crypt/ssh-vault
1
0
Fork 0
mirror of https://github.com/ssh-vault/ssh-vault.git synced 2025-07-31 05:24:22 +03:00
Code Activity

fixed edit

Browse Source
This commit is contained in:
nbari
2016-10-07 19:54:19 +02:00
parent c30c9662b5
commit 51f796b218
4 changed files with 87 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
cmd/ssh-vault/main.go
View File

@ -105,11 +105,27 @@ func main() {
exit1(err) exit1(err)
} }
case "edit": case "edit":
fmt.Println("edit") data, err := vault.View()
case "view":
err := vault.View()
if err != nil { if err != nil {
exit1(err) exit1(err)
} }
out, err := vault.Edit(data)
if err != nil {
exit1(err)
}
out, err = vault.Encrypt(out)
if err != nil {
exit1(err)
}
err = vault.Close(out)
if err != nil {
exit1(err)
}
case "view":
out, err := vault.View()
if err != nil {
exit1(err)
}
fmt.Printf("\n%s", out)
} }
} }

36
edit.go Normal file
View File

@ -0,0 +1,36 @@
package sshvault
import (
"io/ioutil"
"os"
"os/exec"
)
// Edit opens $EDITOR default to vi
func (v *vault) Edit(data []byte) ([]byte, error) {
tmpfile, err := ioutil.TempFile("", v.Fingerprint)
if err != nil {
return nil, err
}
defer os.Remove(tmpfile.Name())
err = ioutil.WriteFile(tmpfile.Name(), data, 0600)
if err != nil {
return nil, err
}
editor := os.Getenv("EDITOR")
if editor == "" {
editor = "vi"
}
cmd := exec.Command(editor, tmpfile.Name())
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
err = cmd.Run()
if err != nil {
return nil, err
}
b, err := ioutil.ReadFile(tmpfile.Name())
if err != nil {
return nil, err
}
return b, nil
}

3
sopas Normal file
View File

@ -0,0 +1,3 @@
$SSH-VAULT;AES256;fd:c9:a5:ab:67:c2:6a:3b:6b:c9:72:d6:32:f8:a8:09
43fd4bf54db6c83baa44a18ad1e0070ceee2258ac87751709dff570bf0ecc54c9f3d781de889ea926d5849162a6482d21f1af3499328999b6e619823107215d2605842b09b7240ac228cb7034bd5a3e57d30ce20a2b86b275d480e6d7264520b70b20616c7f86514b710f5c44456ceff8c4013a12c0c9e3a99c128eb013c0b88b25276056be23804ceb12cec4fa8058931c9da55aad682f70603ac089b0a2edb15791a6296cba1095d44e3906dc4d421712927090cd3e5fe8eca3db78ffcb0c229e7b7a85aac0d14db4f5ce973f4d5cf98412b6a4d16c7ff65954482f6786c06ac9031197ced692d203610c4186b5490308b7840e210fc3d7448b4715782b433d90dd883146d28aa066d4f8d6b05457b53bc88f43c426bb10ff2a29ccbce8c5ca5560ba6ca5e9bde2f296f6cf0ebb506dd9b42d2991f01415d8f7ccc55ded53b3ef102c497f5d0432df45890280ec2a771bb1f302420d861884c8d0f3b8c9409c046b12cd1c4739d228840a5f1f7d804046f87144068f70cde65e12f078298625c4b0c04dfa275bf72ea84ee914d67981126d41a2ecad8aad72a636df9fc2639546b91dc0850a4d1f7c043e7d92ffdc6a8e77a8354dc4da513df2c8616d7f479bf5418852ee3ef29b35ef49513ed6099381db5bd9d46e3a888492d2a65e8920c8bf2dca419c883fbbd5908337ba56b62b50e40059ec817becfb369204202f804
51a3315d00f1c1ec1616c90d1b58cb0d6f870fe6a42eeca3a98181661bf72a29f4af09976e828d00a79aa242416bb2a41e79015a7320726e67b3b6921982ebe70af7700a3fc38cb64cffb4

52
view.go
View File

@ -10,69 +10,75 @@ import (
"encoding/pem" "encoding/pem"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log" "strings"
"syscall" "syscall"
"golang.org/x/crypto/ssh/terminal" "golang.org/x/crypto/ssh/terminal"
) )
// View decrypts data and print it to stdout // View decrypts data and print it to stdout
func (v *vault) View() error { func (v *vault) View() ([]byte, error) {
vault, err := ioutil.ReadFile(v.vault) vault, err := ioutil.ReadFile(v.vault)
if err != nil { if err != nil {
return err return nil, err
} }
// head, pass, body
// head, password, body
parts := bytes.Split(vault, []byte("\n")) parts := bytes.Split(vault, []byte("\n"))
// get pem // use private key only
pemData, err := ioutil.ReadFile(v.key) if strings.HasSuffix(v.key, ".pub") {
v.key = strings.Trim(v.key, ".pub")
}
keyFile, err := ioutil.ReadFile(v.key)
if err != nil { if err != nil {
log.Fatalf("Error reading pem file: %s", err) return nil, fmt.Errorf("Error reading private key: %s", err)
} }
block, _ := pem.Decode(pemData)
block, _ := pem.Decode(keyFile)
if block == nil || block.Type != "RSA PRIVATE KEY" { if block == nil || block.Type != "RSA PRIVATE KEY" {
return fmt.Errorf("No valid PEM (private key) data found") return nil, fmt.Errorf("No valid PEM (private key) data found")
} }
var pemOut []byte
if x509.IsEncryptedPEMBlock(block) { if x509.IsEncryptedPEMBlock(block) {
fmt.Print("Enter key password: ") fmt.Print("Enter key password: ")
keyPassword, err := terminal.ReadPassword(int(syscall.Stdin)) keyPassword, err := terminal.ReadPassword(int(syscall.Stdin))
if err != nil { if err != nil {
return err return nil, err
} }
pemOut, err = x509.DecryptPEMBlock(block, keyPassword) fmt.Println()
block.Bytes, err = x509.DecryptPEMBlock(block, keyPassword)
if err != nil { if err != nil {
return err return nil, err
} }
} else {
pemOut = block.Bytes
} }
privateKey, err := x509.ParsePKCS1PrivateKey(pemOut)
privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil { if err != nil {
return err return nil, err
} }
ciphertext := make([]byte, hex.DecodedLen(len(parts[1]))) ciphertext := make([]byte, hex.DecodedLen(len(parts[1])))
_, err = hex.Decode(ciphertext, parts[1]) _, err = hex.Decode(ciphertext, parts[1])
if err != nil { if err != nil {
return err return nil, err
} }
v.password, err = rsa.DecryptOAEP(sha256.New(), rand.Reader, privateKey, ciphertext, []byte("")) v.password, err = rsa.DecryptOAEP(sha256.New(), rand.Reader, privateKey, ciphertext, []byte(""))
if err != nil { if err != nil {
return err return nil, err
} }
ciphertext = make([]byte, hex.DecodedLen(len(parts[2]))) ciphertext = make([]byte, hex.DecodedLen(len(parts[2])))
_, err = hex.Decode(ciphertext, parts[2]) _, err = hex.Decode(ciphertext, parts[2])
if err != nil { if err != nil {
return err return nil, err
} }
data, err := v.Decrypt(ciphertext) data, err := v.Decrypt(ciphertext)
if err != nil { if err != nil {
return err return nil, err
} }
fmt.Printf("\n%s", data) return data, nil
return nil
} }