Skip to content

Commit

Permalink
add encrypt and decrypt commands for offline usage
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomcz
tomcz committed Jun 26, 2020
1 parent f7b6cb9 commit 7624eac
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ COMMANDS:
vault-put Upload file to S3 bucket using credentials from vault
vault-get Download file from S3 bucket using credentials from vault
keygen Generate RSA and AES backup keys
encrypt Just encrypt a local file
decrypt Just decrypt a local file
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
Expand Down
70 changes: 70 additions & 0 deletions cmd/s3backup/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,20 @@ func main() {
Usage: "Generate RSA and AES backup keys",
Subcommands: []*cli.Command{cmdGenAES, cmdGenRSA},
}
cmdEncrypt := &cli.Command{
Name: "encrypt",
Usage: "Just encrypt a local file",
ArgsUsage: "inFile outFile",
Action: encryptLocalFile,
Flags: cipherFlags(),
}
cmdDecrypt := &cli.Command{
Name: "decrypt",
Usage: "Just decrypt a local file",
ArgsUsage: "inFile outFile",
Action: decryptLocalFile,
Flags: cipherFlags(),
}
app := &cli.App{
Name: "s3backup",
Usage: "S3 backup script in a single binary",
Expand All @@ -94,6 +108,8 @@ func main() {
cmdVaultPut,
cmdVaultGet,
cmdKeygen,
cmdEncrypt,
cmdDecrypt,
},
}
if err := app.Run(os.Args); err != nil {
Expand Down Expand Up @@ -148,6 +164,21 @@ func basicFlags() []cli.Flag {
}
}

func cipherFlags() []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "symKey",
Usage: "Base64-encoded 256-bit symmetric AES key",
Destination: &symKey,
},
&cli.StringFlag{
Name: "pemKey",
Usage: "Path to PEM-encoded public or private key `FILE`",
Destination: &pemKeyFile,
},
}
}

func vaultFlags() []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Expand Down Expand Up @@ -324,3 +355,42 @@ func genSecretKey(*cli.Context) error {
func genKeyPair(*cli.Context) error {
return crypto.GenerateRSAKeyPair(rsaPrivKey, rsaPubKey)
}

func encryptLocalFile(ctx *cli.Context) error {
cipher, err := createCipher(ctx)
if err != nil {
return err
}
args := ctx.Args()
return cipher.Encrypt(args.Get(0), args.Get(1))
}

func decryptLocalFile(ctx *cli.Context) error {
cipher, err := createCipher(ctx)
if err != nil {
return err
}
args := ctx.Args()
return cipher.Decrypt(args.Get(0), args.Get(1))
}

func createCipher(ctx *cli.Context) (client.Cipher, error) {
if ctx.NArg() != 2 {
return nil, errors.New("in and out files are required")
}
var err error
var cipher client.Cipher
if symKey != "" {
cipher, err = crypto.NewAESCipher(symKey)
}
if pemKeyFile != "" {
cipher, err = crypto.NewRSACipher(pemKeyFile)
}
if err != nil {
return nil, err
}
if cipher == nil {
return nil, errors.New("either one of symKey or pemKey is required")
}
return cipher, nil
}

0 comments on commit 7624eac

Please sign in to comment.