From cc048ab9377dd00c7415c7a847c84ebc25a2e2ba Mon Sep 17 00:00:00 2001
From: matthias <matthias@koerpermagie.de>
Date: Sat, 19 May 2018 12:12:30 +0200
Subject: [PATCH] add option to change password for locked_secretbox in
 trees-create

---
 bin/trees-create | 40 +++++++++++++++++++++++++++++++---------
 1 file changed, 31 insertions(+), 9 deletions(-)

diff --git a/bin/trees-create b/bin/trees-create
index 8c4f885..2bb1eee 100755
--- a/bin/trees-create
+++ b/bin/trees-create
@@ -27,16 +27,20 @@ end
 def usage
   puts "USAGE:"
   puts "   trees-create --password PASSWORD [OPTIONS]"
+  puts "   trees-create --password PASSWORD --old-password PASSWORD OPTIONS"
   puts
   puts "OPTIONS may include:"
-  puts "   --opslimit OPSLIMIT -- argon2 ops limit, integer in 3..10, or one of"
-  puts "                          'interactive', 'moderate', 'sensitive'"
-  puts "   --memlimit MEMLIMIT -- argon2 memory limit, in bytes, or one of"
-  puts "                          'interactive', 'moderate', 'sensitive'"
-  puts "   --salt SALT         -- hex encoded salt for password digest,"
-  puts "                          #{StorageKey::SALT_BYTES} bytes in length"
-  puts "   --nonce NONCE       -- hex encoded nonce for secretbox encryption of"
-  puts "                          private key, #{StorageKey::NONCE_BYTES} bytes in length"
+  puts "   --opslimit OPSLIMIT     -- argon2 ops limit, integer in 3..10, or one of"
+  puts "                              'interactive', 'moderate', 'sensitive'"
+  puts "   --memlimit MEMLIMIT     -- argon2 memory limit, in bytes, or one of"
+  puts "                              'interactive', 'moderate', 'sensitive'"
+  puts "   --salt SALT             -- hex encoded salt for password digest,"
+  puts "                              #{StorageKey::SALT_BYTES} bytes in length"
+  puts "   --nonce NONCE           -- hex encoded nonce for secretbox encryption of"
+  puts "                              private key, #{StorageKey::NONCE_BYTES} bytes in length"
+  puts "   --secretbox SECRETBOX   -- hex encoded secretbox"
+  puts
+  puts "for password change all options are required"
   exit 1
 end
 
@@ -46,6 +50,9 @@ def main
 
   while ARGV.any?
     case ARGV.first
+    when "--old-password"
+      ARGV.shift
+      old_password = ARGV.shift
     when "--password"
       ARGV.shift
       password = ARGV.shift
@@ -61,12 +68,19 @@ def main
     when "--nonce"
       ARGV.shift
       st.sk_nonce = ARGV.shift
+    when "--secretbox"
+      ARGV.shift
+      st.locked_secretbox = ARGV.shift
     else
       usage
     end
   end
   usage unless password
-  st.generate_new_keypair(password)
+  if old_password.nil?
+    st.generate_new_keypair(password)
+  else
+    st.change_password(old_password, password)
+  end
   puts st.to_s
 end
 
@@ -121,6 +135,14 @@ class StorageKey
     )
   end
 
+  def change_password(old_password, password)
+    key = self.decrypt_key(old_password)
+    self.encrypt_key(
+      key: key,
+      password: password
+    )
+  end
+
   def to_s
     attrs = [:public_key, :locked_secretbox, :sk_nonce, :pwhash_opslimit,
              :pwhash_memlimit, :pwhash_salt]
-- 
GitLab