[pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase
@ 2021-02-01 13:06 Fabian Grünbichler
  2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation Fabian Grünbichler
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2021-02-01 13:06 UTC (permalink / raw)
  To: pbs-devel

some users might want to store the plain version of their master key for
long-term storage and rely on physical security instead of a passphrase
to protect the paper key.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---

Notes:
    our tooling does not create passphrase-less master keys, so this needs a
    conscious step by the user to remove the set passphrase anyway..

 src/tools/paperkey.rs | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/tools/paperkey.rs b/src/tools/paperkey.rs
index 030275cc..859e8aed 100644
--- a/src/tools/paperkey.rs
+++ b/src/tools/paperkey.rs
@@ -30,8 +30,16 @@ pub fn generate_paper_key<W: Write>(
     subject: Option<String>,
     output_format: Option<PaperkeyFormat>,
 ) -> Result<(), Error> {
+    let (data, is_master_key) = if data.starts_with("-----BEGIN ENCRYPTED PRIVATE KEY-----\n")
+        || data.starts_with("-----BEGIN RSA PRIVATE KEY-----\n")
+    {
+        let data = data.trim_end();
+        if !(data.ends_with("\n-----END ENCRYPTED PRIVATE KEY-----")
+            || data.ends_with("\n-----END RSA PRIVATE KEY-----"))
+        {
+            bail!("unexpected key format");
+        }
 
-    let (data, is_private_key) = if data.starts_with("-----BEGIN ENCRYPTED PRIVATE KEY-----\n") {
         let lines: Vec<String> = data
             .lines()
             .map(|s| s.trim_end())
@@ -39,10 +47,6 @@ pub fn generate_paper_key<W: Write>(
             .map(String::from)
             .collect();
 
-        if !lines[lines.len()-1].starts_with("-----END ENCRYPTED PRIVATE KEY-----") {
-            bail!("unexpected key format");
-        }
-
         if lines.len() < 20 {
             bail!("unexpected key format");
         }
@@ -68,8 +72,8 @@ pub fn generate_paper_key<W: Write>(
     let format = output_format.unwrap_or(PaperkeyFormat::Html);
 
     match format {
-        PaperkeyFormat::Html => paperkey_html(output, &data, subject, is_private_key),
-        PaperkeyFormat::Text => paperkey_text(output, &data, subject, is_private_key),
+        PaperkeyFormat::Html => paperkey_html(output, &data, subject, is_master_key),
+        PaperkeyFormat::Text => paperkey_text(output, &data, subject, is_master_key),
     }
 }
 
@@ -77,7 +81,7 @@ fn paperkey_html<W: Write>(
     mut output: W,
     lines: &[String],
     subject: Option<String>,
-    is_private: bool,
+    is_master: bool,
 ) -> Result<(), Error> {
 
     let img_size_pt = 500;
@@ -107,7 +111,7 @@ fn paperkey_html<W: Write>(
         writeln!(output, "<p>Subject: {}</p>", subject)?;
     }
 
-    if is_private {
+    if is_master {
         const BLOCK_SIZE: usize = 20;
         let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
 
-- 
2.20.1





^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation
  2021-02-01 13:06 [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Fabian Grünbichler
@ 2021-02-01 13:06 ` Fabian Grünbichler
  2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 3/3] paperkey: rustfmt Fabian Grünbichler
  2021-02-01 16:05 ` [pbs-devel] applied: [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Dietmar Maurer
  2 siblings, 0 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2021-02-01 13:06 UTC (permalink / raw)
  To: pbs-devel

the chunk-iterator already does exactly what we want here..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/tools/paperkey.rs | 32 ++++++++------------------------
 1 file changed, 8 insertions(+), 24 deletions(-)

diff --git a/src/tools/paperkey.rs b/src/tools/paperkey.rs
index 859e8aed..3c1f7c91 100644
--- a/src/tools/paperkey.rs
+++ b/src/tools/paperkey.rs
@@ -113,26 +113,18 @@ fn paperkey_html<W: Write>(
 
     if is_master {
         const BLOCK_SIZE: usize = 20;
-        let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
-
-        for i in 0..blocks {
-            let start = i*BLOCK_SIZE;
-            let mut end = start + BLOCK_SIZE;
-            if end > lines.len() {
-                end = lines.len();
-            }
-            let data = &lines[start..end];
 
+        for (block_nr, block) in lines.chunks(BLOCK_SIZE).enumerate() {
             writeln!(output, "<div style=\"page-break-inside: avoid;page-break-after: always\">")?;
             writeln!(output, "<p>")?;
 
-            for l in start..end {
-                writeln!(output, "{:02}: {}", l, lines[l])?;
+            for (i, line) in block.iter().enumerate() {
+                writeln!(output, "{:02}: {}", i + block_nr * BLOCK_SIZE, line)?;
             }
 
             writeln!(output, "</p>")?;
 
-            let qr_code = generate_qr_code("svg", data)?;
+            let qr_code = generate_qr_code("svg", block)?;
             let qr_code = base64::encode_config(&qr_code, base64::STANDARD_NO_PAD);
 
             writeln!(output, "<center>")?;
@@ -192,20 +184,12 @@ fn paperkey_text<W: Write>(
 
     if is_private {
         const BLOCK_SIZE: usize = 5;
-        let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
-
-        for i in 0..blocks {
-            let start = i*BLOCK_SIZE;
-            let mut end = start + BLOCK_SIZE;
-            if end > lines.len() {
-                end = lines.len();
-            }
-            let data = &lines[start..end];
 
-            for l in start..end {
-                writeln!(output, "{:-2}: {}", l, lines[l])?;
+        for (block_nr, block) in lines.chunks(BLOCK_SIZE).enumerate() {
+            for (i, line) in block.iter().enumerate() {
+                writeln!(output, "{:-2}: {}", i + block_nr * BLOCK_SIZE, line)?;
             }
-            let qr_code = generate_qr_code("utf8i", data)?;
+            let qr_code = generate_qr_code("utf8i", block)?;
             let qr_code = String::from_utf8(qr_code)
                 .map_err(|_| format_err!("Failed to read qr code (got non-utf8 data)"))?;
             writeln!(output, "{}", qr_code)?;
-- 
2.20.1





^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pbs-devel] [PATCH proxmox-backup 3/3] paperkey: rustfmt
  2021-02-01 13:06 [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Fabian Grünbichler
  2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation Fabian Grünbichler
@ 2021-02-01 13:06 ` Fabian Grünbichler
  2021-02-01 16:05 ` [pbs-devel] applied: [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Dietmar Maurer
  2 siblings, 0 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2021-02-01 13:06 UTC (permalink / raw)
  To: pbs-devel

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/tools/paperkey.rs | 43 +++++++++++++++++++++++++++++--------------
 1 file changed, 29 insertions(+), 14 deletions(-)

diff --git a/src/tools/paperkey.rs b/src/tools/paperkey.rs
index 3c1f7c91..2dc185a8 100644
--- a/src/tools/paperkey.rs
+++ b/src/tools/paperkey.rs
@@ -1,5 +1,5 @@
 use std::io::Write;
-use std::process::{Stdio, Command};
+use std::process::{Command, Stdio};
 
 use anyhow::{bail, format_err, Error};
 use serde::{Deserialize, Serialize};
@@ -61,11 +61,11 @@ pub fn generate_paper_key<W: Write>(
                     .collect();
 
                 (lines, false)
-            },
+            }
             Err(err) => {
                 eprintln!("Couldn't parse data as KeyConfig - {}", err);
                 bail!("Neither a PEM-formatted private key, nor a PBS key file.");
-            },
+            }
         }
     };
 
@@ -83,14 +83,16 @@ fn paperkey_html<W: Write>(
     subject: Option<String>,
     is_master: bool,
 ) -> Result<(), Error> {
-
     let img_size_pt = 500;
 
     writeln!(output, "<!DOCTYPE html>")?;
     writeln!(output, "<html lang=\"en\">")?;
     writeln!(output, "<head>")?;
     writeln!(output, "<meta charset=\"utf-8\">")?;
-    writeln!(output, "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">")?;
+    writeln!(
+        output,
+        "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">"
+    )?;
     writeln!(output, "<title>Proxmox Backup Paperkey</title>")?;
     writeln!(output, "<style type=\"text/css\">")?;
 
@@ -115,7 +117,10 @@ fn paperkey_html<W: Write>(
         const BLOCK_SIZE: usize = 20;
 
         for (block_nr, block) in lines.chunks(BLOCK_SIZE).enumerate() {
-            writeln!(output, "<div style=\"page-break-inside: avoid;page-break-after: always\">")?;
+            writeln!(
+                output,
+                "<div style=\"page-break-inside: avoid;page-break-after: always\">"
+            )?;
             writeln!(output, "<p>")?;
 
             for (i, line) in block.iter().enumerate() {
@@ -129,11 +134,15 @@ fn paperkey_html<W: Write>(
 
             writeln!(output, "<center>")?;
             writeln!(output, "<img")?;
-            writeln!(output, "width=\"{}pt\" height=\"{}pt\"", img_size_pt, img_size_pt)?;
+            writeln!(
+                output,
+                "width=\"{}pt\" height=\"{}pt\"",
+                img_size_pt, img_size_pt
+            )?;
             writeln!(output, "src=\"data:image/svg+xml;base64,{}\"/>", qr_code)?;
             writeln!(output, "</center>")?;
             writeln!(output, "</div>")?;
-       }
+        }
 
         writeln!(output, "</body>")?;
         writeln!(output, "</html>")?;
@@ -159,7 +168,11 @@ fn paperkey_html<W: Write>(
 
     writeln!(output, "<center>")?;
     writeln!(output, "<img")?;
-    writeln!(output, "width=\"{}pt\" height=\"{}pt\"", img_size_pt, img_size_pt)?;
+    writeln!(
+        output,
+        "width=\"{}pt\" height=\"{}pt\"",
+        img_size_pt, img_size_pt
+    )?;
     writeln!(output, "src=\"data:image/svg+xml;base64,{}\"/>", qr_code)?;
     writeln!(output, "</center>")?;
 
@@ -177,7 +190,6 @@ fn paperkey_text<W: Write>(
     subject: Option<String>,
     is_private: bool,
 ) -> Result<(), Error> {
-
     if let Some(subject) = subject {
         writeln!(output, "Subject: {}\n", subject)?;
     }
@@ -194,7 +206,6 @@ fn paperkey_text<W: Write>(
                 .map_err(|_| format_err!("Failed to read qr code (got non-utf8 data)"))?;
             writeln!(output, "{}", qr_code)?;
             writeln!(output, "{}", char::from(12u8))?; // page break
-
         }
         return Ok(());
     }
@@ -222,14 +233,18 @@ fn generate_qr_code(output_type: &str, lines: &[String]) -> Result<Vec<u8>, Erro
         .spawn()?;
 
     {
-        let stdin = child.stdin.as_mut()
+        let stdin = child
+            .stdin
+            .as_mut()
             .ok_or_else(|| format_err!("Failed to open stdin"))?;
         let data = lines.join("\n");
-        stdin.write_all(data.as_bytes())
+        stdin
+            .write_all(data.as_bytes())
             .map_err(|_| format_err!("Failed to write to stdin"))?;
     }
 
-    let output = child.wait_with_output()
+    let output = child
+        .wait_with_output()
         .map_err(|_| format_err!("Failed to read stdout"))?;
 
     let output = crate::tools::command_output(output, None)?;
-- 
2.20.1





^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pbs-devel] applied: [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase
  2021-02-01 13:06 [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Fabian Grünbichler
  2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation Fabian Grünbichler
  2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 3/3] paperkey: rustfmt Fabian Grünbichler
@ 2021-02-01 16:05 ` Dietmar Maurer
  2 siblings, 0 replies; 4+ messages in thread
From: Dietmar Maurer @ 2021-02-01 16:05 UTC (permalink / raw)
  To: Proxmox Backup Server development discussion, Fabian Grünbichler

applied all 3 patches, thanks!




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-02-01 16:06 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-01 13:06 [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Fabian Grünbichler
2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation Fabian Grünbichler
2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 3/3] paperkey: rustfmt Fabian Grünbichler
2021-02-01 16:05 ` [pbs-devel] applied: [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Dietmar Maurer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal