Tool to migrate a git-crypt revamp branch key
// Migrate an old-style git-crypt revamp branch key to a new-style git-crypt revamp branch key. | |
// Reads old key from stdin and writes new key to stdout. | |
// Compile with: c++ -o migrate-revamp-key migrate-revamp-key.cpp | |
#include <iostream> | |
#include <cstdlib> | |
#include <cstring> | |
static void grab (char* p, std::streamsize len) | |
{ | |
std::cin.read(p, len); | |
if (std::cin.gcount() != len) { | |
std::clog << "Input ended prematurely." << std::endl; | |
std::exit(1); | |
} | |
} | |
int main () | |
{ | |
// header | |
// old: "\x00GITCRYPTKEY\x00\x00\x00\x01" | |
char old_preamble[16]; | |
grab(old_preamble, 16); | |
if (std::memcmp(old_preamble, "\x00GITCRYPTKEY\x00\x00\x00\x01", 16) != 0) { | |
std::clog << "Input is not a git-crypt key." << std::endl; | |
return 1; | |
} | |
// new: "\x00GITCRYPTKEY\x00\x00\x00\x02\x00\x00\x00\x00" | |
std::cout.write("\x00GITCRYPTKEY\x00\x00\x00\x02\x00\x00\x00\x00", 20); | |
// for each key | |
while (std::cin.peek() != -1) { | |
// old: [4 byte VERSION] || [32 byte AES KEY] || [64 byte HMAC KEY] | |
char version[4]; | |
char aes_key[32]; | |
char hmac_key[64]; | |
grab(version, 4); | |
grab(aes_key, 32); | |
grab(hmac_key, 64); | |
// new: "\x00\x00\x00\x01\x00\x00\x00\x04" || [4 byte VERSION] || "\x00\x00\x00\x03\x00\x00\x00\x20" || [32 byte AES KEY] || "\x00\x00\x00\x05\x00\x00\x00\x40" || [64 byte AES KEY] || "\x00\x00\x00\x00" | |
std::cout.write("\x00\x00\x00\x01\x00\x00\x00\x04", 8); | |
std::cout.write(version, 4); | |
std::cout.write("\x00\x00\x00\x03\x00\x00\x00\x20", 8); | |
std::cout.write(aes_key, 32); | |
std::cout.write("\x00\x00\x00\x05\x00\x00\x00\x40", 8); | |
std::cout.write(hmac_key, 64); | |
std::cout.write("\x00\x00\x00\x00", 4); | |
} | |
if (!std::cout) { | |
std::clog << "Unable to fully write to stdout." << std::endl; | |
return 1; | |
} | |
return 0; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment