summaryrefslogtreecommitdiff
path: root/utils
diff options
context:
space:
mode:
authorstuebinm2021-04-05 02:09:52 +0200
committerstuebinm2021-04-05 02:09:52 +0200
commitd262cc52f8474a8af1d0ab4f4a427222d1148c5a (patch)
treefb3588989e21a17c9c2d881f749a2f1cc52c720b /utils
parent8e35eaecbb2baaf9a4043263fc5e054f21aa24c6 (diff)
utils: switch to asymmetric encryption
Diffstat (limited to 'utils')
-rw-r--r--utils/src/main.rs16
1 files changed, 10 insertions, 6 deletions
diff --git a/utils/src/main.rs b/utils/src/main.rs
index bcd63f6..ff5f86f 100644
--- a/utils/src/main.rs
+++ b/utils/src/main.rs
@@ -7,6 +7,7 @@ use std::io::Write;
use std::path::PathBuf;
use structopt::StructOpt;
+use secrecy::ExposeSecret;
use age::x25519::Recipient;
@@ -39,9 +40,9 @@ struct Options {
/// a dhall configuration file that describes a survey
#[structopt(long, short, parse(from_os_str))]
config_file: PathBuf,
- /// encrypt the survey with the given password (not yet implemented)
+ /// encrypt the survey with a passphrase (will be printed to stderr)
#[structopt(long, short)]
- password: Option<secrecy::Secret<String>>,
+ encrypt: bool,
/// file to write the configuration to (will otherwise print to stdout)
#[structopt(long, short)]
out_file: Option<PathBuf>
@@ -90,13 +91,16 @@ fn main () {
let mut encrypted = vec![];
// are we restricting access to the survey? if so, encrypt it with
// the password as passphrase.
- let outdata = match opt.password {
- None => json.as_bytes(),
- Some(password) => {
- let encryptor = age::Encryptor::with_user_passphrase(password);
+ let outdata = match opt.encrypt {
+ false => json.as_bytes(),
+ true => {
+ let key = age::x25519::Identity::generate();
+ let pubkey = key.to_public();
+ let encryptor = age::Encryptor::with_recipients(vec![Box::new(pubkey)]);
let mut writer = encryptor.wrap_output(&mut encrypted).unwrap();
writer.write_all(&json.as_bytes()).unwrap();
writer.finish().unwrap();
+ eprintln!("Passphrase for this survey: {}", key.to_string().expose_secret());
encrypted.as_slice()
}
};