diff options
Diffstat (limited to 'vespaclient-java')
7 files changed, 15 insertions, 19 deletions
diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/DecryptTool.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/DecryptTool.java index fc485eb92f2..f1c166ba934 100644 --- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/DecryptTool.java +++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/DecryptTool.java @@ -14,12 +14,9 @@ import org.apache.commons.cli.Option; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Paths; -import java.util.Arrays; import java.util.List; import java.util.Optional; -import static com.yahoo.security.ArrayUtils.toUtf8Bytes; - /** * Tooling for decrypting a file using a private key that corresponds to the public key used * to originally encrypt the file. @@ -47,7 +44,7 @@ public class DecryptTool implements Tool { .longOpt(RECIPIENT_PRIVATE_KEY_FILE_OPTION) .hasArg(true) .required(false) - .desc("Recipient private key file") + .desc("Recipient private key file in Base58 encoded format") .build(), Option.builder("i") .longOpt(KEY_ID_OPTION) @@ -103,7 +100,7 @@ public class DecryptTool implements Tool { "used when generating the supplied token"); } } - var privateKey = KeyUtils.fromBase64EncodedX25519PrivateKey(Files.readString(privKeyPath).strip()); + var privateKey = KeyUtils.fromBase58EncodedX25519PrivateKey(Files.readString(privKeyPath).strip()); var secretShared = SharedKeyGenerator.fromSealedKey(sealedSharedKey, privateKey); var cipher = SharedKeyGenerator.makeAesGcmDecryptionCipher(secretShared); diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/EncryptTool.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/EncryptTool.java index 737bade400f..886433f00f8 100644 --- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/EncryptTool.java +++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/EncryptTool.java @@ -15,8 +15,6 @@ import java.nio.file.Files; import java.nio.file.Paths; import java.util.List; -import static com.yahoo.security.ArrayUtils.toUtf8Bytes; - /** * Tooling to encrypt a file using a public key, emitting a non-secret token that can be * passed on to a recipient holding the corresponding private key. @@ -42,7 +40,7 @@ public class EncryptTool implements Tool { .longOpt(RECIPIENT_PUBLIC_KEY_OPTION) .hasArg(true) .required(false) - .desc("Recipient X25519 public key in Base64 encoded format") + .desc("Recipient X25519 public key in Base58 encoded format") .build(), Option.builder("i") .longOpt(KEY_ID_OPTION) @@ -79,7 +77,7 @@ public class EncryptTool implements Tool { var inputArg = leftoverArgs[0]; var outputPath = Paths.get(CliUtils.optionOrThrow(arguments, OUTPUT_FILE_OPTION)); - var recipientPubKey = KeyUtils.fromBase64EncodedX25519PublicKey(CliUtils.optionOrThrow(arguments, RECIPIENT_PUBLIC_KEY_OPTION).strip()); + var recipientPubKey = KeyUtils.fromBase58EncodedX25519PublicKey(CliUtils.optionOrThrow(arguments, RECIPIENT_PUBLIC_KEY_OPTION).strip()); var keyId = KeyId.ofString(CliUtils.optionOrThrow(arguments, KEY_ID_OPTION)); var shared = SharedKeyGenerator.generateForReceiverPublicKey(recipientPubKey, keyId); var cipher = SharedKeyGenerator.makeAesGcmEncryptionCipher(shared); diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/KeygenTool.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/KeygenTool.java index d7885dc6455..3d5accde98f 100644 --- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/KeygenTool.java +++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/KeygenTool.java @@ -59,7 +59,7 @@ public class KeygenTool implements Tool { return new ToolDescription( "<options>", "Generates an X25519 key pair and stores its private/public parts in " + - "separate files in Base64 encoded form.", + "separate files in Base58 encoded form.", "Note: this is a BETA tool version; its interface may be changed at any time", OPTIONS); } @@ -101,8 +101,8 @@ public class KeygenTool implements Tool { var privFilePerms = PosixFilePermissions.fromString("rw-------"); Files.createFile( privOutPath, PosixFilePermissions.asFileAttribute(privFilePerms)); - Files.writeString(privOutPath, KeyUtils.toBase64EncodedX25519PrivateKey(privKey) + "\n"); - Files.writeString(pubOutPath, KeyUtils.toBase64EncodedX25519PublicKey(pubKey) + "\n"); + Files.writeString(privOutPath, KeyUtils.toBase58EncodedX25519PrivateKey(privKey) + "\n"); + Files.writeString(pubOutPath, KeyUtils.toBase58EncodedX25519PublicKey(pubKey) + "\n"); } catch (IOException e) { throw new RuntimeException(e); diff --git a/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java b/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java index f529ed828ea..d4992e89802 100644 --- a/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java +++ b/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java @@ -168,11 +168,11 @@ public class CryptoToolsTest { assertEquals(expectedPerms, privKeyPerms); } - private static final String TEST_PRIV_KEY = "4qGcntygFn_a3uqeBa1PbDlygQ-cpOuNznTPIz9ftWE"; - private static final String TEST_PUB_KEY = "ROAH_S862tNMpbJ49lu1dPXFCPHFIXZK30pSrMZEmEg"; + private static final String TEST_PRIV_KEY = "GFg54SaGNCmcSGufZCx68SKLGuAFrASoDeMk3t5AjU6L"; + private static final String TEST_PUB_KEY = "5drrkakYLjYSBpr5Haknh13EiCYL36ndMzK4gTJo6pwh"; // Token created for the above public key (matching the above private key), using key id "my key ID" - private static final String TEST_TOKEN = "AQlteSBrZXkgSUQgAtTxJJdmv3eUoW5Z3NJSdZ3poKPEkW0SJOG" + - "QXP6CaC5XfyAVoUlK_NyYIMsJKyNYKU6WmagZpVG2zQGFJoqiFA"; + private static final String TEST_TOKEN = "OntP9gRVAjXeZIr4zkYqRJFcnA993v7ZEE7VbcNs1NcR3HdE7Mp" + + "wlwi3r3anF1kVa5fn7O1CyeHQpBWpdayUTKkrtyFepG6WJrZdE"; private static final String TEST_TOKEN_KEY_ID = "my key ID"; @Test diff --git a/vespaclient-java/src/test/resources/expected-decrypt-help-output.txt b/vespaclient-java/src/test/resources/expected-decrypt-help-output.txt index ef59741cd30..ddf91c779e2 100644 --- a/vespaclient-java/src/test/resources/expected-decrypt-help-output.txt +++ b/vespaclient-java/src/test/resources/expected-decrypt-help-output.txt @@ -10,7 +10,8 @@ the quotes). this is not provided, the key ID stored as part of the token is not verified. - -k,--recipient-private-key-file <arg> Recipient private key file + -k,--recipient-private-key-file <arg> Recipient private key file in + Base58 encoded format -o,--output-file <arg> Output file for decrypted plaintext. Specify '-' (without the quotes) to write plaintext to diff --git a/vespaclient-java/src/test/resources/expected-encrypt-help-output.txt b/vespaclient-java/src/test/resources/expected-encrypt-help-output.txt index 5e1da32cbe7..beddc69855b 100644 --- a/vespaclient-java/src/test/resources/expected-encrypt-help-output.txt +++ b/vespaclient-java/src/test/resources/expected-encrypt-help-output.txt @@ -10,7 +10,7 @@ the quotes). -i,--key-id <arg> Numeric ID of recipient key -o,--output-file <arg> Output file (will be truncated if it already exists) - -r,--recipient-public-key <arg> Recipient X25519 public key in Base64 + -r,--recipient-public-key <arg> Recipient X25519 public key in Base58 encoded format Note: this is a BETA tool version; its interface may be changed at any time diff --git a/vespaclient-java/src/test/resources/expected-keygen-help-output.txt b/vespaclient-java/src/test/resources/expected-keygen-help-output.txt index 60629c4291f..f386f6d2e3a 100644 --- a/vespaclient-java/src/test/resources/expected-keygen-help-output.txt +++ b/vespaclient-java/src/test/resources/expected-keygen-help-output.txt @@ -1,6 +1,6 @@ usage: vespa-security keygen <options> Generates an X25519 key pair and stores its private/public parts in -separate files in Base64 encoded form. +separate files in Base58 encoded form. -h,--help Show help -k,--private-out-file <arg> Output file for private (secret) key. Will be created with restrictive file |