MCPcopy
hub / github.com/getsops/sops / DecryptTree

Function DecryptTree

cmd/sops/common/common.go:85–108  ·  view source on GitHub ↗

DecryptTree decrypts the tree passed in through the DecryptTreeOpts and additionally returns the decrypted data key

(opts DecryptTreeOpts)

Source from the content-addressed store, hash-verified

83
84// DecryptTree decrypts the tree passed in through the DecryptTreeOpts and additionally returns the decrypted data key
85func DecryptTree(opts DecryptTreeOpts) (dataKey []byte, err error) {
86 dataKey, err = opts.Tree.Metadata.GetDataKeyWithKeyServices(opts.KeyServices, opts.DecryptionOrder)
87 if err != nil {
88 return nil, NewExitError(err, codes.CouldNotRetrieveKey)
89 }
90 computedMac, err := opts.Tree.Decrypt(dataKey, opts.Cipher)
91 if err != nil {
92 return nil, NewExitError(fmt.Sprintf("Error decrypting tree: %s", err), codes.ErrorDecryptingTree)
93 }
94 fileMac, err := opts.Cipher.Decrypt(opts.Tree.Metadata.MessageAuthenticationCode, dataKey, opts.Tree.Metadata.LastModified.Format(time.RFC3339))
95 if !opts.IgnoreMac {
96 if err != nil {
97 return nil, NewExitError(fmt.Sprintf("Cannot decrypt MAC: %s", err), codes.MacMismatch)
98 }
99 if fileMac != computedMac {
100 // If the file has an empty MAC, display "no MAC" instead of not displaying anything
101 if fileMac == "" {
102 fileMac = "no MAC"
103 }
104 return nil, NewExitError(fmt.Sprintf("MAC mismatch. File has %s, computed %s", fileMac, computedMac), codes.MacMismatch)
105 }
106 }
107 return dataKey, nil
108}
109
110// EncryptTreeOpts are the options needed to encrypt a tree
111type EncryptTreeOpts struct {

Callers 8

setFunction · 0.92
unsetFunction · 0.92
decryptTreeFunction · 0.92
editFunction · 0.92
rotateFunction · 0.92
RunFunction · 0.92

Calls 4

NewExitErrorFunction · 0.85
FormatMethod · 0.80
DecryptMethod · 0.65

Tested by

no test coverage detected