diff options
-rw-r--r-- | internal/configfile/config_file.go | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 31646ef..b18d6a7 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -189,6 +189,17 @@ func Load(filename string, password []byte) ([]byte, *ConfFile, error) { return nil, &cf, nil } + key, err := cf.DecryptMasterKey(password) + if err != nil { + return nil, nil, err + } + + return key, &cf, err +} + +// DecryptMasterKey decrypts the masterkey stored in cf.EncryptedKey using +// password. +func (cf *ConfFile) DecryptMasterKey(password []byte) (masterkey []byte, err error) { // Generate derived key from password scryptHash := cf.ScryptObject.DeriveKey(password) @@ -197,14 +208,13 @@ func Load(filename string, password []byte) ([]byte, *ConfFile, error) { ce := getKeyEncrypter(scryptHash, useHKDF) tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password - key, err := ce.DecryptBlock(cf.EncryptedKey, 0, nil) + masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil) tlog.Warn.Enabled = true if err != nil { tlog.Warn.Printf("failed to unlock master key: %s", err.Error()) - return nil, nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect) + return nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect) } - - return key, &cf, err + return masterkey, nil } // EncryptKey - encrypt "key" using an scrypt hash generated from "password" |