diff options
| author | Stuart Stock <stuart@int08h.com> | 2018-10-12 22:39:37 -0500 |
|---|---|---|
| committer | Stuart Stock <stuart@int08h.com> | 2018-10-12 22:39:37 -0500 |
| commit | fec19a7d65c9dca293056f40b4a1983b82a0e68d (patch) | |
| tree | 0e02ecc6174804a5be46f4fba19b7f98be6ab3d2 /src/bin | |
| parent | ed89d98692ac273ec7dfc39c19008334077779a3 (diff) | |
| download | roughenough-fec19a7d65c9dca293056f40b4a1983b82a0e68d.zip | |
Refactor to kms module; add documentation
Diffstat (limited to 'src/bin')
| -rw-r--r-- | src/bin/roughenough-kms.rs | 14 | ||||
| -rw-r--r-- | src/bin/roughenough-server.rs | 4 |
2 files changed, 8 insertions, 10 deletions
diff --git a/src/bin/roughenough-kms.rs b/src/bin/roughenough-kms.rs index 072f451..cb9a904 100644 --- a/src/bin/roughenough-kms.rs +++ b/src/bin/roughenough-kms.rs @@ -28,14 +28,11 @@ extern crate untrusted; use clap::{App, Arg}; use roughenough::VERSION; -#[allow(unused_imports)] -use roughenough::key::EnvelopeEncryption; - -#[cfg(feature = "kms")] -use roughenough::key::awskms::AwsKms; - #[cfg(feature = "kms")] fn aws_kms(kms_key: &str, plaintext_seed: &[u8]) { + use roughenough::kms::EnvelopeEncryption; + use roughenough::kms::AwsKms; + let client = AwsKms::from_arn(kms_key).unwrap(); match EnvelopeEncryption::encrypt_seed(&client, &plaintext_seed) { @@ -55,8 +52,9 @@ pub fn main() { simple_logger::init_with_level(Level::Info).unwrap(); - let matches = App::new("Roughenough key management") + let matches = App::new("roughenough-kms") .version(VERSION) + .long_about("Encrypt a Roughenough server's long-term seed using a KMS") .arg( Arg::with_name("KEY_ID") .short("k") @@ -70,7 +68,7 @@ pub fn main() { .long("seed") .takes_value(true) .required(true) - .help("Seed for the server's long-term identity"), + .help("32 byte hex seed for the server's long-term identity"), ).get_matches(); let kms_key = matches.value_of("KEY_ID").unwrap(); diff --git a/src/bin/roughenough-server.rs b/src/bin/roughenough-server.rs index 5be8620..52ae904 100644 --- a/src/bin/roughenough-server.rs +++ b/src/bin/roughenough-server.rs @@ -55,7 +55,7 @@ use byteorder::{LittleEndian, WriteBytesExt}; use roughenough::config; use roughenough::config::ServerConfig; -use roughenough::key; +use roughenough::kms; use roughenough::key::{LongTermKey, OnlineKey}; use roughenough::merkle::MerkleTree; use roughenough::{Error, RtMessage, Tag}; @@ -266,7 +266,7 @@ pub fn main() { let public_key: String; let cert_bytes = { - let seed = key::load_seed(&config).unwrap(); + let seed = kms::load_seed(&config).unwrap(); let mut long_term_key = LongTermKey::new(&seed); public_key = hex::encode(long_term_key.public_key()); |