support for encryption
This commit is contained in:
Pierre Carrier
25
README.md
25
README.md
@ -25,7 +25,7 @@ Usage
|
|||||||
|
|
||||||
- Run `gauth`. The progress bar indicates how far the next change is.
|
- Run `gauth`. The progress bar indicates how far the next change is.
|
||||||
|
|
||||||
~$ gauth
|
$ gauth
|
||||||
prev curr next
|
prev curr next
|
||||||
AWS 315306 135387 483601
|
AWS 315306 135387 483601
|
||||||
Airbnb 563728 339206 904549
|
Airbnb 563728 339206 904549
|
||||||
@ -33,8 +33,31 @@ Usage
|
|||||||
Github 911264 548790 784099
|
Github 911264 548790 784099
|
||||||
[======= ]
|
[======= ]
|
||||||
|
|
||||||
|
- `gauth` is convenient to use in `watch`.
|
||||||
|
|
||||||
|
$ watch -n1 gauth
|
||||||
|
|
||||||
- Remember to keep your system clock synchronized and to **lock your computer when brewing your tea!**
|
- Remember to keep your system clock synchronized and to **lock your computer when brewing your tea!**
|
||||||
|
|
||||||
|
Encryption
|
||||||
|
----------
|
||||||
|
|
||||||
|
`gauth` supports password-based encryption of `gauth.csv`. To encrypt, use:
|
||||||
|
|
||||||
|
$ openssl enc -aes-128-cbc -md sha256 -in gauth.csv -out ~/.config/gauth.csv
|
||||||
|
enter aes-128-cbc encryption password:
|
||||||
|
Verifying - enter aes-128-cbc encryption password:
|
||||||
|
|
||||||
|
`gauth` will then prompt you for that password on every run:
|
||||||
|
|
||||||
|
$ gauth
|
||||||
|
Encryption password:
|
||||||
|
prev curr next
|
||||||
|
LastPass 915200 479333 408710
|
||||||
|
|
||||||
|
Note that this encryption mechanism is far from ideal from a pure security standpoint.
|
||||||
|
Please read [OpenSSL's notes on the subject](http://www.openssl.org/docs/crypto/EVP_BytesToKey.html#NOTES).
|
||||||
|
|
||||||
Compatibility
|
Compatibility
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
|
|||||||
33
gauth.go
33
gauth.go
@ -2,8 +2,12 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"code.google.com/p/gopass"
|
||||||
|
"crypto/aes"
|
||||||
|
"crypto/cipher"
|
||||||
"crypto/hmac"
|
"crypto/hmac"
|
||||||
"crypto/sha1"
|
"crypto/sha1"
|
||||||
|
"crypto/sha256"
|
||||||
"encoding/base32"
|
"encoding/base32"
|
||||||
"encoding/csv"
|
"encoding/csv"
|
||||||
"fmt"
|
"fmt"
|
||||||
@ -77,6 +81,35 @@ func main() {
|
|||||||
log.Fatal(e)
|
log.Fatal(e)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Support for 'openssl enc -aes-128-cbc -md sha256 -pass pass:'
|
||||||
|
if bytes.Compare(cfgContent[:8], []byte{0x53, 0x61, 0x6c, 0x74, 0x65, 0x64, 0x5f, 0x5f}) == 0 {
|
||||||
|
passwd, e := gopass.GetPass("Encryption password: ")
|
||||||
|
if e != nil {
|
||||||
|
log.Fatal(e)
|
||||||
|
}
|
||||||
|
salt := cfgContent[8:16]
|
||||||
|
rest := cfgContent[16:]
|
||||||
|
salting := sha256.New()
|
||||||
|
salting.Write([]byte(passwd))
|
||||||
|
salting.Write(salt)
|
||||||
|
sum := salting.Sum(nil)
|
||||||
|
key := sum[:16]
|
||||||
|
iv := sum[16:]
|
||||||
|
block, e := aes.NewCipher(key)
|
||||||
|
if e != nil {
|
||||||
|
log.Fatal(e)
|
||||||
|
}
|
||||||
|
|
||||||
|
mode := cipher.NewCBCDecrypter(block, iv)
|
||||||
|
mode.CryptBlocks(rest, rest)
|
||||||
|
// Remove padding
|
||||||
|
i := len(rest)
|
||||||
|
for rest[i] < 16 {
|
||||||
|
i--
|
||||||
|
}
|
||||||
|
cfgContent = rest[:i]
|
||||||
|
}
|
||||||
|
|
||||||
cfgReader := csv.NewReader(bytes.NewReader(cfgContent))
|
cfgReader := csv.NewReader(bytes.NewReader(cfgContent))
|
||||||
// Unix-style tabular
|
// Unix-style tabular
|
||||||
cfgReader.Comma = ':'
|
cfgReader.Comma = ':'
|
||||||
|
|||||||
Reference in New Issue
Block a user