From d8d9ffb91c5ea97583af83fd128abb5014de4582 Mon Sep 17 00:00:00 2001 From: pp-johan Date: Mon, 3 Feb 2020 14:55:49 +0100 Subject: [PATCH] Update to support openssh private key --- cmd/decrypt/decrypt.go | 19 ++++++++----------- dec/dec.go | 32 +++++++++++++++++++++++--------- my_secret_file.txt | 1 + 3 files changed, 32 insertions(+), 20 deletions(-) create mode 100644 my_secret_file.txt diff --git a/cmd/decrypt/decrypt.go b/cmd/decrypt/decrypt.go index 596df85..3086e6a 100644 --- a/cmd/decrypt/decrypt.go +++ b/cmd/decrypt/decrypt.go @@ -7,13 +7,13 @@ import ( "github.com/pypl-johan/secure/dec" "github.com/spf13/cobra" - "golang.org/x/crypto/ssh/terminal" ) type decryption struct { fileToDecrypt string privateKey string secretKey string + askPass bool } // Decrypt allows decryption of symmetric key using private key @@ -52,6 +52,12 @@ func Decrypt() *cobra.Command { "secret.key.enc", "secret key to decrypt", ) + cmd.Flags().BoolVar( + &decrypt.askPass, + "askPass", + false, + "ask for password for private key", + ) return cmd } @@ -62,22 +68,13 @@ func (e *decryption) run() { secretKey, _ := ioutil.ReadFile(e.secretKey) fileToDecrypt, _ := ioutil.ReadFile(e.fileToDecrypt) - pkPassword := getPkPassword() - - unecryptedSecret := dec.DecryptUsingPrivateKey(secretKey, privateKey, pkPassword) + unecryptedSecret := dec.DecryptUsingPrivateKey(secretKey, privateKey, e.askPass) clearText := dec.DecryptUsingAsymmetricKey(fileToDecrypt, unecryptedSecret) writeToFile(clearText, "secret.txt") } -// getPkPassword asks the user to enter the password for their private key. -func getPkPassword() string { - fmt.Println("Enter password: ") - pkPassword, _ := terminal.ReadPassword(0) - return string(pkPassword) -} - // writeToFile writes the data to a file with name fileName func writeToFile(data []byte, fileName string) { err := ioutil.WriteFile(fileName, data, 0644) diff --git a/dec/dec.go b/dec/dec.go index ef5ede3..9af3a1b 100644 --- a/dec/dec.go +++ b/dec/dec.go @@ -1,26 +1,33 @@ package dec import ( + "fmt" + "crypto/aes" "crypto/cipher" "crypto/rand" "crypto/rsa" "crypto/x509" "encoding/pem" + + "golang.org/x/crypto/ssh" + "golang.org/x/crypto/ssh/terminal" ) // DecryptUsingPrivateKey decrypt using private key -func DecryptUsingPrivateKey(toDecrypt, pKey []byte, pkPassword string) []byte { - privateKeyPem, _ := pem.Decode([]byte(string(pKey))) - var decPrivateKey []byte - if pkPassword == "" { - decPrivateKey = privateKeyPem.Bytes - } else { - decPrivateKey, _ = x509.DecryptPEMBlock(privateKeyPem, []byte(pkPassword)) - } +func DecryptUsingPrivateKey(toDecrypt, pKey []byte, askPass bool) []byte { + var privateKey *rsa.PrivateKey + if askPass { + pkPassword := getPkPassword() - privateKey, _ := x509.ParsePKCS1PrivateKey(decPrivateKey) + privateKeyPem, _ := pem.Decode(pKey) + decPrivateKey, _ := x509.DecryptPEMBlock(privateKeyPem, []byte(pkPassword)) + privateKey, _ = x509.ParsePKCS1PrivateKey(decPrivateKey) + } else { + pk, _ := ssh.ParseRawPrivateKey(pKey) + privateKey = pk.(*rsa.PrivateKey) + } unecryptedSecret, _ := rsa.DecryptPKCS1v15(rand.Reader, privateKey, toDecrypt) return unecryptedSecret @@ -34,3 +41,10 @@ func DecryptUsingAsymmetricKey(toDecrypt, asymmetricKey []byte) []byte { return clearText } + +// getPkPassword asks the user to enter the password for their private key. +func getPkPassword() string { + fmt.Println("Enter password: ") + pkPassword, _ := terminal.ReadPassword(0) + return string(pkPassword) +} diff --git a/my_secret_file.txt b/my_secret_file.txt new file mode 100644 index 0000000..55e892b --- /dev/null +++ b/my_secret_file.txt @@ -0,0 +1 @@ +Hello Johan! You're awesome