From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 59C9961A1A for ; Fri, 20 Nov 2020 17:39:52 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 50EAF14FDD for ; Fri, 20 Nov 2020 17:39:22 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id C184714FD1 for ; Fri, 20 Nov 2020 17:39:21 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8EBA743D43 for ; Fri, 20 Nov 2020 17:39:21 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Fri, 20 Nov 2020 17:38:34 +0100 Message-Id: <20201120163845.1225080-5-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201120163845.1225080-1-f.gruenbichler@proxmox.com> References: <20201120163845.1225080-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.026 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [key.rs] Subject: [pbs-devel] [PATCH proxmox-backup 04/13] client: add 'key show' command X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2020 16:39:52 -0000 for (pretty-)printing a keyfile. Signed-off-by: Fabian Grünbichler --- Notes: v2: display fp directly as well, add output-format support src/bin/proxmox_backup_client/key.rs | 68 +++++++++++++++++++++++++++- 1 file changed, 67 insertions(+), 1 deletion(-) diff --git a/src/bin/proxmox_backup_client/key.rs b/src/bin/proxmox_backup_client/key.rs index 915ee970..ea7e8c82 100644 --- a/src/bin/proxmox_backup_client/key.rs +++ b/src/bin/proxmox_backup_client/key.rs @@ -4,9 +4,16 @@ use std::process::{Stdio, Command}; use anyhow::{bail, format_err, Error}; use serde::{Deserialize, Serialize}; +use serde_json::Value; use proxmox::api::api; -use proxmox::api::cli::{CliCommand, CliCommandMap}; +use proxmox::api::cli::{ + CliCommand, + CliCommandMap, + format_and_print_result, + get_output_format, + OUTPUT_FORMAT, +}; use proxmox::sys::linux::tty; use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions}; @@ -16,6 +23,7 @@ use proxmox_backup::backup::{ store_key_config, CryptConfig, KeyConfig, + KeyDerivationConfig, }; use proxmox_backup::tools; @@ -229,6 +237,59 @@ fn change_passphrase(kdf: Option, path: Option) -> Result<(), Error Ok(()) } +#[api( + input: { + properties: { + path: { + description: "Key file. Without this the default key's metadata will be shown.", + optional: true, + }, + "output-format": { + schema: OUTPUT_FORMAT, + optional: true, + }, + }, + }, +)] +/// Print the encryption key's metadata. +fn show_key( + path: Option, + param: Value, +) -> Result<(), Error> { + let path = match path { + Some(path) => PathBuf::from(path), + None => { + let path = find_default_encryption_key()? + .ok_or_else(|| { + format_err!("no encryption file provided and no default file found") + })?; + path + } + }; + + let output_format = get_output_format(¶m); + let config: KeyConfig = serde_json::from_slice(&file_get_contents(path.clone())?)?; + + if output_format == "text" { + println!("Path: {:?}", path); + match config.kdf { + Some(KeyDerivationConfig::PBKDF2 { .. }) => println!("KDF: pbkdf2"), + Some(KeyDerivationConfig::Scrypt { .. }) => println!("KDF: scrypt"), + None => println!("KDF: none (plaintext key)"), + }; + println!("Created: {}", proxmox::tools::time::epoch_to_rfc3339_utc(config.created)?); + println!("Modified: {}", proxmox::tools::time::epoch_to_rfc3339_utc(config.modified)?); + match config.fingerprint { + Some(fp) => println!("Fingerprint: {}", fp), + None => println!("Fingerprint: none (legacy key)"), + }; + } else { + format_and_print_result(&serde_json::to_value(config)?, &output_format); + } + + Ok(()) +} + #[api( input: { properties: { @@ -348,6 +409,10 @@ pub fn cli() -> CliCommandMap { .arg_param(&["path"]) .completion_cb("path", tools::complete_file_name); + let key_show_cmd_def = CliCommand::new(&API_METHOD_SHOW_KEY) + .arg_param(&["path"]) + .completion_cb("path", tools::complete_file_name); + let paper_key_cmd_def = CliCommand::new(&API_METHOD_PAPER_KEY) .arg_param(&["path"]) .completion_cb("path", tools::complete_file_name); @@ -357,6 +422,7 @@ pub fn cli() -> CliCommandMap { .insert("create-master-key", key_create_master_key_cmd_def) .insert("import-master-pubkey", key_import_master_pubkey_cmd_def) .insert("change-passphrase", key_change_passphrase_cmd_def) + .insert("show", key_show_cmd_def) .insert("paperkey", paper_key_cmd_def) } -- 2.20.1