From 5729bad5b23bc7fbfa7a2d19a8adfc2e34c74e82 Mon Sep 17 00:00:00 2001 From: George Angel Date: Wed, 24 Jul 2024 21:31:10 +1000 Subject: [PATCH 1/2] Use the provided ParseRecipient func Less code and accurately handles comments. Also fail gracefully if the .strongbox_idenitity file doesn't exist, we can just copy over ciphertext quietly. --- age.go | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/age.go b/age.go index 32e6bca..d815af7 100644 --- a/age.go +++ b/age.go @@ -42,24 +42,12 @@ func ageGenIdentity(desc string) { } func ageFileToRecipient(filename string) ([]age.Recipient, error) { - var recipients []age.Recipient - publicKeys, err := os.ReadFile(filename) + file, err := os.Open(filename) if err != nil { return nil, err } - lines := bytes.Split(publicKeys, []byte("\n")) - for _, line := range lines { - line = bytes.TrimSpace(line) - if len(line) == 0 { - continue - } - recipient, err := age.ParseX25519Recipient(string(line)) - if err != nil { - return nil, err - } - recipients = append(recipients, recipient) - } - return recipients, nil + defer file.Close() + return age.ParseRecipients(file) } func ageEncrypt(w io.Writer, r []age.Recipient, in []byte, f string) { @@ -96,7 +84,11 @@ func ageEncrypt(w io.Writer, r []age.Recipient, in []byte, f string) { func ageDecrypt(w io.Writer, in []byte) { identityFile, err := os.Open(*flagIdentityFile) if err != nil { - log.Fatalf("Failed to open private keys file: %v", err) + // identity file doesn't exist, copy as is and return + if _, err = io.Copy(w, bytes.NewReader(in)); err != nil { + log.Println(err) + } + return } defer identityFile.Close() identities, err := age.ParseIdentities(identityFile) From f44570d970bb6edb53010ffc7aa08e7819aca69a Mon Sep 17 00:00:00 2001 From: George Angel Date: Thu, 25 Jul 2024 13:42:03 +1000 Subject: [PATCH 2/2] More defensive age decrypt Err on the side of "copy ciphertext on error" rather then exiting. --- age.go | 8 ++++++-- go.mod | 4 ++-- go.sum | 10 ++++++---- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/age.go b/age.go index d815af7..6704f4a 100644 --- a/age.go +++ b/age.go @@ -93,12 +93,16 @@ func ageDecrypt(w io.Writer, in []byte) { defer identityFile.Close() identities, err := age.ParseIdentities(identityFile) if err != nil { - log.Fatalf("Failed to parse private key: %v", err) + // could not parse identity file, copy as is and return + if _, err = io.Copy(w, bytes.NewReader(in)); err != nil { + log.Println(err) + } + return } armorReader := armor.NewReader(bytes.NewReader(in)) ar, err := age.Decrypt(armorReader, identities...) if err != nil { - // Couldn't find the key, just copy as is and return + // couldn't find the key, copy as is and return if _, err = io.Copy(w, bytes.NewReader(in)); err != nil { log.Println(err) } diff --git a/go.mod b/go.mod index 10dbc8a..a12b3ba 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require filippo.io/age v1.2.0 require ( github.com/davecgh/go-spew v1.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/crypto v0.24.0 // indirect - golang.org/x/sys v0.21.0 // indirect + golang.org/x/crypto v0.25.0 // indirect + golang.org/x/sys v0.22.0 // indirect gopkg.in/yaml.v3 v3.0.0 // indirect ) diff --git a/go.sum b/go.sum index b09ebc7..1afcb7d 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805 h1:u2qwJeEvnypw+OCPUHmoZE3IqwfuN5kgDfo5MLzpNM0= +c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805/go.mod h1:FomMrUJ2Lxt5jCLmZkG3FHa72zUprnhd3v/Z18Snm4w= filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE= filippo.io/age v1.2.0/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= @@ -17,12 +19,12 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=