Skip to content

Commit

Permalink
Merge pull request #119 from neicnordic/feature/env-var-password
Browse files Browse the repository at this point in the history
add C4GH_PASSPHRASE  as an option
  • Loading branch information
blankdots authored Feb 22, 2024
2 parents 2a587c8 + 16f7437 commit 0a32f4c
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 7 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ crypt4gh [generate | encrypt | decrypt | reencrypt] <args>
Environment variables:
C4GH_SECRET_KEY If defined, it will be used as the secret key file if parameter not set parameter not set
C4GH_PASSPHRASE If defined it will be used as the default password for decoding the secret key
```

### Examples
Expand Down
29 changes: 23 additions & 6 deletions internal/cli/cli.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,18 @@ func readPrivateKey(fileName string) (privateKey [chacha20poly1305.KeySize]byte,
return
}
privateKey, err = keys.ReadPrivateKey(secretKeyFile, nil)
// nolint:nestif
if err != nil {
var password string
password, err = passwordPrompt("Enter the passphrase to unlock the key:")
if err != nil {
return
password, isPasswordSet := os.LookupEnv("C4GH_PASSPHRASE")

if !isPasswordSet {
password, err = passwordPrompt("Enter the passphrase to unlock the key:")
if err != nil {
return
}
} else {
fmt.Println(aurora.Yellow("Warning: Using a passphrase in an environment variable is considered insecure."))
}
err = secretKeyFile.Close()
if err != nil {
Expand All @@ -93,7 +100,7 @@ func readPrivateKey(fileName string) (privateKey [chacha20poly1305.KeySize]byte,
secretKeyFile, _ = os.Open(fileName)
privateKey, err = keys.ReadPrivateKey(secretKeyFile, []byte(password))
if err != nil {
return privateKey, errors.New("Bad passphrase")
return privateKey, errors.New("bad passphrase")
}
err = secretKeyFile.Close()
if err != nil {
Expand Down Expand Up @@ -193,8 +200,9 @@ func GenerateHelpMessage() string {
reencryptUsage = strings.Replace(reencryptUsage, applicationOptions, " "+reencrypt, 1)

env := "\n Environment variables:\n\n C4GH_SECRET_KEY\tIf defined, it will be used as the secret key file if parameter not set"
c4ghEnv := "\n C4GH_PASSPHRASE\tIf defined it will be used as the default password for decoding the secret key"

return header + generateUsage + encryptUsage + decryptUsage + reencryptUsage + env
return header + generateUsage + encryptUsage + decryptUsage + reencryptUsage + env + c4ghEnv
}

func GenerateKeys() bool {
Expand All @@ -217,7 +225,16 @@ func GenerateKeys() bool {
return true
}
}
err = writeKeyPair(generateOptions.Name, publicKey, privateKey, generateOptions.Format, generateOptions.Password)
var password string
password, isPasswordSet := os.LookupEnv("C4GH_PASSPHRASE")

if !isPasswordSet {
password = generateOptions.Password
} else {
fmt.Println(aurora.Yellow("Warning: Using a passphrase in an environment variable is considered insecure."))
}

err = writeKeyPair(generateOptions.Name, publicKey, privateKey, generateOptions.Format, password)
if err != nil {
fmt.Println(aurora.Red(err))

Expand Down
2 changes: 1 addition & 1 deletion internal/version/version.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
)

// The version in the current branch
var Version = "1.8.11"
var Version = "1.9.0"

// If this is "" (empty string) then it means that it is a final release.
// Otherwise, this is a pre-release e.g. "dev", "beta", "rc1", etc.
Expand Down

0 comments on commit 0a32f4c

Please sign in to comment.