github.com/tommi2day/gomodules@v1.13.2-0.20240423190010-b7d55d252a27/pwlib/openssl.go (about) 1 package pwlib 2 3 import ( 4 "crypto/rand" 5 "encoding/base64" 6 "os" 7 8 openssl "github.com/Luzifer/go-openssl/v4" 9 log "github.com/sirupsen/logrus" 10 ) 11 12 // PrivateDecryptFileSSL Decrypt a file with private key with openssl API 13 func PrivateDecryptFileSSL(cryptedFile string, privateKeyFile string, keyPass string, sessionPassFile string) (content string, err error) { 14 log.Debugf("decrypt %s with private key %s in OpenSSL format", cryptedFile, privateKeyFile) 15 cryptedkey := "" 16 var data []byte 17 //nolint gosec 18 crypted, err := os.ReadFile(cryptedFile) 19 if err != nil { 20 log.Debugf("Cannot Read file '%s': %s", cryptedFile, err) 21 return 22 } 23 if len(sessionPassFile) > 0 { 24 //nolint gosec 25 data, err = os.ReadFile(sessionPassFile) 26 if err != nil { 27 log.Debugf("Cannot Read file '%s': %s", sessionPassFile, err) 28 return 29 } 30 cryptedkey = string(data) 31 } 32 /* 33 else { 34 // generate session key from crypted file 35 } 36 */ 37 if err != nil { 38 log.Debugf("Cannot Read file '%s': %s", sessionPassFile, err) 39 return 40 } 41 sessionKey, err := PrivateDecryptString(cryptedkey, privateKeyFile, keyPass) 42 if err != nil { 43 log.Debugf("Cannot decrypt Session Key from '%s': %s", sessionPassFile, err) 44 return 45 } 46 // OPENSSL enc -d -aes-256-cbc -md sha256 -base64 -in $SOURCE -pass pass:$PASSPHRASE 47 o := openssl.New() 48 decoded, err := o.DecryptBytes(sessionKey, crypted, SSLDigest) 49 if err != nil { 50 log.Debugf("Cannot decrypt data from '%s': %s", cryptedFile, err) 51 return 52 } 53 content = string(decoded) 54 return 55 } 56 57 // PubEncryptFileSSL encrypts a file with public key with openssl API 58 func PubEncryptFileSSL(plainFile string, targetFile string, publicKeyFile string, sessionPassFile string) (err error) { 59 const rb = 16 60 log.Debugf("Encrypt %s with public key %s in OpenSSL format", plainFile, publicKeyFile) 61 if err != nil { 62 return 63 } 64 random := make([]byte, rb) 65 _, err = rand.Read(random) 66 if err != nil { 67 log.Debugf("Cannot generate session key:%s", err) 68 return 69 } 70 sessionKey := base64.StdEncoding.EncodeToString(random) 71 crypted, err := PublicEncryptString(sessionKey, publicKeyFile) 72 if err != nil { 73 log.Errorf("Encrypting Keyfile failed: %v", err) 74 } 75 76 if len(sessionPassFile) > 0 { 77 //nolint gosec 78 err = os.WriteFile(sessionPassFile, []byte(crypted), 0644) 79 if err != nil { 80 log.Errorf("Cannot write session Key file %s:%v", sessionPassFile, err) 81 } 82 } 83 84 //nolint gosec 85 plaindata, err := os.ReadFile(plainFile) 86 if err != nil { 87 log.Debugf("Cannot read plaintext file %s:%s", plainFile, err) 88 return 89 } 90 91 o := openssl.New() 92 // openssl enc -e -aes-256-cbc -md sha246 -base64 -in $SOURCE -out $TARGET -pass pass:$PASSPHRASE 93 encrypted, err := o.EncryptBytes(sessionKey, plaindata, SSLDigest) 94 if err != nil { 95 log.Errorf("cannot encrypt plaintext file %s:%s", plainFile, err) 96 return 97 } 98 99 /*if len(sessionPassFile) == 0 { 100 // include session key in crypted file 101 }*/ 102 103 // write crypted output file 104 //nolint gosec 105 err = os.WriteFile(targetFile, encrypted, 0644) 106 if err != nil { 107 log.Errorf("Cannot write: %s", err.Error()) 108 return 109 } 110 return 111 }