the result to the file at path OUTPUT")
|
|
flag.Parse()
|
|
|
|
passbytes, err := getPasswordBytes()
|
|
if err != nil {
|
|
errorf("Failed to get password, error: %s\n", err)
|
|
}
|
|
|
|
sum := sha256.Sum256(passbytes)
|
|
|
|
k, err := newX25519IdentityFromScalar(sum[:])
|
|
if err != nil {
|
|
errorf("internal error: %v", err)
|
|
}
|
|
|
|
// if user is not seeing private keyfile, which also contains public key,
|
|
// also duplicate public key it to stderr,
|
|
// but if user sees public key via stdout, no need for duplication
|
|
if outputFile != "" {
|
|
if !rawOutput {
|
|
fmt.Printf("Public key: %s\n", k.Recipient())
|
|
} else {
|
|
fmt.Printf("%s", k.Recipient())
|
|
}
|
|
}
|
|
|
|
output := os.Stdout
|
|
if outputFile != "" {
|
|
output, err = os.Create(outputFile)
|
|
if err != nil {
|
|
errorf("failed to create output file, error: %s", err)
|
|
}
|
|
}
|
|
|
|
err = writeSecretKey(output, k, !rawOutput)
|
|
if err != nil {
|
|
fmt.Printf("Failed to write secret key to file, error: %s\n", err)
|
|
}
|
|
}
|
|
|
|
func getPasswordBytes() ([]byte, error) {
|
|
if term.IsTerminal(int(os.Stdin.Fd())) {
|
|
fmt.Fprintf(os.Stderr, "Enter password: ")
|
|
passbytes, err := term.ReadPassword(int(os.Stdin.Fd()))
|
|
fmt.Println()
|
|
return passbytes, err
|
|
} else {
|
|
return io.ReadAll(os.Stdin)
|
|
}
|
|
}
|
|
|
|
func writeSecretKey(f *os.File, key *age.X25519Identity, verbose bool) error {
|
|
var err error
|
|
|
|
if verbose {
|
|
_, err = fmt.Fprintf(f, "# created: %s\n", time.Now().Format(time.RFC3339))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = fmt.Fprintf(f, "# public key: %s\n", key.Recipient())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = fmt.Fprintf(f, "%s\n", key)
|
|
} else {
|
|
_, err = fmt.Fprintf(f, "%s", key)
|
|
}
|
|
|
|
return err
|
|
}
|
|
|
|
// almost a copy of private function in age/x25519.go
|
|
func newX25519IdentityFromScalar(secretKey []byte) (*age.X25519Identity, error) {
|
|
if len(secretKey) != curve25519.ScalarSize {
|
|
return nil, errors.New("invalid X25519 secret key")
|
|
}
|
|
i := &X25519Identity{
|
|
secretKey: make([]byte, curve25519.ScalarSize),
|
|
}
|
|
copy(i.secretKey, secretKey)
|
|
i.ourPublicKey, _ = curve25519.X25519(i.secretKey, curve25519.Basepoint)
|
|
return (*age.X25519Identity)(unsafe.Pointer(i)), nil
|
|
}
|
|
|
|
func errorf(format string, v ...interface{}) {
|
|
log.Fatalf("age-gen-passphrase ERROR: "+format, v...)
|
|
}
|