Use the gpg command to decrypt keys

Instead of using the openpgp command, we'll now use the gpg command line tool. This is to fix the issue with secring disappearing
jaxxstorm · Aug 28, 2017 · 605e481 · 605e481
1 parent d7c2002
commit 605e481
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 45 deletions.
diff --git a/cmd/root.go b/cmd/root.go
@@ -29,8 +29,6 @@ import (
 	v "github.com/jaxxstorm/unseal/vault"
 
 	log "github.com/Sirupsen/logrus"
-	"github.com/bgentry/speakeasy"
-	"github.com/mitchellh/go-homedir"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -41,9 +39,6 @@ var vaultHost string
 var vaultPort int
 
 var caPath string
-var gpgPub string
-var gpgSecret string
-var gpgPass string
 
 type Host struct {
 	Name string
@@ -79,12 +74,6 @@ var RootCmd = &cobra.Command{
 
 		if gpg == true {
 			log.Info("Using GPG")
-			gpgSecret = viper.GetString("gpgsecretkeyring")
-			gpgPub = viper.GetString("gpgpublickeyring")
-			gpgPass, err = speakeasy.Ask("Please enter your password: ")
-			if err != nil {
-				log.Fatal("Password error")
-			}
 		}
 
 		if os.Getenv("VAULT_ADDR") != "" {
@@ -102,7 +91,7 @@ var RootCmd = &cobra.Command{
 			var vaultKey string
 
 			if gpg == true {
-				vaultKey, err = g.Decrypt(gpgPub, gpgSecret, key, gpgPass)
+				vaultKey, err = g.Decrypt(key)
 				if err != nil {
 					log.Fatal("GPG Decrypt Error: ", err)
 				}
@@ -190,10 +179,4 @@ func initConfig() {
 		log.Fatal("Error reading config file: ", err)
 	}
 
-	home, err := homedir.Dir()
-	if err != nil {
-		log.Error("Error getting home directory: ", err)
-	}
-	viper.SetDefault("gpgsecretkeyring", home+"/.gnupg/secring.gpg")
-	viper.SetDefault("gpgpublickeyring", home+"/.gnupg/pubring.gpg")
 }
diff --git a/gpg/decrypt.go b/gpg/decrypt.go
@@ -3,50 +3,40 @@ package gpg
 import (
 	"bytes"
 	"encoding/base64"
-	"golang.org/x/crypto/openpgp"
-	"io/ioutil"
-	"os"
+	"os/exec"
 )
 
-func Decrypt(publicKeyring string, secretKeyring string, key string, password string) (string, error) {
+func Decrypt(key string) (string, error) {
 
-	var entity *openpgp.Entity
-	var entityList openpgp.EntityList
+	var cmd exec.Cmd
+	var output bytes.Buffer
 
-	keyringFileBuffer, err := os.Open(secretKeyring)
-	if err != nil {
-		return "", err
-	}
+	gpgCmd, err := exec.LookPath("gpg")
 
-	defer keyringFileBuffer.Close()
-	entityList, err = openpgp.ReadKeyRing(keyringFileBuffer)
 	if err != nil {
 		return "", err
 	}
-	entity = entityList[0]
 
-	passphraseByte := []byte(password)
-	entity.PrivateKey.Decrypt(passphraseByte)
-	for _, subkey := range entity.Subkeys {
-		subkey.PrivateKey.Decrypt(passphraseByte)
-	}
+	cmd.Path = gpgCmd
+	cmd.Args = []string{"--decrypt", "--quiet"}
 
 	dec, err := base64.StdEncoding.DecodeString(key)
 	if err != nil {
 		return "", err
 	}
 
-	// Decrypt it with the contents of the private key
-	md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), entityList, nil, nil)
-	if err != nil {
-		return "", err
-	}
-	bytes, err := ioutil.ReadAll(md.UnverifiedBody)
-	if err != nil {
+	// return the reader interface for dec (byte array)
+	d := bytes.NewReader(dec)
+
+	// pipe d to gpg commands stdin
+	cmd.Stdin = d
+	cmd.Stdout = &output
+
+	if err := cmd.Run(); err != nil {
 		return "", err
 	}
-	decStr := string(bytes)
 
-	return decStr, nil
+	// return the output from the gpg command
+	return output.String(), nil
 
 }