Make example key manager use pbkdf2 to derive root keyaegis_example_key_manager

author: Eric Avdey <eiri@eiri.ca> 2020-04-21 02:10:57 -0300
committer: Eric Avdey <eiri@eiri.ca> 2020-04-21 02:16:16 -0300
commit: 1f05a443a6749e1cea3fb10db2164c39e30d75dc (patch)
tree: bd923f46cb84c667092be6e26618c359d97a875d
parent: d17604b0dc0d643e44b06926e506b5620b919cae (diff)
download: couchdb-aegis_example_key_manager.tar.gz
1 files changed, 10 insertions, 2 deletions
diff --git a/src/aegis/src/aegis_example_key_manager.erl b/src/aegis/src/aegis_example_key_manager.erl
index 5375e59c6..48007f54c 100644
--- a/src/aegis/src/aegis_example_key_manager.erl
+++ b/src/aegis/src/aegis_example_key_manager.erl
@@ -25,7 +25,15 @@
 
 
 init() ->
-    <<1:256>>.
+    case config:get("aegis_example_key_manager", "key_provider") of
+        undefined ->
+            erlang:error(misconfigured_key_provider);
+        KeyProvider ->
+            PassPhrase = os:cmd(KeyProvider),
+            {ok, RootKey} = couch_passwords:pbkdf2(
+                iolist_to_binary(PassPhrase), <<0:256>>, 10000, 32),
+            <<(binary_to_integer(RootKey, 16)):256>>
+    end.
 
 
 generate_key(RootKey, #{} = _Db, _Options) ->
@@ -41,7 +49,7 @@ unwrap_key(RootKey, #{} = _Db, AegisConfig) ->
     {<<"wrapped_key">>, WrappedKey} = AegisConfig,
     case aegis_keywrap:key_unwrap(RootKey, WrappedKey) of
         fail ->
-            error(unwrap_failed);
+            erlang:error(unwrap_failed);
         DbKey ->
             {ok, DbKey, AegisConfig}
     end.
author	Eric Avdey <eiri@eiri.ca>	2020-04-21 02:10:57 -0300
committer	Eric Avdey <eiri@eiri.ca>	2020-04-21 02:16:16 -0300
commit	1f05a443a6749e1cea3fb10db2164c39e30d75dc (patch)
tree	bd923f46cb84c667092be6e26618c359d97a875d
parent	d17604b0dc0d643e44b06926e506b5620b919cae (diff)
download	couchdb-aegis_example_key_manager.tar.gz