bobs
/
cliVault
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

aes/chacha20

Browse Source
main
Robert 5 months ago
parent 033acae279
commit b586d1e8ee
9 changed files with 605 additions and 49 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      .gitignore
  2. 5
      README
  3. 17
      chaKey.go
  4. 147
      client.go
  5. 3
      default.yaml
  6. 5
      go.mod
  7. 3
      go.sum
  8. 157
      keygen.go
  9. 315
      server.go

2
.gitignore vendored
Unescape View File

@ -1,2 +1,4 @@
*.db *.db
vaultClient vaultClient
config.yaml
*.pem

5
README
Unescape View File

@ -5,8 +5,9 @@ go mod download golang.org/x/term
go mod tidy go mod tidy
go run keygen.go go run keygen.go
nano server.go go run chaKey.go
REPLACE old key with new key! nano default.yaml
cp default.yaml config.yaml
sudo apt install gcc sudo apt install gcc
CGO_ENABLED=1 go build -o cliVault server.go CGO_ENABLED=1 go build -o cliVault server.go

17
chaKey.go
Unescape View File

@ -0,0 +1,17 @@
package main
import (
"crypto/rand"
"fmt"
"golang.org/x/crypto/chacha20poly1305"
)
func main() {
// Generate or use a pre-shared key (in real code, this should be properly managed)
key := make([]byte, chacha20poly1305.KeySize)
if _, err := rand.Read(key); err != nil {
// handle error
return
}
fmt.Printf("%x", key)
}

147
client.go
Unescape View File

@ -1,7 +1,10 @@
package main package main
import ( import (
"crypto/sha256"
"crypto/rand" "crypto/rand"
"golang.org/x/crypto/chacha20poly1305"
"encoding/base64"
"encoding/gob" "encoding/gob"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
@ -9,9 +12,23 @@ import (
"time" "time"
"golang.org/x/term" "golang.org/x/term"
"syscall" "syscall"
"flag"
"os"
"log"
"bytes"
"io/ioutil"
"gopkg.in/yaml.v2"
) )
var ChaKey = []byte("")
type Config struct {
Auth struct {
ChaKey string `yaml:"ChaKey"`
} `yaml:"auth"`
}
type Request struct { type Request struct {
KeyPwd string
Username string Username string
Password string Password string
Operation string Operation string
@ -23,6 +40,7 @@ type Request struct {
type Response struct { type Response struct {
Message string Message string
Enc string
} }
func generateNonce() (string, error) { func generateNonce() (string, error) {
@ -34,7 +52,106 @@ func generateNonce() (string, error) {
return hex.EncodeToString(b), nil return hex.EncodeToString(b), nil
} }
func getKey()([]byte) {
// Hash it to 32 bytes using SHA-256
hashedKey := sha256.Sum256(ChaKey)
theKey := hashedKey[:] // Convert [32]byte to []byte
return theKey
}
func chEnc(p string)(string) {
// Create cipher
aead, err := chacha20poly1305.NewX(getKey())
if err != nil {
log.Fatalf("ChaKey enc error")
return ""
}
// Create nonce
nonce := make([]byte, aead.NonceSize())
if _, err := rand.Read(nonce); err != nil {
log.Fatalf("Cha Nonce Error")
return ""
}
// Encode with gob first
var buf bytes.Buffer
tempEnc := gob.NewEncoder(&buf)
if err := tempEnc.Encode(p); err != nil {
log.Fatalf("gob encode first error")
return ""
}
// Encrypt the encoded data
encrypted := aead.Seal(nil, nonce, buf.Bytes(), nil)
// Send nonce + encrypted data
fullMessage := append(nonce, encrypted...)
encoded := base64.StdEncoding.EncodeToString(fullMessage)
return encoded
}
func chDec(eText string)(string) {
if eText == "" {
return ""
}
// Decoding from base64
decoded, err := base64.StdEncoding.DecodeString(eText)
if err != nil {
log.Fatal("Base64 decoding error:", err)
}
// Create cipher instance (XChaCha20-Poly1305 for longer nonces)
aead, err := chacha20poly1305.NewX(getKey())
if err != nil {
log.Fatalf("Client: ChaKey failed")
return ""
}
encryptedMsg := decoded
// Decrypt: Split nonce and ciphertext
decryptedNonce := encryptedMsg[:aead.NonceSize()]
decryptedCiphertext := encryptedMsg[aead.NonceSize():]
decrypted, err := aead.Open(nil, decryptedNonce, decryptedCiphertext, nil)
if err != nil {
log.Fatalf("Client decryption failed")
return ""
}
return string(decrypted)
}
func main() { func main() {
configFilePtr := flag.String("config", "config.yaml", "Path to the YAML configuration file")
flag.Parse()
if *configFilePtr == "" {
fmt.Println("Please specify a configuration file using -config")
flag.Usage()
os.Exit(1)
}
// Read the config file
yamlFile, err := ioutil.ReadFile(*configFilePtr)
if err != nil {
log.Fatalf("Error reading YAML file: %v\n", err)
}
// Parse the YAML
var config Config
err = yaml.Unmarshal(yamlFile, &config)
if err != nil {
log.Fatalf("Error parsing YAML file: %v\n", err)
}
// Print the ChaKey
if config.Auth.ChaKey == "" {
fmt.Println("Warning: ChaKey not found in configuration file")
}
ChaKey = []byte(config.Auth.ChaKey)
var host string var host string
fmt.Print("Enter host or IP: ") fmt.Print("Enter host or IP: ")
fmt.Scanln(&host) fmt.Scanln(&host)
@ -44,6 +161,14 @@ func main() {
panic(err) panic(err)
} }
defer conn.Close() defer conn.Close()
fmt.Print("Key Passphrase: ")
byteKeyPwd, err := term.ReadPassword(int(syscall.Stdin))
fmt.Println()
if err != nil {
panic(err)
}
keypassphrase := string(byteKeyPwd)
var username, op, site, vaultData string var username, op, site, vaultData string
fmt.Print("Username: ") fmt.Print("Username: ")
@ -74,12 +199,20 @@ func main() {
panic(err) panic(err)
} }
var myPwd string
if vaultData == "" {
myPwd = ""
} else {
myPwd = chEnc(vaultData)
}
req := Request{ req := Request{
Username: username, KeyPwd: chEnc(keypassphrase),
Password: password, Username: chEnc(username),
Password: chEnc(password),
Operation: op, Operation: op,
Site: site, Site: chEnc(site),
VaultData: vaultData, VaultData: myPwd,
Timestamp: time.Now().Unix(), Timestamp: time.Now().Unix(),
Nonce: nonce, Nonce: nonce,
} }
@ -98,5 +231,9 @@ func main() {
return return
} }
fmt.Println("Server response:", res.Message) if res.Message != "" {
fmt.Println("Server response:", res.Message)
} else {
fmt.Println("Server response:", chDec(res.Enc))
}
} }

3
default.yaml
Unescape View File

@ -0,0 +1,3 @@
auth:
ChaKey: "b107568bf716da40f5f17fea0e6608816020118d2c10b488ef9777b3d626126f"
PEM: "encrypted_aes_key.pem"

5
go.mod
Unescape View File

@ -8,4 +8,7 @@ require (
golang.org/x/term v0.32.0 golang.org/x/term v0.32.0
) )
require golang.org/x/sys v0.33.0 // indirect require (
golang.org/x/sys v0.33.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
)

3
go.sum
Unescape View File

@ -6,3 +6,6 @@ golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=

157
keygen.go
Unescape View File

@ -1,25 +1,152 @@
package main package main
import ( import (
"crypto/rand" "crypto/aes"
"encoding/hex" "crypto/cipher"
"fmt" "crypto/rand"
"encoding/pem"
"errors"
"fmt"
"os"
"flag"
"golang.org/x/crypto/ssh/terminal"
"golang.org/x/crypto/scrypt"
) )
func generateKey() ([]byte, error) { func main() {
key := make([]byte, 16) keyPtr := flag.String("keyfile", "encrypted_aes_key.pem", "Enter keyfile")
_, err := rand.Read(key) flag.Parse()
if err != nil {
return nil, err if *keyPtr == "" {
fmt.Print("Please enter a keyfile")
return
} }
return key, nil
// Generate a new AES-256 key
key, err := generateAESKey(32) // 32 bytes = 256 bits
if err != nil {
fmt.Printf("Error generating AES key: %v\n", err)
return
}
// Prompt for passphrase
print("Enter passphrase: ")
pass, _ := terminal.ReadPassword(0) // Hides input
password := string(pass)
// Encrypt and PEM encode the key
pemBlock, err := encryptKeyToPEM(key, password)
if err != nil {
fmt.Printf("Error encrypting key: %v\n", err)
return
}
// Save to file
err = os.WriteFile(*keyPtr, pem.EncodeToMemory(pemBlock), 0600)
if err != nil {
fmt.Printf("Error writing PEM file: %v\n", err)
return
}
fmt.Printf("Successfully generated and password-protected AES key in %s", *keyPtr)
} }
func main() { // generateAESKey creates a new random AES key of specified size
key, err := generateKey() func generateAESKey(size int) ([]byte, error) {
if err != nil { key := make([]byte, size)
panic(err) _, err := rand.Read(key)
} if err != nil {
return nil, err
}
return key, nil
}
// encryptKeyToPEM encrypts the key with a password and returns a PEM block
func encryptKeyToPEM(key []byte, password string) (*pem.Block, error) {
// Convert password to suitable encryption key
salt := make([]byte, 16)
if _, err := rand.Read(salt); err != nil {
return nil, err
}
// Use scrypt for key derivation (better than PBKDF2)
// N: CPU/memory cost, r: block size, p: parallelization
encryptionKey, err := scrypt.Key([]byte(password), salt, 32768, 8, 1, 32)
if err != nil {
return nil, err
}
// Generate a random IV
iv := make([]byte, aes.BlockSize)
if _, err := rand.Read(iv); err != nil {
return nil, err
}
// Encrypt the key
block, err := aes.NewCipher(encryptionKey)
if err != nil {
return nil, err
}
encrypted := make([]byte, len(key))
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(encrypted, key)
// Create PEM block
pemBlock := &pem.Block{
Type: "ENCRYPTED AES KEY",
Headers: map[string]string{
"Key-Derivation": "scrypt",
"SALT": fmt.Sprintf("%x", salt),
"IV": fmt.Sprintf("%x", iv),
"Key-Size": fmt.Sprintf("%d", len(key)*8),
},
Bytes: encrypted,
}
return pemBlock, nil
}
// hexStringToBytes converts a hex string to bytes
func hexStringToBytes(hexStr string) ([]byte, error) {
if len(hexStr)%2 != 0 {
return nil, errors.New("hex string length must be even")
}
bytes := make([]byte, len(hexStr)/2)
for i := 0; i < len(hexStr); i += 2 {
b, err := hexByte(hexStr[i], hexStr[i+1])
if err != nil {
return nil, err
}
bytes[i/2] = b
}
return bytes, nil
}
// hexByte converts two hex characters to a byte
func hexByte(a, b byte) (byte, error) {
high, err := hexDigitToByte(a)
if err != nil {
return 0, err
}
low, err := hexDigitToByte(b)
if err != nil {
return 0, err
}
return (high << 4) | low, nil
}
fmt.Println("Generated 32-byte key (hex):", hex.EncodeToString(key)) // hexDigitToByte converts a single hex character to its byte value
func hexDigitToByte(c byte) (byte, error) {
switch {
case '0' <= c && c <= '9':
return c - '0', nil
case 'a' <= c && c <= 'f':
return c - 'a' + 10, nil
case 'A' <= c && c <= 'F':
return c - 'A' + 10, nil
default:
return 0, fmt.Errorf("invalid hex digit %c", c)
}
} }

315
server.go
Unescape View File

@ -2,20 +2,42 @@ package main
import ( import (
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
"golang.org/x/crypto/chacha20poly1305"
"golang.org/x/crypto/scrypt"
"crypto/sha256"
"crypto/rand"
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
"database/sql" "database/sql"
"encoding/base64"
"encoding/pem"
"encoding/gob" "encoding/gob"
"fmt" "fmt"
"net" "net"
"sync" "sync"
"time" "time"
"bytes"
"errors"
"flag"
"os"
"log"
"io/ioutil"
"gopkg.in/yaml.v2"
_ "github.com/mattn/go-sqlite3" _ "github.com/mattn/go-sqlite3"
) )
const AllowRegistration = true // Disable after users are added! const AllowRegistration = true // Disable after users are added!
var key = []byte("2f5680a7fb57ce83e8e83dbb1114ee31") // 32 bytes var ChaKey = []byte("")
type Config struct {
Auth struct {
ChaKey string `yaml:"ChaKey"`
PEM string `yaml:"PEM"`
} `yaml:"auth"`
}
var config Config
var nonceStore = struct { var nonceStore = struct {
sync.Mutex sync.Mutex
@ -24,7 +46,9 @@ var nonceStore = struct {
const nonceExpiry = 30 * time.Second const nonceExpiry = 30 * time.Second
var key []byte
type Request struct { type Request struct {
KeyPwd string
Username string Username string
Password string Password string
Operation string Operation string
@ -36,6 +60,7 @@ type Request struct {
type Response struct { type Response struct {
Message string Message string
Enc string
} }
var ipAttempts = struct { var ipAttempts = struct {
@ -81,6 +106,106 @@ func isValidNonce(nonce string, timestamp int64) bool {
return true return true
} }
// decryptPEMToKey decrypts a PEM block with the given password
func decryptPEMToKey(filename string, password string) ([]byte, error) {
// Read the entire file
pemData, err := os.ReadFile(filename)
if err != nil {
return nil, fmt.Errorf("failed to read PEM file: %v", err)
}
// Decode the PEM block
pemBlock, _ := pem.Decode(pemData)
if pemBlock == nil {
return nil, errors.New("failed to decode PEM block")
}
// Check if the PEM block is encrypted
if pemBlock.Headers["Key-Derivation"] == "" {
return nil, errors.New("PEM block is not password-protected")
}
// Get salt and IV from headers
salt, err := hexStringToBytes(pemBlock.Headers["SALT"])
if err != nil {
return nil, fmt.Errorf("invalid salt: %v", err)
}
iv, err := hexStringToBytes(pemBlock.Headers["IV"])
if err != nil {
return nil, fmt.Errorf("invalid IV: %v", err)
}
// Derive encryption key
var encryptionKey []byte
switch pemBlock.Headers["Key-Derivation"] {
case "scrypt":
encryptionKey, err = scrypt.Key([]byte(password), salt, 32768, 8, 1, 32)
//case "pbkdf2":
//encryptionKey = pbkdf2.Key([]byte(password), salt, 10000, 32, sha256.New)
default:
return nil, errors.New("unsupported key derivation function")
}
if err != nil {
return nil, err
}
// Decrypt the key
block, err := aes.NewCipher(encryptionKey)
if err != nil {
return nil, err
}
decrypted := make([]byte, len(pemBlock.Bytes))
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(decrypted, pemBlock.Bytes)
return decrypted, nil
}
// hexStringToBytes converts a hex string to bytes
func hexStringToBytes(hexStr string) ([]byte, error) {
if len(hexStr)%2 != 0 {
return nil, errors.New("hex string length must be even")
}
bytes := make([]byte, len(hexStr)/2)
for i := 0; i < len(hexStr); i += 2 {
b, err := hexByte(hexStr[i], hexStr[i+1])
if err != nil {
return nil, err
}
bytes[i/2] = b
}
return bytes, nil
}
// hexByte converts two hex characters to a byte
func hexByte(a, b byte) (byte, error) {
high, err := hexDigitToByte(a)
if err != nil {
return 0, err
}
low, err := hexDigitToByte(b)
if err != nil {
return 0, err
}
return (high << 4) | low, nil
}
// hexDigitToByte converts a single hex character to its byte value
func hexDigitToByte(c byte) (byte, error) {
switch {
case '0' <= c && c <= '9':
return c - '0', nil
case 'a' <= c && c <= 'f':
return c - 'a' + 10, nil
case 'A' <= c && c <= 'F':
return c - 'A' + 10, nil
default:
return 0, fmt.Errorf("invalid hex digit %c", c)
}
}
func hashPassword(pw string) (string, error) { func hashPassword(pw string) (string, error) {
bytes, err := bcrypt.GenerateFromPassword([]byte(pw), 12) bytes, err := bcrypt.GenerateFromPassword([]byte(pw), 12)
return string(bytes), err return string(bytes), err
@ -121,94 +246,232 @@ func decrypt(data []byte) (string, error) {
return string(plaintext), nil return string(plaintext), nil
} }
func getKey()([]byte) {
// Hash it to 32 bytes using SHA-256
hashedKey := sha256.Sum256(ChaKey)
theKey := hashedKey[:] // Convert [32]byte to []byte
return theKey
}
func chEnc(pwd string)(string, error) {
// Create cipher
aead, err := chacha20poly1305.NewX(getKey())
if err != nil {
return "", err
}
// Create nonce
nonce := make([]byte, aead.NonceSize())
if _, err := rand.Read(nonce); err != nil {
return "", err
}
// Encode with gob first
var buf bytes.Buffer
tempEnc := gob.NewEncoder(&buf)
if err := tempEnc.Encode(pwd); err != nil {
return "", err
}
// Encrypt the encoded data
encrypted := aead.Seal(nil, nonce, buf.Bytes(), nil)
// Send nonce + encrypted data
fullMessage := append(nonce, encrypted...)
encoded := base64.StdEncoding.EncodeToString(fullMessage)
return encoded, nil
}
func chDec(eText string)(string) {
if eText == "" {
log.Fatalf("Error: Blank")
}
// Decoding from base64
decoded, err := base64.StdEncoding.DecodeString(eText)
if err != nil {
log.Fatalf("Error: Base64 decode")
}
// Create cipher instance (XChaCha20-Poly1305 for longer nonces)
aead, err := chacha20poly1305.NewX(getKey())
if err != nil {
log.Fatalf("Error: Cha20 key")
}
encryptedMsg := decoded
// Decrypt: Split nonce and ciphertext
decryptedNonce := encryptedMsg[:aead.NonceSize()]
decryptedCiphertext := encryptedMsg[aead.NonceSize():]
decrypted, err := aead.Open(nil, decryptedNonce, decryptedCiphertext, nil)
if err != nil {
log.Fatalf("Error: aead open")
}
return string(decrypted)
}
func handleConnection(conn net.Conn, db *sql.DB) { func handleConnection(conn net.Conn, db *sql.DB) {
defer conn.Close() defer conn.Close()
dec := gob.NewDecoder(conn) dec := gob.NewDecoder(conn)
enc := gob.NewEncoder(conn) enc := gob.NewEncoder(conn)
remoteAddr := conn.RemoteAddr().String() remoteAddr := conn.RemoteAddr().String()
var req Request var req Request
if err := dec.Decode(&req); err != nil { if err := dec.Decode(&req); err != nil {
return return
} }
username := chDec(req.Username)
keypwd := chDec(req.KeyPwd)
password := chDec(req.Password)
if username == "" {
enc.Encode(Response{Message: "Required username, blank found!", Enc: ""})
return
}
if keypwd == "" {
enc.Encode(Response{Message: "Required key passphrase, blank found!", Enc: ""})
return
}
if password == "" {
enc.Encode(Response{Message: "Required user password, blank found!", Enc: ""})
return
}
k, err := decryptPEMToKey(config.Auth.PEM, keypwd)
if err != nil {
enc.Encode(Response{Message: "Unable to decode data!", Enc: ""})
return
}
key = k
if isRateLimited(remoteAddr) { if isRateLimited(remoteAddr) {
enc.Encode(Response{"Too many requests. Try later."}) enc.Encode(Response{Message: "Too many requests. Try later.", Enc: ""})
return return
} }
if !isValidNonce(req.Nonce, req.Timestamp) { if !isValidNonce(req.Nonce, req.Timestamp) {
enc.Encode(Response{"Invalid or replayed request"}) enc.Encode(Response{Message: "Invalid or replayed request", Enc: ""})
return return
} }
if req.Operation == "register" { if req.Operation == "register" {
if AllowRegistration == false { if AllowRegistration == false {
enc.Encode(Response{"Registration Disabled!"}) enc.Encode(Response{Message: "Registration Disabled!", Enc: ""})
return return
} }
hashed, err := hashPassword(req.Password) hashed, err := hashPassword(password)
if err != nil { if err != nil {
enc.Encode(Response{"Failed to hash password"}) enc.Encode(Response{Message: "Failed to hash password", Enc: ""})
return return
} }
_, err = db.Exec("INSERT INTO users (username, password) VALUES (?, ?)", req.Username, hashed) _, err = db.Exec("INSERT INTO users (username, password) VALUES (?, ?)", username, hashed)
if err != nil { if err != nil {
enc.Encode(Response{"Registration failed (user exists?)"}) enc.Encode(Response{Message: "Registration failed (user exists?)", Enc: ""})
} else { } else {
enc.Encode(Response{"Registration successful"}) enc.Encode(Response{Message: "Registration successful", Enc: ""})
} }
return return
} }
site := chDec(req.Site)
if site == "" {
enc.Encode(Response{Message: "Required site name, blank found!", Enc: ""})
return
}
// Authenticate all other operations // Authenticate all other operations
var storedHash string var storedHash string
err := db.QueryRow("SELECT password FROM users WHERE username = ?", req.Username).Scan(&storedHash) err = db.QueryRow("SELECT password FROM users WHERE username = ?", username).Scan(&storedHash)
if err != nil || checkPassword(storedHash, req.Password) != nil { if err != nil || checkPassword(storedHash, password) != nil {
enc.Encode(Response{"Authentication failed"}) enc.Encode(Response{Message: "Authentication failed", Enc: ""})
return return
} }
switch req.Operation { switch req.Operation {
case "store": case "store":
encrypted, err := encrypt(req.VaultData) vaultdata := chDec(req.VaultData)
encrypted, err := encrypt(vaultdata)
if err != nil { if err != nil {
enc.Encode(Response{"Encryption failed"}) enc.Encode(Response{Message: "Encryption failed", Enc: ""})
return return
} }
_, err = db.Exec("INSERT OR REPLACE INTO accounts (user, site, password) VALUES (?, ?, ?)", _, err = db.Exec("INSERT OR REPLACE INTO accounts (user, site, password) VALUES (?, ?, ?)",
req.Username, req.Site, encrypted) username, site, encrypted)
if err != nil { if err != nil {
enc.Encode(Response{"Database error"}) enc.Encode(Response{Message: "Database error", Enc: ""})
return return
} }
enc.Encode(Response{"Password stored successfully"}) enc.Encode(Response{Message: "Password stored successfully", Enc: ""})
case "get": case "get":
var encrypted []byte var encrypted []byte
err := db.QueryRow("SELECT password FROM accounts WHERE user = ? AND site = ?", req.Username, req.Site).Scan(&encrypted) err := db.QueryRow("SELECT password FROM accounts WHERE user = ? AND site = ?", username, site).Scan(&encrypted)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
enc.Encode(Response{"Site not found"}) enc.Encode(Response{Message: "Site not found", Enc: ""})
return return
} else if err != nil { } else if err != nil {
enc.Encode(Response{"Database error"}) enc.Encode(Response{Message: "Database error", Enc: ""})
return return
} }
pwd, err := decrypt(encrypted) pwd, err := decrypt(encrypted)
if err != nil { if err != nil {
enc.Encode(Response{"Decryption failed"}) enc.Encode(Response{Message: "Decryption failed", Enc: ""})
return return
} }
enc.Encode(Response{pwd}) ePwd, err := chEnc(pwd)
if err != nil {
enc.Encode(Response{Message: "Encryption failed", Enc: ""})
return
}
enc.Encode(Response{Message: "", Enc: ePwd})
default: default:
enc.Encode(Response{"Unknown operation"}) enc.Encode(Response{Message: "Unknown operation", Enc: ""})
} }
} }
func main() { func main() {
db, err := sql.Open("sqlite3", "vault.db") vaultPtr := flag.String("dbfile", "vault.db", "Enter dbfile")
configFilePtr := flag.String("config", "config.yaml", "Path to the YAML configuration file")
flag.Parse()
if *vaultPtr == "" {
fmt.Println("Please specify a db file using -dbfile")
flag.Usage()
os.Exit(1)
}
if *configFilePtr == "" {
fmt.Println("Please specify a configuration file using -config")
flag.Usage()
os.Exit(1)
}
// Read the config file
yamlFile, err := ioutil.ReadFile(*configFilePtr)
if err != nil {
log.Fatalf("Error reading YAML file: %v\n", err)
}
// Parse the YAML
err = yaml.Unmarshal(yamlFile, &config)
if err != nil {
log.Fatalf("Error parsing YAML file: %v\n", err)
}
// Print the ChaKey
if config.Auth.ChaKey == "" {
fmt.Println("Warning: ChaKey not found in configuration file")
}
ChaKey = []byte(config.Auth.ChaKey)
if config.Auth.PEM == "" {
fmt.Println("Warning: PEM file not found in configuration file")
}
db, err := sql.Open("sqlite3", *vaultPtr)
if err != nil { if err != nil {
panic(err) panic(err)
} }

Write Preview
Loading…
Cancel
Save