Merge pull request #31 from jaxxstorm/gpg_rework

Use the gpg command to decrypt keys
jaxxstorm · Aug 28, 2017 · fb8aa52 · fb8aa52
2 parents d7c2002 + 605e481
commit fb8aa52
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 45 deletions.
diff --git a/cmd/root.go b/cmd/root.go
@@ -29,8 +29,6 @@ import (
 	v "github.com/jaxxstorm/unseal/vault"
 
 	log "github.com/Sirupsen/logrus"
-	"github.com/bgentry/speakeasy"
-	"github.com/mitchellh/go-homedir"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -41,9 +39,6 @@ var vaultHost string
 var vaultPort int
 
 var caPath string
-var gpgPub string
-var gpgSecret string
-var gpgPass string
 
 type Host struct {
 	Name string
@@ -79,12 +74,6 @@ var RootCmd = &cobra.Command{
 
 		if gpg == true {
 			log.Info("Using GPG")
-			gpgSecret = viper.GetString("gpgsecretkeyring")
-			gpgPub = viper.GetString("gpgpublickeyring")
-			gpgPass, err = speakeasy.Ask("Please enter your password: ")
-			if err != nil {
-				log.Fatal("Password error")
-			}
 		}
 
 		if os.Getenv("VAULT_ADDR") != "" {
@@ -102,7 +91,7 @@ var RootCmd = &cobra.Command{
 			var vaultKey string
 
 			if gpg == true {
-				vaultKey, err = g.Decrypt(gpgPub, gpgSecret, key, gpgPass)
+				vaultKey, err = g.Decrypt(key)
 				if err != nil {
 					log.Fatal("GPG Decrypt Error: ", err)
 				}
@@ -190,10 +179,4 @@ func initConfig() {
 		log.Fatal("Error reading config file: ", err)
 	}
 
-	home, err := homedir.Dir()
-	if err != nil {
-		log.Error("Error getting home directory: ", err)
-	}
-	viper.SetDefault("gpgsecretkeyring", home+"/.gnupg/secring.gpg")
-	viper.SetDefault("gpgpublickeyring", home+"/.gnupg/pubring.gpg")
 }
diff --git a/gpg/decrypt.go b/gpg/decrypt.go
@@ -3,50 +3,40 @@ package gpg
 import (
 	"bytes"
 	"encoding/base64"
-	"golang.org/x/crypto/openpgp"
-	"io/ioutil"
-	"os"
+	"os/exec"
 )
 
-func Decrypt(publicKeyring string, secretKeyring string, key string, password string) (string, error) {
+func Decrypt(key string) (string, error) {
 
-	var entity *openpgp.Entity
-	var entityList openpgp.EntityList
+	var cmd exec.Cmd
+	var output bytes.Buffer
 
-	keyringFileBuffer, err := os.Open(secretKeyring)
-	if err != nil {
-		return "", err
-	}
+	gpgCmd, err := exec.LookPath("gpg")
 
-	defer keyringFileBuffer.Close()
-	entityList, err = openpgp.ReadKeyRing(keyringFileBuffer)
 	if err != nil {
 		return "", err
 	}
-	entity = entityList[0]
 
-	passphraseByte := []byte(password)
-	entity.PrivateKey.Decrypt(passphraseByte)
-	for _, subkey := range entity.Subkeys {
-		subkey.PrivateKey.Decrypt(passphraseByte)
-	}
+	cmd.Path = gpgCmd
+	cmd.Args = []string{"--decrypt", "--quiet"}
 
 	dec, err := base64.StdEncoding.DecodeString(key)
 	if err != nil {
 		return "", err
 	}
 
-	// Decrypt it with the contents of the private key
-	md, err := openpgp.ReadMessage(bytes.NewBuffer(dec), entityList, nil, nil)
-	if err != nil {
-		return "", err
-	}
-	bytes, err := ioutil.ReadAll(md.UnverifiedBody)
-	if err != nil {
+	// return the reader interface for dec (byte array)
+	d := bytes.NewReader(dec)
+
+	// pipe d to gpg commands stdin
+	cmd.Stdin = d
+	cmd.Stdout = &output
+
+	if err := cmd.Run(); err != nil {
 		return "", err
 	}
-	decStr := string(bytes)
 
-	return decStr, nil
+	// return the output from the gpg command
+	return output.String(), nil
 
 }