A command-line tool using the saltpack messaging format and the keys.pub Go library.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

83 lines
2.3 KiB

package salty
import (
var (
// ErrProtectedKey is an error returned when a private key is protected by a password, but none was provided.
ErrProtectedKey = errors.New("error: key projtected by a password")
// GenerateKeys creates a new pair of Ed25519 keys and writes the Private Key
// to the `out io.Writer` and returns the Private and Public Keys.
// The Private Key written to `out` is Base64 encoded.
func GenerateKeys(pwd string, out io.Writer) (*keys.EdX25519Key, string) {
k := keys.GenerateEdX25519Key()
var encodedKey string
if pwd != "" {
encodedKey = base64.StdEncoding.EncodeToString(keys.EncryptWithPassword(k.Private(), pwd))
} else {
encodedKey = base64.StdEncoding.EncodeToString(k.Private())
fmt.Fprintf(out, "# created: %s\n", time.Now().Format(time.RFC3339))
fmt.Fprintf(out, "# public key: %s\n", k.PublicKey().ID().String())
fmt.Fprintf(out, "%s\n", encodedKey)
return k, k.PublicKey().ID().String()
// ParseIdentity parses the Salty Identity file given by `r io.Reader` which has a
// line-oriented format where comments (lines beginning with a #) and the and blank
// lines are ignored and the private key is the first non-comment / non-blank line.
// The Private Key is a Base64 decoded.
// This returns the parsed Ed25519 key on success or nil key and error if it fails.
func ParseIdentity(pwd string, r io.Reader) (*keys.EdX25519Key, error) {
scanner := bufio.NewScanner(r)
var n int
for scanner.Scan() {
line := scanner.Text()
if strings.HasPrefix(line, "#") || line == "" {
decodedKey, err := base64.StdEncoding.DecodeString(line)
if err != nil {
return nil, fmt.Errorf("error decoding key: %w", err)
var decryptedKey []byte
if len(decodedKey) > ed25519.PrivateKeySize {
if pwd == "" {
return nil, ErrProtectedKey
decryptedKey, err = keys.DecryptWithPassword(decodedKey, pwd)
if err != nil {
return nil, fmt.Errorf("error decrypting key: %w", err)
} else {
decryptedKey = decodedKey[:]
return keys.NewEdX25519KeyFromPrivateKey(keys.Bytes64(decryptedKey)), nil
if err := scanner.Err(); err != nil {
return nil, fmt.Errorf("failed to read identity file: %v", err)
return nil, fmt.Errorf("no key found")