Update to support openssh private key

karlgrund · Feb 3, 2020 · d8d9ffb · d8d9ffb
1 parent 6b269da
commit d8d9ffb
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 20 deletions.
diff --git a/cmd/decrypt/decrypt.go b/cmd/decrypt/decrypt.go
@@ -7,13 +7,13 @@ import (
 
 	"github.com/pypl-johan/secure/dec"
 	"github.com/spf13/cobra"
-	"golang.org/x/crypto/ssh/terminal"
 )
 
 type decryption struct {
 	fileToDecrypt string
 	privateKey    string
 	secretKey     string
+	askPass       bool
 }
 
 // Decrypt allows decryption of symmetric key using private key
@@ -52,6 +52,12 @@ func Decrypt() *cobra.Command {
 			"secret.key.enc",
 			"secret key to decrypt",
 		)
+	cmd.Flags().BoolVar(
+		&decrypt.askPass,
+		"askPass",
+		false,
+		"ask for password for private key",
+	)
 
 	return cmd
 }
@@ -62,22 +68,13 @@ func (e *decryption) run() {
 	secretKey, _ := ioutil.ReadFile(e.secretKey)
 	fileToDecrypt, _ := ioutil.ReadFile(e.fileToDecrypt)
 
-	pkPassword := getPkPassword()
-
-	unecryptedSecret := dec.DecryptUsingPrivateKey(secretKey, privateKey, pkPassword)
+	unecryptedSecret := dec.DecryptUsingPrivateKey(secretKey, privateKey, e.askPass)
 
 	clearText := dec.DecryptUsingAsymmetricKey(fileToDecrypt, unecryptedSecret)
 
 	writeToFile(clearText, "secret.txt")
 }
 
-// getPkPassword asks the user to enter the password for their private key.
-func getPkPassword() string {
-	fmt.Println("Enter password: ")
-	pkPassword, _ := terminal.ReadPassword(0)
-	return string(pkPassword)
-}
-
 // writeToFile writes the data to a file with name fileName
 func writeToFile(data []byte, fileName string) {
 	err := ioutil.WriteFile(fileName, data, 0644)

diff --git a/dec/dec.go b/dec/dec.go
@@ -1,26 +1,33 @@
 package dec
 
 import (
+	"fmt"
+
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
+
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/terminal"
 )
 
 // DecryptUsingPrivateKey decrypt using private key
-func DecryptUsingPrivateKey(toDecrypt, pKey []byte, pkPassword string) []byte {
-	privateKeyPem, _ := pem.Decode([]byte(string(pKey)))
-	var decPrivateKey []byte
-	if pkPassword == "" {
-		decPrivateKey = privateKeyPem.Bytes
-	} else {
-		decPrivateKey, _ = x509.DecryptPEMBlock(privateKeyPem, []byte(pkPassword))
-	}
+func DecryptUsingPrivateKey(toDecrypt, pKey []byte, askPass bool) []byte {
+	var privateKey *rsa.PrivateKey
+	if askPass {
+		pkPassword := getPkPassword()
 
-	privateKey, _ := x509.ParsePKCS1PrivateKey(decPrivateKey)
+		privateKeyPem, _ := pem.Decode(pKey)
+		decPrivateKey, _ := x509.DecryptPEMBlock(privateKeyPem, []byte(pkPassword))
 
+		privateKey, _ = x509.ParsePKCS1PrivateKey(decPrivateKey)
+	} else {
+		pk, _ := ssh.ParseRawPrivateKey(pKey)
+		privateKey = pk.(*rsa.PrivateKey)
+	}
 	unecryptedSecret, _ := rsa.DecryptPKCS1v15(rand.Reader, privateKey, toDecrypt)
 
 	return unecryptedSecret
@@ -34,3 +41,10 @@ func DecryptUsingAsymmetricKey(toDecrypt, asymmetricKey []byte) []byte {
 
 	return clearText
 }
+
+// getPkPassword asks the user to enter the password for their private key.
+func getPkPassword() string {
+	fmt.Println("Enter password: ")
+	pkPassword, _ := terminal.ReadPassword(0)
+	return string(pkPassword)
+}
diff --git a/my_secret_file.txt b/my_secret_file.txt
@@ -0,0 +1 @@
+Hello Johan! You're awesome