You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
83 lines
2.3 KiB
83 lines
2.3 KiB
package salty
|
|
|
|
import (
|
|
"bufio"
|
|
"crypto/ed25519"
|
|
"encoding/base64"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/keys-pub/keys"
|
|
)
|
|
|
|
var (
|
|
// ErrProtectedKey is an error returned when a private key is protected by a password, but none was provided.
|
|
ErrProtectedKey = errors.New("error: key projtected by a password")
|
|
)
|
|
|
|
// GenerateKeys creates a new pair of Ed25519 keys and writes the Private Key
|
|
// to the `out io.Writer` and returns the Private and Public Keys.
|
|
// The Private Key written to `out` is Base64 encoded.
|
|
func GenerateKeys(pwd string, out io.Writer) (*keys.EdX25519Key, string) {
|
|
k := keys.GenerateEdX25519Key()
|
|
|
|
var encodedKey string
|
|
|
|
if pwd != "" {
|
|
encodedKey = base64.StdEncoding.EncodeToString(keys.EncryptWithPassword(k.Private(), pwd))
|
|
} else {
|
|
encodedKey = base64.StdEncoding.EncodeToString(k.Private())
|
|
}
|
|
|
|
fmt.Fprintf(out, "# created: %s\n", time.Now().Format(time.RFC3339))
|
|
fmt.Fprintf(out, "# public key: %s\n", k.PublicKey().ID().String())
|
|
fmt.Fprintf(out, "%s\n", encodedKey)
|
|
|
|
return k, k.PublicKey().ID().String()
|
|
}
|
|
|
|
// ParseIdentity parses the Salty Identity file given by `r io.Reader` which has a
|
|
// line-oriented format where comments (lines beginning with a #) and the and blank
|
|
// lines are ignored and the private key is the first non-comment / non-blank line.
|
|
// The Private Key is a Base64 decoded.
|
|
// This returns the parsed Ed25519 key on success or nil key and error if it fails.
|
|
func ParseIdentity(pwd string, r io.Reader) (*keys.EdX25519Key, error) {
|
|
scanner := bufio.NewScanner(r)
|
|
var n int
|
|
for scanner.Scan() {
|
|
line := scanner.Text()
|
|
n++
|
|
if strings.HasPrefix(line, "#") || line == "" {
|
|
continue
|
|
}
|
|
|
|
decodedKey, err := base64.StdEncoding.DecodeString(line)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error decoding key: %w", err)
|
|
}
|
|
|
|
var decryptedKey []byte
|
|
|
|
if len(decodedKey) > ed25519.PrivateKeySize {
|
|
if pwd == "" {
|
|
return nil, ErrProtectedKey
|
|
}
|
|
decryptedKey, err = keys.DecryptWithPassword(decodedKey, pwd)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error decrypting key: %w", err)
|
|
}
|
|
} else {
|
|
decryptedKey = decodedKey[:]
|
|
}
|
|
|
|
return keys.NewEdX25519KeyFromPrivateKey(keys.Bytes64(decryptedKey)), nil
|
|
}
|
|
if err := scanner.Err(); err != nil {
|
|
return nil, fmt.Errorf("failed to read identity file: %v", err)
|
|
}
|
|
|
|
return nil, fmt.Errorf("no key found")
|
|
}
|
|
|