Skip to content

token: use gpg for decryption #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ericchiang wants to merge 1 commit into
base: master
Choose a base branch
from
Open

token: use gpg for decryption #27

ericchiang wants to merge 1 commit into from

Conversation

@ericchiang
Copy link
Contributor

@ericchiang ericchiang commented Apr 30, 2018

cc @tschuy

Can you see if this still works? If it does I'll switch the encryption too.

tschuy
tschuy requested changes Apr 30, 2018
View reviewed changes
token/token.go
func Decrypt(encoded []byte) ([]byte, error) {
if hasGPG() {
var stderr, stdout bytes.Buffer
cmd := exec.Command("gpg", "--decrypt")
Copy link
Owner

@tschuy tschuy Apr 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer to use gpg --quiet --decrypt --batch and then catch on stderr. Here's what it looks like with a password-based key:

tschuy/projects/gotp → gpg --batch --quiet --decrypt < temp 
gpg: gpg-agent is not available in this session
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: decryption failed: secret key not available

Copy link
Owner

@tschuy tschuy Apr 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my main thing here is that if you're using password based encryption with a local key and the key is in gpg-agent, without batch you get a bunch of error text:

tschuy/projects/gotp → gpg --quiet --decrypt < temp 

You need a passphrase to unlock the secret key for
user: "Evan Tschuy <evan.tschuy@coreos.com>"
4096-bit RSA key, ID 0x0C590A882B35D2A4, created 2017-01-25
         (subkey on main key ID 0xCE8111086BAD4E55)

[decrypted message here]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tschuy tschuy tschuy requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ericchiang @tschuy