diff options
author | Eric Avdey <eiri@eiri.ca> | 2020-04-21 02:10:57 -0300 |
---|---|---|
committer | Eric Avdey <eiri@eiri.ca> | 2020-04-21 02:16:16 -0300 |
commit | 1f05a443a6749e1cea3fb10db2164c39e30d75dc (patch) | |
tree | bd923f46cb84c667092be6e26618c359d97a875d | |
parent | d17604b0dc0d643e44b06926e506b5620b919cae (diff) | |
download | couchdb-aegis_example_key_manager.tar.gz |
Make example key manager use pbkdf2 to derive root keyaegis_example_key_manager
-rw-r--r-- | src/aegis/src/aegis_example_key_manager.erl | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/aegis/src/aegis_example_key_manager.erl b/src/aegis/src/aegis_example_key_manager.erl index 5375e59c6..48007f54c 100644 --- a/src/aegis/src/aegis_example_key_manager.erl +++ b/src/aegis/src/aegis_example_key_manager.erl @@ -25,7 +25,15 @@ init() -> - <<1:256>>. + case config:get("aegis_example_key_manager", "key_provider") of + undefined -> + erlang:error(misconfigured_key_provider); + KeyProvider -> + PassPhrase = os:cmd(KeyProvider), + {ok, RootKey} = couch_passwords:pbkdf2( + iolist_to_binary(PassPhrase), <<0:256>>, 10000, 32), + <<(binary_to_integer(RootKey, 16)):256>> + end. generate_key(RootKey, #{} = _Db, _Options) -> @@ -41,7 +49,7 @@ unwrap_key(RootKey, #{} = _Db, AegisConfig) -> {<<"wrapped_key">>, WrappedKey} = AegisConfig, case aegis_keywrap:key_unwrap(RootKey, WrappedKey) of fail -> - error(unwrap_failed); + erlang:error(unwrap_failed); DbKey -> {ok, DbKey, AegisConfig} end. |