Add -y flag to convert TKey identities to recipients

quite · Dec 18, 2023 · 44b5fc2 · 44b5fc2
1 parent 22e3816
commit 44b5fc2
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 14 deletions.
diff --git a/cmd/age-plugin-tkey/convert.go b/cmd/age-plugin-tkey/convert.go
@@ -0,0 +1,58 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"strings"
+
+	"filippo.io/age/plugin"
+	"github.com/quite/age-plugin-tkey/internal/identity"
+)
+
+func convert(in io.Reader, out io.Writer) bool {
+	pluginPrefix := fmt.Sprintf("AGE-PLUGIN-%s-", strings.ToUpper(pluginName))
+
+	scanner := bufio.NewScanner(in)
+	var n int
+	for scanner.Scan() {
+		n++
+		line := scanner.Text()
+		if line == "" || strings.HasPrefix(line, "#") {
+			continue
+		}
+		if !strings.HasPrefix(line, pluginPrefix) {
+			le.Printf("skipped a non-TKey identity\n")
+			continue
+		}
+
+		name, rawID, err := plugin.ParseIdentity(line)
+		if err != nil {
+			le.Printf("ParseIdentity failed on line %d: %s\n", n, err)
+			return false
+		}
+		if name != pluginName {
+			continue
+		}
+
+		id, err := identity.NewIdentityFromRawID(rawID)
+		if err != nil {
+			le.Printf("NewIdentityFromRawID failed: %s\n", err)
+			return false
+		}
+
+		recipient, err := id.EncodeRecipient()
+		if err != nil {
+			le.Printf("EncodeRecipient failed: %s\n", err)
+			return false
+		}
+		fmt.Fprintf(out, "%s\n", recipient)
+	}
+
+	if err := scanner.Err(); err != nil {
+		le.Printf("Scan failed: %s\n", err)
+		return false
+	}
+
+	return true
+}
diff --git a/cmd/age-plugin-tkey/main.go b/cmd/age-plugin-tkey/main.go
@@ -11,7 +11,6 @@ import (
 )
 
 const (
-	progName   = "age-plugin-tkey"
 	pluginName = "tkey"
 )
 
@@ -22,40 +21,59 @@ var version = "0.0.2"
 var le = log.New(os.Stderr, "", 0)
 
 var (
-	generateFlag, noTouchFlag, versionFlag bool
-	agePluginFlag, outputFlag              string
+	generateFlag, noTouchFlag, convertFlag, versionFlag bool
+	agePluginFlag, outputFlag                           string
 )
 
 func main() {
 	// TODO --uss ?
-	flag.StringVar(&agePluginFlag, "age-plugin", "", "For choosing state machine")
-	descGenerate := "Generate an identity backed by TKey"
-	descOutput := "Output identity to file at PATH"
-	descNoTouch := "Generate an identity for which the TKey will NOT require physical touch before computing a shared key (X25519 ECDH)"
-	descVersion := "Output version information and exit"
+	flag.StringVar(&agePluginFlag, "age-plugin", "", "For choosing state machine.")
+	descGenerate := "Generate an identity backed by TKey."
+	descOutput := "Output generated identity to file at PATH."
+	descNoTouch := "Generate an identity for which the TKey will NOT require physical touch before computing a shared key (doing X25519 ECDH)."
+	descConvert := "Convert TKey identities to recipients, reading from stdin and writing to stdout. The same TKey used when generating the identities must be plugged in. Useful if you loose the recipient (comment)."
+	descVersion := "Output version information and exit."
 	flag.BoolVar(&generateFlag, "generate", false, descGenerate)
 	flag.BoolVar(&generateFlag, "g", false, descGenerate)
 	flag.StringVar(&outputFlag, "output", "", descOutput)
 	flag.StringVar(&outputFlag, "o", "", descOutput)
 	flag.BoolVar(&noTouchFlag, "no-touch", false, descNoTouch)
+	flag.BoolVar(&convertFlag, "y", false, descConvert)
 	flag.BoolVar(&versionFlag, "version", false, descVersion)
 	flag.Usage = func() {
 		le.Printf(`Usage:
+  age-plugin-tkey [OPTIONS]
+
+Options:
   -g, --generate     %s
   -o, --output PATH  %s
   --no-touch         %s
+  -y                 %s
   --version          %s
-`, descGenerate, descOutput, wrap(descNoTouch, 80-21, 21), descVersion)
+
+Examples:
+  $ age-plugin-tkey -g -o tkeyids
+  recipient: age1ts5c032h8l6eykkum0jt2clxgtztv8gwu7aamj0mwcx4ewwelcks3s93ru
+
+  $ age-plugin-tkey -y <tkeyids
+  age1ts5c032h8l6eykkum0jt2clxgtztv8gwu7aamj0mwcx4ewwelcks3s93ru
+`, descGenerate, descOutput, wrap(descNoTouch, 80-21, 21), wrap(descConvert, 80-21, 21), descVersion)
 	}
 	flag.Parse()
 
+	if len(flag.Args()) > 0 {
+		le.Printf("Unexpected positional argument(s)\n")
+		flag.Usage()
+		os.Exit(2)
+	}
+
 	if versionFlag {
-		fmt.Printf(`%s %s
+		fmt.Printf(`age-plugin-tkey %s
 
 Embedded tkey-device-x25519 app binary:
 filename: %s
 sha512sum: %s
-`, progName, version, tkey.AppFile, tkey.AppHash)
+`, version, tkey.AppFile, tkey.AppHash)
 		os.Exit(0)
 	}
 
@@ -69,13 +87,23 @@ func run() int {
 		return 2
 	}
 
-	if !generateFlag && agePluginFlag == "" {
+	if !generateFlag && !convertFlag && agePluginFlag == "" {
 		flag.Usage()
 		return 0
 	}
 
-	if generateFlag && agePluginFlag != "" {
-		le.Printf("Cannot only use one of -g and --age-plugin\n")
+	passed := 0
+	if generateFlag {
+		passed++
+	}
+	if convertFlag {
+		passed++
+	}
+	if agePluginFlag != "" {
+		passed++
+	}
+	if passed > 1 {
+		le.Printf("Only one of -g, -y, and --age-plugin can be used\n")
 		flag.Usage()
 		return 2
 	}
@@ -101,6 +129,13 @@ func run() int {
 		return 0
 	}
 
+	if convertFlag {
+		if !convert(os.Stdin, os.Stdout) {
+			return 1
+		}
+		return 0
+	}
+
 	switch agePluginFlag {
 	case "identity-v1":
 		if err := runIdentity(); err != nil {