upgrae to latest version of rpgp

Author: alexng353

Cargo.lock

@@ -26,7 +26,7 @@ clap_complete = "4.5.23"
 
 # stuff i need for the table
 box_drawing = "0.1.2"
-colored = "2.1.0"
+colored = "3.0.0"
 console = "0.15.8"
 indoc = "2.0.5"
 
@@ -40,10 +40,11 @@ ctrlc = "3.4.5"
 hex = "0.4.3"
 home = "0.5.9"
 rand = "0.8.5"
+# rand_chacha = "0.9.0"
 regex = "1"
 reqwest = { version = "0.12.7", features = ["json"] }
 
-pgp = "0.13.2"
+pgp = "0.15"
 
 serde = { version = "1.0.208", features = ["derive"] }
 serde_json = "1.0"
@@ -68,4 +69,4 @@ keyring = { version = "3.2.0", features = [
   "windows-native",
   "linux-native",
 ] }
-bincode = "1.3.3"
+bincode = "1"

Cargo.toml

@@ -1,20 +1,16 @@
 // TODO: add uuid to config after uploading
 
 use super::*;
+use crate::constants::MINIMUM_PASSWORD_LENGTH;
 use crate::sdk::SDK;
 use crate::utils::config::{self};
 use crate::utils::key::Key;
 use crate::utils::keyring::set_password;
-// use crate::utils::prompt::prompt_password;
-use crate::constants::MINIMUM_PASSWORD_LENGTH;
-use crate::utils::prompt::{prompt_email, prompt_password, prompt_text};
-use crate::utils::rpgp::{
-    generate_hashed_primary_user_id, generate_key_pair, get_vault_location,
-    user_id,
-};
+use crate::utils::prompt::{prompt_password, prompt_text};
+use crate::utils::rpgp::{generate_key_pair, get_vault_location, user_id};
 use crate::utils::vecu8::ToHex;
 use anyhow::Context;
-use pgp::types::KeyTrait;
+use pgp::types::PublicKeyTrait;
 use pgp::ArmorOptions;
 use std::fs;
 use std::str;
@@ -30,9 +26,9 @@ pub struct Args {
     #[clap(short, long)]
     interactive: bool,
 
-    /// Nickname for the key. Do NOT use your real name.
+    /// Username for the key. Do NOT use your real name, or anything that could be used to identify you.
     #[clap(short, long)]
-    nickname: Option<String>,
+    username: Option<String>,
 
     /// Passphrase to encrypt the key with
     #[clap(short, long)]
@@ -71,8 +67,8 @@ pub async fn command(args: Args) -> Result<()> {
     let mut config = config::Config::get().context("Failed to get config")?;
     let settings = config.get_settings()?;
 
-    let nickname = args
-        .nickname
+    let username = args
+        .username
         .unwrap_or_else(|| prompt_text("Set a nickname for the key").unwrap());
 
     let passphrase = args
@@ -87,7 +83,7 @@ pub async fn command(args: Args) -> Result<()> {
         eprintln!("You can disable this warning with `envx config --no-warn-on-short-passwords`");
     }
 
-    let key_pair = generate_key_pair(&nickname, passphrase.to_owned())
+    let key_pair = generate_key_pair(&username, passphrase.to_owned())
         .expect("Failed to generate key pair");
 
     let priv_key = key_pair
@@ -100,7 +96,7 @@ pub async fn command(args: Args) -> Result<()> {
         .to_armored_string(ArmorOptions::default())
         .expect("Failed to convert public key to armored ASCII string");
 
-    let fingerprint = key_pair.secret_key.fingerprint().to_hex();
+    let fingerprint = key_pair.secret_key.fingerprint().as_bytes().to_hex();
 
     let result =
         set_password(&fingerprint, &passphrase, settings.get_keyring_expiry());
@@ -154,13 +150,13 @@ pub async fn command(args: Args) -> Result<()> {
     let mut key_to_insert: Key = Key {
         fingerprint: fingerprint.clone(),
         note: "".to_string(),
-        primary_user_id: user_id(&nickname),
+        primary_user_id: user_id(&username),
         pubkey_only: None,
         uuid: None,
     };
 
     if config.online {
-        match SDK::new_user(&nickname, &pub_key).await {
+        match SDK::new_user(&username, &pub_key).await {
             Ok(id) => {
                 println!("User ID: {}", id);
                 key_to_insert.uuid = Some(id);

src/commands/gen.rs

@@ -16,6 +16,7 @@ pub async fn command(args: Args) -> Result<()> {
     let remote_projects = SDK::list_projects(&key.fingerprint)
         .await
         .context("Failed to get projects from server".red())?;
+
     let remote_projects = remote_projects
         .iter()
         .filter(|p| {

src/commands/get/projects.rs

@@ -5,7 +5,7 @@ use crate::utils::rpgp::get_vault_location;
 use crate::utils::vecu8::ToHex;
 use clap::Subcommand;
 use pgp::ArmorOptions;
-use pgp::{types::KeyTrait, Deserializable};
+use pgp::{types::PublicKeyTrait, Deserializable};
 use std::fs;
 use std::io::Cursor;
 
@@ -33,7 +33,8 @@ pub async fn command(args: Args) -> Result<()> {
                 pgp::composed::SignedPublicKey::from_armor_single(buf)
                     .context("Failed to parse armored key")?;
 
-            let fingerprint = pubkey.fingerprint().to_hex().to_uppercase();
+            let fingerprint =
+                pubkey.fingerprint().as_bytes().to_hex().to_uppercase();
 
             println!("Importing key: {}", fingerprint);
 
@@ -46,6 +47,7 @@ pub async fn command(args: Args) -> Result<()> {
                 .id()
                 .to_string();
 
+            // TODO: fix this
             let (primary_user_id, hashed_note) = if only_hex(&first_user_id)
                 && first_user_id.len() == 128
             {
@@ -69,7 +71,6 @@ pub async fn command(args: Args) -> Result<()> {
                 note: "".to_string(),
                 pubkey_only: Some(true),
                 primary_user_id,
-                hashed_note,
                 uuid: None,
             };
 

src/commands/import.rs

@@ -1,17 +1,19 @@
 use std::cmp::Ordering;
+use std::process::Stdio;
 
 use crate::utils::{compare_semver, config::Config};
 
 use super::*;
 
-/// If your key is not in the database, use this command to upload it
+/// Update the envx CLI
 #[derive(Parser)]
 pub struct Args {}
 
 pub async fn command(_args: Args) -> Result<()> {
     let mut config = Config::get()?;
     let result = config.check_update(true).await?;
     config.write()?;
+
     let latest_version = if let Some(latest_version) = result {
         latest_version
     } else {
@@ -29,18 +31,19 @@ pub async fn command(_args: Args) -> Result<()> {
             env!("CARGO_PKG_VERSION").yellow(),
             latest_version.bright_yellow(),
         );
-        // println!(
-        //     "Run `{}` to update\n",
-        //     "curl -fsSL https://get.envx.sh | sh".green()
-        // );
+    } else {
+        println!("You are already on or ahead of the latest version");
+        println!("Current version: {}", env!("CARGO_PKG_VERSION"));
+        println!("Latest version: {}", latest_version);
+        return Ok(());
     }
 
     let mut output = tokio::process::Command::new("sh")
         .arg("-c")
         .arg("curl -fsSL https://get.envx.sh | sh")
-        .stdout(std::process::Stdio::inherit())
-        .stderr(std::process::Stdio::inherit())
-        .stdin(std::process::Stdio::inherit())
+        .stdout(Stdio::inherit())
+        .stderr(Stdio::inherit())
+        .stdin(Stdio::inherit())
         .spawn()?;
 
     let status = output.wait().await?;

src/commands/update.rs

@@ -3,6 +3,7 @@ use anyhow::{anyhow, Context};
 use chrono::Utc;
 use pgp::composed::message::Message;
 use pgp::{crypto, ArmorOptions, Deserializable, SignedSecretKey};
+use rand::rngs::OsRng;
 use serde::{Deserialize, Serialize};
 
 use super::keyring::try_get_password;
@@ -27,7 +28,9 @@ pub async fn get_token(
     let passphrase = try_get_password(fingerprint, &config)?;
     let pw = || passphrase;
 
-    let signature = msg.sign(&key, pw, crypto::hash::HashAlgorithm::SHA3_512);
+    let rng = OsRng;
+    let signature =
+        msg.sign(rng, &key, pw, crypto::hash::HashAlgorithm::SHA3_512);
 
     let signature = match signature {
         Ok(s) => s,

src/utils/auth.rs

@@ -1,6 +1,6 @@
 use super::config::Config;
 use super::keyring::try_get_password;
-use anyhow::{anyhow, Context, Ok, Result};
+use anyhow::{anyhow, bail, Context, Ok, Result};
 use colored::Colorize;
 use crypto_hash::{hex_digest, Algorithm};
 use hex::ToHex;
@@ -12,6 +12,7 @@ use pgp::{
     Deserializable,
 };
 use rand::prelude::*;
+use rand::rngs::OsRng;
 use rayon::iter::{IntoParallelRefIterator, ParallelIterator};
 use smallvec::*;
 use std::{fs, io::Cursor, path::Path};
@@ -57,18 +58,18 @@ pub fn generate_key_pair(nickname: &str, password: String) -> Result<KeyPair> {
         .context("Failed to create secret key params.")?;
 
     let secret_key = secret_key_params
-        .generate()
+        .generate(OsRng)
         .context("Failed to generate a plain key.")?;
 
     let passwd_fn = || password.clone();
 
     let signed_secret_key = secret_key
-        .sign(passwd_fn)
+        .sign(OsRng, passwd_fn)
         .context("Failed to sign secret key.")?;
 
     let public_key = signed_secret_key.public_key();
     let signed_public_key = public_key
-        .sign(&signed_secret_key, passwd_fn)
+        .sign(OsRng, &signed_secret_key, passwd_fn)
         .context("Failed to sign public key.")?;
 
     let key_pair = KeyPair {
@@ -85,7 +86,7 @@ pub fn encrypt(msg: &str, pubkey_str: &str) -> Result<String> {
     let msg = composed::message::Message::new_literal("none", msg);
 
     let mut rng = StdRng::from_entropy();
-    let new_msg = msg.encrypt_to_keys(
+    let new_msg = msg.encrypt_to_keys_seipdv1(
         &mut rng,
         crypto::sym::SymmetricKeyAlgorithm::AES128,
         &[&pubkey],
@@ -102,7 +103,7 @@ pub fn encrypt_multi(msg: &str, pubkeys: &[SignedPublicKey]) -> Result<String> {
 
     let msg = composed::message::Message::new_literal("none", msg);
 
-    let new_msg = msg.encrypt_to_keys(
+    let new_msg = msg.encrypt_to_keys_seipdv1(
         &mut rng,
         crypto::sym::SymmetricKeyAlgorithm::AES128,
         &borrowed_keys,
@@ -111,15 +112,33 @@ pub fn encrypt_multi(msg: &str, pubkeys: &[SignedPublicKey]) -> Result<String> {
     Ok(new_msg.to_armored_string(ArmorOptions::default())?)
 }
 
+trait GetRecipients {
+    fn get_recipients(&self) -> Vec<&pgp::types::KeyId>;
+}
+
+impl GetRecipients for composed::message::Message {
+    fn get_recipients(&self) -> Vec<&pgp::types::KeyId> {
+        match self {
+            Message::Encrypted { esk, .. } => esk
+                .iter()
+                .filter_map(|e| match e {
+                    pgp::Esk::PublicKeyEncryptedSessionKey(k) => k.id().ok(),
+                    _ => None,
+                })
+                .collect::<Vec<&pgp::types::KeyId>>(),
+            _ => todo!(),
+        }
+    }
+}
+
 pub fn decrypt(
     armored: &str,
     seckey: &SignedSecretKey,
     password: String,
 ) -> Result<String> {
-    let buf = Cursor::new(armored);
-    let (msg, _) = composed::message::Message::from_armor_single(buf)
+    let (msg, _) = composed::message::Message::from_string(armored)
         .context("Failed to convert &str to armored message")?;
-    let (dec, _) = msg
+    let (dec, k) = msg
         .decrypt(|| password, &[seckey])
         .context("Decrypting the message")?;
 
@@ -148,9 +167,8 @@ pub fn generate_hashed_primary_user_id(name: String, email: String) -> String {
 }
 
 pub fn decrypt_full(message: String, config: &Config) -> Result<String> {
-    let buf = Cursor::new(message.clone());
-    let (msg, _) = composed::message::Message::from_armor_single(buf)
-        .context("Failed to convert &str to armored message")?;
+    let (msg, _) = composed::message::Message::from_string(&message)
+        .context("Failed to parse message")?;
 
     let recipients: Vec<String> = msg
         .get_recipients()
@@ -209,7 +227,8 @@ pub fn decrypt_full_many(
         return Ok(vec![]);
     };
 
-    let msg = Message::from_string(first.as_str())?.0;
+    let (msg, headers) = Message::from_string(first.as_str())?;
+    dbg!(&headers);
 
     let recipients: Vec<String> = msg
         .get_recipients()

src/utils/rpgp.rs

@@ -7,3 +7,9 @@ impl ToHex for Vec<u8> {
         hex::encode(self)
     }
 }
+
+impl ToHex for [u8] {
+    fn to_hex(&self) -> String {
+        hex::encode(self)
+    }
+}