sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Remove duplicated wrapper crypto functions and use exported implementations directly

Browse Source
This commit is contained in:
Jeffrey Paul
2025-05-29 13:08:00 -07:00
parent 8cc15fde3d
commit 8dc2e9d748
7 changed files with 67 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
internal/secret/crypto.go
View File

@@ -13,7 +13,7 @@ import (
// EncryptToRecipient encrypts data to a recipient using age
func EncryptToRecipient(data []byte, recipient age.Recipient) ([]byte, error) {
Debug("encryptToRecipient starting", "data_length", len(data))
Debug("EncryptToRecipient starting", "data_length", len(data))
var buf bytes.Buffer
Debug("Creating age encryptor")
@@ -39,22 +39,12 @@ func EncryptToRecipient(data []byte, recipient age.Recipient) ([]byte, error) {
Debug("Closed encryptor successfully")
result := buf.Bytes()
Debug("encryptToRecipient completed successfully", "result_length", len(result))
Debug("EncryptToRecipient completed successfully", "result_length", len(result))
return result, nil
}
// encryptToRecipient encrypts data to a recipient using age (internal version)
func encryptToRecipient(data []byte, recipient age.Recipient) ([]byte, error) {
return EncryptToRecipient(data, recipient)
}
// DecryptWithIdentity decrypts data with an identity using age (public version)
// DecryptWithIdentity decrypts data with an identity using age
func DecryptWithIdentity(data []byte, identity age.Identity) ([]byte, error) {
return decryptWithIdentity(data, identity)
}
// decryptWithIdentity decrypts data with an identity using age
func decryptWithIdentity(data []byte, identity age.Identity) ([]byte, error) {
r, err := age.Decrypt(bytes.NewReader(data), identity)
if err != nil {
return nil, fmt.Errorf("failed to create decryptor: %w", err)
@@ -68,34 +58,29 @@ func decryptWithIdentity(data []byte, identity age.Identity) ([]byte, error) {
return result, nil
}
// EncryptWithPassphrase encrypts data using a passphrase with age's scrypt-based encryption (public version)
// EncryptWithPassphrase encrypts data using a passphrase with age's scrypt-based encryption
func EncryptWithPassphrase(data []byte, passphrase string) ([]byte, error) {
return encryptWithPassphrase(data, passphrase)
}
// encryptWithPassphrase encrypts data using a passphrase with age's scrypt-based encryption
func encryptWithPassphrase(data []byte, passphrase string) ([]byte, error) {
recipient, err := age.NewScryptRecipient(passphrase)
if err != nil {
return nil, fmt.Errorf("failed to create scrypt recipient: %w", err)
}
return encryptToRecipient(data, recipient)
return EncryptToRecipient(data, recipient)
}
// decryptWithPassphrase decrypts data using a passphrase with age's scrypt-based decryption
func decryptWithPassphrase(encryptedData []byte, passphrase string) ([]byte, error) {
// DecryptWithPassphrase decrypts data using a passphrase with age's scrypt-based decryption
func DecryptWithPassphrase(encryptedData []byte, passphrase string) ([]byte, error) {
identity, err := age.NewScryptIdentity(passphrase)
if err != nil {
return nil, fmt.Errorf("failed to create scrypt identity: %w", err)
}
return decryptWithIdentity(encryptedData, identity)
return DecryptWithIdentity(encryptedData, identity)
}
// readPassphrase reads a passphrase securely from the terminal without echoing
// ReadPassphrase reads a passphrase securely from the terminal without echoing
// This version is for unlocking and doesn't require confirmation
func readPassphrase(prompt string) (string, error) {
func ReadPassphrase(prompt string) (string, error) {
// Check if stdin is a terminal
if !term.IsTerminal(int(syscall.Stdin)) {
// Not a terminal - never read passphrases from piped input for security reasons