add option to change password for locked_secretbox in trees-create

2024-09-19 13:43:11 +02:00 · 2018-05-19 12:12:30 +02:00 · 2018-05-19 12:12:30 +02:00 · cc048ab937
commit cc048ab937
parent ed0bbfb274
1 changed files with 31 additions and 9 deletions
--- a/bin/trees-create
+++ b/bin/trees-create
@ -27,16 +27,20 @@ end
 def usage
  puts "USAGE:"
  puts "   trees-create --password PASSWORD [OPTIONS]"
+  puts "   trees-create --password PASSWORD --old-password PASSWORD OPTIONS"
  puts
  puts "OPTIONS may include:"
-  puts "   --opslimit OPSLIMIT -- argon2 ops limit, integer in 3..10, or one of"
-  puts "                          'interactive', 'moderate', 'sensitive'"
-  puts "   --memlimit MEMLIMIT -- argon2 memory limit, in bytes, or one of"
-  puts "                          'interactive', 'moderate', 'sensitive'"
-  puts "   --salt SALT         -- hex encoded salt for password digest,"
-  puts "                          #{StorageKey::SALT_BYTES} bytes in length"
-  puts "   --nonce NONCE       -- hex encoded nonce for secretbox encryption of"
-  puts "                          private key, #{StorageKey::NONCE_BYTES} bytes in length"
+  puts "   --opslimit OPSLIMIT     -- argon2 ops limit, integer in 3..10, or one of"
+  puts "                              'interactive', 'moderate', 'sensitive'"
+  puts "   --memlimit MEMLIMIT     -- argon2 memory limit, in bytes, or one of"
+  puts "                              'interactive', 'moderate', 'sensitive'"
+  puts "   --salt SALT             -- hex encoded salt for password digest,"
+  puts "                              #{StorageKey::SALT_BYTES} bytes in length"
+  puts "   --nonce NONCE           -- hex encoded nonce for secretbox encryption of"
+  puts "                              private key, #{StorageKey::NONCE_BYTES} bytes in length"
+  puts "   --secretbox SECRETBOX   -- hex encoded secretbox"
+  puts
+  puts "for password change all options are required"
  exit 1
 end

@ -46,6 +50,9 @@ def main

  while ARGV.any?
    case ARGV.first
+    when "--old-password"
+      ARGV.shift
+      old_password = ARGV.shift
    when "--password"
      ARGV.shift
      password = ARGV.shift
@ -61,12 +68,19 @@ def main
    when "--nonce"
      ARGV.shift
      st.sk_nonce = ARGV.shift
+    when "--secretbox"
+      ARGV.shift
+      st.locked_secretbox = ARGV.shift
    else
      usage
    end
  end
  usage unless password
-  st.generate_new_keypair(password)
+  if old_password.nil?
+    st.generate_new_keypair(password)
+  else
+    st.change_password(old_password, password)
+  end
  puts st.to_s
 end

@ -121,6 +135,14 @@ class StorageKey
    )
  end

+  def change_password(old_password, password)
+    key = self.decrypt_key(old_password)
+    self.encrypt_key(
+      key: key,
+      password: password
+    )
+  end
+
  def to_s
    attrs = [:public_key, :locked_secretbox, :sk_nonce, :pwhash_opslimit,
             :pwhash_memlimit, :pwhash_salt]