From d262cc52f8474a8af1d0ab4f4a427222d1148c5a Mon Sep 17 00:00:00 2001 From: stuebinm Date: Mon, 5 Apr 2021 02:09:52 +0200 Subject: utils: switch to asymmetric encryption --- utils/src/main.rs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'utils/src') diff --git a/utils/src/main.rs b/utils/src/main.rs index bcd63f6..ff5f86f 100644 --- a/utils/src/main.rs +++ b/utils/src/main.rs @@ -7,6 +7,7 @@ use std::io::Write; use std::path::PathBuf; use structopt::StructOpt; +use secrecy::ExposeSecret; use age::x25519::Recipient; @@ -39,9 +40,9 @@ struct Options { /// a dhall configuration file that describes a survey #[structopt(long, short, parse(from_os_str))] config_file: PathBuf, - /// encrypt the survey with the given password (not yet implemented) + /// encrypt the survey with a passphrase (will be printed to stderr) #[structopt(long, short)] - password: Option>, + encrypt: bool, /// file to write the configuration to (will otherwise print to stdout) #[structopt(long, short)] out_file: Option @@ -90,13 +91,16 @@ fn main () { let mut encrypted = vec![]; // are we restricting access to the survey? if so, encrypt it with // the password as passphrase. - let outdata = match opt.password { - None => json.as_bytes(), - Some(password) => { - let encryptor = age::Encryptor::with_user_passphrase(password); + let outdata = match opt.encrypt { + false => json.as_bytes(), + true => { + let key = age::x25519::Identity::generate(); + let pubkey = key.to_public(); + let encryptor = age::Encryptor::with_recipients(vec![Box::new(pubkey)]); let mut writer = encryptor.wrap_output(&mut encrypted).unwrap(); writer.write_all(&json.as_bytes()).unwrap(); writer.finish().unwrap(); + eprintln!("Passphrase for this survey: {}", key.to_string().expose_secret()); encrypted.as_slice() } }; -- cgit v1.2.3