MCPcopy Index your code
hub / github.com/getsops/sops / Decrypt

Method Decrypt

age/keysource.go:243–272  ·  view source on GitHub ↗

Decrypt decrypts the EncryptedKey with the parsed or loaded identities, and returns the result.

()

Source from the content-addressed store, hash-verified

241// Decrypt decrypts the EncryptedKey with the parsed or loaded identities, and
242// returns the result.
243func (key *MasterKey) Decrypt() ([]byte, error) {
244 var errs errSet
245 var unusedLocations []string
246 if len(key.parsedIdentities) == 0 {
247 var ids ParsedIdentities
248 ids, unusedLocations, errs = key.loadIdentities()
249 if len(ids) == 0 {
250 log.Info("Decryption failed")
251 return nil, formatError("failed to load age identities", nil, errs, unusedLocations)
252 }
253 ids.ApplyToMasterKey(key)
254 }
255
256 src := bytes.NewReader([]byte(key.EncryptedKey))
257 ar := armor.NewReader(src)
258 r, err := age.Decrypt(ar, key.parsedIdentities...)
259 if err != nil {
260 log.Info("Decryption failed")
261 return nil, formatError("failed to create reader for decrypting sops data key with age", err, errs, unusedLocations)
262 }
263
264 var b bytes.Buffer
265 if _, err := io.Copy(&b, r); err != nil {
266 log.Info("Decryption failed")
267 return nil, fmt.Errorf("failed to copy age decrypted data into bytes.Buffer: %w", err)
268 }
269
270 log.Info("Decryption succeeded")
271 return b.Bytes(), nil
272}
273
274// NeedsRotation returns whether the data key needs to be rotated or not.
275func (key *MasterKey) NeedsRotation() bool {

Calls 4

loadIdentitiesMethod · 0.95
ApplyToMasterKeyMethod · 0.95
formatErrorFunction · 0.85
DecryptMethod · 0.65