MCPcopy
hub / github.com/getsops/sops / DataWithFormat

Function DataWithFormat

decrypt/decrypt.go:34–71  ·  view source on GitHub ↗

DataWithFormat is a helper that takes encrypted data, and a format enum value, decrypts the data and returns its cleartext in an []byte.

(data []byte, format Format)

Source from the content-addressed store, hash-verified

32// DataWithFormat is a helper that takes encrypted data, and a format enum value,
33// decrypts the data and returns its cleartext in an []byte.
34func DataWithFormat(data []byte, format Format) (cleartext []byte, err error) {
35
36 store := common.StoreForFormat(format, config.NewStoresConfig())
37
38 // Load SOPS file and access the data key
39 tree, err := store.LoadEncryptedFile(data)
40 if err != nil {
41 return nil, err
42 }
43 key, err := tree.Metadata.GetDataKey()
44 if err != nil {
45 return nil, err
46 }
47
48 // Decrypt the tree
49 cipher := aes.NewCipher()
50 mac, err := tree.Decrypt(key, cipher)
51 if err != nil {
52 return nil, err
53 }
54
55 // Compute the hash of the cleartext tree and compare it with
56 // the one that was stored in the document. If they match,
57 // integrity was preserved
58 originalMac, err := cipher.Decrypt(
59 tree.Metadata.MessageAuthenticationCode,
60 key,
61 tree.Metadata.LastModified.Format(time.RFC3339),
62 )
63 if err != nil {
64 return nil, fmt.Errorf("Failed to decrypt original mac: %w", err)
65 }
66 if originalMac != mac {
67 return nil, fmt.Errorf("Failed to verify data integrity. expected mac %q, got %q", originalMac, mac)
68 }
69
70 return store.EmitPlainFile(tree.Branches)
71}
72
73// Data is a helper that takes encrypted data and a format string,
74// decrypts the data and returns its cleartext in an []byte.

Callers 2

FileFunction · 0.85
DataFunction · 0.85

Calls 8

DecryptMethod · 0.95
StoreForFormatFunction · 0.92
NewStoresConfigFunction · 0.92
NewCipherFunction · 0.92
GetDataKeyMethod · 0.80
FormatMethod · 0.80
LoadEncryptedFileMethod · 0.65
EmitPlainFileMethod · 0.65

Tested by

no test coverage detected