2020-07-06 09:39:24 +00:00
|
|
|
use std::path::PathBuf;
|
|
|
|
|
|
2020-07-08 08:56:16 +00:00
|
|
|
use anyhow::{bail, format_err, Error};
|
2020-11-20 16:38:34 +00:00
|
|
|
use serde_json::Value;
|
2020-07-06 09:39:24 +00:00
|
|
|
|
|
|
|
|
use proxmox::api::api;
|
2020-11-20 16:38:34 +00:00
|
|
|
use proxmox::api::cli::{
|
2020-11-24 06:19:15 +00:00
|
|
|
ColumnConfig,
|
2020-11-20 16:38:34 +00:00
|
|
|
CliCommand,
|
|
|
|
|
CliCommandMap,
|
2020-11-24 06:19:15 +00:00
|
|
|
format_and_print_result_full,
|
2020-11-20 16:38:34 +00:00
|
|
|
get_output_format,
|
|
|
|
|
OUTPUT_FORMAT,
|
|
|
|
|
};
|
2020-12-18 11:26:07 +00:00
|
|
|
use proxmox::api::router::ReturnType;
|
2020-07-06 09:39:24 +00:00
|
|
|
use proxmox::sys::linux::tty;
|
|
|
|
|
use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions};
|
|
|
|
|
|
2021-01-19 11:35:15 +00:00
|
|
|
use proxmox_backup::{
|
2021-01-22 08:38:38 +00:00
|
|
|
tools::paperkey::{
|
|
|
|
|
PaperkeyFormat,
|
|
|
|
|
generate_paper_key,
|
|
|
|
|
},
|
2021-01-19 11:35:15 +00:00
|
|
|
api2::types::{
|
|
|
|
|
PASSWORD_HINT_SCHEMA,
|
2021-01-20 09:20:41 +00:00
|
|
|
KeyInfo,
|
|
|
|
|
Kdf,
|
2021-01-19 11:35:15 +00:00
|
|
|
},
|
|
|
|
|
backup::{
|
|
|
|
|
rsa_decrypt_key_config,
|
|
|
|
|
KeyConfig,
|
|
|
|
|
},
|
|
|
|
|
tools,
|
2020-07-06 09:39:24 +00:00
|
|
|
};
|
2020-12-16 13:41:08 +00:00
|
|
|
|
2020-07-08 08:42:05 +00:00
|
|
|
pub const DEFAULT_ENCRYPTION_KEY_FILE_NAME: &str = "encryption-key.json";
|
2021-02-05 15:35:26 +00:00
|
|
|
pub const DEFAULT_MASTER_PUBKEY_FILE_NAME: &str = "master-public.pem";
|
2020-07-08 08:42:05 +00:00
|
|
|
|
2021-02-05 15:35:26 +00:00
|
|
|
pub fn find_default_master_pubkey() -> Result<Option<PathBuf>, Error> {
|
|
|
|
|
super::find_xdg_file(DEFAULT_MASTER_PUBKEY_FILE_NAME, "default master public key file")
|
2020-07-08 08:56:16 +00:00
|
|
|
}
|
2020-07-06 09:39:24 +00:00
|
|
|
|
2021-02-05 15:35:26 +00:00
|
|
|
pub fn place_default_master_pubkey() -> Result<PathBuf, Error> {
|
|
|
|
|
super::place_xdg_file(DEFAULT_MASTER_PUBKEY_FILE_NAME, "default master public key file")
|
2020-07-06 09:39:24 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-08 08:42:05 +00:00
|
|
|
pub fn find_default_encryption_key() -> Result<Option<PathBuf>, Error> {
|
2020-07-08 08:56:16 +00:00
|
|
|
super::find_xdg_file(DEFAULT_ENCRYPTION_KEY_FILE_NAME, "default encryption key file")
|
2020-07-08 08:42:05 +00:00
|
|
|
}
|
2020-07-06 09:39:24 +00:00
|
|
|
|
2020-07-08 08:42:05 +00:00
|
|
|
pub fn place_default_encryption_key() -> Result<PathBuf, Error> {
|
2020-07-08 08:56:16 +00:00
|
|
|
super::place_xdg_file(DEFAULT_ENCRYPTION_KEY_FILE_NAME, "default encryption key file")
|
2020-07-06 09:39:24 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-08 11:52:17 +00:00
|
|
|
pub fn read_optional_default_encryption_key() -> Result<Option<Vec<u8>>, Error> {
|
|
|
|
|
find_default_encryption_key()?
|
|
|
|
|
.map(file_get_contents)
|
|
|
|
|
.transpose()
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 09:39:24 +00:00
|
|
|
pub fn get_encryption_key_password() -> Result<Vec<u8>, Error> {
|
|
|
|
|
// fixme: implement other input methods
|
|
|
|
|
|
|
|
|
|
use std::env::VarError::*;
|
|
|
|
|
match std::env::var("PBS_ENCRYPTION_PASSWORD") {
|
|
|
|
|
Ok(p) => return Ok(p.as_bytes().to_vec()),
|
|
|
|
|
Err(NotUnicode(_)) => bail!("PBS_ENCRYPTION_PASSWORD contains bad characters"),
|
|
|
|
|
Err(NotPresent) => {
|
|
|
|
|
// Try another method
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If we're on a TTY, query the user for a password
|
|
|
|
|
if tty::stdin_isatty() {
|
|
|
|
|
return Ok(tty::read_password("Encryption Key Password: ")?);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bail!("no password input mechanism available");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[api(
|
|
|
|
|
input: {
|
|
|
|
|
properties: {
|
|
|
|
|
kdf: {
|
|
|
|
|
type: Kdf,
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
|
|
|
|
path: {
|
|
|
|
|
description:
|
|
|
|
|
"Output file. Without this the key will become the new default encryption key.",
|
|
|
|
|
optional: true,
|
2021-01-19 11:35:15 +00:00
|
|
|
},
|
|
|
|
|
hint: {
|
|
|
|
|
schema: PASSWORD_HINT_SCHEMA,
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
2020-07-06 09:39:24 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
)]
|
|
|
|
|
/// Create a new encryption key.
|
2021-01-19 11:35:15 +00:00
|
|
|
fn create(
|
|
|
|
|
kdf: Option<Kdf>,
|
|
|
|
|
path: Option<String>,
|
|
|
|
|
hint: Option<String>
|
|
|
|
|
) -> Result<(), Error> {
|
2020-07-06 09:39:24 +00:00
|
|
|
let path = match path {
|
|
|
|
|
Some(path) => PathBuf::from(path),
|
2020-07-10 07:57:55 +00:00
|
|
|
None => {
|
|
|
|
|
let path = place_default_encryption_key()?;
|
|
|
|
|
println!("creating default key at: {:?}", path);
|
|
|
|
|
path
|
|
|
|
|
}
|
2020-07-06 09:39:24 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let kdf = kdf.unwrap_or_default();
|
|
|
|
|
|
2021-01-19 16:55:27 +00:00
|
|
|
let mut key = [0u8; 32];
|
|
|
|
|
proxmox::sys::linux::fill_with_random_data(&mut key)?;
|
2020-07-06 09:39:24 +00:00
|
|
|
|
|
|
|
|
match kdf {
|
|
|
|
|
Kdf::None => {
|
2021-01-19 11:35:15 +00:00
|
|
|
if hint.is_some() {
|
|
|
|
|
bail!("password hint not allowed for Kdf::None");
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-21 10:56:54 +00:00
|
|
|
let key_config = KeyConfig::without_password(key)?;
|
2021-01-19 16:55:27 +00:00
|
|
|
|
|
|
|
|
key_config.store(path, false)?;
|
2020-07-06 09:39:24 +00:00
|
|
|
}
|
2020-11-24 06:19:15 +00:00
|
|
|
Kdf::Scrypt | Kdf::PBKDF2 => {
|
2020-07-06 09:39:24 +00:00
|
|
|
// always read passphrase from tty
|
|
|
|
|
if !tty::stdin_isatty() {
|
|
|
|
|
bail!("unable to read passphrase - no tty");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let password = tty::read_and_verify_password("Encryption Key Password: ")?;
|
|
|
|
|
|
2021-01-19 16:55:27 +00:00
|
|
|
let mut key_config = KeyConfig::with_key(&key, &password, kdf)?;
|
2021-01-19 11:35:15 +00:00
|
|
|
key_config.hint = hint;
|
2020-07-06 09:39:24 +00:00
|
|
|
|
2021-01-19 16:55:27 +00:00
|
|
|
key_config.store(&path, false)?;
|
2020-07-06 09:39:24 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-16 13:41:08 +00:00
|
|
|
#[api(
|
|
|
|
|
input: {
|
|
|
|
|
properties: {
|
|
|
|
|
"master-keyfile": {
|
|
|
|
|
description: "(Private) master key to use.",
|
|
|
|
|
},
|
|
|
|
|
"encrypted-keyfile": {
|
|
|
|
|
description: "RSA-encrypted keyfile to import.",
|
|
|
|
|
},
|
|
|
|
|
kdf: {
|
|
|
|
|
type: Kdf,
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
|
|
|
|
"path": {
|
|
|
|
|
description:
|
|
|
|
|
"Output file. Without this the key will become the new default encryption key.",
|
|
|
|
|
optional: true,
|
2021-01-19 11:35:15 +00:00
|
|
|
},
|
|
|
|
|
hint: {
|
|
|
|
|
schema: PASSWORD_HINT_SCHEMA,
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
2020-12-16 13:41:08 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
)]
|
|
|
|
|
/// Import an encrypted backup of an encryption key using a (private) master key.
|
|
|
|
|
async fn import_with_master_key(
|
|
|
|
|
master_keyfile: String,
|
|
|
|
|
encrypted_keyfile: String,
|
|
|
|
|
kdf: Option<Kdf>,
|
|
|
|
|
path: Option<String>,
|
2021-01-19 11:35:15 +00:00
|
|
|
hint: Option<String>,
|
2020-12-16 13:41:08 +00:00
|
|
|
) -> Result<(), Error> {
|
|
|
|
|
let path = match path {
|
|
|
|
|
Some(path) => PathBuf::from(path),
|
|
|
|
|
None => {
|
|
|
|
|
let path = place_default_encryption_key()?;
|
|
|
|
|
if path.exists() {
|
|
|
|
|
bail!("Please remove default encryption key at {:?} before importing to default location (or choose a non-default one).", path);
|
|
|
|
|
}
|
|
|
|
|
println!("Importing key to default location at: {:?}", path);
|
|
|
|
|
path
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let encrypted_key = file_get_contents(&encrypted_keyfile)?;
|
|
|
|
|
let master_key = file_get_contents(&master_keyfile)?;
|
|
|
|
|
let password = tty::read_password("Master Key Password: ")?;
|
|
|
|
|
|
|
|
|
|
let master_key =
|
|
|
|
|
openssl::pkey::PKey::private_key_from_pem_passphrase(&master_key, &password)
|
|
|
|
|
.map_err(|err| format_err!("failed to read PEM-formatted private key - {}", err))?
|
|
|
|
|
.rsa()
|
|
|
|
|
.map_err(|err| format_err!("not a valid private RSA key - {}", err))?;
|
|
|
|
|
|
2021-01-21 10:56:54 +00:00
|
|
|
let (key, created, _fingerprint) =
|
2020-12-16 13:41:08 +00:00
|
|
|
rsa_decrypt_key_config(master_key, &encrypted_key, &get_encryption_key_password)?;
|
|
|
|
|
|
|
|
|
|
let kdf = kdf.unwrap_or_default();
|
|
|
|
|
match kdf {
|
|
|
|
|
Kdf::None => {
|
2021-01-19 11:35:15 +00:00
|
|
|
if hint.is_some() {
|
|
|
|
|
bail!("password hint not allowed for Kdf::None");
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-21 10:56:54 +00:00
|
|
|
let mut key_config = KeyConfig::without_password(key)?;
|
2021-01-19 16:55:27 +00:00
|
|
|
key_config.created = created; // keep original value
|
|
|
|
|
|
|
|
|
|
key_config.store(path, true)?;
|
|
|
|
|
|
2020-12-16 13:41:08 +00:00
|
|
|
}
|
|
|
|
|
Kdf::Scrypt | Kdf::PBKDF2 => {
|
|
|
|
|
let password = tty::read_and_verify_password("New Password: ")?;
|
|
|
|
|
|
2021-01-19 16:55:27 +00:00
|
|
|
let mut new_key_config = KeyConfig::with_key(&key, &password, kdf)?;
|
2020-12-16 13:41:08 +00:00
|
|
|
new_key_config.created = created; // keep original value
|
2021-01-19 11:35:15 +00:00
|
|
|
new_key_config.hint = hint;
|
2020-12-16 13:41:08 +00:00
|
|
|
|
2021-01-19 16:55:27 +00:00
|
|
|
new_key_config.store(path, true)?;
|
2020-12-16 13:41:08 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 09:39:24 +00:00
|
|
|
#[api(
|
|
|
|
|
input: {
|
|
|
|
|
properties: {
|
|
|
|
|
kdf: {
|
|
|
|
|
type: Kdf,
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
|
|
|
|
path: {
|
|
|
|
|
description: "Key file. Without this the default key's password will be changed.",
|
|
|
|
|
optional: true,
|
2021-01-19 11:35:15 +00:00
|
|
|
},
|
|
|
|
|
hint: {
|
|
|
|
|
schema: PASSWORD_HINT_SCHEMA,
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
2020-07-06 09:39:24 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
)]
|
|
|
|
|
/// Change the encryption key's password.
|
2021-01-19 11:35:15 +00:00
|
|
|
fn change_passphrase(
|
|
|
|
|
kdf: Option<Kdf>,
|
|
|
|
|
path: Option<String>,
|
|
|
|
|
hint: Option<String>,
|
|
|
|
|
) -> Result<(), Error> {
|
2020-07-06 09:39:24 +00:00
|
|
|
let path = match path {
|
|
|
|
|
Some(path) => PathBuf::from(path),
|
2020-07-10 07:57:55 +00:00
|
|
|
None => {
|
|
|
|
|
let path = find_default_encryption_key()?
|
|
|
|
|
.ok_or_else(|| {
|
|
|
|
|
format_err!("no encryption file provided and no default file found")
|
|
|
|
|
})?;
|
|
|
|
|
println!("updating default key at: {:?}", path);
|
|
|
|
|
path
|
|
|
|
|
}
|
2020-07-06 09:39:24 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let kdf = kdf.unwrap_or_default();
|
|
|
|
|
|
|
|
|
|
if !tty::stdin_isatty() {
|
|
|
|
|
bail!("unable to change passphrase - no tty");
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-19 16:55:27 +00:00
|
|
|
let key_config = KeyConfig::load(&path)?;
|
2021-01-21 10:56:54 +00:00
|
|
|
let (key, created, _fingerprint) = key_config.decrypt(&get_encryption_key_password)?;
|
2020-07-06 09:39:24 +00:00
|
|
|
|
|
|
|
|
match kdf {
|
|
|
|
|
Kdf::None => {
|
2021-01-19 11:35:15 +00:00
|
|
|
if hint.is_some() {
|
|
|
|
|
bail!("password hint not allowed for Kdf::None");
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-21 10:56:54 +00:00
|
|
|
let mut key_config = KeyConfig::without_password(key)?;
|
2021-01-19 16:55:27 +00:00
|
|
|
key_config.created = created; // keep original value
|
|
|
|
|
|
|
|
|
|
key_config.store(&path, true)?;
|
2020-07-06 09:39:24 +00:00
|
|
|
}
|
2020-11-24 06:19:15 +00:00
|
|
|
Kdf::Scrypt | Kdf::PBKDF2 => {
|
2020-07-06 09:39:24 +00:00
|
|
|
let password = tty::read_and_verify_password("New Password: ")?;
|
|
|
|
|
|
2021-01-19 16:55:27 +00:00
|
|
|
let mut new_key_config = KeyConfig::with_key(&key, &password, kdf)?;
|
2020-07-06 09:39:24 +00:00
|
|
|
new_key_config.created = created; // keep original value
|
2021-01-19 11:35:15 +00:00
|
|
|
new_key_config.hint = hint;
|
2021-01-19 16:55:27 +00:00
|
|
|
|
|
|
|
|
new_key_config.store(&path, true)?;
|
2020-07-06 09:39:24 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-20 16:38:34 +00:00
|
|
|
#[api(
|
|
|
|
|
input: {
|
|
|
|
|
properties: {
|
|
|
|
|
path: {
|
|
|
|
|
description: "Key file. Without this the default key's metadata will be shown.",
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
|
|
|
|
"output-format": {
|
|
|
|
|
schema: OUTPUT_FORMAT,
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
)]
|
|
|
|
|
/// Print the encryption key's metadata.
|
2021-01-25 13:43:00 +00:00
|
|
|
fn show_key(path: Option<String>, param: Value) -> Result<(), Error> {
|
2020-11-20 16:38:34 +00:00
|
|
|
let path = match path {
|
|
|
|
|
Some(path) => PathBuf::from(path),
|
2021-01-25 13:43:00 +00:00
|
|
|
None => find_default_encryption_key()?
|
|
|
|
|
.ok_or_else(|| format_err!("no encryption file provided and no default file found"))?,
|
2020-11-20 16:38:34 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let config: KeyConfig = serde_json::from_slice(&file_get_contents(path.clone())?)?;
|
|
|
|
|
|
2020-11-24 06:19:15 +00:00
|
|
|
let output_format = get_output_format(¶m);
|
|
|
|
|
|
2021-01-20 09:20:41 +00:00
|
|
|
let mut info: KeyInfo = (&config).into();
|
|
|
|
|
info.path = Some(format!("{:?}", path));
|
2020-11-24 06:19:15 +00:00
|
|
|
|
|
|
|
|
let options = proxmox::api::cli::default_table_format_options()
|
|
|
|
|
.column(ColumnConfig::new("path"))
|
|
|
|
|
.column(ColumnConfig::new("kdf"))
|
|
|
|
|
.column(ColumnConfig::new("created").renderer(tools::format::render_epoch))
|
|
|
|
|
.column(ColumnConfig::new("modified").renderer(tools::format::render_epoch))
|
2021-01-19 11:35:15 +00:00
|
|
|
.column(ColumnConfig::new("fingerprint"))
|
|
|
|
|
.column(ColumnConfig::new("hint"));
|
2020-11-24 06:19:15 +00:00
|
|
|
|
2020-12-18 11:26:07 +00:00
|
|
|
let return_type = ReturnType::new(false, &KeyInfo::API_SCHEMA);
|
2020-11-24 06:19:15 +00:00
|
|
|
|
2020-12-18 11:26:07 +00:00
|
|
|
format_and_print_result_full(
|
|
|
|
|
&mut serde_json::to_value(info)?,
|
|
|
|
|
&return_type,
|
|
|
|
|
&output_format,
|
|
|
|
|
&options,
|
|
|
|
|
);
|
2020-11-20 16:38:34 +00:00
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-06 09:39:24 +00:00
|
|
|
#[api(
|
|
|
|
|
input: {
|
|
|
|
|
properties: {
|
|
|
|
|
path: {
|
|
|
|
|
description: "Path to the PEM formatted RSA public key.",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
)]
|
|
|
|
|
/// Import an RSA public key used to put an encrypted version of the symmetric backup encryption
|
|
|
|
|
/// key onto the backup server along with each backup.
|
2021-02-05 15:35:26 +00:00
|
|
|
///
|
|
|
|
|
/// The imported key will be used as default master key for future invocations by the same local
|
|
|
|
|
/// user.
|
2020-07-06 09:39:24 +00:00
|
|
|
fn import_master_pubkey(path: String) -> Result<(), Error> {
|
|
|
|
|
let pem_data = file_get_contents(&path)?;
|
|
|
|
|
|
|
|
|
|
if let Err(err) = openssl::pkey::PKey::public_key_from_pem(&pem_data) {
|
|
|
|
|
bail!("Unable to decode PEM data - {}", err);
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-05 15:35:26 +00:00
|
|
|
let target_path = place_default_master_pubkey()?;
|
2020-07-06 09:39:24 +00:00
|
|
|
|
|
|
|
|
replace_file(&target_path, &pem_data, CreateOptions::new())?;
|
|
|
|
|
|
|
|
|
|
println!("Imported public master key to {:?}", target_path);
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[api]
|
|
|
|
|
/// Create an RSA public/private key pair used to put an encrypted version of the symmetric backup
|
|
|
|
|
/// encryption key onto the backup server along with each backup.
|
|
|
|
|
fn create_master_key() -> Result<(), Error> {
|
|
|
|
|
// we need a TTY to query the new password
|
|
|
|
|
if !tty::stdin_isatty() {
|
|
|
|
|
bail!("unable to create master key - no tty");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let rsa = openssl::rsa::Rsa::generate(4096)?;
|
|
|
|
|
let pkey = openssl::pkey::PKey::from_rsa(rsa)?;
|
|
|
|
|
|
|
|
|
|
let password = String::from_utf8(tty::read_and_verify_password("Master Key Password: ")?)?;
|
|
|
|
|
|
|
|
|
|
let pub_key: Vec<u8> = pkey.public_key_to_pem()?;
|
|
|
|
|
let filename_pub = "master-public.pem";
|
|
|
|
|
println!("Writing public master key to {}", filename_pub);
|
|
|
|
|
replace_file(filename_pub, pub_key.as_slice(), CreateOptions::new())?;
|
|
|
|
|
|
|
|
|
|
let cipher = openssl::symm::Cipher::aes_256_cbc();
|
|
|
|
|
let priv_key: Vec<u8> = pkey.private_key_to_pem_pkcs8_passphrase(cipher, password.as_bytes())?;
|
|
|
|
|
|
|
|
|
|
let filename_priv = "master-private.pem";
|
|
|
|
|
println!("Writing private master key to {}", filename_priv);
|
|
|
|
|
replace_file(filename_priv, priv_key.as_slice(), CreateOptions::new())?;
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-28 15:40:12 +00:00
|
|
|
#[api(
|
|
|
|
|
input: {
|
|
|
|
|
properties: {
|
|
|
|
|
path: {
|
|
|
|
|
description: "Key file. Without this the default key's will be used.",
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
|
|
|
|
subject: {
|
|
|
|
|
description: "Include the specified subject as titel text.",
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
2020-09-30 07:58:13 +00:00
|
|
|
"output-format": {
|
|
|
|
|
type: PaperkeyFormat,
|
|
|
|
|
optional: true,
|
|
|
|
|
},
|
2020-09-28 15:40:12 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
)]
|
|
|
|
|
/// Generate a printable, human readable text file containing the encryption key.
|
|
|
|
|
///
|
|
|
|
|
/// This also includes a scanable QR code for fast key restore.
|
2020-09-30 07:58:13 +00:00
|
|
|
fn paper_key(
|
|
|
|
|
path: Option<String>,
|
|
|
|
|
subject: Option<String>,
|
|
|
|
|
output_format: Option<PaperkeyFormat>,
|
|
|
|
|
) -> Result<(), Error> {
|
2020-09-28 15:40:12 +00:00
|
|
|
let path = match path {
|
|
|
|
|
Some(path) => PathBuf::from(path),
|
2021-01-25 13:43:00 +00:00
|
|
|
None => find_default_encryption_key()?
|
|
|
|
|
.ok_or_else(|| format_err!("no encryption file provided and no default file found"))?,
|
2020-09-28 15:40:12 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let data = file_get_contents(&path)?;
|
2020-11-20 16:38:38 +00:00
|
|
|
let data = String::from_utf8(data)?;
|
|
|
|
|
|
2021-01-22 08:38:38 +00:00
|
|
|
generate_paper_key(std::io::stdout(), &data, subject, output_format)
|
2020-09-30 07:58:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn cli() -> CliCommandMap {
|
|
|
|
|
let key_create_cmd_def = CliCommand::new(&API_METHOD_CREATE)
|
|
|
|
|
.arg_param(&["path"])
|
|
|
|
|
.completion_cb("path", tools::complete_file_name);
|
|
|
|
|
|
2020-12-16 13:41:08 +00:00
|
|
|
let key_import_with_master_key_cmd_def = CliCommand::new(&API_METHOD_IMPORT_WITH_MASTER_KEY)
|
|
|
|
|
.arg_param(&["master-keyfile"])
|
|
|
|
|
.completion_cb("master-keyfile", tools::complete_file_name)
|
|
|
|
|
.arg_param(&["encrypted-keyfile"])
|
|
|
|
|
.completion_cb("encrypted-keyfile", tools::complete_file_name)
|
|
|
|
|
.arg_param(&["path"])
|
|
|
|
|
.completion_cb("path", tools::complete_file_name);
|
|
|
|
|
|
2020-09-30 07:58:13 +00:00
|
|
|
let key_change_passphrase_cmd_def = CliCommand::new(&API_METHOD_CHANGE_PASSPHRASE)
|
|
|
|
|
.arg_param(&["path"])
|
|
|
|
|
.completion_cb("path", tools::complete_file_name);
|
|
|
|
|
|
|
|
|
|
let key_create_master_key_cmd_def = CliCommand::new(&API_METHOD_CREATE_MASTER_KEY);
|
|
|
|
|
let key_import_master_pubkey_cmd_def = CliCommand::new(&API_METHOD_IMPORT_MASTER_PUBKEY)
|
|
|
|
|
.arg_param(&["path"])
|
|
|
|
|
.completion_cb("path", tools::complete_file_name);
|
|
|
|
|
|
2020-11-20 16:38:34 +00:00
|
|
|
let key_show_cmd_def = CliCommand::new(&API_METHOD_SHOW_KEY)
|
|
|
|
|
.arg_param(&["path"])
|
|
|
|
|
.completion_cb("path", tools::complete_file_name);
|
|
|
|
|
|
2020-09-30 07:58:13 +00:00
|
|
|
let paper_key_cmd_def = CliCommand::new(&API_METHOD_PAPER_KEY)
|
|
|
|
|
.arg_param(&["path"])
|
|
|
|
|
.completion_cb("path", tools::complete_file_name);
|
|
|
|
|
|
|
|
|
|
CliCommandMap::new()
|
|
|
|
|
.insert("create", key_create_cmd_def)
|
2020-12-16 13:41:08 +00:00
|
|
|
.insert("import-with-master-key", key_import_with_master_key_cmd_def)
|
2020-09-30 07:58:13 +00:00
|
|
|
.insert("create-master-key", key_create_master_key_cmd_def)
|
|
|
|
|
.insert("import-master-pubkey", key_import_master_pubkey_cmd_def)
|
|
|
|
|
.insert("change-passphrase", key_change_passphrase_cmd_def)
|
2020-11-20 16:38:34 +00:00
|
|
|
.insert("show", key_show_cmd_def)
|
2020-10-13 07:44:40 +00:00
|
|
|
.insert("paperkey", paper_key_cmd_def)
|
2020-09-30 07:58:13 +00:00
|
|
|
}
|
