@@ -27,21 +27,47 @@ package main
27 27 28 28
import (
29 29
"errors"
30 -
"filippo.io/age"
31 30
"fmt"
32 31
"io"
33 32
"os"
34 33
"path/filepath"
35 34
"strings"
35 + 36 +
"filippo.io/age"
36 37
)
37 38 38 -
func ageEncrypt(src io.Reader, dst io.Writer, password string) error {
39 +
func ageEncrypt(src io.Reader, dst io.Writer, params encryptParams) error {
40 +
if params.PublicKey != "" {
41 +
return ageEncryptPublicKey(src, dst, params.PublicKey)
42 +
}
43 + 44 +
if params.Passphrase != "" {
45 +
return ageEncryptPassphrase(src, dst, params.Passphrase)
46 +
}
47 + 48 +
return fmt.Errorf("Unexpected condition: no public key or passphrase")
49 +
}
50 + 51 +
func ageEncryptPassphrase(src io.Reader, dst io.Writer, passphrase string) error {
39 52
// Age encrypt to a recipient, Scrypt allow to create a key from a passphrase
40 -
recipient, err := age.NewScryptRecipient(password)
53 +
recipient, err := age.NewScryptRecipient(passphrase)
54 +
if err != nil {
55 +
return fmt.Errorf("failed to create recipient from passphrase: %w", err)
56 +
}
57 + 58 +
return ageEncryptInternal(src, dst, recipient)
59 +
}
60 + 61 +
func ageEncryptPublicKey(src io.Reader, dst io.Writer, publicKey string) error {
62 +
recipient, err := age.ParseX25519Recipient(publicKey)
41 63
if err != nil {
42 -
return fmt.Errorf("failed to create recipient from password: %w", err)
64 +
return fmt.Errorf("failed to create recipient from public key: %w", err)
43 65
}
44 66 67 +
return ageEncryptInternal(src, dst, recipient)
68 +
}
69 + 70 +
func ageEncryptInternal(src io.Reader, dst io.Writer, recipient age.Recipient) error {
45 71
w, err := age.Encrypt(dst, recipient)
46 72
if err != nil {
47 73
return fmt.Errorf("failed to create encrypted file: %w", err)
@@ -57,18 +83,42 @@ func ageEncrypt(src io.Reader, dst io.Writer, password string) error {
57 83
return nil
58 84
}
59 85 60 -
func ageDecrypt(src io.Reader, dst io.Writer, password string) error {
86 +
func ageDecrypt(src io.Reader, dst io.Writer, params decryptParams) error {
87 +
if params.PrivateKey != "" {
88 +
return ageDecryptPrivateKey(src, dst, params.PrivateKey)
89 +
}
90 + 91 +
if params.Passphrase != "" {
92 +
return ageDecryptPassphrase(src, dst, params.Passphrase)
93 +
}
94 + 95 +
return fmt.Errorf("No private key or passphrase specified")
96 +
}
97 + 98 +
func ageDecryptPrivateKey(src io.Reader, dst io.Writer, privateKey string) error {
99 +
identity, err := age.ParseX25519Identity(privateKey)
100 +
if err != nil {
101 +
return fmt.Errorf("failed to parse AGE private key: %w", err)
102 +
}
61 103 62 -
identity, err := age.NewScryptIdentity(password)
104 +
return ageDecryptInternal(src, dst, identity)
105 +
}
106 + 107 +
func ageDecryptPassphrase(src io.Reader, dst io.Writer, passphrase string) error {
108 +
identity, err := age.NewScryptIdentity(passphrase)
63 109
if err != nil {
64 -
return fmt.Errorf("failed to create identity from password: %w", err)
110 +
return fmt.Errorf("failed to create identity from passphrase: %w", err)
65 111
}
66 112 113 +
return ageDecryptInternal(src, dst, identity)
114 +
}
115 + 116 +
func ageDecryptInternal(src io.Reader, dst io.Writer, identity age.Identity) error {
67 117
r, err := age.Decrypt(src, identity)
68 118
if err != nil {
69 119
var badpass *age.NoIdentityMatchError
70 120
if errors.As(err, &badpass) {
71 -
return fmt.Errorf("invalid passphrase")
121 +
return fmt.Errorf("invalid key or passphrase")
72 122
}
73 123
return fmt.Errorf("failed to initiate decryption: %w", err)
74 124
}
@@ -80,7 +130,7 @@ func ageDecrypt(src io.Reader, dst io.Writer, password string) error {
80 130
return nil
81 131
}
82 132 83 -
func encryptFile(path string, password string, keep bool) ([]string, error) {
133 +
func encryptFile(path string, params encryptParams, keep bool) ([]string, error) {
84 134
encrypted := make([]string, 0)
85 135 86 136
i, err := os.Stat(path)
@@ -112,7 +162,7 @@ func encryptFile(path string, password string, keep bool) ([]string, error) {
112 162
}
113 163
defer dst.Close()
114 164 115 -
if err := ageEncrypt(src, dst, password); err != nil {
165 +
if err := ageEncrypt(src, dst, params); err != nil {
116 166
dst.Close()
117 167
os.Remove(dstFile)
118 168
return fmt.Errorf("could not encrypt %s: %s", path, err)
@@ -153,7 +203,7 @@ func encryptFile(path string, password string, keep bool) ([]string, error) {
153 203 154 204
defer dst.Close()
155 205 156 -
if err := ageEncrypt(src, dst, password); err != nil {
206 +
if err := ageEncrypt(src, dst, params); err != nil {
157 207
dst.Close()
158 208
os.Remove(dstFile)
159 209
return encrypted, fmt.Errorf("could not encrypt %s: %s", path, err)
@@ -173,7 +223,7 @@ func encryptFile(path string, password string, keep bool) ([]string, error) {
173 223
return encrypted, nil
174 224
}
175 225 176 -
func decryptFile(path string, password string) error {
226 +
func decryptFile(path string, params decryptParams) error {
177 227
l.Infoln("decrypting", path)
178 228 179 229
src, err := os.Open(path)
@@ -191,7 +241,7 @@ func decryptFile(path string, password string) error {
191 241 192 242
defer dst.Close()
193 243 194 -
if err := ageDecrypt(src, dst, password); err != nil {
244 +
if err := ageDecrypt(src, dst, params); err != nil {
195 245
dst.Close()
196 246
os.Remove(dstFile)
197 247
return fmt.Errorf("could not decrypt %s: %s", path, err)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4