Created
May 17, 2019 20:01
-
-
Save lfaoro/e783a098c502398a68cd33a4a9ad450a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Copyright (c) 2019 Leonardo Faoro. All rights reserved. | |
// Use of this source code is governed by a BSD-style | |
// license that can be found in the LICENSE file. | |
package main | |
import ( | |
"bytes" | |
"fmt" | |
"io/ioutil" | |
"os" | |
"path/filepath" | |
"github.com/urfave/cli" | |
"golang.org/x/crypto/scrypt" | |
"golang.org/x/crypto/ssh/terminal" | |
"github.com/lfaoro/pkg/encrypto" | |
"github.com/lfaoro/pkg/encrypto/aesgcm" | |
) | |
var lockCmd = cli.Command{ | |
Name: "lock", | |
Aliases: []string{"lo, loc"}, | |
Usage: "locks the encryption key with a user provided password.", | |
Action: func(c *cli.Context) error { | |
fmt.Print("Encryption-key: ") | |
pwd, err := terminal.ReadPassword(int(os.Stdin.Fd())) | |
if err != nil { | |
return err | |
} | |
fmt.Print("\n") | |
salt, _ := encrypto.RandomBytes(16) | |
skey, err := scrypt.Key([]byte(pwd), salt, 32768, 8, 1, 32) | |
engine, err := aesgcm.New(string(skey)) | |
if err != nil { | |
return err | |
} | |
return lockKey(engine) | |
}, | |
} | |
func lockKey(engine encrypto.Cryptor) error { | |
home, err := os.UserHomeDir() | |
if err != nil { | |
return err | |
} | |
keyFile := filepath.Join(home, configPath, "key") | |
key, err := ioutil.ReadFile(keyFile) | |
if err != nil { | |
return err | |
} | |
// Check if file is already locked. | |
if bytes.Contains(key, []byte(Header)) { | |
info, _ := os.Stat(keyFile) | |
fmt.Printf("Locked on %v\n", info.ModTime().Format("Mon Jan 2 15:04:05")) | |
return nil | |
} | |
cipherText, err := engine.Encrypt(key) | |
if err != nil { | |
return err | |
} | |
cipherText = addHeader(cipherText) | |
err = ioutil.WriteFile(keyFile, cipherText, 0600) | |
if err != nil { | |
return err | |
} | |
fmt.Printf("Locked %s\n", keyFile) | |
return nil | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment