diff options
| author | Levi Durfee <levi.durfee@gmail.com> | 2026-01-06 19:18:18 -0500 |
|---|---|---|
| committer | Levi Durfee <levi.durfee@gmail.com> | 2026-01-06 19:18:20 -0500 |
| commit | b8c0706a71ccae2d10065ab33715f1058fdbe6b8 (patch) | |
| tree | 92e988f45ea34124c12596192509b34712c67f83 | |
| parent | 35a6325ba12d0462bf01eb740fb6abde2d43c17a (diff) | |
Add ability to decrypt a file
| -rw-r--r-- | cmd/goaes/commands/decrypt.go | 27 | ||||
| -rw-r--r-- | cmd/goaes/main.go | 14 | ||||
| -rw-r--r-- | internal/decrypt.go | 28 |
3 files changed, 69 insertions, 0 deletions
diff --git a/cmd/goaes/commands/decrypt.go b/cmd/goaes/commands/decrypt.go index f89da22..5077e8c 100644 --- a/cmd/goaes/commands/decrypt.go +++ b/cmd/goaes/commands/decrypt.go @@ -2,11 +2,38 @@ package commands import ( "context" + "encoding/gob" + "os" + "github.com/nerdsec/goaes/internal" "github.com/urfave/cli/v3" ) func Decrypt(ctx context.Context, cmd *cli.Command) error { + source := cmd.String("source") + destination := cmd.String("destination") + + file, err := os.Open(source) + if err != nil { + return err + } + defer file.Close() + + enc := gob.NewDecoder(file) + + var encryptedPayload internal.EncryptedDataPayload + + err = enc.Decode(&encryptedPayload) + if err != nil { + return err + } + + plaintext, err := internal.Decrypt(encryptedPayload.DEK, encryptedPayload.Payload) + if err != nil { + return err + } + + os.WriteFile(destination, plaintext, 0666) return nil } diff --git a/cmd/goaes/main.go b/cmd/goaes/main.go index f0b4368..2ed1fc1 100644 --- a/cmd/goaes/main.go +++ b/cmd/goaes/main.go @@ -48,6 +48,20 @@ func main() { Aliases: []string{"d"}, Usage: "Decrypt a file", Action: commands.Decrypt, + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "source", + Aliases: []string{"s"}, + Usage: "source file to decrypt", + Required: true, + }, + &cli.StringFlag{ + Name: "destination", + Aliases: []string{"d"}, + Usage: "where to write the decrypted file", + Required: true, + }, + }, }, }, } diff --git a/internal/decrypt.go b/internal/decrypt.go new file mode 100644 index 0000000..64ae7cf --- /dev/null +++ b/internal/decrypt.go @@ -0,0 +1,28 @@ +package internal + +import ( + "github.com/joho/godotenv" +) + +func Decrypt(edek WrappedDEK, ct Ciphertext) ([]byte, error) { + if err := godotenv.Load(); err != nil { + return nil, err + } + + kek, err := NewKEKFromEnvB64("SECRET_KEY") + if err != nil { + return nil, err + } + + dek2, err := UnwrapDEK(edek, kek) + if err != nil { + return nil, err + } + + pt, err := DecryptData(ct, dek2) + if err != nil { + return nil, err + } + + return pt, nil +} |