client: add 'import-with-master-key' command

to import an encrypted encryption key using a master key. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-12-16 14:41:08 +01:00
parent 8acfd15d6e
commit 7137630d43
3 changed files with 107 additions and 8 deletions
--- a/src/backup/key_derivation.rs
+++ b/src/backup/key_derivation.rs
@ -259,3 +259,15 @@ pub fn rsa_encrypt_key_config(
    }
    Ok(buffer)
 }
+
+pub fn rsa_decrypt_key_config(
+    rsa: openssl::rsa::Rsa<openssl::pkey::Private>,
+    key: &[u8],
+    passphrase: &dyn Fn() -> Result<Vec<u8>, Error>,
+) -> Result<([u8; 32], i64, Fingerprint), Error> {
+    let mut buffer = vec![0u8; rsa.size() as usize];
+    let decrypted = rsa
+        .private_decrypt(key, &mut buffer, openssl::rsa::Padding::PKCS1)
+        .map_err(|err| format_err!("failed to decrypt KeyConfig using RSA - {}", err))?;
+    decrypt_key(&mut buffer[..decrypted], passphrase)
+}