diff options
author | stuebinm | 2021-04-05 02:09:52 +0200 |
---|---|---|
committer | stuebinm | 2021-04-05 02:09:52 +0200 |
commit | d262cc52f8474a8af1d0ab4f4a427222d1148c5a (patch) | |
tree | fb3588989e21a17c9c2d881f749a2f1cc52c720b /utils | |
parent | 8e35eaecbb2baaf9a4043263fc5e054f21aa24c6 (diff) |
utils: switch to asymmetric encryption
Diffstat (limited to 'utils')
-rw-r--r-- | utils/src/main.rs | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/utils/src/main.rs b/utils/src/main.rs index bcd63f6..ff5f86f 100644 --- a/utils/src/main.rs +++ b/utils/src/main.rs @@ -7,6 +7,7 @@ use std::io::Write; use std::path::PathBuf; use structopt::StructOpt; +use secrecy::ExposeSecret; use age::x25519::Recipient; @@ -39,9 +40,9 @@ struct Options { /// a dhall configuration file that describes a survey #[structopt(long, short, parse(from_os_str))] config_file: PathBuf, - /// encrypt the survey with the given password (not yet implemented) + /// encrypt the survey with a passphrase (will be printed to stderr) #[structopt(long, short)] - password: Option<secrecy::Secret<String>>, + encrypt: bool, /// file to write the configuration to (will otherwise print to stdout) #[structopt(long, short)] out_file: Option<PathBuf> @@ -90,13 +91,16 @@ fn main () { let mut encrypted = vec![]; // are we restricting access to the survey? if so, encrypt it with // the password as passphrase. - let outdata = match opt.password { - None => json.as_bytes(), - Some(password) => { - let encryptor = age::Encryptor::with_user_passphrase(password); + let outdata = match opt.encrypt { + false => json.as_bytes(), + true => { + let key = age::x25519::Identity::generate(); + let pubkey = key.to_public(); + let encryptor = age::Encryptor::with_recipients(vec![Box::new(pubkey)]); let mut writer = encryptor.wrap_output(&mut encrypted).unwrap(); writer.write_all(&json.as_bytes()).unwrap(); writer.finish().unwrap(); + eprintln!("Passphrase for this survey: {}", key.to_string().expose_secret()); encrypted.as_slice() } }; |