neicnordic / crypt4gh Goto Github PK
View Code? Open in Web Editor NEWCrypt4GH standard implementation
Home Page: https://pkg.go.dev/github.com/neicnordic/crypt4gh
License: MIT License
Crypt4GH standard implementation
Home Page: https://pkg.go.dev/github.com/neicnordic/crypt4gh
License: MIT License
The reencrypt
feature https://github.com/neicnordic/crypt4gh/tree/master#re-encrypt-files will completely replace the header and keys. Which means that if user wants to just add one extra key to an existing header, they have to have all the old public keys at hand as well.
Investigate if it would be feasible to have a feature for adding a new key to an existing header, without overwriting the header completely.
https://github.com/neicnordic/crypt4gh/blob/master/streaming/out.go#L79-L98
As a developer
I want to be able to supply the c4gh passphrase as an env variable
so that I can use the tool in scripts for automation.
It seems ssh.ParseRawPrivateKey from golang.org/x/crypto/ssh handles the OpenSSL ed25519 and x25519 key types nowadays, so the code currently at https://github.com/neicnordic/crypt4gh/blob/master/keys/keys.go#L99-L115 seems dead for the versions used.
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
crypt4gh encrypt -f test -p user2.pub.pem -s user1.sec.pem
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x613089]
goroutine 1 [running]:
github.com/neicnordic/crypt4gh/keys.ReadPrivateKey({0x6e67e0?, 0xc0000a8068?}, {0x0, 0x0, 0x0})
/home/runner/work/crypt4gh/crypt4gh/keys/keys.go:97 +0x189
main.readPrivateKey({0x7ffff5c32f48, 0xd})
/home/runner/work/crypt4gh/crypt4gh/main.go:117 +0x76
main.encryptOp({0x0, 0x0})
/home/runner/work/crypt4gh/crypt4gh/main.go:321 +0x2ca
main.main()
/home/runner/work/crypt4gh/crypt4gh/main.go:87 +0x495
Expected behavior
File should be encrypted and signed with users private key (user1.sec.pem )
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
The crypt4gh file format allows for having multiple symmetric keys encoded in the headers and blocks being encoded with any of these (keys are tried to use for decoding, checking the mac for whatever it was successful or not).
We probably handle this correctly, but we don't seem to have automated tests. I also haven't checked if reencryption manages it properly, and again, tests seem to be missing.
For the use case of sending parts of an encrypted stream in sensitive data archive (e.g. sda-download, neicnordic/sensitive-data-archive#696) it would be useful if headers.ReEncryptHeader
accepted the possibility to receive something to replace the current data edit list.
I don't have any strong opinions on what the interface should look like (e.g. varargs, nil for no-replacement or something else).
Theoretically, there should be no need to remove the use of data edit list totally - the single element list [0]
should mean the same, but it might be nice to be able to set the header to have no data edit list.
The python implementation supports generating a private key for encryption on the fly (when signing is not part of the use case), which simplifies things for users.
Could that be implemented in this codebase as well?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.