Skip to content

Commit

Permalink
feat: Add decryption of non-armored files to age command
Browse files Browse the repository at this point in the history
  • Loading branch information
@twpayne
twpayne committed Sep 10, 2023
1 parent 8cc8a45 commit f15b158
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 10 deletions.
2 changes: 1 addition & 1 deletion assets/chezmoi.io/docs/user-guide/frequently-asked-questions/encryption.md
View file
Expand Up @@ -22,7 +22,7 @@ Generate an age private key encrypted with a passphrase in the file
`key.txt.age` with the command:

```console
$ age-keygen | age --passphrase > key.txt.age
$ age-keygen | age --armor --passphrase > key.txt.age
Public key: age193wd0hfuhtjfsunlq3c83s8m93pde442dkcn7lmj3lspeekm9g7stwutrl
Enter passphrase (leave empty to autogenerate a secure one):
Confirm passphrase:
Expand Down
8 changes: 5 additions & 3 deletions internal/chezmoi/ageencryption.go
View file
Expand Up @@ -102,9 +102,11 @@ func (e *AgeEncryption) builtinDecrypt(ciphertext []byte) ([]byte, error) {
if err != nil {
return nil, err
}
ciphertextReader := bytes.NewReader(ciphertext)
armoredCiphertextReader := armor.NewReader(ciphertextReader)
plaintextReader, err := age.Decrypt(armoredCiphertextReader, identities...)
var ciphertextReader io.Reader = bytes.NewReader(ciphertext)
if bytes.HasPrefix(ciphertext, []byte(armor.Header)) {
ciphertextReader = armor.NewReader(ciphertextReader)
}
plaintextReader, err := age.Decrypt(ciphertextReader, identities...)
if err != nil {
return nil, err
}
Expand Down
8 changes: 5 additions & 3 deletions internal/cmd/agecmd.go
View file
Expand Up @@ -68,14 +68,16 @@ func (c *Config) runAgeDecryptCmd(cmd *cobra.Command, args []string) error {
return errors.New("only passphrase encryption is supported")
}
decrypt := func(ciphertext []byte) ([]byte, error) {
ciphertextReader := bytes.NewReader(ciphertext)
armoredCiphertextReader := armor.NewReader(ciphertextReader)
var ciphertextReader io.Reader = bytes.NewReader(ciphertext)
if bytes.HasPrefix(ciphertext, []byte(armor.Header)) {
ciphertextReader = armor.NewReader(ciphertextReader)
}
identity := &LazyScryptIdentity{
Passphrase: func() (string, error) {
return c.readPassword("Enter passphrase: ")
},
}
plaintextReader, err := age.Decrypt(armoredCiphertextReader, identity)
plaintextReader, err := age.Decrypt(ciphertextReader, identity)
if err != nil {
return nil, err
}
Expand Down
4 changes: 1 addition & 3 deletions internal/cmd/testdata/scripts/age.txtar
View file
Expand Up @@ -3,7 +3,7 @@ stdin $HOME/passphrases
exec chezmoi age encrypt --output $HOME${/}secret.txt.age --passphrase --no-tty $HOME${/}secret.txt
grep '-----BEGIN AGE ENCRYPTED FILE----' $HOME/secret.txt.age

# test that chezmoi decrypt decrypts a file with a passphrase
# test that chezmoi age decrypt decrypts a file with a passphrase
stdin $HOME/passphrase
exec chezmoi age decrypt --output $HOME${/}secret.txt.decrypted --passphrase --no-tty $HOME${/}secret.txt.age
cmp $HOME/secret.txt.decrypted $HOME/secret.txt
Expand All @@ -13,7 +13,5 @@ passphrase
-- home/user/passphrases --
passphrase
passphrase
-- home/user/plaintext.txt --
plaintext
-- home/user/secret.txt --
secret

0 comments on commit f15b158

Please sign in to comment.