feat: identity export/import (yaw-key-backup-1)
Portable encrypted identity backup compatible with the sister project's format — argon2id KDF + nacl secretbox, peer ID visible in plaintext for pre-import verification. - crypto: ExportIdentity, ImportIdentity, SaveIdentity - proto: export_identity / import_identity IPC commands + events - ipc: export_identity returns encrypted blob; import_identity validates and decrypts (read-only — on-disk write requires daemon restart) - netmgr: MasterIdentity() accessor - daemon: --import-identity / --import-passphrase flags write identity.json and exit, enabling scripted account migration - tests: roundtrip and wrong-passphrase rejection Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -4,6 +4,7 @@ package main
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
@@ -14,16 +15,41 @@ import (
|
||||
)
|
||||
|
||||
func main() {
|
||||
dataDir := flag.String("data-dir", "~/.waste", "path to identity/config directory")
|
||||
alias := flag.String("alias", "anon", "display name shown to peers (advisory only)")
|
||||
ipcPort := flag.Int("ipc-port", 17337, "port for local IPC (UI connects here)")
|
||||
anchorURL := flag.String("anchor", "", "anchor WebSocket URL, e.g. ws://your-vps:17339/ws")
|
||||
shareDir := flag.String("share-dir", "", "directory to share with peers on the network")
|
||||
joinInvite := flag.String("join", "", "waste: invite string — sets anchor URL and auto-joins the network on startup")
|
||||
dataDir := flag.String("data-dir", "~/.waste", "path to identity/config directory")
|
||||
alias := flag.String("alias", "anon", "display name shown to peers (advisory only)")
|
||||
ipcPort := flag.Int("ipc-port", 17337, "port for local IPC (UI connects here)")
|
||||
anchorURL := flag.String("anchor", "", "anchor WebSocket URL, e.g. ws://your-vps:17339/ws")
|
||||
shareDir := flag.String("share-dir", "", "directory to share with peers on the network")
|
||||
joinInvite := flag.String("join", "", "waste: invite string — sets anchor URL and auto-joins the network on startup")
|
||||
importBackup := flag.String("import-identity", "", "path to a yaw-key-backup-1 JSON file to import")
|
||||
importPassword := flag.String("import-passphrase", "", "passphrase for --import-identity")
|
||||
flag.Parse()
|
||||
|
||||
dir := expandHome(*dataDir)
|
||||
|
||||
// --import-identity: decrypt backup and write identity.json, then exit.
|
||||
if *importBackup != "" {
|
||||
if *importPassword == "" {
|
||||
log.Fatal("--import-passphrase is required with --import-identity")
|
||||
}
|
||||
raw, err := os.ReadFile(*importBackup)
|
||||
if err != nil {
|
||||
log.Fatalf("import-identity: read file: %v", err)
|
||||
}
|
||||
imported, err := crypto.ImportIdentity(raw, *importPassword)
|
||||
if err != nil {
|
||||
log.Fatalf("import-identity: %v", err)
|
||||
}
|
||||
if err := os.MkdirAll(dir, 0700); err != nil {
|
||||
log.Fatalf("import-identity: mkdir: %v", err)
|
||||
}
|
||||
if err := crypto.SaveIdentity(dir, imported); err != nil {
|
||||
log.Fatalf("import-identity: save: %v", err)
|
||||
}
|
||||
fmt.Printf("identity imported: %s\n", imported.PeerID())
|
||||
return
|
||||
}
|
||||
|
||||
id, err := crypto.LoadOrCreate(dir, *alias)
|
||||
if err != nil {
|
||||
log.Fatalf("identity: %v", err)
|
||||
|
||||
Reference in New Issue
Block a user