tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

key: make 'default' master key explicit

Browse Source 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler
2021-02-05 16:35:26 +01:00
committed by Dietmar Maurer
parent 777690a121
commit 05f17d1ec4
2 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/bin/proxmox-backup-client.rs
View File

@ -896,7 +896,7 @@ async fn create_backup(
let crypt_config = CryptConfig::new(key)?; let crypt_config = CryptConfig::new(key)?;
match key::find_master_pubkey()? { match key::find_default_master_pubkey()? {
Some(ref path) if path.exists() => { Some(ref path) if path.exists() => {
let pem_data = file_get_contents(path)?; let pem_data = file_get_contents(path)?;
let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?; let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?;

15
src/bin/proxmox_backup_client/key.rs
View File

@ -34,14 +34,14 @@ use proxmox_backup::{
}; };
pub const DEFAULT_ENCRYPTION_KEY_FILE_NAME: &str = "encryption-key.json"; pub const DEFAULT_ENCRYPTION_KEY_FILE_NAME: &str = "encryption-key.json";
pub const MASTER_PUBKEY_FILE_NAME: &str = "master-public.pem"; pub const DEFAULT_MASTER_PUBKEY_FILE_NAME: &str = "master-public.pem";
pub fn find_master_pubkey() -> Result<Option<PathBuf>, Error> { pub fn find_default_master_pubkey() -> Result<Option<PathBuf>, Error> {
super::find_xdg_file(MASTER_PUBKEY_FILE_NAME, "main public key file") super::find_xdg_file(DEFAULT_MASTER_PUBKEY_FILE_NAME, "default master public key file")
} }
pub fn place_master_pubkey() -> Result<PathBuf, Error> { pub fn place_default_master_pubkey() -> Result<PathBuf, Error> {
super::place_xdg_file(MASTER_PUBKEY_FILE_NAME, "main public key file") super::place_xdg_file(DEFAULT_MASTER_PUBKEY_FILE_NAME, "default master public key file")
} }
pub fn find_default_encryption_key() -> Result<Option<PathBuf>, Error> { pub fn find_default_encryption_key() -> Result<Option<PathBuf>, Error> {
@ -360,6 +360,9 @@ fn show_key(path: Option<String>, param: Value) -> Result<(), Error> {
)] )]
/// Import an RSA public key used to put an encrypted version of the symmetric backup encryption /// Import an RSA public key used to put an encrypted version of the symmetric backup encryption
/// key onto the backup server along with each backup. /// key onto the backup server along with each backup.
///
/// The imported key will be used as default master key for future invocations by the same local
/// user.
fn import_master_pubkey(path: String) -> Result<(), Error> { fn import_master_pubkey(path: String) -> Result<(), Error> {
let pem_data = file_get_contents(&path)?; let pem_data = file_get_contents(&path)?;
@ -367,7 +370,7 @@ fn import_master_pubkey(path: String) -> Result<(), Error> {
bail!("Unable to decode PEM data - {}", err); bail!("Unable to decode PEM data - {}", err);
} }
let target_path = place_master_pubkey()?; let target_path = place_default_master_pubkey()?;
replace_file(&target_path, &pem_data, CreateOptions::new())?; replace_file(&target_path, &pem_data, CreateOptions::new())?;