mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-12 09:50:47 +01:00
Backup and restore encryption key
This commit is contained in:
parent
d25f543913
commit
56d82a99e1
@ -301,15 +301,23 @@ var (
|
||||
func initEventStore(dataDir string, key string) (activity.Store, string, error) {
|
||||
var err error
|
||||
if key == "" {
|
||||
log.Debugf("generate new activity store encryption key")
|
||||
key, err = sqlite.GenerateKey()
|
||||
log.Debugf("restore or generate new activity store encryption key")
|
||||
key, err = sqlite.RestoreKey(dataDir)
|
||||
if err == nil {
|
||||
goto CreateStore
|
||||
} else {
|
||||
log.Debugf("failed to restore encryption key for activity store: %s", err)
|
||||
}
|
||||
|
||||
log.Infof("generate new encryption key for activity store")
|
||||
key, err = sqlite.GenerateKey(dataDir)
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
}
|
||||
CreateStore:
|
||||
store, err := sqlite.NewSQLiteStore(dataDir, key)
|
||||
return store, key, err
|
||||
|
||||
}
|
||||
|
||||
func notifyStop(msg string) {
|
||||
|
@ -7,6 +7,12 @@ import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
)
|
||||
|
||||
const (
|
||||
backupFile = ".datastore.key"
|
||||
)
|
||||
|
||||
var iv = []byte{10, 22, 13, 79, 05, 8, 52, 91, 87, 98, 88, 98, 35, 25, 13, 05}
|
||||
@ -15,16 +21,40 @@ type FieldEncrypt struct {
|
||||
block cipher.Block
|
||||
}
|
||||
|
||||
func GenerateKey() (string, error) {
|
||||
func RestoreKey(dataDir string) (string, error) {
|
||||
fName := filepath.Join(dataDir, backupFile)
|
||||
data, err := os.ReadFile(fName)
|
||||
return string(data), err
|
||||
}
|
||||
|
||||
func GenerateKey(dataDir string) (string, error) {
|
||||
key := make([]byte, 32)
|
||||
_, err := rand.Read(key)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
readableKey := base64.StdEncoding.EncodeToString(key)
|
||||
|
||||
err = saveKey(dataDir, readableKey)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return readableKey, nil
|
||||
}
|
||||
|
||||
func saveKey(dataDir, key string) error {
|
||||
f, err := os.Create(filepath.Join(dataDir, backupFile))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer f.Close()
|
||||
_, err = f.WriteString(key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewFieldEncrypt(key string) (*FieldEncrypt, error) {
|
||||
binKey, err := base64.StdEncoding.DecodeString(key)
|
||||
if err != nil {
|
||||
|
@ -2,11 +2,20 @@ package sqlite
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func TestRestoreKey(t *testing.T) {
|
||||
_, err := RestoreKey(t.TempDir())
|
||||
if err != nil {
|
||||
log.Infof("err: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGenerateKey(t *testing.T) {
|
||||
testData := "exampl@netbird.io"
|
||||
key, err := GenerateKey()
|
||||
key, err := GenerateKey(t.TempDir())
|
||||
if err != nil {
|
||||
t.Fatalf("failed to generate key: %s", err)
|
||||
}
|
||||
@ -32,7 +41,7 @@ func TestGenerateKey(t *testing.T) {
|
||||
|
||||
func TestCorruptKey(t *testing.T) {
|
||||
testData := "exampl@netbird.io"
|
||||
key, err := GenerateKey()
|
||||
key, err := GenerateKey(t.TempDir())
|
||||
if err != nil {
|
||||
t.Fatalf("failed to generate key: %s", err)
|
||||
}
|
||||
@ -46,7 +55,7 @@ func TestCorruptKey(t *testing.T) {
|
||||
t.Fatalf("invalid encrypted text")
|
||||
}
|
||||
|
||||
newKey, err := GenerateKey()
|
||||
newKey, err := GenerateKey(t.TempDir())
|
||||
if err != nil {
|
||||
t.Fatalf("failed to generate key: %s", err)
|
||||
}
|
||||
|
@ -12,7 +12,7 @@ import (
|
||||
|
||||
func TestNewSQLiteStore(t *testing.T) {
|
||||
dataDir := t.TempDir()
|
||||
key, _ := GenerateKey()
|
||||
key, _ := GenerateKey(dataDir)
|
||||
store, err := NewSQLiteStore(dataDir, key)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
|
Loading…
Reference in New Issue
Block a user