mirror of
https://github.com/slackhq/nebula.git
synced 2025-01-11 11:58:11 +00:00
a56a97e5c3
Fixes #8. `nebula-cert ca` now supports encrypting the CA's private key with a passphrase. Pass `-encrypt` in order to be prompted for a passphrase. Encryption is performed using AES-256-GCM and Argon2id for KDF. KDF parameters default to RFC recommendations, but can be overridden via CLI flags `-argon-memory`, `-argon-parallelism`, and `-argon-iterations`.
28 lines
489 B
Go
28 lines
489 B
Go
package main
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"os"
|
|
|
|
"golang.org/x/term"
|
|
)
|
|
|
|
var ErrNoTerminal = errors.New("cannot read password from nonexistent terminal")
|
|
|
|
type PasswordReader interface {
|
|
ReadPassword() ([]byte, error)
|
|
}
|
|
|
|
type StdinPasswordReader struct{}
|
|
|
|
func (pr StdinPasswordReader) ReadPassword() ([]byte, error) {
|
|
if !term.IsTerminal(int(os.Stdin.Fd())) {
|
|
return nil, ErrNoTerminal
|
|
}
|
|
|
|
password, err := term.ReadPassword(int(os.Stdin.Fd()))
|
|
fmt.Println()
|
|
|
|
return password, err
|
|
}
|