paperkey: allow RSA keys without passphrase
some users might want to store the plain version of their master key for long-term storage and rely on physical security instead of a passphrase to protect the paper key. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
bd768c3320
commit
5dae81d199
@ -30,8 +30,16 @@ pub fn generate_paper_key<W: Write>(
|
|||||||
subject: Option<String>,
|
subject: Option<String>,
|
||||||
output_format: Option<PaperkeyFormat>,
|
output_format: Option<PaperkeyFormat>,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
|
let (data, is_master_key) = if data.starts_with("-----BEGIN ENCRYPTED PRIVATE KEY-----\n")
|
||||||
|
|| data.starts_with("-----BEGIN RSA PRIVATE KEY-----\n")
|
||||||
|
{
|
||||||
|
let data = data.trim_end();
|
||||||
|
if !(data.ends_with("\n-----END ENCRYPTED PRIVATE KEY-----")
|
||||||
|
|| data.ends_with("\n-----END RSA PRIVATE KEY-----"))
|
||||||
|
{
|
||||||
|
bail!("unexpected key format");
|
||||||
|
}
|
||||||
|
|
||||||
let (data, is_private_key) = if data.starts_with("-----BEGIN ENCRYPTED PRIVATE KEY-----\n") {
|
|
||||||
let lines: Vec<String> = data
|
let lines: Vec<String> = data
|
||||||
.lines()
|
.lines()
|
||||||
.map(|s| s.trim_end())
|
.map(|s| s.trim_end())
|
||||||
@ -39,10 +47,6 @@ pub fn generate_paper_key<W: Write>(
|
|||||||
.map(String::from)
|
.map(String::from)
|
||||||
.collect();
|
.collect();
|
||||||
|
|
||||||
if !lines[lines.len()-1].starts_with("-----END ENCRYPTED PRIVATE KEY-----") {
|
|
||||||
bail!("unexpected key format");
|
|
||||||
}
|
|
||||||
|
|
||||||
if lines.len() < 20 {
|
if lines.len() < 20 {
|
||||||
bail!("unexpected key format");
|
bail!("unexpected key format");
|
||||||
}
|
}
|
||||||
@ -68,8 +72,8 @@ pub fn generate_paper_key<W: Write>(
|
|||||||
let format = output_format.unwrap_or(PaperkeyFormat::Html);
|
let format = output_format.unwrap_or(PaperkeyFormat::Html);
|
||||||
|
|
||||||
match format {
|
match format {
|
||||||
PaperkeyFormat::Html => paperkey_html(output, &data, subject, is_private_key),
|
PaperkeyFormat::Html => paperkey_html(output, &data, subject, is_master_key),
|
||||||
PaperkeyFormat::Text => paperkey_text(output, &data, subject, is_private_key),
|
PaperkeyFormat::Text => paperkey_text(output, &data, subject, is_master_key),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -77,7 +81,7 @@ fn paperkey_html<W: Write>(
|
|||||||
mut output: W,
|
mut output: W,
|
||||||
lines: &[String],
|
lines: &[String],
|
||||||
subject: Option<String>,
|
subject: Option<String>,
|
||||||
is_private: bool,
|
is_master: bool,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
|
|
||||||
let img_size_pt = 500;
|
let img_size_pt = 500;
|
||||||
@ -107,7 +111,7 @@ fn paperkey_html<W: Write>(
|
|||||||
writeln!(output, "<p>Subject: {}</p>", subject)?;
|
writeln!(output, "<p>Subject: {}</p>", subject)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
if is_private {
|
if is_master {
|
||||||
const BLOCK_SIZE: usize = 20;
|
const BLOCK_SIZE: usize = 20;
|
||||||
let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
|
let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user