add support for encrypting to multiple recipients / decrypting with multiple identities
- config options for reading identities/recipients from file - command line flags for both files, and identities/recipients straight from the command line - some cleanup and better help strings
This commit is contained in:
parent
f4df6f35eb
commit
da5adc9828
4 changed files with 216 additions and 65 deletions
|
|
@ -11,18 +11,18 @@ import (
|
|||
)
|
||||
|
||||
// Encrypt encrypts bytes into filename
|
||||
func Encrypt(data []byte, filename string, identity *age.X25519Identity) error {
|
||||
func Encrypt(data []byte, filename string, recipients ...age.Recipient) error {
|
||||
var (
|
||||
w io.WriteCloser
|
||||
out = &bytes.Buffer{}
|
||||
err error
|
||||
)
|
||||
|
||||
if identity == nil {
|
||||
return errors.New("nil identity??")
|
||||
if len(recipients) == 0 {
|
||||
return errors.New("no recepients? who's trying to encrypt?")
|
||||
}
|
||||
|
||||
if w, err = age.Encrypt(out, identity.Recipient()); err != nil {
|
||||
if w, err = age.Encrypt(out, recipients...); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -40,7 +40,7 @@ func Encrypt(data []byte, filename string, identity *age.X25519Identity) error {
|
|||
}
|
||||
|
||||
// Decrypt decrypts bytes from filename
|
||||
func Decrypt(filename string, identity *age.X25519Identity) ([]byte, error) {
|
||||
func Decrypt(filename string, identities ...age.Identity) ([]byte, error) {
|
||||
var (
|
||||
f *os.File
|
||||
r io.Reader
|
||||
|
|
@ -51,7 +51,7 @@ func Decrypt(filename string, identity *age.X25519Identity) ([]byte, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
if r, err = age.Decrypt(f, identity); err != nil {
|
||||
if r, err = age.Decrypt(f, identities...); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,29 +5,29 @@ import (
|
|||
"os"
|
||||
"testing"
|
||||
|
||||
"filippo.io/age"
|
||||
"git.burning.moe/celediel/agedit/pkg/tmpfile"
|
||||
)
|
||||
|
||||
var generator = tmpfile.NewGenerator("test_", ".txt", 18)
|
||||
var (
|
||||
generator = tmpfile.NewGenerator("test_", ".txt", 18)
|
||||
strings_to_write = []string{
|
||||
"hello world",
|
||||
"hola mundo",
|
||||
"مرحبا بالعالم",
|
||||
"こんにちは世界",
|
||||
"你好世界",
|
||||
"Γειά σου Κόσμε",
|
||||
"Привіт Світ",
|
||||
"Բարեւ աշխարհ",
|
||||
"გამარჯობა მსოფლიო",
|
||||
"अभिवादन पृथ्वी",
|
||||
}
|
||||
)
|
||||
|
||||
// TestEncryptionDecryption writes a string to a file, encrypts it, then decrypts it, and reads the string.
|
||||
func TestEncryptionDecryption(t *testing.T) {
|
||||
var (
|
||||
strings_to_write = []string{
|
||||
"hello world",
|
||||
"hola mundo",
|
||||
"مرحبا بالعالم",
|
||||
"こんにちは世界",
|
||||
"你好世界",
|
||||
"Γειά σου Κόσμε",
|
||||
"Привіт Світ",
|
||||
"Բարեւ աշխարհ",
|
||||
"გამარჯობა მსოფლიო",
|
||||
"अभिवादन पृथ्वी",
|
||||
}
|
||||
)
|
||||
|
||||
id, err := NewIdentity()
|
||||
id, err := age.GenerateX25519Identity()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
|
@ -49,7 +49,7 @@ func TestEncryptionDecryption(t *testing.T) {
|
|||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if err = Encrypt(b, encrypted_outname, id); err != nil {
|
||||
if err = Encrypt(b, encrypted_outname, id.Recipient()); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
|
|
@ -73,6 +73,73 @@ func TestEncryptionDecryption(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestMultipleIdentities(t *testing.T) {
|
||||
var (
|
||||
identities []age.Identity
|
||||
recipients []age.Recipient
|
||||
)
|
||||
|
||||
for i := 0; i <= 10; i++ {
|
||||
id, err := age.GenerateX25519Identity()
|
||||
if err != nil {
|
||||
t.Fatalf("age broke: %v", err)
|
||||
}
|
||||
identities = append(identities, id)
|
||||
recipients = append(recipients, id.Recipient())
|
||||
}
|
||||
|
||||
for _, str := range strings_to_write {
|
||||
var (
|
||||
outname string = generator.GenerateFullPath()
|
||||
encrypted_outname string = outname + ".age"
|
||||
b []byte
|
||||
err error
|
||||
)
|
||||
|
||||
t.Run("testing writing "+str, func(t *testing.T) {
|
||||
if err = os.WriteFile(outname, []byte(str), fs.FileMode(0600)); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if b, err = os.ReadFile(outname); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if err = Encrypt(b, encrypted_outname, recipients...); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// try decrypting with each identity
|
||||
for _, id := range identities {
|
||||
if b, err = Decrypt(encrypted_outname, id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if string(b) != str {
|
||||
t.Fatal(string(b) + " isn't the same as " + str)
|
||||
}
|
||||
}
|
||||
|
||||
// then all of them because why not
|
||||
if b, err = Decrypt(encrypted_outname, identities...); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if string(b) != str {
|
||||
t.Fatal(string(b) + " isn't the same as " + str)
|
||||
}
|
||||
|
||||
if err = os.Remove(outname); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if err = os.Remove(encrypted_outname); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TestNewIdentity creats a new identity, writes it to file, then re-reads it back from the file.
|
||||
func TestNewIdentity(t *testing.T) {
|
||||
for i := 0; i <= 1000; i++ {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue