signet 0.0.1

code signing tool
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

use anyhow::Result;
use rand_core::OsRng;
use ssh_key::{Algorithm, LineEnding, PrivateKey};
use crate::{Input, Signet, System};
use crate::args::Keys;
use crate::persist::read;

pub fn keys<S: System>(signet: &Signet<S>, cmd: Keys) -> Result<()> {
    match cmd {
        Keys::Create      => create(signet),
        Keys::Delete(key) => delete(signet, &key),
        Keys::Export(key) => export(signet, &key),
        Keys::Import(key) => import(signet, &key),
        Keys::Public(key) => public(signet, &key),
        Keys::List        => list(signet),
    }
}

pub fn create<S: System>(signet: &Signet<S>) -> Result<()> {
    let mut keychain = signet.current()?;

    let password = keychain.password();
    let password = password.lookup::<S>()?;

    let alg = Algorithm::Ed25519;
    let key = PrivateKey::random(OsRng, alg)?;

    let key = key.encrypt(OsRng, password)?;
    let id  = keychain.add(key);
    signet.sync(&keychain)?;

    Ok(println!("created key {id}"))
}

pub fn delete<S: System>(signet: &Signet<S>, key: &str) -> Result<()> {
    let mut keychain = signet.current()?;

    let key = keychain.find(key)?;
    let id  = key.id();

    keychain.delete(&id);
    signet.sync(&keychain)?;

    Ok(println!("deleted key {id}"))
}

pub fn export<S: System>(signet: &Signet<S>, key: &str) -> Result<()> {
    let keychain = signet.current()?;
    let password = keychain.password();
    let password = password.lookup::<S>()?;

    let key = keychain.find(key)?;
    let key = key.decrypt(password)?;

    let password = S::prompt("export password: ")?;
    let exported = key.encrypt(OsRng, password)?;
    let exported = &*exported.to_openssh(LineEnding::default())?;

    Ok(print!("{exported}"))
}

pub fn import<S: System>(signet: &Signet<S>, key: &Input) -> Result<()> {
    let mut keychain = signet.current()?;

    let key = read::<S>(key)?;
    let key = PrivateKey::from_openssh(key)?;

    let password = keychain.password();
    let password = password.lookup::<S>()?;

    let key = match key.is_encrypted() {
        true  => decrypt::<S>(key)?,
        false => key,
    }.encrypt(OsRng, password)?;

    let id = keychain.add(key);
    signet.sync(&keychain)?;

    Ok(println!("imported key {id}"))
}

pub fn public<S: System>(signet: &Signet<S>, key: &str) -> Result<()> {
    let keychain = signet.current()?;

    let key = keychain.find(key)?;
    let key = key.public_key().to_string();

    Ok(println!("{key}"))
}

pub fn list<S: System>(signet: &Signet<S>) -> Result<()> {
    let keystore = signet.keystore()?;
    let current  = keystore.current()?;
    let keychain = signet.keychain(current)?;

    let list = keychain.keys().map(|key| {
        format!("{:>66}", key.id())
    }).collect::<Vec<_>>().join("\n");

    Ok(println!("keychain '{current}':\n{list}"))
}

fn decrypt<S: System>(key: PrivateKey) -> Result<PrivateKey> {
    let password = S::prompt("key password: ")?;
    Ok(key.decrypt(password)?)
}