migrate to Age encryption

joonas-fi · joonas-fi · commit 667484ab4e49 · 2025-12-15T13:22:23.000+02:00
diff --git a/cmd/ubackup/encryption.go b/cmd/ubackup/encryption.go
@@ -1,57 +1,14 @@
 package main
 
 import (
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
 	"io"
 	"os"
 
-	"github.com/function61/gokit/crypto/cryptoutil"
 	"github.com/function61/gokit/os/osutil"
 	"github.com/function61/ubackup/pkg/backupfile"
 	"github.com/spf13/cobra"
 )
 
-func decryptionKeyGenerate(out io.Writer) error {
-	// using 4096 to be super safe, though 2048 seems to be what's currently used
-	privKey, err := rsa.GenerateKey(rand.Reader, 4096)
-	if err != nil {
-		return err
-	}
-
-	privKeyBytes := cryptoutil.MarshalPemBytes(
-		x509.MarshalPKCS1PrivateKey(privKey),
-		cryptoutil.PemTypeRsaPrivateKey)
-
-	if _, err := out.Write(privKeyBytes); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func decryptionKeyToEncryptionKey(privKeyPemReader io.Reader, pubKeyOut io.Writer) error {
-	privKeyPem, err := ioutil.ReadAll(privKeyPemReader)
-	if err != nil {
-		return err
-	}
-
-	privKey, err := cryptoutil.ParsePemPkcs1EncodedRsaPrivateKey(privKeyPem)
-	if err != nil {
-		return err
-	}
-
-	if _, err := pubKeyOut.Write(cryptoutil.MarshalPemBytes(
-		x509.MarshalPKCS1PublicKey(&privKey.PublicKey),
-		cryptoutil.PemTypeRsaPublicKey),
-	); err != nil {
-		return err
-	}
-
-	return nil
-}
-
 func decryptEntry() *cobra.Command {
 	decryptAndDecompress := func(pathToPrivateKey string, input io.Reader, output io.Writer) error {
 		privateKeyFile, err := os.ReadFile(pathToPrivateKey)
@@ -67,7 +24,6 @@ func decryptEntry() *cobra.Command {
 		}
 
 		_, err = io.Copy(output, plaintextDecompressed)
-
 		return err
 	}
 
@@ -84,10 +40,10 @@ func decryptEntry() *cobra.Command {
 func decryptionKeyGenerateEntry() *cobra.Command {
 	return &cobra.Command{
 		Use:   "decryption-key-generate",
-		Short: "Generate RSA private key for backup decryption",
+		Short: "Generate private key for backup decryption",
 		Args:  cobra.NoArgs,
 		Run: func(cmd *cobra.Command, args []string) {
-			osutil.ExitIfError(decryptionKeyGenerate(os.Stdout))
+			osutil.ExitIfError(backupfile.DecryptionKeyGenerate(os.Stdout))
 		},
 	}
 }
@@ -98,7 +54,7 @@ func decryptionKeyToEncryptionKeyEntry() *cobra.Command {
 		Short: "Prints encryption key (= public key) of decryption key (= private key)",
 		Args:  cobra.NoArgs,
 		Run: func(cmd *cobra.Command, args []string) {
-			osutil.ExitIfError(decryptionKeyToEncryptionKey(os.Stdin, os.Stdout))
+			osutil.ExitIfError(backupfile.DecryptionKeyToEncryptionKey(os.Stdin, os.Stdout))
 		},
 	}
 }
diff --git a/go.mod b/go.mod
@@ -11,6 +11,7 @@ require (
 
 require (
 	cloud.google.com/go v0.26.0 // indirect
+	filippo.io/age v1.2.1
 	github.com/BurntSushi/toml v0.3.1 // indirect
 	github.com/OneOfOne/xxhash v1.2.2 // indirect
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
@@ -49,7 +50,7 @@ require (
 	github.com/golang/mock v1.1.1 // indirect
 	github.com/golang/protobuf v1.3.2 // indirect
 	github.com/google/btree v1.0.0 // indirect
-	github.com/google/go-cmp v0.4.0 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.0.0 // indirect
 	github.com/gorilla/websocket v1.4.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
@@ -116,15 +117,15 @@ require (
 	go.uber.org/atomic v1.4.0 // indirect
 	go.uber.org/multierr v1.1.0 // indirect
 	go.uber.org/zap v1.10.0 // indirect
-	golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 // indirect
+	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3 // indirect
-	golang.org/x/net v0.0.0-20200226121028-0de0cce0169b // indirect
+	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be // indirect
-	golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/text v0.3.2 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
-	golang.org/x/tools v0.0.0-20190311212946-11955173bddd // indirect
+	golang.org/x/tools v0.22.0 // indirect
 	golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 // indirect
 	google.golang.org/appengine v1.1.0 // indirect
 	google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 // indirect
diff --git a/go.sum b/go.sum
@@ -1,4 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+filippo.io/age v1.2.1 h1:X0TZjehAZylOIj4DubWYU1vWQxv9bJpo+Uu2/LGhi1o=
+filippo.io/age v1.2.1/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -80,6 +82,7 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
@@ -208,6 +211,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90Pveol
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -220,11 +225,13 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 h1:dfGZHvZk057jK2MCeWus/TowK
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -241,14 +248,18 @@ golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
diff --git a/pkg/backupfile/encryptiondecryption.go b/pkg/backupfile/encryptiondecryption.go
@@ -1,13 +1,12 @@
-// File format for ubackup. Basically just: pkencryptedstream(gzip(plaintext))
-// pkencryptedstream is aesKeyEnvelope(rsaOaep(aesKey, pubKey)) + iv + aesCtr(plaintextGzipped)
+// File format for ubackup. Basically just: `ageEncrypt(gzip(plaintext))`
 package backupfile
 
 import (
 	"compress/gzip"
 	"io"
+	"strings"
 
-	"github.com/function61/gokit/crypto/cryptoutil"
-	"github.com/function61/gokit/crypto/pkencryptedstream"
+	"filippo.io/age"
 )
 
 type encryptorAndCompressor struct {
@@ -31,27 +30,27 @@ func (f *encryptorAndCompressor) Close() error {
 
 // you need to call .Close() on the returned WriteCloser for the gzip header and encryption
 // process to finish gracefully
-func CreateEncryptorAndCompressor(rsaPublicKeyPemPkcs1 string, sink io.Writer) (io.WriteCloser, error) {
-	publicKey, err := cryptoutil.ParsePemPkcs1EncodedRsaPublicKey([]byte(rsaPublicKeyPemPkcs1))
+func CreateEncryptorAndCompressor(ageRecipients string, sink io.Writer) (io.WriteCloser, error) {
+	recipients, err := age.ParseRecipients(strings.NewReader(ageRecipients))
 	if err != nil {
 		return nil, err
 	}
 
-	encryptedWriter, err := pkencryptedstream.Writer(sink, publicKey)
+	encryptedWriter, err := age.Encrypt(sink, recipients...)
 	if err != nil {
 		return nil, err
 	}
 
 	return &encryptorAndCompressor{encryptedWriter, gzip.NewWriter(encryptedWriter)}, nil
 }
 
-func CreateDecryptorAndDecompressor(rsaPrivateKeyPemPkcs1 string, ciphertextAndCompressedInput io.Reader) (io.Reader, error) {
-	privateKey, err := cryptoutil.ParsePemPkcs1EncodedRsaPrivateKey([]byte(rsaPrivateKeyPemPkcs1))
+func CreateDecryptorAndDecompressor(ageIdentities string, ciphertextAndCompressedInput io.Reader) (io.Reader, error) {
+	identities, err := age.ParseIdentities(strings.NewReader(ageIdentities))
 	if err != nil {
 		return nil, err
 	}
 
-	compressedPlaintextReader, err := pkencryptedstream.Reader(ciphertextAndCompressedInput, privateKey)
+	compressedPlaintextReader, err := age.Decrypt(ciphertextAndCompressedInput, identities...)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/backupfile/key-management.go b/pkg/backupfile/key-management.go
@@ -0,0 +1,35 @@
+package backupfile
+
+import (
+	"io"
+
+	"filippo.io/age"
+)
+
+func DecryptionKeyGenerate(out io.Writer) error {
+	identity, err := age.GenerateX25519Identity()
+	if err != nil {
+		return err
+	}
+
+	if _, err := out.Write([]byte(identity.String())); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func DecryptionKeyToEncryptionKey(privKeyReader io.Reader, pubKeyOut io.Writer) error {
+	identities, err := age.ParseIdentities(privKeyReader)
+	if err != nil {
+		return err
+	}
+
+	for _, identity := range identities {
+		if _, err := pubKeyOut.Write([]byte(identity.(*age.X25519Identity).Recipient().String())); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
