feat: Add support for password-protected age keys

This commit is contained in:
Felicitas Pojtinger
2021-12-04 00:27:24 +01:00
parent cc72f880b4
commit 5ee9ddf325

View File

@@ -284,6 +284,25 @@ func decryptString(
) (string, error) {
switch encryptionFormat {
case encryptionFormatAgeKey:
if password != "" {
passwordIdentity, err := age.NewScryptIdentity(password)
if err != nil {
return "", err
}
r, err := age.Decrypt(bytes.NewBuffer(privkey), passwordIdentity)
if err != nil {
return "", err
}
out := &bytes.Buffer{}
if _, err := io.Copy(out, r); err != nil {
return "", err
}
privkey = out.Bytes()
}
identity, err := age.ParseX25519Identity(string(privkey))
if err != nil {
return "", err
@@ -356,6 +375,25 @@ func decrypt(
) (io.ReadCloser, error) {
switch encryptionFormat {
case encryptionFormatAgeKey:
if password != "" {
passwordIdentity, err := age.NewScryptIdentity(password)
if err != nil {
return nil, err
}
r, err := age.Decrypt(bytes.NewBuffer(privkey), passwordIdentity)
if err != nil {
return nil, err
}
out := &bytes.Buffer{}
if _, err := io.Copy(out, r); err != nil {
return nil, err
}
privkey = out.Bytes()
}
identity, err := age.ParseX25519Identity(string(privkey))
if err != nil {
return nil, err