From c549360778ad27e85d453efb8d3a987c51a2116a Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 29 Nov 2019 14:14:09 +0000 Subject: [PATCH] Migrate to new CLI design - The input file is now an optional positional argument - Recipients are specified with -r/--recipient - Decryption keys are specified with -i/--identity --- examples/generate-docs.rs | 43 +++++++++++++++++---------- src/bin/rage-mount/main.rs | 24 +++++++++------ src/bin/rage/main.rs | 61 ++++++++++++++++++++++++++++++-------- 3 files changed, 91 insertions(+), 37 deletions(-) diff --git a/examples/generate-docs.rs b/examples/generate-docs.rs index 95a04fd..5e04756 100644 --- a/examples/generate-docs.rs +++ b/examples/generate-docs.rs @@ -31,10 +31,16 @@ fn rage_page() { .help("Create ASCII armored output (default is age binary format)"), ) .option( - Opt::new("input") + Opt::new("recipient") + .short("-r") + .long("--recipient") + .help("A recipient to encrypt to (can be repeated)"), + ) + .option( + Opt::new("identity") .short("-i") - .long("--input") - .help("The file path to read input from (defaults to stdin)"), + .long("--identity") + .help("An identity to decrypt with (can be repeated)"), ) .option( Opt::new("output") @@ -47,35 +53,35 @@ fn rage_page() { .long("--aliases") .help("The list of aliases to load (defaults to ~/.config/age/aliases.txt)"), ) - .arg(Arg::new("[arguments...]")) + .arg(Arg::new("[INPUT_FILE (defaults to stdin)]")) .example(Example::new().text("Encryption to a public key").command( - "echo \"_o/\" | rage -o hello.age pubkey:98W5ph53zfPGOzEOH-fMojQ4jUY7VLEmtmozREqnw4I", + "echo \"_o/\" | rage -o hello.age -r pubkey:98W5ph53zfPGOzEOH-fMojQ4jUY7VLEmtmozREqnw4I", )) .example( Example::new() .text("Encryption to multiple public keys (with default output to stdout)") .command( - "echo \"_o/\" | rage pubkey:98W5ph53zfPGOzEOH-fMojQ4jUY7VLEmtmozREqnw4I \ - pubkey:jqmfMHBjlb7HoIjjTsCQ9NHIk_q53Uy_ZxmXBhdIpx4 > hello.age", + "echo \"_o/\" | rage -r pubkey:98W5ph53zfPGOzEOH-fMojQ4jUY7VLEmtmozREqnw4I \ + -r pubkey:jqmfMHBjlb7HoIjjTsCQ9NHIk_q53Uy_ZxmXBhdIpx4 > hello.age", ), ) .example( Example::new() .text("Encryption with a password (interactive only, use public keys for batch!)") - .command("rage -i hello.txt -o hello.txt.age -p") + .command("rage -p -o hello.txt.age hello.txt") .output("Type passphrase:"), ) .example( Example::new() .text("Encryption to a list of recipients in a file") - .command("tar cv ~/xxx | rage recipients.txt > xxx.tar.age"), + .command("tar cv ~/xxx | rage -r recipients.txt > xxx.tar.age"), ) .example( Example::new() - .text("Encryption to a list of age recipients at a URL") + .text("Encryption to a list of recipients at an HTTPS URL") .command( "echo \"_o/\" | rage -o hello.age \ - https://filippo.io/.well-known/age.keys > hello.age", + -r https://filippo.io/.well-known/age.keys > hello.age", ), ) .example( @@ -84,23 +90,23 @@ fn rage_page() { "Encryption to a GitHub user \ (equivalent to https://github.com/str4d.keys)", ) - .command("echo \"_o/\" | rage github:str4d | nc 192.0.2.0 1234"), + .command("echo \"_o/\" | rage -r github:str4d | nc 192.0.2.0 1234"), ) .example( Example::new() .text("Encryption to an alias") - .command("tar cv ~/xxx | rage alias:str4d > xxx.tar.age"), + .command("tar cv ~/xxx | rage -r alias:str4d > xxx.tar.age"), ) .example( Example::new() .text("Decryption with keys at ~/.config/age/keys.txt") - .command("rage --decrypt -i hello.age") + .command("rage --decrypt hello.age") .output("_o/"), ) .example( Example::new() .text("Decryption with custom keys") - .command("rage -d -o hello -i hello.age keyA.txt keyB.txt"), + .command("rage -d -o hello -i keyA.txt -i keyB.txt hello.age"), ) .render(); @@ -166,9 +172,14 @@ fn rage_mount_page() { .long("--passphrase") .help("Use a passphrase instead of public keys"), ) + .option( + Opt::new("identity") + .short("-i") + .long("--identity") + .help("An identity to decrypt with (can be repeated)"), + ) .arg(Arg::new("filename")) .arg(Arg::new("mountpoint")) - .arg(Arg::new("[keys...]")) .example( Example::new() .text("Mounting an archive with keys at ~/.config/age/keys.txt") diff --git a/src/bin/rage-mount/main.rs b/src/bin/rage-mount/main.rs index c2c853e..dc97650 100644 --- a/src/bin/rage-mount/main.rs +++ b/src/bin/rage-mount/main.rs @@ -17,9 +17,6 @@ struct AgeMountOptions { #[options(free, help = "The directory to mount the filesystem at")] mountpoint: String, - #[options(free, help = "key files for decryption")] - keys: Vec, - #[options(help = "print help message")] help: bool, @@ -28,6 +25,9 @@ struct AgeMountOptions { #[options(help = "use a passphrase instead of public keys")] passphrase: bool, + + #[options(help = "identity to decrypt with (may be repeated)")] + identity: Vec, } fn mount_fs(open: F, mountpoint: String) @@ -55,21 +55,21 @@ fn main() { let opts = AgeMountOptions::parse_args_default_or_exit(); if opts.filename.is_empty() { - error!("Missing filename"); + error!("Error: Missing filename"); return; } if opts.mountpoint.is_empty() { - error!("Missing mountpoint"); + error!("Error: Missing mountpoint"); return; } if opts.types.is_empty() { - error!("Missing filesystem type"); + error!("Error: Missing -t/--types"); return; } let decryptor = if opts.passphrase { - if !opts.keys.is_empty() { - error!("Keys are not accepted when using a passphrase"); + if !opts.identity.is_empty() { + eprintln!("Error: -i/--identity can't be used with -p/--passphrase"); return; } @@ -78,7 +78,13 @@ fn main() { Err(_) => return, } } else { - match read_keys(opts.keys) { + if opts.identity.is_empty() { + eprintln!("Error: missing identities."); + eprintln!("Did you forget to specify -i/--identity?"); + return; + } + + match read_keys(opts.identity) { Ok(keys) => { // Check for unsupported keys and alert the user for key in &keys { diff --git a/src/bin/rage/main.rs b/src/bin/rage/main.rs index 8e7e12f..bb1825c 100644 --- a/src/bin/rage/main.rs +++ b/src/bin/rage/main.rs @@ -149,8 +149,8 @@ fn read_recipients( #[derive(Debug, Options)] struct AgeOptions { - #[options(free, help = "recipients for encryption, or key files for decryption")] - arguments: Vec, + #[options(free, help = "file to read input from (default stdin)")] + input: Option, #[options(help = "print help message")] help: bool, @@ -164,8 +164,11 @@ struct AgeOptions { #[options(help = "create ASCII armored output (default is age binary format)")] armor: bool, - #[options(help = "read from INPUT (default stdin)")] - input: Option, + #[options(help = "recipient to encrypt to (may be repeated)")] + recipient: Vec, + + #[options(help = "identity to decrypt with (may be repeated)")] + identity: Vec, #[options(help = "output to OUTPUT (default stdout)")] output: Option, @@ -175,14 +178,22 @@ struct AgeOptions { } fn encrypt(opts: AgeOptions) { + if !opts.identity.is_empty() { + eprintln!("Error: -i/--identity can't be used in encryption mode."); + eprintln!("Did you forget to specify -d/--decrypt?"); + return; + } + let encryptor = if opts.passphrase { - if !opts.arguments.is_empty() { - eprintln!("Positional arguments are not accepted when using a passphrase"); + if !opts.recipient.is_empty() { + eprintln!("Error: -r/--recipient can't be used with -p/--passphrase"); return; } if opts.input.is_none() { - eprintln!("File to encrypt must be passed in with --input when using a passphrase"); + eprintln!( + "Error: file to encrypt must be passed as an argument when using -p/--passphrase" + ); return; } @@ -191,7 +202,13 @@ fn encrypt(opts: AgeOptions) { Err(_) => return, } } else { - match read_recipients(opts.arguments, opts.aliases) { + if opts.recipient.is_empty() { + eprintln!("Error: missing recipients."); + eprintln!("Did you forget to specify -r/--recipient?"); + return; + } + + match read_recipients(opts.recipient, opts.aliases) { Ok(recipients) => age::Encryptor::Keys(recipients), Err(e) => { eprintln!("Error while reading recipients: {}", e); @@ -234,14 +251,28 @@ fn encrypt(opts: AgeOptions) { } fn decrypt(opts: AgeOptions) { + if opts.armor { + eprintln!("Error: -a/--armor can't be used with -d/--decrypt."); + eprintln!("Note that armored files are detected automatically."); + return; + } + + if !opts.recipient.is_empty() { + eprintln!("Error: -r/--recipient can't be used with -d/--decrypt."); + eprintln!("Did you mean to use -i/--identity to specify a private key?"); + return; + } + let decryptor = if opts.passphrase { - if !opts.arguments.is_empty() { - eprintln!("Positional arguments are not accepted when using a passphrase"); + if !opts.identity.is_empty() { + eprintln!("Error: -i/--identity can't be used with -p/--passphrase"); return; } if opts.input.is_none() { - eprintln!("File to decrypt must be passed in with --input when using a passphrase"); + eprintln!( + "Error: file to decrypt must be passed as an argument when using -p/--passphrase" + ); return; } @@ -250,7 +281,13 @@ fn decrypt(opts: AgeOptions) { Err(_) => return, } } else { - match read_keys(opts.arguments) { + if opts.identity.is_empty() { + eprintln!("Error: missing identities."); + eprintln!("Did you forget to specify -i/--identity?"); + return; + } + + match read_keys(opts.identity) { Ok(keys) => { // Check for unsupported keys and alert the user for key in &keys {