* [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase
@ 2021-02-01 13:06 Fabian Grünbichler
2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation Fabian Grünbichler
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2021-02-01 13:06 UTC (permalink / raw)
To: pbs-devel
some users might want to store the plain version of their master key for
long-term storage and rely on physical security instead of a passphrase
to protect the paper key.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Notes:
our tooling does not create passphrase-less master keys, so this needs a
conscious step by the user to remove the set passphrase anyway..
src/tools/paperkey.rs | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/src/tools/paperkey.rs b/src/tools/paperkey.rs
index 030275cc..859e8aed 100644
--- a/src/tools/paperkey.rs
+++ b/src/tools/paperkey.rs
@@ -30,8 +30,16 @@ pub fn generate_paper_key<W: Write>(
subject: Option<String>,
output_format: Option<PaperkeyFormat>,
) -> Result<(), Error> {
+ let (data, is_master_key) = if data.starts_with("-----BEGIN ENCRYPTED PRIVATE KEY-----\n")
+ || data.starts_with("-----BEGIN RSA PRIVATE KEY-----\n")
+ {
+ let data = data.trim_end();
+ if !(data.ends_with("\n-----END ENCRYPTED PRIVATE KEY-----")
+ || data.ends_with("\n-----END RSA PRIVATE KEY-----"))
+ {
+ bail!("unexpected key format");
+ }
- let (data, is_private_key) = if data.starts_with("-----BEGIN ENCRYPTED PRIVATE KEY-----\n") {
let lines: Vec<String> = data
.lines()
.map(|s| s.trim_end())
@@ -39,10 +47,6 @@ pub fn generate_paper_key<W: Write>(
.map(String::from)
.collect();
- if !lines[lines.len()-1].starts_with("-----END ENCRYPTED PRIVATE KEY-----") {
- bail!("unexpected key format");
- }
-
if lines.len() < 20 {
bail!("unexpected key format");
}
@@ -68,8 +72,8 @@ pub fn generate_paper_key<W: Write>(
let format = output_format.unwrap_or(PaperkeyFormat::Html);
match format {
- PaperkeyFormat::Html => paperkey_html(output, &data, subject, is_private_key),
- PaperkeyFormat::Text => paperkey_text(output, &data, subject, is_private_key),
+ PaperkeyFormat::Html => paperkey_html(output, &data, subject, is_master_key),
+ PaperkeyFormat::Text => paperkey_text(output, &data, subject, is_master_key),
}
}
@@ -77,7 +81,7 @@ fn paperkey_html<W: Write>(
mut output: W,
lines: &[String],
subject: Option<String>,
- is_private: bool,
+ is_master: bool,
) -> Result<(), Error> {
let img_size_pt = 500;
@@ -107,7 +111,7 @@ fn paperkey_html<W: Write>(
writeln!(output, "<p>Subject: {}</p>", subject)?;
}
- if is_private {
+ if is_master {
const BLOCK_SIZE: usize = 20;
let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation
2021-02-01 13:06 [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Fabian Grünbichler
@ 2021-02-01 13:06 ` Fabian Grünbichler
2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 3/3] paperkey: rustfmt Fabian Grünbichler
2021-02-01 16:05 ` [pbs-devel] applied: [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Dietmar Maurer
2 siblings, 0 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2021-02-01 13:06 UTC (permalink / raw)
To: pbs-devel
the chunk-iterator already does exactly what we want here..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/tools/paperkey.rs | 32 ++++++++------------------------
1 file changed, 8 insertions(+), 24 deletions(-)
diff --git a/src/tools/paperkey.rs b/src/tools/paperkey.rs
index 859e8aed..3c1f7c91 100644
--- a/src/tools/paperkey.rs
+++ b/src/tools/paperkey.rs
@@ -113,26 +113,18 @@ fn paperkey_html<W: Write>(
if is_master {
const BLOCK_SIZE: usize = 20;
- let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
-
- for i in 0..blocks {
- let start = i*BLOCK_SIZE;
- let mut end = start + BLOCK_SIZE;
- if end > lines.len() {
- end = lines.len();
- }
- let data = &lines[start..end];
+ for (block_nr, block) in lines.chunks(BLOCK_SIZE).enumerate() {
writeln!(output, "<div style=\"page-break-inside: avoid;page-break-after: always\">")?;
writeln!(output, "<p>")?;
- for l in start..end {
- writeln!(output, "{:02}: {}", l, lines[l])?;
+ for (i, line) in block.iter().enumerate() {
+ writeln!(output, "{:02}: {}", i + block_nr * BLOCK_SIZE, line)?;
}
writeln!(output, "</p>")?;
- let qr_code = generate_qr_code("svg", data)?;
+ let qr_code = generate_qr_code("svg", block)?;
let qr_code = base64::encode_config(&qr_code, base64::STANDARD_NO_PAD);
writeln!(output, "<center>")?;
@@ -192,20 +184,12 @@ fn paperkey_text<W: Write>(
if is_private {
const BLOCK_SIZE: usize = 5;
- let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
-
- for i in 0..blocks {
- let start = i*BLOCK_SIZE;
- let mut end = start + BLOCK_SIZE;
- if end > lines.len() {
- end = lines.len();
- }
- let data = &lines[start..end];
- for l in start..end {
- writeln!(output, "{:-2}: {}", l, lines[l])?;
+ for (block_nr, block) in lines.chunks(BLOCK_SIZE).enumerate() {
+ for (i, line) in block.iter().enumerate() {
+ writeln!(output, "{:-2}: {}", i + block_nr * BLOCK_SIZE, line)?;
}
- let qr_code = generate_qr_code("utf8i", data)?;
+ let qr_code = generate_qr_code("utf8i", block)?;
let qr_code = String::from_utf8(qr_code)
.map_err(|_| format_err!("Failed to read qr code (got non-utf8 data)"))?;
writeln!(output, "{}", qr_code)?;
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pbs-devel] [PATCH proxmox-backup 3/3] paperkey: rustfmt
2021-02-01 13:06 [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Fabian Grünbichler
2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation Fabian Grünbichler
@ 2021-02-01 13:06 ` Fabian Grünbichler
2021-02-01 16:05 ` [pbs-devel] applied: [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Dietmar Maurer
2 siblings, 0 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2021-02-01 13:06 UTC (permalink / raw)
To: pbs-devel
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/tools/paperkey.rs | 43 +++++++++++++++++++++++++++++--------------
1 file changed, 29 insertions(+), 14 deletions(-)
diff --git a/src/tools/paperkey.rs b/src/tools/paperkey.rs
index 3c1f7c91..2dc185a8 100644
--- a/src/tools/paperkey.rs
+++ b/src/tools/paperkey.rs
@@ -1,5 +1,5 @@
use std::io::Write;
-use std::process::{Stdio, Command};
+use std::process::{Command, Stdio};
use anyhow::{bail, format_err, Error};
use serde::{Deserialize, Serialize};
@@ -61,11 +61,11 @@ pub fn generate_paper_key<W: Write>(
.collect();
(lines, false)
- },
+ }
Err(err) => {
eprintln!("Couldn't parse data as KeyConfig - {}", err);
bail!("Neither a PEM-formatted private key, nor a PBS key file.");
- },
+ }
}
};
@@ -83,14 +83,16 @@ fn paperkey_html<W: Write>(
subject: Option<String>,
is_master: bool,
) -> Result<(), Error> {
-
let img_size_pt = 500;
writeln!(output, "<!DOCTYPE html>")?;
writeln!(output, "<html lang=\"en\">")?;
writeln!(output, "<head>")?;
writeln!(output, "<meta charset=\"utf-8\">")?;
- writeln!(output, "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">")?;
+ writeln!(
+ output,
+ "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">"
+ )?;
writeln!(output, "<title>Proxmox Backup Paperkey</title>")?;
writeln!(output, "<style type=\"text/css\">")?;
@@ -115,7 +117,10 @@ fn paperkey_html<W: Write>(
const BLOCK_SIZE: usize = 20;
for (block_nr, block) in lines.chunks(BLOCK_SIZE).enumerate() {
- writeln!(output, "<div style=\"page-break-inside: avoid;page-break-after: always\">")?;
+ writeln!(
+ output,
+ "<div style=\"page-break-inside: avoid;page-break-after: always\">"
+ )?;
writeln!(output, "<p>")?;
for (i, line) in block.iter().enumerate() {
@@ -129,11 +134,15 @@ fn paperkey_html<W: Write>(
writeln!(output, "<center>")?;
writeln!(output, "<img")?;
- writeln!(output, "width=\"{}pt\" height=\"{}pt\"", img_size_pt, img_size_pt)?;
+ writeln!(
+ output,
+ "width=\"{}pt\" height=\"{}pt\"",
+ img_size_pt, img_size_pt
+ )?;
writeln!(output, "src=\"data:image/svg+xml;base64,{}\"/>", qr_code)?;
writeln!(output, "</center>")?;
writeln!(output, "</div>")?;
- }
+ }
writeln!(output, "</body>")?;
writeln!(output, "</html>")?;
@@ -159,7 +168,11 @@ fn paperkey_html<W: Write>(
writeln!(output, "<center>")?;
writeln!(output, "<img")?;
- writeln!(output, "width=\"{}pt\" height=\"{}pt\"", img_size_pt, img_size_pt)?;
+ writeln!(
+ output,
+ "width=\"{}pt\" height=\"{}pt\"",
+ img_size_pt, img_size_pt
+ )?;
writeln!(output, "src=\"data:image/svg+xml;base64,{}\"/>", qr_code)?;
writeln!(output, "</center>")?;
@@ -177,7 +190,6 @@ fn paperkey_text<W: Write>(
subject: Option<String>,
is_private: bool,
) -> Result<(), Error> {
-
if let Some(subject) = subject {
writeln!(output, "Subject: {}\n", subject)?;
}
@@ -194,7 +206,6 @@ fn paperkey_text<W: Write>(
.map_err(|_| format_err!("Failed to read qr code (got non-utf8 data)"))?;
writeln!(output, "{}", qr_code)?;
writeln!(output, "{}", char::from(12u8))?; // page break
-
}
return Ok(());
}
@@ -222,14 +233,18 @@ fn generate_qr_code(output_type: &str, lines: &[String]) -> Result<Vec<u8>, Erro
.spawn()?;
{
- let stdin = child.stdin.as_mut()
+ let stdin = child
+ .stdin
+ .as_mut()
.ok_or_else(|| format_err!("Failed to open stdin"))?;
let data = lines.join("\n");
- stdin.write_all(data.as_bytes())
+ stdin
+ .write_all(data.as_bytes())
.map_err(|_| format_err!("Failed to write to stdin"))?;
}
- let output = child.wait_with_output()
+ let output = child
+ .wait_with_output()
.map_err(|_| format_err!("Failed to read stdout"))?;
let output = crate::tools::command_output(output, None)?;
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pbs-devel] applied: [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase
2021-02-01 13:06 [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Fabian Grünbichler
2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation Fabian Grünbichler
2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 3/3] paperkey: rustfmt Fabian Grünbichler
@ 2021-02-01 16:05 ` Dietmar Maurer
2 siblings, 0 replies; 4+ messages in thread
From: Dietmar Maurer @ 2021-02-01 16:05 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Fabian Grünbichler
applied all 3 patches, thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-01 16:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-01 13:06 [pbs-devel] [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Fabian Grünbichler
2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 2/3] paperkey: simplify block generation Fabian Grünbichler
2021-02-01 13:06 ` [pbs-devel] [PATCH proxmox-backup 3/3] paperkey: rustfmt Fabian Grünbichler
2021-02-01 16:05 ` [pbs-devel] applied: [PATCH proxmox-backup 1/3] paperkey: allow RSA keys without passphrase Dietmar Maurer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox