[bldr] encryption/decryption

[bookshelfdave]

This PR implements or enhances all of these commands*:

bldr generate-user-key <key> <password> <email> [--expire-days=<expire_days>] [-vn]
bldr generate-service-key <key> [--expire-days=<expire_days>] [--group=<group>] [-vn]
bldr encrypt --user <userkey> --service <servicekey> --infile <infile> --outfile <outfile> [--password <password>] [--group=<group>] [-vn]
bldr decrypt --infile <infile> --outfile <outfile> [-vn]
bldr import-key (--infile <infile> | <key> --u <url>) [-vn]
bldr export-key (--user <userkey> | --service <servicekey>) --outfile <outfile> [--group=<group>] [-vn]
bldr download-repo-key <key> [-vn]
bldr upload-repo-key <key> -u <url> [-vn]
bldr list-keys [-vn]

• with the exception of download/upload, which have been renamed for clarity.

Notes:

• Encrypt uses a service public key and a user public key as recipients, message signing uses a user private key.
  • Key trust is not implemented, and encryption uses the ENCRYPT_ALWAYS_TRUST flag.
• Decrypt uses a service private key and a user public key to verify an encrypted message.
  • a service OR a user should be able to decrypt a message.
• If --password isn't specified to encrypt, then an echoless password prompt appears. We can talk about other ways to obtain a password in another PR (~/.bldr/config?)
• import-key and export-key only do public key IO, we can't export private keys.
• Key input/output functions have been refactored to take --infile and --outfile.
• rngd is started/stopped on demand to generate entropy for key generation
• download-repo-key / upload-repo-key need to be readdressed in a separate PR.
• Keys are generated with a bldr_ prefix to distinguish them from any other key that is imported/exported into the GPG cache. Additionally, GPG has a 4 character minimum on key names, so having a common bldr prefix allows keys with >= 1 character. (Really, I just wanted to have a key named foo). TODO: The only wrinkle here is that specifying a name on the CLI for a key should work with both normalized + non-normalized names (unless there are keys with normalized + non-normalized names that are the same).
• bldr will honor the BLDR_GPG_CACHE environment variable to point at a different GPG cache. This is primarily used for testing encrypt/decrypt/import/export.
• New dependency: rpassword (MIT license) for echoless password entry

TODO:

• implement colorized output
• gpg module shouldn't display any output
• test Decrypt as user Not possible, I need to be able to export private keys
• list keys test
• test service group params
• test user export
• find_key should be an exact match
• find_key should do an exact match using the first name on a key
• key tests need to be multi-GPG_CACHE aware so they don't litter the main gpg cache
• normalize key names (did the user enter bldr_foo or foo?)
• clone wars

[bookshelfdave]

[bookshelfdave]

gpg::find_key always uses a search expression, so searching for the exact key with name foo will also find similar keys such as foobar. Looking at the gpgme docs, it looks like the only way to pull back a single exact key is by fingerprint, which I don't have (I would need to find the key first to get the fingerprint).

I have a test and a fix that I'll commit tomorrow AM.

[reset]

If somebody specifies both an --infile and -u flag this function will silently prefer the --infile option. I'd recommend that we make the flags exclusive and notify the user or condense them into a single flag representing "location" where a value starting with http:// or https:// is a remote location and anything else is considered a filesystem location

[reset]

Nevermind! It looks like that you've covered this in docopt by specifying these two flags with an | operator :)

[reset]

@metadave overall things are looking great!

I left some comments about the heavy usage of clone(). This is a "code smell" that you should be on the lookout for. You can easily overcome the borrower checker by using clone(), but it's not the right way to go about solving a lot of problems. If you want to pair program to see how to knock out the unnecessary calls to clone() I can absolutely help you out. I might have provided enough information in this PR already for you to get it under control, though ;)

[bookshelfdave]

@reset This is the only clone I'm stuck on

[reset]

This is because when you're peforming your match the binding p is attempting to take ownership of the value wrapped in the option returned by password(). You need to use the ref keyword in the match to step around this:

match config.password() {
    Some(ref p) => p,
    None => { ... },
}

[bookshelfdave]

I tried that, but now p is a &str and since I want to return a string from this block, don't I need a String?

[reset]

I don't think you want a String back from that block. It looks like you're just passing password to gpg::encrypt_and_sign() which takes an &str value for password

[chef-delivery]

This PR has passed 'Verify' and is ready for review and approval!
Use: '@delivery approve' when code review is complete.

[bookshelfdave]

updated from review.

[reset]

@delivery approve

[chef-delivery]

Change: 35832acd-e8fe-4656-ba15-7b8398183ae4 approved by: @reset

[reset]