hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.1.2, support readonly for secure editor

Browse Source
This commit is contained in:
Hatter Jiang
2023-12-08 22:56:57 +08:00
parent bae6c13582
commit bd586130fb
3 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/cmd_decrypt.rs
View File

@@ -18,8 +18,6 @@ use yubikey::YubiKey;
use zeroize::Zeroize;
use crate::{cmd_encrypt, consts, crypto_simple, util, util_enc_file, util_env, util_envelop, util_file, util_pgp, util_piv};
#[cfg(feature = "macos")]
use crate::util_keychainpasskey;
use crate::compress::GzStreamDecoder;
use crate::config::TinyEncryptConfig;
use crate::consts::{
@@ -32,6 +30,8 @@ use crate::crypto_cryptor::{Cryptor, KeyNonce};
use crate::spec::{EncEncryptedMeta, TinyEncryptEnvelop, TinyEncryptEnvelopType, TinyEncryptMeta};
use crate::util::SecVec;
use crate::util_digest::DigestWrite;
#[cfg(feature = "macos")]
use crate::util_keychainpasskey;
use crate::util_progress::Progress;
use crate::wrap_key::WrapKey;
@@ -200,7 +200,8 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
let temp_file = create_edit_temp_file(&write_file_content, path_out)?;
let do_edit_file = || -> XResult<()> {
let temp_file_content_bytes = run_file_editor_and_wait_content(&editor, &temp_file, secure_editor, &temp_encryption_key_nonce)?;
let temp_file_content_bytes = run_file_editor_and_wait_content(
&editor, &temp_file, secure_editor, cmd_decrypt.readonly, &temp_encryption_key_nonce)?;
if cmd_decrypt.readonly {
information!("Readonly, do not check temp file is changed.");
return Ok(());
@@ -283,13 +284,14 @@ pub fn decrypt_single(config: &Option<TinyEncryptConfig>,
Ok(meta.file_length)
}
fn run_file_editor_and_wait_content(editor: &str, temp_file: &PathBuf, secure_editor: bool, temp_encryption_key_nonce: &(SecVec, SecVec)) -> XResult<Vec<u8>> {
fn run_file_editor_and_wait_content(editor: &str, temp_file: &PathBuf, secure_editor: bool, readonly: bool, temp_encryption_key_nonce: &(SecVec, SecVec)) -> XResult<Vec<u8>> {
let mut command = Command::new(editor);
command.arg(temp_file.to_str().expect("Get temp file path failed."));
if secure_editor {
command.arg("aes-256-gcm");
command.arg(&hex::encode(&temp_encryption_key_nonce.0));
command.arg(&hex::encode(&temp_encryption_key_nonce.1));
if readonly { command.env("READONLY", "true"); }
}
debugging!("Run cmd: {:?}", command);
let run_cmd_result = util_cmd::run_command_and_wait(&mut command);