fd
diff --git a/‎cmd/sec/config.go
Lines changed: 30 additions & 0 deletions b/‎cmd/sec/config.go
Lines changed: 30 additions & 0 deletions
diff --git a/‎cmd/sec/dec.go
Lines changed: 30 additions & 0 deletions b/‎cmd/sec/dec.go
Lines changed: 30 additions & 0 deletions
diff --git a/‎cmd/sec/enc.go
Lines changed: 35 additions & 0 deletions b/‎cmd/sec/enc.go
Lines changed: 35 additions & 0 deletions
diff --git a/‎cmd/sec/init.go
Lines changed: 37 additions & 0 deletions b/‎cmd/sec/init.go
Lines changed: 37 additions & 0 deletions
diff --git a/‎cmd/sec/main.go
Lines changed: 69 additions & 0 deletions b/‎cmd/sec/main.go
Lines changed: 69 additions & 0 deletions
diff --git a/‎cmd/sec/receiver_add.go
Lines changed: 46 additions & 0 deletions b/‎cmd/sec/receiver_add.go
Lines changed: 46 additions & 0 deletions
diff --git a/‎cmd/sec/receiver_remove.go
Lines changed: 29 additions & 0 deletions b/‎cmd/sec/receiver_remove.go
Lines changed: 29 additions & 0 deletions
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"text/tabwriter"
+
+	"gopkg.in/alecthomas/kingpin.v2"
+)
+
+func config(app *kingpin.Application, configFile string) {
+	data, err := ioutil.ReadFile(configFile)
+	app.FatalIfError(err, "sec")
+
+	var conf Config
+	err = json.Unmarshal(data, &conf)
+	app.FatalIfError(err, "sec")
+
+	w := tabwriter.NewWriter(os.Stdout, 8, 8, 2, ' ', 0)
+	defer w.Flush()
+
+	fmt.Fprintf(w, "%s\t%s\n", "master", conf.MasterKey)
+	w.Flush()
+
+	for name, key := range conf.ReceiverKeys {
+		fmt.Fprintf(w, "%s\t%s\t%s\n", "receiver", name, key)
+	}
+}
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"bytes"
+	"errors"
+	"io"
+	"io/ioutil"
+	"os"
+	"strings"
+
+	"github.com/fd/sec-utils/pkg/box"
+	"gopkg.in/alecthomas/kingpin.v2"
+)
+
+func dec(app *kingpin.Application, creds string) {
+	keys := strings.SplitN(creds, ":", 2)
+	if len(keys) != 2 {
+		err := errors.New("invalid credentials")
+		app.FatalIfError(err, "sec")
+	}
+
+	data, err := ioutil.ReadAll(os.Stdin)
+	app.FatalIfError(err, "sec")
+
+	decdata, err := box.Open(data, keys[0], keys[1])
+	app.FatalIfError(err, "sec")
+
+	_, err = io.Copy(os.Stdout, bytes.NewReader(decdata))
+	app.FatalIfError(err, "sec")
+}
@@ -0,0 +1,35 @@
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"os"
+
+	"github.com/fd/sec-utils/pkg/box"
+	"gopkg.in/alecthomas/kingpin.v2"
+)
+
+func enc(app *kingpin.Application, configFile string) {
+	data, err := ioutil.ReadFile(configFile)
+	app.FatalIfError(err, "sec")
+
+	var conf Config
+	err = json.Unmarshal(data, &conf)
+	app.FatalIfError(err, "sec")
+
+	var rKeys []string
+	for _, k := range conf.ReceiverKeys {
+		rKeys = append(rKeys, k)
+	}
+
+	data, err = ioutil.ReadAll(os.Stdin)
+	app.FatalIfError(err, "sec")
+
+	encdata, err := box.Seal(data, conf.MasterKey, rKeys)
+	app.FatalIfError(err, "sec")
+
+	_, err = io.Copy(os.Stdout, bytes.NewReader(encdata))
+	app.FatalIfError(err, "sec")
+}
@@ -0,0 +1,37 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/fd/sec-utils/pkg/box"
+	"gopkg.in/alecthomas/kingpin.v2"
+)
+
+func doInit(app *kingpin.Application, configFile string) {
+	if _, err := os.Stat(configFile); !os.IsNotExist(err) {
+		err := fmt.Errorf("config file already exists")
+		app.FatalIfError(err, "sec")
+	}
+
+	m, err := box.GenerateKey()
+	app.FatalIfError(err, "sec")
+
+	conf := &Config{
+		MasterKey:    m,
+		ReceiverKeys: map[string]string{},
+	}
+
+	data, err := json.MarshalIndent(&conf, "", "  ")
+	app.FatalIfError(err, "sec")
+
+	err = ioutil.WriteFile(configFile, data, 0600)
+	app.FatalIfError(err, "sec")
+}
+
+type Config struct {
+	MasterKey    string
+	ReceiverKeys map[string]string
+}
@@ -0,0 +1,69 @@
+package main
+
+import (
+	"os"
+
+	"gopkg.in/alecthomas/kingpin.v2"
+	"limbo.services/version"
+)
+
+func main() {
+	var (
+		configFile   string
+		receiverName string
+		receiverKey  string
+	)
+
+	app := kingpin.New("sec", "Simple secure data").
+		Version(version.Get().String()).
+		Author(version.Get().ReleasedBy)
+
+	initCmd := app.Command("init", "Initialize a config file")
+	initCmd.Flag("config", "path to the config file").Short('c').
+		Default("./sec-config.json").PlaceHolder("FILE").Envar("SEC_CONFIG").
+		StringVar(&configFile)
+
+	configCmd := app.Command("config", "Show the content of a config file")
+	configCmd.Flag("config", "path to the config file").Short('c').
+		Default("./sec-config.json").PlaceHolder("FILE").Envar("SEC_CONFIG").
+		ExistingFileVar(&configFile)
+
+	receiverAddCmd := app.Command("receiver-add", "Register a new receiver")
+	receiverAddCmd.Arg("name", "name of the receiver").Required().
+		StringVar(&receiverName)
+	receiverAddCmd.Flag("config", "path to the config file").Short('c').
+		Default("./sec-config.json").PlaceHolder("FILE").Envar("SEC_CONFIG").
+		ExistingFileVar(&configFile)
+
+	receiverRemoveCmd := app.Command("receiver-remove", "Remove a receiver")
+	receiverRemoveCmd.Arg("name", "name of the receiver").Required().
+		StringVar(&receiverName)
+	receiverRemoveCmd.Flag("config", "path to the config file").Short('c').
+		Default("./sec-config.json").PlaceHolder("FILE").Envar("SEC_CONFIG").
+		ExistingFileVar(&configFile)
+
+	encCmd := app.Command("enc", "Encrypt data from STDIN")
+	encCmd.Flag("config", "path to the config file").Short('c').
+		Default("./sec-config.json").PlaceHolder("FILE").Envar("SEC_CONFIG").
+		ExistingFileVar(&configFile)
+
+	decCmd := app.Command("dec", "Decrypt data from STDIN")
+	decCmd.Flag("key", "receiver key").Short('k').
+		PlaceHolder("KEY").Envar("SEC_KEY").
+		Required().StringVar(&receiverKey)
+
+	switch kingpin.MustParse(app.Parse(os.Args[1:])) {
+	case initCmd.FullCommand():
+		doInit(app, configFile)
+	case configCmd.FullCommand():
+		config(app, configFile)
+	case receiverAddCmd.FullCommand():
+		receiverAdd(app, configFile, receiverName)
+	case receiverRemoveCmd.FullCommand():
+		receiverRemove(app, configFile, receiverName)
+	case encCmd.FullCommand():
+		enc(app, configFile)
+	case decCmd.FullCommand():
+		dec(app, receiverKey)
+	}
+}
@@ -0,0 +1,46 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+
+	"github.com/fd/sec-utils/pkg/box"
+	"gopkg.in/alecthomas/kingpin.v2"
+)
+
+func receiverAdd(app *kingpin.Application, configFile, name string) {
+	data, err := ioutil.ReadFile(configFile)
+	app.FatalIfError(err, "sec")
+
+	r, err := box.GenerateKey()
+	app.FatalIfError(err, "sec")
+
+	rPub, err := box.PublicKey(r)
+	app.FatalIfError(err, "sec")
+
+	var conf Config
+	err = json.Unmarshal(data, &conf)
+	app.FatalIfError(err, "sec")
+
+	mPub, err := box.PublicKey(conf.MasterKey)
+	app.FatalIfError(err, "sec")
+
+	if conf.ReceiverKeys == nil {
+		conf.ReceiverKeys = make(map[string]string)
+	}
+	if _, f := conf.ReceiverKeys[name]; f {
+		err := fmt.Errorf("receiver %q already exists", name)
+		app.FatalIfError(err, "sec")
+	}
+
+	conf.ReceiverKeys[name] = rPub
+
+	data, err = json.MarshalIndent(&conf, "", "  ")
+	app.FatalIfError(err, "sec")
+
+	err = ioutil.WriteFile(configFile, data, 0600)
+	app.FatalIfError(err, "sec")
+
+	fmt.Printf("%s:%s\n", r, mPub)
+}
@@ -0,0 +1,29 @@
+package main
+
+import (
+	"encoding/json"
+	"io/ioutil"
+
+	"gopkg.in/alecthomas/kingpin.v2"
+)
+
+func receiverRemove(app *kingpin.Application, configFile, name string) {
+	data, err := ioutil.ReadFile(configFile)
+	app.FatalIfError(err, "sec")
+
+	var conf Config
+	err = json.Unmarshal(data, &conf)
+	app.FatalIfError(err, "sec")
+
+	if conf.ReceiverKeys == nil {
+		conf.ReceiverKeys = make(map[string]string)
+	}
+
+	delete(conf.ReceiverKeys, name)
+
+	data, err = json.MarshalIndent(&conf, "", "  ")
+	app.FatalIfError(err, "sec")
+
+	err = ioutil.WriteFile(configFile, data, 0600)
+	app.FatalIfError(err, "sec")
+}