diff --git a/README.md b/README.md index d87b074..4a5aa65 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ crypt4gh [generate | encrypt | decrypt | reencrypt] Environment variables: C4GH_SECRET_KEY If defined, it will be used as the secret key file if parameter not set parameter not set + C4GH_PASSPHRASE If defined it will be used as the default password for the decoding the secret ``` ### Examples diff --git a/internal/cli/cli.go b/internal/cli/cli.go index 53b2621..9360b07 100644 --- a/internal/cli/cli.go +++ b/internal/cli/cli.go @@ -80,11 +80,18 @@ func readPrivateKey(fileName string) (privateKey [chacha20poly1305.KeySize]byte, return } privateKey, err = keys.ReadPrivateKey(secretKeyFile, nil) + // nolint:nestif if err != nil { var password string - password, err = passwordPrompt("Enter the passphrase to unlock the key:") - if err != nil { - return + password, isPasswordSet := os.LookupEnv("C4GH_PASSPHRASE") + + if !isPasswordSet { + password, err = passwordPrompt("Enter the passphrase to unlock the key:") + if err != nil { + return + } + } else { + fmt.Println(aurora.Yellow("Warning: Using a passphrase in an environment variable is considered insecure.")) } err = secretKeyFile.Close() if err != nil { @@ -93,7 +100,7 @@ func readPrivateKey(fileName string) (privateKey [chacha20poly1305.KeySize]byte, secretKeyFile, _ = os.Open(fileName) privateKey, err = keys.ReadPrivateKey(secretKeyFile, []byte(password)) if err != nil { - return privateKey, errors.New("Bad passphrase") + return privateKey, errors.New("bad passphrase") } err = secretKeyFile.Close() if err != nil { @@ -193,8 +200,9 @@ func GenerateHelpMessage() string { reencryptUsage = strings.Replace(reencryptUsage, applicationOptions, " "+reencrypt, 1) env := "\n Environment variables:\n\n C4GH_SECRET_KEY\tIf defined, it will be used as the secret key file if parameter not set" + c4ghEnv := "\n C4GH_PASSPHRASE\tIf defined it will be used as the default password for decoding the secret key" - return header + generateUsage + encryptUsage + decryptUsage + reencryptUsage + env + return header + generateUsage + encryptUsage + decryptUsage + reencryptUsage + env + c4ghEnv } func GenerateKeys() bool { @@ -217,7 +225,16 @@ func GenerateKeys() bool { return true } } - err = writeKeyPair(generateOptions.Name, publicKey, privateKey, generateOptions.Format, generateOptions.Password) + var password string + password, isPasswordSet := os.LookupEnv("C4GH_PASSPHRASE") + + if !isPasswordSet { + password = generateOptions.Password + } else { + fmt.Println(aurora.Yellow("Warning: Using a passphrase in an environment variable is considered insecure.")) + } + + err = writeKeyPair(generateOptions.Name, publicKey, privateKey, generateOptions.Format, password) if err != nil { fmt.Println(aurora.Red(err)) diff --git a/internal/version/version.go b/internal/version/version.go index 92b92d5..ebe5cb7 100644 --- a/internal/version/version.go +++ b/internal/version/version.go @@ -7,7 +7,7 @@ import ( ) // The version in the current branch -var Version = "1.8.11" +var Version = "1.9.0" // If this is "" (empty string) then it means that it is a final release. // Otherwise, this is a pre-release e.g. "dev", "beta", "rc1", etc.