Add support for keyfiles

Barquadd · Dec 29, 2022 · a78f7f4 · a78f7f4
1 parent 1f529d5
commit a78f7f4
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -7,7 +7,9 @@
 eme --encrypt secret.png
 # To decrypt:
 eme --decrypt secret.png
+# Encrypt using a keyfile:
+eme --keyfile key --encrypt secret.png
 ```
 
 ### ⚠️ Warning! This encrypts files in-place! ⚠️
-Do not lose the password that you encrypt your files with! 
+Do not lose the password/keyfile that you encrypt your files with! 
diff --git a/src/main.rs b/src/main.rs
@@ -1,4 +1,4 @@
-use std::{fs::write, io::Write};
+use std::{fs::write, io::Write, str};
 use aes_gcm::aead::consts::U32;
 use clap::Parser;
 use aes_gcm::{
@@ -15,6 +15,8 @@ struct Cli {
  encrypt: bool,
  #[arg(short, long)]
  decrypt: bool,
+ #[arg(short, long)]
+ keyfile: Option<std::path::PathBuf>,
  path: std::path::PathBuf,
 }
 
@@ -30,6 +32,19 @@ fn hash_string_n_times(s: &str, n: u32) -> Vec<u8> {
  result
 }
 
+// may be redundant considering the above function
+fn hash_vec_n_times(v: &Vec<u8>, n: u32) -> Vec<u8> {
+ let mut hasher = Sha256::new();
+ let mut result = v.clone();
+ for _ in 0..n {
+ let mut hasher_clone = hasher.clone();
+ hasher_clone.update(&result);
+ result = hasher_clone.finalize().to_vec();
+ hasher.reset();
+ }
+ result
+}
+
 fn get_user_pass() -> Vec<u8> {
  print!("Enter the password: ");
  stdout().flush().unwrap();
@@ -43,13 +58,27 @@ fn get_user_pass() -> Vec<u8> {
 
 fn main() {
  let args = Cli::parse();
- if args.encrypt {
- println!("--> ENCRYPTING <--");
+ if {args.encrypt} == {args.decrypt} {
+ panic!("You must specify either --encrypt or --decrypt");
+ }
+ println!("--> {} <--", if args.encrypt { "ENCRYPTING" } else { "DECRYPTING" });
 
- let key: Vec<u8> = get_user_pass();
- let key_g: GenericArray<_, U32> = GenericArray::clone_from_slice(&key);
+ let key = match args.keyfile {
+ Some(keyfile) => {
+ let key = std::fs::read(keyfile).unwrap();
+ let key: Vec<u8> = hash_vec_n_times(&key, 100_000);
+ key
+ }
+ None => {
+ // prompt for a password and do all that fun stuff if the user doesn't supply a keyfile
+ let key: Vec<u8> = get_user_pass();
+ key
+ }
+ };
+ let key_g: GenericArray<_, U32> = GenericArray::clone_from_slice(&key);
+ let cipher = Aes256Gcm::new(&key_g);
 
-  let cipher = Aes256Gcm::new(&key_g);
+ if args.encrypt {
  // there's certainly a better way to do this
  let mut nonce_vec: Vec<u8> = vec![];
  for _ in 0..12 {
@@ -66,12 +95,6 @@ fn main() {
  write(args.path, nonce_vec).expect("Failed to write file.");
  }
  else if args.decrypt {
- println!("--> DECRYPTING <--");
-
- let key: Vec<u8> = get_user_pass();
- let key_g: GenericArray<_, U32> = GenericArray::clone_from_slice(&key);
-
- let cipher = Aes256Gcm::new(&key_g);
  println!("Reading file...");
  let buffer: Vec<u8> = std::fs::read(args.path.clone()).expect("Failed to read file.");
  // the first 12 bytes of the buffer is (should be) the nonce
@@ -83,7 +106,4 @@ fn main() {
  println!("Writing file...");
  write(args.path, buffer).expect("Failed to write file.");
  }
- else {
- eprintln!("Please select a flag to use! Ex. -e")
- }
 }