nnewc/etcd.go

## etcd.go
package main

import (
        "crypto/aes"
        "crypto/cipher"
        "fmt"
        "os"
)

const transformerPrefix = "k8s:enc:aescbc:v1:k-wcldg:"

func main() {
        args := os.Args
        if len(args) < 3 {
                panic("Supply at least the args for key and filename")
        }
        key := os.Args[1]
        fileName := os.Args[2]
        aesCipher, err := aes.NewCipher([]byte(key))
        if err != nil {
                panic(fmt.Errorf("invalid key %s", err.Error()))
        }
        blockCipher := cbc{
                block: aesCipher,
        }
        content, err := os.ReadFile(fileName)
        if err != nil {
                panic(fmt.Errorf("unable to read file %s", err.Error()))
        }
        trimmed := content[len(transformerPrefix):]
        trimmed = trimmed[:len(trimmed)-1]
        decodedContent, _, err := blockCipher.TransformFromStorage(trimmed)
        if err != nil {
                panic(fmt.Errorf("unable to unencrypt content %s", err.Error()))
        }
        err = os.WriteFile("decrypted_"+fileName, decodedContent, 0600)
        if err != nil {
                panic(fmt.Errorf("unable to output decoded content %s", err.Error()))
        }
        fmt.Printf("Output is available at %s \n", "decrypted_"+ fileName)
}

type cbc struct {
        block cipher.Block
}

func (t *cbc) TransformFromStorage(data []byte) ([]byte, bool, error) {
        blockSize := 16
        if len(data) < blockSize {
                return nil, false, fmt.Errorf("the stored data was shorter than the required size")
        }
        iv := data[:blockSize]
        data = data[blockSize:]

        if len(data)%blockSize != 0 {
                fmt.Printf("%d \n", len(data))
                return nil, false, fmt.Errorf("invalid block size")
        }

        result := make([]byte, len(data))
        copy(result, data)
        mode := cipher.NewCBCDecrypter(t.block, iv)
        mode.CryptBlocks(result, result)

        // remove and verify PKCS#7 padding for CBC
        c := result[len(result)-1]
        paddingSize := int(c)
        size := len(result) - paddingSize
        if paddingSize == 0 || paddingSize > len(result) {
                return nil, false, fmt.Errorf("invalid PKCS7 data (empty or not padded)")
        }
        for i := 0; i < paddingSize; i++ {
                if result[size+i] != c {
                        return nil, false, fmt.Errorf("invalid PKCS7 data (empty or not padded)")
                }
        }

        return result[:size], false, nil
}
	package main

	import (
	"crypto/aes"
	"crypto/cipher"
	"fmt"
	"os"
	)

	const transformerPrefix = "k8s:enc:aescbc:v1:k-wcldg:"

	func main() {
	args := os.Args
	if len(args) < 3 {
	panic("Supply at least the args for key and filename")
	}
	key := os.Args[1]
	fileName := os.Args[2]
	aesCipher, err := aes.NewCipher([]byte(key))
	if err != nil {
	panic(fmt.Errorf("invalid key %s", err.Error()))
	}
	blockCipher := cbc{
	block: aesCipher,
	}
	content, err := os.ReadFile(fileName)
	if err != nil {
	panic(fmt.Errorf("unable to read file %s", err.Error()))
	}
	trimmed := content[len(transformerPrefix):]
	trimmed = trimmed[:len(trimmed)-1]
	decodedContent, _, err := blockCipher.TransformFromStorage(trimmed)
	if err != nil {
	panic(fmt.Errorf("unable to unencrypt content %s", err.Error()))
	}
	err = os.WriteFile("decrypted_"+fileName, decodedContent, 0600)
	if err != nil {
	panic(fmt.Errorf("unable to output decoded content %s", err.Error()))
	}
	fmt.Printf("Output is available at %s \n", "decrypted_"+ fileName)
	}

	type cbc struct {
	block cipher.Block
	}

	func (t *cbc) TransformFromStorage(data []byte) ([]byte, bool, error) {
	blockSize := 16
	if len(data) < blockSize {
	return nil, false, fmt.Errorf("the stored data was shorter than the required size")
	}
	iv := data[:blockSize]
	data = data[blockSize:]

	if len(data)%blockSize != 0 {
	fmt.Printf("%d \n", len(data))
	return nil, false, fmt.Errorf("invalid block size")
	}

	result := make([]byte, len(data))
	copy(result, data)
	mode := cipher.NewCBCDecrypter(t.block, iv)
	mode.CryptBlocks(result, result)

	// remove and verify PKCS#7 padding for CBC
	c := result[len(result)-1]
	paddingSize := int(c)
	size := len(result) - paddingSize
	if paddingSize == 0 \|\| paddingSize > len(result) {
	return nil, false, fmt.Errorf("invalid PKCS7 data (empty or not padded)")
	}
	for i := 0; i < paddingSize; i++ {
	if result[size+i] != c {
	return nil, false, fmt.Errorf("invalid PKCS7 data (empty or not padded)")
	}
	}

	return result[:size], false, nil
	}