diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs index 711f90f6..2b04380a 100644 --- a/src/backup/crypt_config.rs +++ b/src/backup/crypt_config.rs @@ -11,7 +11,7 @@ use std::fmt; use std::fmt::Display; use std::io::Write; -use anyhow::{bail, Error}; +use anyhow::{Error}; use openssl::hash::MessageDigest; use openssl::pkcs5::pbkdf2_hmac; use openssl::symm::{decrypt_aead, Cipher, Crypter, Mode}; @@ -248,28 +248,4 @@ impl CryptConfig { Ok(decr_data) } - - pub fn generate_rsa_encoded_key( - &self, - rsa: openssl::rsa::Rsa, - created: i64, - ) -> Result, Error> { - - let modified = proxmox::tools::time::epoch_i64(); - let key_config = super::KeyConfig { - kdf: None, - created, - modified, - data: self.enc_key.to_vec(), - fingerprint: Some(self.fingerprint()), - }; - let data = serde_json::to_string(&key_config)?.as_bytes().to_vec(); - - let mut buffer = vec![0u8; rsa.size() as usize]; - let len = rsa.public_encrypt(&data, &mut buffer, openssl::rsa::Padding::PKCS1)?; - if len != buffer.len() { - bail!("got unexpected length from rsa.public_encrypt()."); - } - Ok(buffer) - } } diff --git a/src/backup/key_derivation.rs b/src/backup/key_derivation.rs index 046a8c8f..a2aa9469 100644 --- a/src/backup/key_derivation.rs +++ b/src/backup/key_derivation.rs @@ -245,3 +245,17 @@ pub fn decrypt_key( Ok((result, created, fingerprint)) } + +pub fn rsa_encrypt_key_config( + rsa: openssl::rsa::Rsa, + key: &KeyConfig, +) -> Result, Error> { + let data = serde_json::to_string(key)?.as_bytes().to_vec(); + + let mut buffer = vec![0u8; rsa.size() as usize]; + let len = rsa.public_encrypt(&data, &mut buffer, openssl::rsa::Padding::PKCS1)?; + if len != buffer.len() { + bail!("got unexpected length from rsa.public_encrypt()."); + } + Ok(buffer) +} diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs index 36da624e..c40bedc5 100644 --- a/src/bin/proxmox-backup-client.rs +++ b/src/bin/proxmox-backup-client.rs @@ -40,6 +40,7 @@ use proxmox_backup::pxar::catalog::*; use proxmox_backup::backup::{ archive_type, decrypt_key, + rsa_encrypt_key_config, verify_chunk_size, ArchiveType, AsyncReadChunk, @@ -57,6 +58,7 @@ use proxmox_backup::backup::{ ENCRYPTED_KEY_BLOB_NAME, FixedChunkStream, FixedIndexReader, + KeyConfig, IndexFile, MANIFEST_BLOB_NAME, Shell, @@ -914,13 +916,20 @@ async fn create_backup( let (key, created, fingerprint) = decrypt_key(&key, &key::get_encryption_key_password)?; println!("Encryption key fingerprint: {}", fingerprint); - let crypt_config = CryptConfig::new(key)?; + let crypt_config = CryptConfig::new(key.clone())?; match key::find_master_pubkey()? { Some(ref path) if path.exists() => { let pem_data = file_get_contents(path)?; let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?; - let enc_key = crypt_config.generate_rsa_encoded_key(rsa, created)?; + let key_config = KeyConfig { + kdf: None, + created, + modified: proxmox::tools::time::epoch_i64(), + data: key.to_vec(), + fingerprint: Some(fingerprint), + }; + let enc_key = rsa_encrypt_key_config(rsa, &key_config)?; println!("Master key '{:?}'", path); (Some(Arc::new(crypt_config)), Some(enc_key))