feat: v1.6.1, update dependencies, optimize code

src/cmd_config.rs

@@ -72,7 +72,7 @@ fn config_key_filter(cmd_version: &CmdConfig, config: &TinyEncryptConfig) -> XRe
     let mut config_envelops = vec![];
     for envelop in envelops {
         config_envelops.push(ConfigEnvelop {
-            r#type: envelop.r#type.get_name().to_string(),
+            r#type: format!("{}{}", envelop.r#type.get_name(), iff!(envelop.r#type.is_hardware_security(), " *", "")),
             sid: strip_field(&envelop.sid.as_ref().map(ToString::to_string).unwrap_or_else(|| "-".to_string()), 25),
             kid: strip_field(&envelop.kid, 40),
             desc: strip_field(&envelop.desc.as_ref().map(ToString::to_string).unwrap_or_else(|| "-".to_string()), 40),
@@ -82,6 +82,7 @@ fn config_key_filter(cmd_version: &CmdConfig, config: &TinyEncryptConfig) -> XRe
     let mut table = Table::new(config_envelops);
     table.with(Style::sharp());
     println!("{}", table);
+    println!("> Type with * is hardware security");
     Ok(())
 }
 

src/cmd_encrypt.rs

@@ -23,7 +23,7 @@ use crate::consts::{
     SALT_COMMENT, TINY_ENC_CONFIG_FILE, TINY_ENC_FILE_EXT,
 };
 use crate::crypto_cryptor::{Cryptor, KeyNonce};
-use crate::crypto_rsa;
+use crate::util_rsa;
 use crate::spec::{
     EncEncryptedMeta, EncMetadata,
     TinyEncryptEnvelop, TinyEncryptEnvelopType, TinyEncryptMeta,
@@ -371,7 +371,7 @@ fn encrypt_envelop_shared_secret(cryptor: Cryptor,
 }
 
 fn encrypt_envelop_rsa(key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResult<TinyEncryptEnvelop> {
-    let rsa_public_key = opt_result!(crypto_rsa::parse_spki(&envelop.public_part), "Parse RSA public key failed: {}");
+    let rsa_public_key = opt_result!(util_rsa::parse_spki(&envelop.public_part), "Parse RSA public key failed: {}");
     let mut rng = rand::thread_rng();
     let encrypted_key = opt_result!(rsa_public_key.encrypt(&mut rng, Pkcs1v15Encrypt, key), "RSA public key encrypt failed: {}");
     Ok(TinyEncryptEnvelop {

src/config.rs

@@ -177,10 +177,8 @@ impl TinyEncryptConfig {
                 self.envelops.iter().for_each(|e| {
                     key_ids.push(e.kid.to_string());
                 });
-            } else {
-                if let Some(kids) = self.profiles.get(profile) {
-                    kids.iter().for_each(|k| key_ids.push(k.to_string()));
-                }
+            } else if let Some(kids) = self.profiles.get(profile) {
+                kids.iter().for_each(|k| key_ids.push(k.to_string()));
             }
         }
         if let Some(key_filter) = key_filter {

src/lib.rs

@@ -44,7 +44,7 @@ mod compress;
 mod config;
 mod spec;
 mod crypto_simple;
-mod crypto_rsa;
+mod util_rsa;
 mod crypto_cryptor;
 mod wrap_key;
 mod util_envelop;

src/spec.rs

@@ -82,9 +82,6 @@ pub enum TinyEncryptEnvelopType {
     // Secure Enclave ECDH P256
     #[serde(rename = "key-p256")]
     KeyP256,
-    // Age, tiny-encrypt-rs is not supported
-    #[serde(rename = "age")]
-    Age,
     // PIV ECDH P256
     #[serde(rename = "piv-p256", alias = "ecdh")]
     PivP256,
@@ -94,6 +91,9 @@ pub enum TinyEncryptEnvelopType {
     // PIV RSA
     #[serde(rename = "piv-rsa")]
     PivRsa,
+    // Age, tiny-encrypt-rs is not supported
+    #[serde(rename = "age")]
+    Age,
     // KMS, tiny-encrypt-rs is not supported
     #[serde(rename = "kms")]
     Kms,
@@ -111,26 +111,41 @@ impl TinyEncryptEnvelopType {
             TinyEncryptEnvelopType::StaticX25519 => "static-x25519",
             TinyEncryptEnvelopType::StaticKyber1024 => "static-kyber1024",
             TinyEncryptEnvelopType::KeyP256 => "key-p256",
-            TinyEncryptEnvelopType::Age => "age",
             TinyEncryptEnvelopType::PivP256 => "piv-p256",
             TinyEncryptEnvelopType::PivP384 => "piv-p384",
             TinyEncryptEnvelopType::PivRsa => "piv-rsa",
+            TinyEncryptEnvelopType::Age => "age",
             TinyEncryptEnvelopType::Kms => "kms",
         }
     }
 
     pub fn auto_select(&self) -> bool {
         match self {
-            TinyEncryptEnvelopType::PgpRsa => false,
-            TinyEncryptEnvelopType::PgpX25519 => false,
-            TinyEncryptEnvelopType::StaticX25519 => true,
-            TinyEncryptEnvelopType::StaticKyber1024 => true,
-            TinyEncryptEnvelopType::KeyP256 => true,
-            TinyEncryptEnvelopType::Age => false,
-            TinyEncryptEnvelopType::PivP256 => false,
-            TinyEncryptEnvelopType::PivP384 => false,
-            TinyEncryptEnvelopType::PivRsa => false,
-            TinyEncryptEnvelopType::Kms => true,
+            TinyEncryptEnvelopType::StaticX25519
+            | TinyEncryptEnvelopType::StaticKyber1024
+            | TinyEncryptEnvelopType::KeyP256
+            | TinyEncryptEnvelopType::Kms => true,
+            TinyEncryptEnvelopType::PgpRsa
+            | TinyEncryptEnvelopType::PgpX25519
+            | TinyEncryptEnvelopType::PivP256
+            | TinyEncryptEnvelopType::PivP384
+            | TinyEncryptEnvelopType::PivRsa
+            | TinyEncryptEnvelopType::Age => false,
+        }
+    }
+
+    pub fn is_hardware_security(&self) -> bool {
+        match self {
+            TinyEncryptEnvelopType::PgpRsa
+            | TinyEncryptEnvelopType::PgpX25519
+            | TinyEncryptEnvelopType::KeyP256
+            | TinyEncryptEnvelopType::PivP256
+            | TinyEncryptEnvelopType::PivP384
+            | TinyEncryptEnvelopType::PivRsa
+            | TinyEncryptEnvelopType::Age => true,
+            TinyEncryptEnvelopType::StaticX25519
+            | TinyEncryptEnvelopType::StaticKyber1024
+            | TinyEncryptEnvelopType::Kms => false,
         }
     }
 }