Skip to content

Commit 7624eac

Browse files
tomcztomcz
committed
add encrypt and decrypt commands for offline usage
1 parent f7b6cb9 commit 7624eac

File tree

2 files changed

+72
-0
lines changed

2 files changed

+72
-0
lines changed

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,8 @@ COMMANDS:
4747
vault-put Upload file to S3 bucket using credentials from vault
4848
vault-get Download file from S3 bucket using credentials from vault
4949
keygen Generate RSA and AES backup keys
50+
encrypt Just encrypt a local file
51+
decrypt Just decrypt a local file
5052
help, h Shows a list of commands or help for one command
5153
5254
GLOBAL OPTIONS:

cmd/s3backup/main.go

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,20 @@ func main() {
8383
Usage: "Generate RSA and AES backup keys",
8484
Subcommands: []*cli.Command{cmdGenAES, cmdGenRSA},
8585
}
86+
cmdEncrypt := &cli.Command{
87+
Name: "encrypt",
88+
Usage: "Just encrypt a local file",
89+
ArgsUsage: "inFile outFile",
90+
Action: encryptLocalFile,
91+
Flags: cipherFlags(),
92+
}
93+
cmdDecrypt := &cli.Command{
94+
Name: "decrypt",
95+
Usage: "Just decrypt a local file",
96+
ArgsUsage: "inFile outFile",
97+
Action: decryptLocalFile,
98+
Flags: cipherFlags(),
99+
}
86100
app := &cli.App{
87101
Name: "s3backup",
88102
Usage: "S3 backup script in a single binary",
@@ -94,6 +108,8 @@ func main() {
94108
cmdVaultPut,
95109
cmdVaultGet,
96110
cmdKeygen,
111+
cmdEncrypt,
112+
cmdDecrypt,
97113
},
98114
}
99115
if err := app.Run(os.Args); err != nil {
@@ -148,6 +164,21 @@ func basicFlags() []cli.Flag {
148164
}
149165
}
150166

167+
func cipherFlags() []cli.Flag {
168+
return []cli.Flag{
169+
&cli.StringFlag{
170+
Name: "symKey",
171+
Usage: "Base64-encoded 256-bit symmetric AES key",
172+
Destination: &symKey,
173+
},
174+
&cli.StringFlag{
175+
Name: "pemKey",
176+
Usage: "Path to PEM-encoded public or private key `FILE`",
177+
Destination: &pemKeyFile,
178+
},
179+
}
180+
}
181+
151182
func vaultFlags() []cli.Flag {
152183
return []cli.Flag{
153184
&cli.StringFlag{
@@ -324,3 +355,42 @@ func genSecretKey(*cli.Context) error {
324355
func genKeyPair(*cli.Context) error {
325356
return crypto.GenerateRSAKeyPair(rsaPrivKey, rsaPubKey)
326357
}
358+
359+
func encryptLocalFile(ctx *cli.Context) error {
360+
cipher, err := createCipher(ctx)
361+
if err != nil {
362+
return err
363+
}
364+
args := ctx.Args()
365+
return cipher.Encrypt(args.Get(0), args.Get(1))
366+
}
367+
368+
func decryptLocalFile(ctx *cli.Context) error {
369+
cipher, err := createCipher(ctx)
370+
if err != nil {
371+
return err
372+
}
373+
args := ctx.Args()
374+
return cipher.Decrypt(args.Get(0), args.Get(1))
375+
}
376+
377+
func createCipher(ctx *cli.Context) (client.Cipher, error) {
378+
if ctx.NArg() != 2 {
379+
return nil, errors.New("in and out files are required")
380+
}
381+
var err error
382+
var cipher client.Cipher
383+
if symKey != "" {
384+
cipher, err = crypto.NewAESCipher(symKey)
385+
}
386+
if pemKeyFile != "" {
387+
cipher, err = crypto.NewRSACipher(pemKeyFile)
388+
}
389+
if err != nil {
390+
return nil, err
391+
}
392+
if cipher == nil {
393+
return nil, errors.New("either one of symKey or pemKey is required")
394+
}
395+
return cipher, nil
396+
}

0 commit comments

Comments
 (0)