Decrypt decrypts the EncryptedKey with the parsed or loaded identities, and returns the result.
()
| 241 | // Decrypt decrypts the EncryptedKey with the parsed or loaded identities, and |
| 242 | // returns the result. |
| 243 | func (key *MasterKey) Decrypt() ([]byte, error) { |
| 244 | var errs errSet |
| 245 | var unusedLocations []string |
| 246 | if len(key.parsedIdentities) == 0 { |
| 247 | var ids ParsedIdentities |
| 248 | ids, unusedLocations, errs = key.loadIdentities() |
| 249 | if len(ids) == 0 { |
| 250 | log.Info("Decryption failed") |
| 251 | return nil, formatError("failed to load age identities", nil, errs, unusedLocations) |
| 252 | } |
| 253 | ids.ApplyToMasterKey(key) |
| 254 | } |
| 255 | |
| 256 | src := bytes.NewReader([]byte(key.EncryptedKey)) |
| 257 | ar := armor.NewReader(src) |
| 258 | r, err := age.Decrypt(ar, key.parsedIdentities...) |
| 259 | if err != nil { |
| 260 | log.Info("Decryption failed") |
| 261 | return nil, formatError("failed to create reader for decrypting sops data key with age", err, errs, unusedLocations) |
| 262 | } |
| 263 | |
| 264 | var b bytes.Buffer |
| 265 | if _, err := io.Copy(&b, r); err != nil { |
| 266 | log.Info("Decryption failed") |
| 267 | return nil, fmt.Errorf("failed to copy age decrypted data into bytes.Buffer: %w", err) |
| 268 | } |
| 269 | |
| 270 | log.Info("Decryption succeeded") |
| 271 | return b.Bytes(), nil |
| 272 | } |
| 273 | |
| 274 | // NeedsRotation returns whether the data key needs to be rotated or not. |
| 275 | func (key *MasterKey) NeedsRotation() bool { |