-
Notifications
You must be signed in to change notification settings - Fork 3
/
key.go
85 lines (69 loc) · 2.08 KB
/
key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package cmd
import (
"crypto/x509"
"encoding/pem"
"fmt"
"github.com/spf13/cobra"
"github.com/capeprivacy/cli/entities"
"github.com/capeprivacy/cli/sdk"
)
var keyCmd = &cobra.Command{
Use: "key",
Short: "Displays the Cape Key (Public Key) which is unqiue to your account. ",
Long: `Displays the Cape Key (Public Key) which is unique to your account.
The key is used by "cape encrypt" to encrypt data. "cape
encrypt" calls "cape key" automatically. The first call to
"cape key" will download the public key from the enclave and
save it. Subsequent calls will display the key from a local
file. The downloaded key is signed by the enclave, and the
signature is verified before the key is saved.
`,
RunE: key,
}
func init() {
rootCmd.AddCommand(keyCmd)
keyCmd.PersistentFlags().StringSliceP("pcr", "p", []string{""}, "pass multiple PCRs to validate against, used while getting key for the first time")
}
func key(cmd *cobra.Command, args []string) error {
pcrSlice, err := cmd.Flags().GetStringSlice("pcr")
if err != nil {
return UserError{Msg: "error retrieving pcr flags", Err: err}
}
keyReq, err := GetKeyRequest(pcrSlice)
if err != nil {
return err
}
capeKey, err := sdk.Key(keyReq)
if err != nil {
return err
}
// The pem file could then be used to encrypt with openssl or elsewhere, independent of Cape...
// ...but NOTE that Cape will only support decryption if envelope encryption is used.
p, err := x509.ParsePKIXPublicKey(capeKey)
if err != nil {
return err
}
m, err := x509.MarshalPKIXPublicKey(p)
if err != nil {
return err
}
fmt.Println(string(pem.EncodeToMemory(&pem.Block{
Type: "PUBLIC KEY",
Bytes: m,
})))
return nil
}
func GetKeyRequest(pcrSlice []string) (sdk.KeyRequest, error) {
t, err := getAuthToken()
if err != nil {
return sdk.KeyRequest{}, err
}
return sdk.KeyRequest{
URL: C.EnclaveHost,
Insecure: C.Insecure,
FunctionAuth: entities.FunctionAuth{Type: entities.AuthenticationTypeUserToken, Token: t},
ConfigDir: C.LocalConfigDir,
CapeKeyFile: C.LocalCapeKeyFileName,
PcrSlice: pcrSlice,
}, nil
}