tCleanup flag usage for convenience and clarity - safe-go - Unnamed repository; edit this file 'description' to name the repository.
(HTM) git clone git://git.z3bra.org/safe-go.git
(DIR) Log
(DIR) Files
(DIR) Refs
---
(DIR) commit 316ce298b0cedb94d1599dd8b0b8dd10971fedf9
(DIR) parent 99c2dc258f01e94c7d9bd53519d53ccd13b53e34
(HTM) Author: Willy Goiffon <dev@z3bra.org>
Date: Wed, 14 Sep 2022 17:32:43 +0200
Cleanup flag usage for convenience and clarity
-e for encryption (default behavior)
-d for decryption (-e and -d mutually exclusive)
Remove trace of -p for password input
Add possiblity to specify a file to read salt from (encrypt-mode only)
Diffstat:
M safe.go | 88 ++++++++++++++++----------------
1 file changed, 44 insertions(+), 44 deletions(-)
---
(DIR) diff --git a/safe.go b/safe.go
t@@ -26,18 +26,12 @@ const (
)
func usage() {
- fmt.Printf("usage: %s [-hde] [-s salt] [-f file]\n", os.Args[0])
+ fmt.Printf("usage: %s [-hed] [-s salt] [-f file]\n", os.Args[0])
os.Exit(2)
}
-func readsalt(file string, salt *[]byte) {
- f, err := os.Open(file)
- if err != nil {
- log.Fatal(err)
- }
- defer f.Close()
-
- _, err = f.Read(*salt)
+func readsalt(f *os.File, salt *[]byte) {
+ _, err := f.Read(*salt)
if err != nil {
log.Fatal(err)
}
t@@ -96,14 +90,12 @@ func decrypt(in *os.File, out *os.File, key []byte) {
buf := make([]byte, BUFSIZ+secretstream.StreamABytes)
header := make([]byte, secretstream.StreamHeaderBytes)
- /*
// Skip beginning of file which (supposedly) contains the salt for the key
in.Seek(argon2id_salt_len, os.SEEK_SET)
- */
- _, err := in.Read(header)
- if err != nil {
- log.Fatal(err)
- }
+ _, err := in.Read(header)
+ if err != nil {
+ log.Fatal(err)
+ }
dec, err := secretstream.NewDecryptor(key, header)
if err != nil {
t@@ -132,50 +124,40 @@ func decrypt(in *os.File, out *os.File, key []byte) {
func main() {
var err error
var key, salt, pass []byte
- var filename, saltfile, password string
- var dflag bool
+ var filename, saltfile string
+ var dflag, eflag bool
in := os.Stdin
out := os.Stdout
- flag.StringVar(&saltfile, "s", "", "Read salt from file")
- flag.StringVar(&password, "p", "", "Password to derivate key from")
+ salt = make([]byte, argon2id_salt_len)
+ key = make([]byte, xchacha20poly1305_key_len)
+
flag.StringVar(&filename, "f", "", "Encrypt/decrypt to/from file name")
+ flag.StringVar(&saltfile, "s", "", "Read salt from file (encrypt-only)")
+ flag.BoolVar(&eflag, "e", false, "encrypt input (default)")
flag.BoolVar(&dflag, "d", false, "decrypt input")
flag.Usage = usage
flag.Parse()
+ if eflag && dflag {
+ log.Fatal("Cannot use encryption and decryption at the same time")
+ }
+
args := flag.Args()
if len(args) > 0 {
usage()
}
- if len(password) == 0 {
- tty, err := os.OpenFile("/dev/tty", os.O_RDWR, 0644)
- if err != nil {
- log.Fatal(err)
- }
- defer tty.Close()
- fmt.Fprint(tty, "password:")
- pass, _ = term.ReadPassword(int(tty.Fd()))
- fmt.Fprintln(tty, "")
- } else {
- pass = []byte(password)
- }
-
- // read salt from the given file, or generate a ramdom one
- salt = make([]byte, argon2id_salt_len)
- if len(saltfile) > 0 {
- readsalt(saltfile, &salt)
- } else {
- _, err = rand.Read(salt)
- if err != nil {
- log.Fatal(err)
- }
+ // Prompt user for password
+ tty, err := os.OpenFile("/dev/tty", os.O_RDWR, 0644)
+ if err != nil {
+ log.Fatal(err)
}
-
- key = make([]byte, xchacha20poly1305_key_len)
- deriv(pass, &key, salt)
+ defer tty.Close()
+ fmt.Fprint(tty, "password:")
+ pass, _ = term.ReadPassword(int(tty.Fd()))
+ fmt.Fprintln(tty, "")
if dflag {
if len(filename) > 0 {
t@@ -186,8 +168,26 @@ func main() {
defer in.Close()
}
+ readsalt(in, &salt)
+ deriv(pass, &key, salt)
decrypt(in, out, key)
} else {
+ if len(saltfile) > 0 {
+ // Read salt from any manually specified file…
+ f, err := os.Open(saltfile)
+ if err != nil {
+ log.Fatal(err)
+ }
+ readsalt(f, &salt)
+ f.Close()
+ } else {
+ // … or generate a random one
+ _, err = rand.Read(salt)
+ if err != nil {
+ log.Fatal(err)
+ }
+ }
+ deriv(pass, &key, salt)
if len(filename) > 0 {
out, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0600)
if err != nil {