Read file from folder then encrypt and decrypt it using GPG/PGP - go

I am trying to encrypt a file using GPG and then decrypt it whenever required.
I saw an example to encrypt it
https://gist.github.com/ayubmalik/a83ee23c7c700cdce2f8c5bf5f2e9f20
But, there is nothing described about how to decrypt it
There is one more example that allows String or text encryption and decryption
https://gist.github.com/stuart-warren/93750a142d3de4e8fdd2.
But, I have to work on files. Can anyone help me to find the solution to it?

Related

Store and retreive RSA private key in Windows

I have a pretty simple scenario/requirement:
Generate RSA private/public key pair through OpenSSL or any online RSA key pair generator
Save the private key to the windows internal store (so it does not lay around as just a file somewhere
Create a PowerShell script, that looks into the store, locates the key, and uses it.
(basically, I will have a PS script, to which I send a 3rd party tool already encrypted password, and I expect that PS script to decrypt that password using a locally stored private key and use it on-the-fly)
This so far showed an unreachable goal, because:
I haven't found a way, how to import .pem file with the key
.cer file apparently does not contain the key
the only way (so far what I have found) how to import the key is conversion to .pfx file, which can be imported, BUT
.pfx file cannot be read as plain text - there seems to be no reasonable way from Powershell to locate the key and read it for usage in decryption
there is a module PSPKI, but it seems to accept the file and not the stored/installed certificate/key.
So anyone has any idea, how can I import a simple private key to Windows for later read-out from PowerShell for further usage?
Thank you!
Have a look at this class to load the PFX: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2?view=net-7.0
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\my.pfx", "password");
Next step is to open the store. After you checked which one fits best (machine or user) you can use X509Store to read and write there. Do not forget the Open method. When a certificate with private key (off) is added the key ist stored and the file can be deleted.

Real use(problem) of Encrypting Environment Files with Laravel

I was reading this article Encrypting Environment Files to encrypt and decrypt the .env content.
as per the documentation, after running php artisan env:encrypt command, it generates a new .env.encrypted file, and also the output of the command is returning a Key.
To decrypt the content, the command is looking for LARAVEL_ENV_ENCRYPTION_KEY which always changes as soon as I encrypt the content. So I don't understand the best use of this feature.
Real Use case.
Let's suppose, I have added a new variable in the .env file and encrypted the file.
Now I shared this file with other team members, now I have to share the key as well to decrypt it.
after decrypting, another team member adds a new variable and he has to follow the same routine. encrypt, and share the key.
for decryption, you have to remove the .env file, and obviously LARAVEL_ENV_ENCRYPTION_KEY will never be found(or which might be changed because of the latest encryption), so you have to pass the --key option while decrypting the content.
'To decrypt the content, the command is looking for LARAVEL_ENV_ENCRYPTION_KEY which always changes as soon as I encrypt
the content. So I don't understand the best use of this feature.'
You can always provide your own encryption key while decrypting using:
php artisan env:decrypt --force --key=3UVsEgGVK36XN82KKeyLFMhvosbZN1aF
In addition, you can encrypt by provide the same encryption key using:
php artisan env:encrypt --force --key=3UVsEgGVK36XN82KKeyLFMhvosbZN1aF
The team members don't need to share a new encryption key every time they add a new environment variable to the .env file since they will always be using the same key to encrypt the edited .env file before adding/committing the regenerated .env.encrypted file to source control.

Using PGP in golang

I'm trying to encrypt a string using the openPGP package in golang, but so far I haven't been successful.
Nothing that I've tried so far has worked, so I'm looking for any sort of suggestions or fixes.
The only requirements I have is that it should take the public/private key and the string to decrypt as a string, not files.
I tried to use the examples from this post: http://julianyap.com/2014/07/04/gnu-privacy-guard-gpg-examples-using-golang.html
Specifically this example: https://gist.github.com/jyap808/8324818
But when I run that out of the box it saids the following when trying to read the key
openpgp: invalid argument: no armored data found
And I've found no other good example/working package.
I'm starting to run out of options, as I originally tried to do this in PHP, but failed horribly there too. Would be great if anyone could offer some suggestions!
Thanks in advance
Here's a PGP package for Golang that abstracts away most of the complications and is pretty easy to use:
https://github.com/jchavannes/go-pgp
Checkout the test file for an example:
https://github.com/jchavannes/go-pgp/blob/master/pgp/encrypt_test.go

Can I effectively choose gnupg recipients by email address?

We have a perl program that generates gpg encrypted files for multiple folks.
Today, we added dan#example.com.
When I run the encryption script, it happily encrypts the file for dan#example.com using jordan#example.com. This is presumably because jordan#example.com was in my keyring first.
I've tested from the command line, and if I use gpg -r dan#example.com --encrypt foo.txt, the friendly client chooses to use the public key for jordan#example.com, instead of the more explicit dan#example.com.
Of course, if I use key ids it works, but that's not really what we've got here. Is there a way to tell gnupg to use the more explicit email address without resorting to key ids?
This is documented in the manual page that comes with gpg. Section "HOW TO SPECIFY A USER ID" you find the option "By exact match on an email address.". So the answer to your question is to use angle braces such as <dan#example.com>.

Is there a way to encrypt passwords in Ruby Watir automation scripts?

I need to create an automated test using Watir that requires a password to be written into a text field, but I don't want to have the password in plain view in the script. Is there a way to encrypt/decrypt a password within Watir?
I know python uses the base64 lib to do it, but I'm not sure how Ruby would do it.
Here's the code:
require 'watir'
ie = IE.new
ie.goto("https://test.domain.com")
ie.text_field(:name, "username").set("myUsername")
ie.textfield(:name, "password")set("myPassword")
Your test server shouldn't have sensitive data, and it shouldn't be publicly accessible. What danger are you trying to protect against / what damage can an unauthorized person do if they got the password? If it's really a test server, it seems like the worst case is that someone would mess with your test data.
Using base64 would only be security by obscurity because it's so easy to decode. If you really think this is sufficient for your needs, just use Base64.encode64 and Base64.decode64 .

Resources