| 69 | } |
| 70 | |
| 71 | func run() error { |
| 72 | key, err := os.ReadFile(decryptCmd.Conf.GetString("encryption_key_file")) |
| 73 | x.Check(err) |
| 74 | if key == nil { |
| 75 | return errors.New("no encryption key provided") |
| 76 | } |
| 77 | |
| 78 | file, err := os.Open(decryptCmd.Conf.GetString("in")) |
| 79 | x.Check(err) |
| 80 | defer func() { |
| 81 | if err := file.Close(); err != nil { |
| 82 | glog.Warningf("error closing file: %v", err) |
| 83 | } |
| 84 | }() |
| 85 | |
| 86 | outfile, err := os.OpenFile(decryptCmd.Conf.GetString("out"), |
| 87 | os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm) |
| 88 | x.Check(err) |
| 89 | defer func() { |
| 90 | if err := outfile.Close(); err != nil { |
| 91 | glog.Warningf("error closing file: %v", err) |
| 92 | } |
| 93 | }() |
| 94 | block, err := aes.NewCipher(key) |
| 95 | x.Check(err) |
| 96 | |
| 97 | stat, err := os.Stat(decryptCmd.Conf.GetString("in")) |
| 98 | x.Check(err) |
| 99 | if stat.Size() == 0 { |
| 100 | glog.Info("audit file is empty") |
| 101 | return nil |
| 102 | } |
| 103 | |
| 104 | if err := decrypt(file, outfile, block, stat.Size()); err != nil { |
| 105 | return fmt.Errorf("could not decrypt audit log: %w", err) |
| 106 | } |
| 107 | |
| 108 | glog.Infof("decryption of audit file %s is done: decrypted file is %s", |
| 109 | decryptCmd.Conf.GetString("in"), |
| 110 | decryptCmd.Conf.GetString("out")) |
| 111 | return nil |
| 112 | } |
| 113 | |
| 114 | func decrypt(file io.ReaderAt, outfile io.Writer, block cipher.Block, sz int64) error { |
| 115 | // decrypt header in audit log to verify encryption key |