Compare commits

..

7 commits

Author SHA1 Message Date
Lilian Jónsdóttir 79ffb9d9b6 version bump - v0.1.0
- add support for editor arguments
- add support for encrypting to multiple recipients
- add support for trying to decrypt with multiple identites
- add cli flag to re-encrypt even if data wasn't changed
2024-03-23 14:15:48 -07:00
Lilian Jónsdóttir 790bc635ab update readme 2024-03-23 14:13:09 -07:00
Lilian Jónsdóttir da5adc9828 add support for encrypting to multiple recipients / decrypting with multiple identities
- config options for reading identities/recipients from file
- command line flags for both files, and identities/recipients straight from the command line
- some cleanup and better help strings
2024-03-23 14:08:38 -07:00
Lilian Jónsdóttir f4df6f35eb add support for editors that need arguments 2024-03-23 13:57:15 -07:00
Lilian Jónsdóttir e96bac3d9d add force flag to re-encrypt even if data hasn't changed 2024-03-22 23:46:51 -07:00
Lilian Jónsdóttir 9c0c3ee788 some cleanup 2024-03-22 23:46:51 -07:00
Lilian Jónsdóttir 37601be04f use cli flag action like it should be 2024-03-19 10:49:02 -07:00
7 changed files with 300 additions and 105 deletions

View file

@ -10,10 +10,15 @@ open an [age](https://github.com/FiloSottile/age) encrypted file in $EDITOR
### flags
```text
--identity value, -i value age identity file to use
--out value, -o value write to this file instead of the input file
--log value, -l value log level (default: "warn")
--editor value, -e value specify the editor to use
--identity identity, -I identity [ --identity identity, -I identity ] age identity (or identities) to decrypt with
--identity-file FILE, -i FILE read identity from FILE
--recipient recipient, -R recipient [ --recipient recipient, -R recipient ] age recipients to encrypt to
--recipient-file FILE, -r FILE read recipients from FILE
--out FILE, -o FILE write to FILE instead of the input file
--editor EDITOR, -e EDITOR edit with specified EDITOR instead of $EDITOR
--editor-args arg [ --editor-args arg ] arguments to send to the editor
--force, -f re-encrypt the file even if no changes have been made. (default: false)
--log level log level (default: "warn")
--help, -h show help
--version, -v print the version
```
@ -22,3 +27,6 @@ open an [age](https://github.com/FiloSottile/age) encrypted file in $EDITOR
`go get git.burning.moe/celediel/agedit@latest`
See `./cmd/agedit` for example usage.
## TODO
- support for password encrypted key files

View file

@ -2,10 +2,12 @@ package main
import (
"errors"
"fmt"
"os"
"strings"
"time"
"filippo.io/age"
"git.burning.moe/celediel/agedit/internal/config"
"git.burning.moe/celediel/agedit/pkg/editor"
"git.burning.moe/celediel/agedit/pkg/encrypt"
@ -17,10 +19,10 @@ import (
)
const (
name = "agedit"
usage = "Edit age encrypted files with your $EDITOR"
version = "0.0.2"
help_template = `NAME:
name string = "agedit"
usage string = "Edit age encrypted files with your $EDITOR"
version string = "0.1.0"
help_template string = `NAME:
{{.Name}} {{if .Version}}v{{.Version}}{{end}} - {{.Usage}}
USAGE:
@ -45,33 +47,101 @@ var (
}}
flags = []cli.Flag{
&cli.StringFlag{
&cli.StringSliceFlag{
Name: "identity",
Usage: "age identity file to use",
Usage: "age `identity` (or identities) to decrypt with",
Aliases: []string{"I"},
Action: func(ctx *cli.Context, inputs []string) error {
for _, input := range inputs {
id, err := age.ParseX25519Identity(input)
if err != nil {
return err
}
identities = append(identities, id)
}
return nil
},
},
&cli.PathFlag{ // I dunno why PathFlag exists because cli.Path is just string
Name: "identity-file",
Usage: "read identity from `FILE`",
Aliases: []string{"i"},
Action: func(ctx *cli.Context, s string) error {
if identity_file := ctx.String("identity"); identity_file != "" {
Action: func(ctx *cli.Context, identity_file cli.Path) error {
if identity_file != "" {
cfg.IdentityFile = identity_file
}
return nil
},
},
&cli.StringSliceFlag{
Name: "recipient",
Usage: "age `recipient`s to encrypt to",
Aliases: []string{"R"},
Action: func(ctx *cli.Context, inputs []string) error {
for _, input := range inputs {
logger.Debugf("parsing public key from string %s", input)
r, err := age.ParseX25519Recipient(input)
if err != nil {
return err
}
recipients = append(recipients, r)
}
return nil
},
},
&cli.PathFlag{
Name: "recipient-file",
Usage: "read recipients from `FILE`",
Aliases: []string{"r"},
Action: func(ctx *cli.Context, recipient_file cli.Path) error {
if recipient_file != "" {
cfg.RecipientFile = recipient_file
}
return nil
},
},
&cli.StringFlag{
Name: "out",
Usage: "write to this file instead of the input file",
Usage: "write to `FILE` instead of the input file",
Aliases: []string{"o"},
Action: func(ctx *cli.Context, s string) error {
output_file = ctx.String("out")
Action: func(ctx *cli.Context, out string) error {
output_file = out
return nil
},
},
&cli.StringFlag{
Name: "editor",
Usage: "edit with specified `EDITOR` instead of $EDITOR",
Aliases: []string{"e"},
Action: func(ctx *cli.Context, editor string) error {
cfg.Editor = editor
return nil
},
},
&cli.StringSliceFlag{
Name: "editor-args",
Usage: "`arg`uments to send to the editor",
Action: func(ctx *cli.Context, args []string) error {
cfg.EditorArgs = args
return nil
},
},
&cli.BoolFlag{
Name: "force",
Usage: "re-encrypt the file even if no changes have been made.",
Aliases: []string{"f"},
Action: func(ctx *cli.Context, b bool) error {
force_overwrite = b
return nil
},
},
&cli.StringFlag{
Name: "log",
Usage: "log level",
Usage: "log `level`",
Value: "warn",
Aliases: []string{"l"},
Action: func(ctx *cli.Context, s string) error {
if lvl, err := log.ParseLevel(ctx.String("log")); err == nil {
if lvl, err := log.ParseLevel(s); err == nil {
logger.SetLevel(lvl)
// Some extra info for debug level
if logger.GetLevel() == log.DebugLevel {
@ -83,15 +153,6 @@ var (
return nil
},
},
&cli.StringFlag{
Name: "editor",
Usage: "specify the editor to use",
Aliases: []string{"e"},
Action: func(ctx *cli.Context, s string) error {
cfg.Editor = ctx.String("editor")
return nil
},
},
}
)
@ -99,23 +160,22 @@ var (
func before(ctx *cli.Context) error {
// check input
if input_file = strings.Join(ctx.Args().Slice(), " "); input_file == "" {
return errors.New("no file to edit, use agedit -h for help")
return fmt.Errorf("no file to edit, use " + name + " -h for help")
}
// do some setup
// set some defaults
cfg = config.Defaults
cfg.Editor = env.GetEditor()
cfg_dir := env.GetConfigDir("agedit")
cfg_dir := env.GetConfigDir(name)
cfg.IdentityFile = cfg_dir + "identity.key"
configFile = cfg_dir + "agedit.yaml"
configFile = cfg_dir + name + ".yaml"
logger = log.NewWithOptions(os.Stderr, log.Options{
ReportTimestamp: true,
TimeFormat: time.TimeOnly,
})
// load config from file
_, err := os.Open(configFile)
if err != nil && errors.Is(err, os.ErrNotExist) {
if _, err := os.Stat(configFile); err != nil && errors.Is(err, os.ErrNotExist) {
// or not
logger.Debug("couldn't load config file", "file", configFile)
} else {
@ -125,12 +185,16 @@ func before(ctx *cli.Context) error {
}
}
// setup editor with loaded config options
edt = editor.New(cfg.Editor, cfg.EditorArgs, cfg.Prefix, cfg.Suffix, cfg.RandomLength)
return nil
}
// action does the actual thing
func action(ctx *cli.Context) error {
if _, err := os.Open(input_file); os.IsNotExist(err) {
// make sure input file exists
if _, err := os.Stat(input_file); os.IsNotExist(err) {
return err
}
@ -139,35 +203,75 @@ func action(ctx *cli.Context) error {
logger.Debug("out file not specified, using input", "outfile", output_file)
}
if _, err := os.Open(cfg.IdentityFile); os.IsNotExist(err) {
return errors.New("identity file unset, use -i or set one in the config file")
}
if id, err := encrypt.ReadIdentityFromFile(cfg.IdentityFile); err != nil {
return err
// read from identity file if exists and no identities have been supplied
if len(identities) == 0 {
if _, err := os.Stat(cfg.IdentityFile); os.IsNotExist(err) {
return fmt.Errorf("identity file unset and no identities supplied, use -i to specify an idenitity file or set one in the config file, or use -I to specify an age private key")
} else {
identity = id
f, err := os.Open(cfg.IdentityFile)
if err != nil {
return fmt.Errorf("couldn't open identity file: %v", err)
}
if ids, err := age.ParseIdentities(f); err != nil {
return fmt.Errorf("couldn't parse identities: %v", err)
} else {
identities = append(identities, ids...)
}
}
}
logger.Debug("read identity from file", "id", identity.Recipient())
decrypted, err := encrypt.Decrypt(input_file, identity)
// read from recipient file if it exists and no recipients have been supplied
if len(recipients) == 0 {
if _, err := os.Stat(cfg.RecipientFile); os.IsNotExist(err) {
return fmt.Errorf("recipient file doesn't exist")
} else {
f, err := os.Open(cfg.RecipientFile)
if err != nil {
return fmt.Errorf("couldn't open recipient file: %v", err)
}
if rs, err := age.ParseRecipients(f); err != nil {
return fmt.Errorf("couldn't parse recipients: %v", err)
} else {
recipients = append(recipients, rs...)
}
}
}
// get recipients from specified identities
for _, id := range identities {
// TODO: figure out how age actually intends for
// TODO: a recpient to be retrieved from an age.Identity
// TODO: beccause this is stupid and I hate it
actual_id, err := age.ParseX25519Identity(fmt.Sprint(id))
if err != nil {
return fmt.Errorf("couldn't get recipient? %v", err)
}
recipients = append(recipients, actual_id.Recipient())
}
// try to decrypt the file
decrypted, err := encrypt.Decrypt(input_file, identities...)
if err != nil {
return err
}
logger.Debug("decrypted " + input_file + " sucessfully")
edited, err := editor.EditTempFile(cfg.Editor, string(decrypted), cfg.Prefix, cfg.Suffix, cfg.RandomLength)
// open decrypted data in the editor
edited, err := edt.EditTempFile(string(decrypted))
if err != nil {
return err
}
logger.Debug("got data back from editor")
if string(edited) == string(decrypted) {
// don't overwrite same data, unless specified
if string(edited) == string(decrypted) && !force_overwrite {
logger.Warn("No edits made, not writing " + output_file)
return nil
}
err = encrypt.Encrypt(edited, output_file, identity)
// actually re-encrypt the data
err = encrypt.Encrypt(edited, output_file, recipients...)
if err != nil {
return err
}

View file

@ -4,6 +4,7 @@ import (
"os"
"git.burning.moe/celediel/agedit/internal/config"
"git.burning.moe/celediel/agedit/pkg/editor"
"filippo.io/age"
"github.com/charmbracelet/log"
@ -11,12 +12,14 @@ import (
)
var (
identity *age.X25519Identity
identities []age.Identity
recipients []age.Recipient
logger *log.Logger
cfg config.Config
edt editor.Editor
configFile string
input_file, output_file string
force_overwrite bool
)
func main() {
@ -29,6 +32,7 @@ func main() {
Before: before,
Action: action,
CustomAppHelpTemplate: help_template,
UseShortOptionHandling: true,
}
if err := app.Run(os.Args); err != nil {

View file

@ -2,7 +2,9 @@ package config
type Config struct {
IdentityFile string `json:"identityfile" yaml:"identityfile" toml:"identityfile"`
RecipientFile string `json:"recipientfile" yaml:"recipientfile" toml:"recipientfile"`
Editor string `json:"editor" yaml:"editor" toml:"editor"`
EditorArgs []string `json:"editorargs" yaml:"editorargs" toml:"editorargs"`
Prefix string `json:"randomfileprefix" yaml:"randomfileprefix" toml:"randomfileprefix"`
Suffix string `json:"randomfilesuffix" yaml:"randomfilesuffix" toml:"randomfilesuffix"`
RandomLength int `json:"randomfilenamelength" yaml:"randomfilenamelength" toml:"randomfilenamelength"`

View file

@ -1,7 +1,6 @@
package editor
import (
"errors"
"io/fs"
"os"
"os/exec"
@ -9,14 +8,17 @@ import (
"git.burning.moe/celediel/agedit/pkg/tmpfile"
)
// EditFile opens the specified file in the configured editor
func EditFile(editor, filename string) error {
if editor == "" {
return errors.New("editor not set")
}
type Editor struct {
Command string
Args []string
generator tmpfile.Generator
}
// TODO: handle editors that require arguments
cmd := exec.Command(editor, filename)
// EditFile opens the specified file in the configured editor
func (e *Editor) EditFile(filename string) error {
args := append(e.Args, filename)
cmd := exec.Command(e.Command, args...)
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
@ -30,7 +32,7 @@ func EditFile(editor, filename string) error {
// EditTempFile creates a temporary file with a random name, opens it in the
// editor, and returns the byte slice of its contents.
func EditTempFile(editor, start, prefix, suffix string, filename_length int) ([]byte, error) {
func (e *Editor) EditTempFile(start string) ([]byte, error) {
var (
filename string
bytes []byte
@ -38,10 +40,7 @@ func EditTempFile(editor, start, prefix, suffix string, filename_length int) ([]
file *os.File
)
// generator := tmpfile.NewGenerator("agedit_", ".txt", 13)
generator := tmpfile.NewGenerator(prefix, suffix, filename_length)
filename = generator.GenerateFullPath()
filename = e.generator.GenerateFullPath()
if file, err = os.Create(filename); err != nil {
return nil, err
}
@ -50,7 +49,7 @@ func EditTempFile(editor, start, prefix, suffix string, filename_length int) ([]
return nil, err
}
if err = EditFile(editor, filename); err != nil {
if err = e.EditFile(filename); err != nil {
return nil, err
}
@ -68,3 +67,14 @@ func EditTempFile(editor, start, prefix, suffix string, filename_length int) ([]
return bytes, nil
}
// New returns an Editor configured to open files with `command` + `args`.
// The prefix and suffix will be added to the randomly generated
// filename of `length` characters.
func New(command string, args []string, prefix, suffix string, length int) Editor {
return Editor{
Command: command,
Args: args,
generator: tmpfile.NewGenerator(prefix, suffix, length),
}
}

View file

@ -11,18 +11,18 @@ import (
)
// Encrypt encrypts bytes into filename
func Encrypt(data []byte, filename string, identity *age.X25519Identity) error {
func Encrypt(data []byte, filename string, recipients ...age.Recipient) error {
var (
w io.WriteCloser
out = &bytes.Buffer{}
err error
)
if identity == nil {
return errors.New("nil identity??")
if len(recipients) == 0 {
return errors.New("no recepients? who's trying to encrypt?")
}
if w, err = age.Encrypt(out, identity.Recipient()); err != nil {
if w, err = age.Encrypt(out, recipients...); err != nil {
return err
}
@ -40,7 +40,7 @@ func Encrypt(data []byte, filename string, identity *age.X25519Identity) error {
}
// Decrypt decrypts bytes from filename
func Decrypt(filename string, identity *age.X25519Identity) ([]byte, error) {
func Decrypt(filename string, identities ...age.Identity) ([]byte, error) {
var (
f *os.File
r io.Reader
@ -51,7 +51,7 @@ func Decrypt(filename string, identity *age.X25519Identity) ([]byte, error) {
return nil, err
}
if r, err = age.Decrypt(f, identity); err != nil {
if r, err = age.Decrypt(f, identities...); err != nil {
return nil, err
}

View file

@ -5,14 +5,12 @@ import (
"os"
"testing"
"filippo.io/age"
"git.burning.moe/celediel/agedit/pkg/tmpfile"
)
var generator = tmpfile.NewGenerator("test_", ".txt", 18)
// TestEncryptionDecryption writes a string to a file, encrypts it, then decrypts it, and reads the string.
func TestEncryptionDecryption(t *testing.T) {
var (
var (
generator = tmpfile.NewGenerator("test_", ".txt", 18)
strings_to_write = []string{
"hello world",
"hola mundo",
@ -25,9 +23,11 @@ func TestEncryptionDecryption(t *testing.T) {
"გამარჯობა მსოფლიო",
"अभिवादन पृथ्वी",
}
)
)
id, err := NewIdentity()
// TestEncryptionDecryption writes a string to a file, encrypts it, then decrypts it, and reads the string.
func TestEncryptionDecryption(t *testing.T) {
id, err := age.GenerateX25519Identity()
if err != nil {
t.Fatal(err)
}
@ -49,7 +49,7 @@ func TestEncryptionDecryption(t *testing.T) {
t.Fatal(err)
}
if err = Encrypt(b, encrypted_outname, id); err != nil {
if err = Encrypt(b, encrypted_outname, id.Recipient()); err != nil {
t.Fatal(err)
}
@ -73,6 +73,73 @@ func TestEncryptionDecryption(t *testing.T) {
}
}
func TestMultipleIdentities(t *testing.T) {
var (
identities []age.Identity
recipients []age.Recipient
)
for i := 0; i <= 10; i++ {
id, err := age.GenerateX25519Identity()
if err != nil {
t.Fatalf("age broke: %v", err)
}
identities = append(identities, id)
recipients = append(recipients, id.Recipient())
}
for _, str := range strings_to_write {
var (
outname string = generator.GenerateFullPath()
encrypted_outname string = outname + ".age"
b []byte
err error
)
t.Run("testing writing "+str, func(t *testing.T) {
if err = os.WriteFile(outname, []byte(str), fs.FileMode(0600)); err != nil {
t.Fatal(err)
}
if b, err = os.ReadFile(outname); err != nil {
t.Fatal(err)
}
if err = Encrypt(b, encrypted_outname, recipients...); err != nil {
t.Fatal(err)
}
// try decrypting with each identity
for _, id := range identities {
if b, err = Decrypt(encrypted_outname, id); err != nil {
t.Fatal(err)
}
if string(b) != str {
t.Fatal(string(b) + " isn't the same as " + str)
}
}
// then all of them because why not
if b, err = Decrypt(encrypted_outname, identities...); err != nil {
t.Fatal(err)
}
if string(b) != str {
t.Fatal(string(b) + " isn't the same as " + str)
}
if err = os.Remove(outname); err != nil {
t.Fatal(err)
}
if err = os.Remove(encrypted_outname); err != nil {
t.Fatal(err)
}
})
}
}
// TestNewIdentity creats a new identity, writes it to file, then re-reads it back from the file.
func TestNewIdentity(t *testing.T) {
for i := 0; i <= 1000; i++ {