Open humphd opened 3 months ago
I played with this some more and was able to get it. I needed to extract the base64 encoded key:
function getEncryptionKeyForRecipient(
sopsFile: string,
privateAgeKey: string
) {
const { Decrypter } = await age();
const doc = await loadSopsFile(sopsFile);
if (!Array.isArray(doc?.sops?.age)) {
throw new Error("missing sops age metadata");
}
const sopsAgeConfig = doc.sops.age;
const pubKey = await getPublicAgeKey(privateAgeKey);
const { enc } = sopsAgeConfig.find(
(config: SopsAgeConfig) => config.recipient === pubKey
);
if (!enc) {
throw new Error("no matching recipient found in age config");
}
const decrypter = new Decrypter();
decrypter.addIdentity(privateAgeKey);
const regex =
/-----BEGIN AGE ENCRYPTED FILE-----\s*([\s\S]*?)\s*-----END AGE ENCRYPTED FILE-----/;
const matches = enc.match(regex);
if (!(matches && matches[1])) {
throw new Error("unable to extract age encryption key");
}
const base64String = matches[1].trim();
const encrypted = Buffer.from(base64String, "base64");
const decryptionKey = decrypter.decrypt(encrypted, "uint8array");
return decryptionKey;
}
I'm surprised that I couldn't use the whole -----BEGIN AGE ENCRYPTED FILE-----...
block, but perhaps that's just my own ignorance showing.
I ended up making an npm package to work with sops and age in TS/JS: https://github.com/humphd/sops-age
Thanks for making this!
Thank you for making this. I couldn't believe it when I went looking for a TS age implementation, and lo and behold, you had made an official one. Amazing!
My current use case is being able to decrypt pieces of an age-encrypted sops file in JS. We
Here's an example of the kind of thing I want to parse, where I need to decrypt the
value
key, and my AGE public key is listed as arecipient
:Here's my first attempt to get that decryption key:
When I run this, I get the following error:
Which seems to be https://github.com/FiloSottile/typage/blob/d0744544906d115825c358698a58ba259bc83f23/lib/format.ts#L109
On my system I'm using:
Do I need to pass more info in order to be able to do this? Use a different version somehow? Or maybe it's not possible?
Thanks for helping me understand what is and isn't possible.