一个基于 Cobra 的命令行工具集,用于生成 root/work 密钥并对字符串进行加密。
make build
./tools --help或直接构建:
go build -mod=readonly -trimpath -buildvcs=false -ldflags="-s -w" -o ./tools ./main.goCLI utilities for generating root/work keys and encrypting strings using work keys.
Usage:
tools [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
decrypt Decrypt a Base64 string with a work key
encrypt Encrypt a string with a work key
gen-random-key Generate a random key file
gen-root-key Generate root key files
gen-work-key Generate a work key file
help Help about any command
Flags:
-c, --check Check cmd run conditions
-h, --help help for tools
Use "tools [command] --help" for more information about a command.
Generate root keys (rootKey/root_part_*.key + rootKey/root.salt).
Usage:
tools gen-root-key [flags]
Flags:
-d, --dir string Key base directory. Will create rootKey/workKey under it.
-f, --force Force Create RootKey, Ignore Exist key.
-h, --help help for gen-root-key
Generate a work key encrypted by the root key.
Usage:
tools gen-work-key [flags]
Flags:
-d, --dir string Key base directory. Will create rootKey/workKey under it.
-f, --force Force Create WorkKey, Ignore Exist key.
-h, --help help for gen-work-key
-n, --name string Work Key File Name. eg: work.key (default "work.key")
Generate a random key file (Base64, 32 bytes) in workKey directory.
Usage:
tools gen-random-key [flags]
Flags:
-d, --dir string Key base directory. Will create rootKey/workKey under it.
-f, --force Force Create RandomKey, Ignore Exist key.
-h, --help help for gen-random-key
-n, --name string Random Key File Name. eg: random.key (default "random.key")
Encrypt a plaintext string using the specified work key file and output Base64.
Usage:
tools encrypt [flags]
Flags:
-d, --key-dir string Key base directory containing rootKey/workKey.
-h, --help help for encrypt
-k, --work-key string Work key file name, using for encrypt input string.
Decrypt a Base64-encoded ciphertext using the specified work key file and output plaintext.
Usage:
tools decrypt [flags]
Flags:
-d, --key-dir string Key base directory containing rootKey/workKey.
-h, --help help for decrypt
-k, --work-key string Work key file name, using for decrypt input string.
生成根密钥与盐文件,会在 rootKey/ 目录产生 root_part_1.key、root_part_2.key 与 root.salt。
./tools gen-root-key如需强制覆盖已有文件:
./tools gen-root-key --force指定自定义密钥目录(会在目录下创建 rootKey/ 与 workKey/):
./tools gen-root-key --dir /tmp/keys工作密钥会生成在 workKey/ 目录下,并使用 root key 进行加密存储。
./tools gen-work-key --name work.key强制重建指定工作密钥:
./tools gen-work-key --name work.key --force指定自定义密钥目录:
./tools gen-work-key --name work.key --dir /tmp/keys随机密钥文件会生成在 workKey/ 目录下,文件内容是一个 Base64 编码的随机密钥(长度 32 字节)。
./tools gen-random-key --name random.key强制重建指定随机密钥文件:
./tools gen-random-key --name random.key --force指定自定义密钥目录:
./tools gen-random-key --name random.key --dir /tmp/keys使用工作密钥加密输入字符串,输出为 Base64(不带换行)。
./tools encrypt --work-key work.key "your-string"使用自定义密钥目录:
./tools encrypt --work-key work.key --key-dir /tmp/keys "your-string"使用工作密钥解密 Base64 密文,输出明文(不带换行)。
./tools decrypt --work-key work.key "base64-cipher-text"使用自定义密钥目录:
./tools decrypt --work-key work.key --key-dir /tmp/keys "base64-cipher-text"# 1. 生成 root key 与 salt(在自定义目录下的 rootKey/)
./tools gen-root-key --dir /tmp/keys
# 2. 生成工作密钥(在自定义目录下的 workKey/)
./tools gen-work-key --name work.key --dir /tmp/keys
# 3. 加密字符串(输出 Base64)
cipher=$(./tools encrypt --work-key work.key --key-dir /tmp/keys "hello-world")
echo "$cipher"
# 4. 解密 Base64(输出明文)
plain=$(./tools decrypt --work-key work.key --key-dir /tmp/keys "$cipher")
echo "$plain"运行全流程自检脚本(构建、生成密钥、加解密并校验一致性):
./tools_self_check.sh预期执行结果如下:
[1/5] build...
Building...
Done
[2/5] generate root key...
Create Root Key Salt Done
Create Root Key Done
[3/5] generate work key...
Create Work Key: work.key Done
[4/5] encrypt/decrypt...
[5/5] ok
main.go:入口与命令注册keys/:gen-root-key / gen-work-key / gen-random-key 命令实现(参数解析与调用)encrypt/:字符串加密命令common/:加密、密钥生成/读取与路径等通用逻辑
- root key 文件为
root_part_1.key、root_part_2.key与root.salt,默认位于rootKey/目录。 - 工作密钥保存在
workKey/目录内,请妥善保护密钥文件与目录权限。