Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UX: Canonical way to write a ciphertext to a unix file on file system using age. #360

Open
matthiasdebernardini opened this issue Jan 4, 2023 · 1 comment
Open

UX: Canonical way to write a ciphertext to a unix file on file system using age. #360

matthiasdebernardini opened this issue Jan 4, 2023 · 1 comment

Comments

@matthiasdebernardini
Copy link

matthiasdebernardini commented Jan 4, 2023
edited
Loading

What were you trying to do

I am making a CLI and part of the app includes securely storing files at rest. I want the users of this library to be able to use age to decrypt the data. The purpose of this goal is so that the users don't have to rely on me in case my CLI tool stops working.

I also want to be sanity-checking what I am doing and comparing to what age does will satisfy this for me.

Is this a reasonable goal?

What happened

I couldn't understand, from reading the docs, how to provide the age library with a file and some encrypted data to write into the file in such a way that age can also read the data.

I made this issue to make sure that I am not reinventing the wheel and that there isn't already a good way to do what I am trying to do.

This is the function that I have;

fn encrypt(plaintext: String) -> Result<String, Box<dyn Error>> {
    let encryptor = age::Encryptor::with_user_passphrase(Secret::new(get_passphrase()?));
    let mut encrypted = vec![];
    let mut writer = encryptor.wrap_output(&mut encrypted)?;
    writer.write_all(plaintext.as_bytes())?;
    writer.finish()?;
    Ok(hex::encode(encrypted))
}

I am then taking the string returned and providing a path to write to with this function.

fn make_app_files(path: &PathBuf, contents: &str) -> Result<(), std::io::Error> {
     let path = path.to_str().expect("Could not get file path");
     std::fs::write(path, contents)
}

This works in that I have a file with encrypted data.

What does not work is that I can't use the age tool to decrypt it.

I have tried;

$ age --decrypt --output config.backup ~/.config/osmium/config
age: error: failed to read header: parsing age header: failed to read intro: EOF
age: report unexpected or unhelpful errors at https://filippo.io/age/report

It looks like age prepends and appends some magic bytes to whatever file it writes so that it knows what it's reading and is about to decrypt.

Does this library provide such a function?

Thanks for any tips or directions.
@matthiasdebernardini
Copy link
Author

I have updated the issue so that its more clear what I am trying to do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matthiasdebernardini