From f7aac347caf5e2aaa91921102ebed158b8ba9c27 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 5 May 2022 22:42:56 +0200 Subject: read key from file --- cmd/sigsum_log_go/main.go | 10 +++++++--- integration/test.sh | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/cmd/sigsum_log_go/main.go b/cmd/sigsum_log_go/main.go index 356726a..aa469fe 100644 --- a/cmd/sigsum_log_go/main.go +++ b/cmd/sigsum_log_go/main.go @@ -8,6 +8,7 @@ import ( "encoding/hex" "flag" "fmt" + "io/ioutil" "net/http" "os" "os/signal" @@ -34,7 +35,7 @@ var ( prefix = flag.String("prefix", "", "a prefix that proceeds /sigsum/v0/") trillianID = flag.Int64("trillian_id", 0, "log identifier in the Trillian database") deadline = flag.Duration("deadline", time.Second*10, "deadline for backend requests") - key = flag.String("key", "", "hex-encoded Ed25519 signing key") + key = flag.String("key", "", "path to file with hex-encoded Ed25519 private key") witnesses = flag.String("witnesses", "", "comma-separated list of trusted witness public keys in hex") maxRange = flag.Int64("max_range", 10, "maximum number of entries that can be retrived in a single request") interval = flag.Duration("interval", time.Second*30, "interval used to rotate the log's cosigned STH") @@ -146,9 +147,12 @@ func setupInstanceFromFlags() (*instance.Instance, error) { return &i, nil } -func newLogIdentity(key string) (crypto.Signer, string, error) { - buf, err := hex.DecodeString(key) +func newLogIdentity(keyFile string) (crypto.Signer, string, error) { + buf, err := ioutil.ReadFile(keyFile) if err != nil { + return nil, "", err + } + if buf, err = hex.DecodeString(strings.TrimSpace(string(buf))); err != nil { return nil, "", fmt.Errorf("DecodeString: %v", err) } sk := crypto.Signer(ed25519.PrivateKey(buf)) diff --git a/integration/test.sh b/integration/test.sh index 3bc967c..986add7 100755 --- a/integration/test.sh +++ b/integration/test.sh @@ -103,7 +103,7 @@ function sigsum_setup() { -prefix=$ssrv_prefix\ -trillian_id=$ssrv_tree_id\ -shard_interval_start=$ssrv_shard_start\ - -key=$ssrv_priv\ + -key=<(echo $ssrv_priv)\ -witnesses=$ssrv_witnesses\ -interval=$ssrv_interval\ -http_endpoint=$ssrv_endpoint\ -- cgit v1.2.3