From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 956C7607DA for ; Tue, 17 Nov 2020 18:58:03 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9395513AF1 for ; Tue, 17 Nov 2020 18:58:03 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 1DED013ACB for ; Tue, 17 Nov 2020 18:58:03 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id DC6AA437E8 for ; Tue, 17 Nov 2020 18:58:02 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Tue, 17 Nov 2020 18:57:22 +0100 Message-Id: <20201117175725.3634238-5-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201117175725.3634238-1-f.gruenbichler@proxmox.com> References: <20201117175725.3634238-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.023 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [key.rs] Subject: [pbs-devel] [PATCH proxmox-backup 4/7] client: add 'key show' command X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2020 17:58:03 -0000 for (pretty-)printing a keyfile. Signed-off-by: Fabian Grünbichler --- src/bin/proxmox_backup_client/key.rs | 46 ++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/src/bin/proxmox_backup_client/key.rs b/src/bin/proxmox_backup_client/key.rs index 915ee970..9d0951e6 100644 --- a/src/bin/proxmox_backup_client/key.rs +++ b/src/bin/proxmox_backup_client/key.rs @@ -16,6 +16,7 @@ use proxmox_backup::backup::{ store_key_config, CryptConfig, KeyConfig, + KeyDerivationConfig, }; use proxmox_backup::tools; @@ -229,6 +230,46 @@ fn change_passphrase(kdf: Option, path: Option) -> Result<(), Error Ok(()) } +#[api( + input: { + properties: { + path: { + description: "Key file. Without this the default key's metadata will be shown.", + optional: true, + } + }, + }, +)] +/// Print the encryption key's metadata. +fn show_key(path: Option) -> Result<(), Error> { + let path = match path { + Some(path) => PathBuf::from(path), + None => { + let path = find_default_encryption_key()? + .ok_or_else(|| { + format_err!("no encryption file provided and no default file found") + })?; + path + } + }; + + println!("Path: {:?}", path); + let config: KeyConfig = serde_json::from_slice(&file_get_contents(path)?)?; + match config.kdf { + Some(KeyDerivationConfig::PBKDF2 { .. }) => println!("KDF: pbkdf2"), + Some(KeyDerivationConfig::Scrypt { .. }) => println!("KDF: scrypt"), + None => println!("KDF: none (plaintext key)"), + }; + println!("Created: {}", proxmox::tools::time::epoch_to_rfc3339_utc(config.created)?); + println!("Modified: {}", proxmox::tools::time::epoch_to_rfc3339_utc(config.modified)?); + match config.fingerprint { + Some(fp) => println!("Fingerprint: {}", crate::tools::format::as_fingerprint(&fp)), + None => println!("Fingerprint: none (legacy key)"), + }; + + Ok(()) +} + #[api( input: { properties: { @@ -348,6 +389,10 @@ pub fn cli() -> CliCommandMap { .arg_param(&["path"]) .completion_cb("path", tools::complete_file_name); + let key_show_cmd_def = CliCommand::new(&API_METHOD_SHOW_KEY) + .arg_param(&["path"]) + .completion_cb("path", tools::complete_file_name); + let paper_key_cmd_def = CliCommand::new(&API_METHOD_PAPER_KEY) .arg_param(&["path"]) .completion_cb("path", tools::complete_file_name); @@ -357,6 +402,7 @@ pub fn cli() -> CliCommandMap { .insert("create-master-key", key_create_master_key_cmd_def) .insert("import-master-pubkey", key_import_master_pubkey_cmd_def) .insert("change-passphrase", key_change_passphrase_cmd_def) + .insert("show", key_show_cmd_def) .insert("paperkey", paper_key_cmd_def) } -- 2.20.1