From 2a20186345ac23c45a971c43540a3fe1e680fb67 Mon Sep 17 00:00:00 2001 From: Patrik Lundin Date: Tue, 8 Oct 2024 11:38:58 +0200 Subject: [PATCH] Add `--password-file` to `crypto jwe encrypt` Matches the already existing flag for `crypto jwe decrypt`. While here fix usage string for the existing flag since it deals with decryption. --- command/crypto/jwe/decrypt.go | 2 +- command/crypto/jwe/encrypt.go | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/command/crypto/jwe/decrypt.go b/command/crypto/jwe/decrypt.go index 8d11e91c4..f15086aeb 100644 --- a/command/crypto/jwe/decrypt.go +++ b/command/crypto/jwe/decrypt.go @@ -50,7 +50,7 @@ one of the JWKs in the JWK Set.`, }, cli.StringFlag{ Name: "password-file", - Usage: `The path to the containing the password to encrypt the keys.`, + Usage: `The path to the containing the password to decrypt the keys.`, }, }, } diff --git a/command/crypto/jwe/encrypt.go b/command/crypto/jwe/encrypt.go index a5e73beb2..5d10d6ce3 100644 --- a/command/crypto/jwe/encrypt.go +++ b/command/crypto/jwe/encrypt.go @@ -151,6 +151,10 @@ parameter is ignored by JWE implementations, but may be processed by applications that use JWE.`, }, flags.SubtleHidden, + cli.StringFlag{ + Name: "password-file", + Usage: `The path to the containing the password to encrypt the keys.`, + }, }, } } @@ -188,6 +192,7 @@ func encryptAction(ctx *cli.Context) error { typ := ctx.String("typ") cty := ctx.String("cty") isSubtle := ctx.Bool("subtle") + passwordFile := ctx.String("password-file") switch { case isPBES2 && key != "": @@ -224,7 +229,17 @@ func encryptAction(ctx *cli.Context) error { case jwks != "": jwk, err = jose.ReadKeySet(jwks, options...) case isPBES2: - pbes2Key, err = ui.PromptPassword("Please enter the password to encrypt the content encryption key") + var password string + if passwordFile != "" { + password, err = utils.ReadStringPasswordFromFile(passwordFile) + if err != nil { + return err + } + } + pbes2Key, err = + ui.PromptPassword( + "Please enter the password to encrypt the content encryption key", + ui.WithValue(password)) default: return errs.RequiredOrFlag(ctx, "key", "jwks") }