fix: rename cryptographic decryptionKeys to decryptingKeys

smlx · Oct 13, 2021 · 8395d6e · 8395d6e
1 parent 5ec62e8
commit 8395d6e
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 35 deletions.
diff --git a/cmd/piv-agent/setup.go b/cmd/piv-agent/setup.go
@@ -17,7 +17,7 @@ type SetupCmd struct {
 	ResetSecurityKey bool     `kong:"help='Overwrite any existing keys'"`
 	PIN              uint64   `kong:"help='Set the PIN/PUK of the device (6-8 digits). Will be prompted interactively if not provided.'"`
 	SigningKeys      []string `kong:"default='cached,always,never',enum='cached,always,never',help='Generate signing keys with various touch policies (cached,always,never)'"`
-	DecryptionKey    bool     `kong:"default='true',help='Generate a decryption key (default true)'"`
+	DecryptingKey    bool     `kong:"default='true',help='Generate a decrypting key (default true)'"`
 }
 
 func interactivePIN() (uint64, error) {
@@ -61,7 +61,7 @@ func (cmd *SetupCmd) Run() error {
 		return fmt.Errorf("couldn't get security key: %v", err)
 	}
 	err = k.Setup(strconv.FormatUint(cmd.PIN, 10), version,
-		cmd.ResetSecurityKey, cmd.SigningKeys, cmd.DecryptionKey)
+		cmd.ResetSecurityKey, cmd.SigningKeys, cmd.DecryptingKey)
 	if errors.Is(err, securitykey.ErrNotReset) {
 		return fmt.Errorf("--reset-security-key not specified: %w", err)
 	}

diff --git a/internal/keyservice/gpg/keyservice.go b/internal/keyservice/gpg/keyservice.go
@@ -29,7 +29,7 @@ type privateKeyfile struct {
 // KeyService implements an interface for getting cryptographic keys from
 // keyfiles on disk.
 type KeyService struct {
-	// cache passphrases used for decryption
+	// cache passphrases used for keyfile decryption
 	passphrases [][]byte
 	privKeys    []privateKeyfile
 	log         *zap.Logger

diff --git a/internal/securitykey/decryptionkey.go → internal/securitykey/decryptingkey.go b/internal/securitykey/decryptionkey.go → internal/securitykey/decryptingkey.go
@@ -9,16 +9,16 @@ import (
 	"golang.org/x/crypto/openpgp/packet"
 )
 
-// DecryptionKey is a cryptographic decryption key on a hardware security
+// DecryptingKey is a cryptographic decrypting key on a hardware security
 // device.
-type DecryptionKey struct {
+type DecryptingKey struct {
 	CryptoKey
 	PubPGP *packet.PublicKey
 }
 
-// decryptionKeys returns the decryption keys available on the given yubikey.
-func decryptionKeys(yk *piv.YubiKey) ([]DecryptionKey, error) {
-	var decryptionKeys []DecryptionKey
+// decryptingKeys returns the decrypting keys available on the given yubikey.
+func decryptingKeys(yk *piv.YubiKey) ([]DecryptingKey, error) {
+	var decryptingKeys []DecryptingKey
 	for _, s := range defaultDecryptSlots {
 		cert, err := yk.Certificate(s.Slot)
 		if err != nil {
@@ -32,13 +32,13 @@ func decryptionKeys(yk *piv.YubiKey) ([]DecryptionKey, error) {
 		if !ok {
 			return nil, fmt.Errorf("invalid public key type: %T", cert.PublicKey)
 		}
-		decryptionKeys = append(decryptionKeys, DecryptionKey{
+		decryptingKeys = append(decryptingKeys, DecryptingKey{
 			CryptoKey: CryptoKey{
 				Public:   pubKey,
 				SlotSpec: s,
 			},
 			PubPGP: packet.NewECDSAPublicKey(cert.NotBefore, pubKey),
 		})
 	}
-	return decryptionKeys, nil
+	return decryptingKeys, nil
 }
diff --git a/internal/securitykey/securitykey.go b/internal/securitykey/securitykey.go
@@ -17,7 +17,7 @@ type SecurityKey struct {
 	serial         uint32
 	yubikey        *piv.YubiKey
 	signingKeys    []SigningKey
-	decryptionKeys []DecryptionKey
+	decryptingKeys []DecryptingKey
 	cryptoKeys     []CryptoKey
 }
 
@@ -39,30 +39,30 @@ func New(card string) (*SecurityKey, error) {
 			card, err)
 	}
 
-	signingKeys, err := signingKeys(yk)
+	sks, err := signingKeys(yk)
 	if err != nil {
 		return nil, fmt.Errorf(`couldn't get signing keys for card "%s": %v`,
 			card, err)
 	}
 	var cryptoKeys []CryptoKey
-	for _, k := range signingKeys {
+	for _, k := range sks {
 		cryptoKeys = append(cryptoKeys, k.CryptoKey)
 	}
 
-	decryptionKeys, err := decryptionKeys(yk)
+	dks, err := decryptingKeys(yk)
 	if err != nil {
-		return nil, fmt.Errorf(`couldn't get decryption keys for card "%s": %v`,
+		return nil, fmt.Errorf(`couldn't get decrypting keys for card "%s": %v`,
 			card, err)
 	}
-	for _, k := range decryptionKeys {
+	for _, k := range dks {
 		cryptoKeys = append(cryptoKeys, k.CryptoKey)
 	}
 	return &SecurityKey{
 		card:           card,
 		serial:         serial,
 		yubikey:        yk,
-		signingKeys:    signingKeys,
-		decryptionKeys: decryptionKeys,
+		signingKeys:    sks,
+		decryptingKeys: dks,
 		cryptoKeys:     cryptoKeys,
 	}, nil
 }
@@ -77,17 +77,19 @@ func (k *SecurityKey) Serial() uint32 {
 	return k.serial
 }
 
-// SigningKeys returns the slice of signing keys held by the SecurityKey.
+// SigningKeys returns the slice of cryptographic signing keys held by the
+// SecurityKey.
 func (k *SecurityKey) SigningKeys() []SigningKey {
 	return k.signingKeys
 }
 
-// DecryptionKeys returns the slice of decryption keys held by the SecurityKey.
-func (k *SecurityKey) DecryptionKeys() []DecryptionKey {
-	return k.decryptionKeys
+// DecryptingKeys returns the slice of cryptographic decrypting keys held by
+// the SecurityKey.
+func (k *SecurityKey) DecryptingKeys() []DecryptingKey {
+	return k.decryptingKeys
 }
 
-// CryptoKeys returns the slice of cryptographic signing and decryption keys
+// CryptoKeys returns the slice of cryptographic signing and decrypting keys
 // held by the SecurityKey.
 func (k *SecurityKey) CryptoKeys() []CryptoKey {
 	return k.cryptoKeys

diff --git a/internal/securitykey/setup.go b/internal/securitykey/setup.go
@@ -20,7 +20,7 @@ var ErrNotReset = errors.New("security key already set up")
 
 // Setup configures the SecurityKey to work with piv-agent.
 func (k *SecurityKey) Setup(pin, version string, reset bool,
-	signingKeys []string, decryptionKey bool) error {
+	signingKeys []string, decryptingKey bool) error {
 	_, err := k.yubikey.Certificate(piv.SlotAuthentication)
 	if err == nil {
 		if !reset {
@@ -58,7 +58,7 @@ func (k *SecurityKey) Setup(pin, version string, reset bool,
 		}
 	}
 	// setup decrypt key
-	if decryptionKey {
+	if decryptingKey {
 		err := k.configureSlot(mgmtKey, defaultDecryptSlots["cached"], version)
 		if err != nil {
 			return fmt.Errorf("couldn't configure slot %v: %v",

diff --git a/internal/securitykey/slotspec.go b/internal/securitykey/slotspec.go
@@ -35,7 +35,7 @@ var defaultSignSlots = map[string]SlotSpec{
 	"never": {piv.SlotCardAuthentication, piv.TouchPolicyNever},
 }
 
-// defaultDecryptSlots represents the slot specifications for decryption
+// defaultDecryptSlots represents the slot specifications for decrypting
 // operations.
 var defaultDecryptSlots = map[string]SlotSpec{
 	// Slot 9d: Key Management

diff --git a/internal/securitykey/string.go b/internal/securitykey/string.go
@@ -97,35 +97,34 @@ func (k *SecurityKey) synthesizeEntity(ck *CryptoKey, now time.Time, name, email
 	}, nil
 }
 
-// synthesizeEntities returns an array of signing and decryption Entities for
+// synthesizeEntities returns an array of signing and decrypting Entities for
 // k's cryptographic keys.
 // Because OpenPGP entities must be self-signed, this function needs a physical
 // touch on the yubikey for slots with touch policies that require it.
 func (k *SecurityKey) synthesizeEntities(name, email string) ([]Entity,
 	[]Entity, error) {
 	now := time.Now()
-	var signing, decryption []Entity
+	var signing, decrypting []Entity
 	for _, sk := range k.SigningKeys() {
 		e, err := k.synthesizeEntity(&sk.CryptoKey, now, name, email)
 		if err != nil {
 			return nil, nil, fmt.Errorf("couldn't synthesize entity: %v", err)
 		}
 		signing = append(signing, Entity{Entity: *e, CryptoKey: sk.CryptoKey})
 	}
-	for _, dk := range k.DecryptionKeys() {
+	for _, dk := range k.DecryptingKeys() {
 		e, err := k.synthesizeEntity(&dk.CryptoKey, now, name, email)
 		if err != nil {
 			return nil, nil, fmt.Errorf("couldn't synthesize entity: %v", err)
 		}
-		decryption = append(decryption, Entity{Entity: *e, CryptoKey: dk.CryptoKey})
+		decrypting = append(decrypting, Entity{Entity: *e, CryptoKey: dk.CryptoKey})
 	}
-	return signing, decryption, nil
+	return signing, decrypting, nil
 }
 
 func (k *SecurityKey) armorEntity(e *openpgp.Entity,
 	t piv.TouchPolicy) (string, error) {
 	buf := bytes.Buffer{}
-	// TODO: print Signing Keys: ... Decryption Keys: ..
 	w, err := armor.Encode(&buf, openpgp.PublicKeyType,
 		map[string]string{
 			"Comment": fmt.Sprintf("%v #%v, touch policy: %s",
@@ -148,7 +147,7 @@ func (k *SecurityKey) armorEntity(e *openpgp.Entity,
 // StringsGPG returns an array of commonly formatted GPG keys as strings.
 func (k *SecurityKey) StringsGPG(name, email string) ([]string, error) {
 	var ss []string
-	signing, decryption, err := k.synthesizeEntities(name, email)
+	signing, decrypting, err := k.synthesizeEntities(name, email)
 	if err != nil {
 		return nil, fmt.Errorf("couldn't synthesize entities: %v", err)
 	}
@@ -160,8 +159,8 @@ func (k *SecurityKey) StringsGPG(name, email string) ([]string, error) {
 		}
 		ss = append(ss, s)
 	}
-	ss = append(ss, "\nDecryption GPG Keys:")
-	for _, key := range decryption {
+	ss = append(ss, "\nDecrypting GPG Keys:")
+	for _, key := range decrypting {
 		s, err := k.armorEntity(&key.Entity, key.SlotSpec.TouchPolicy)
 		if err != nil {
 			return nil, fmt.Errorf("couldn't armor entity: %v", err)