fix args and checks. remove path defaults

README.md

@@ -172,7 +172,7 @@ to attempt to force one or more of us to tamper with the software.
 Create a new API key:
 
 ```sh
-$ turnkey gen --organization $ORGANIZATION_ID
+$ turnkey generate api-key --organization $ORGANIZATION_ID
 {
    "privateKeyFile": "/Users/andrew/Library/Application Support/turnkey/keys/default.private",
    "publicKey": "0236f17892a4649d97b2e4a4ad3c22d815e4e77848a0b8e4a5b0956ae4d6be382e",

digests.txt

@@ -1,4 +1,4 @@
-bf509ecd6c8f44ae9a774f28c8cb6384a3bcc2cd6a816d2548ab9ef1d7cd1ed1  turnkey.darwin-aarch64
-3695c0294b9eb64aa1e39dd77813fa67dfe7cec9389455cc92ee1b208e01f5fe  turnkey.darwin-x86_64
-2b1b820bd52ec9ca41fb58b77f1df937357ad0816240c798e476230524f9dc89  turnkey.linux-aarch64
-a771a523e85591fc81bce9eb8909a4850f8809b8e3ef11543803de219a2242e9  turnkey.linux-x86_64
+73c0a30689f4c762c80bb521c05ffa3f1c7d2d2a1e5829da8169bdc25207a8d1  turnkey.darwin-aarch64
+dbb3e848f25f03212feab212aa5a5a1fde2d105e23b3bb34bf857cc508a0e51a  turnkey.darwin-x86_64
+185ea7a7f7f1a9cf07118cc9aabd206c662ee03ec8eb874c228bae767ad962c6  turnkey.linux-aarch64
+7af52420c2e8bb995626addd8b2462693c83c967caa6de3a5eb2496746f54749  turnkey.linux-x86_64

src/cmd/turnkey/main_test.go

@@ -65,7 +65,6 @@ func TestKeygenInTmpFolder(t *testing.T) {
 
 	defer func() { assert.Nil(t, os.RemoveAll(tmpDir)) }()
 
-	// todo(olivia)
 	out, err := RunCliWithArgs(t, []string{"generate", "api-key", "--keys-folder", tmpDir, "--key-name", "mykey", "--organization", orgID.String()})
 	assert.Nil(t, err)
 

src/cmd/turnkey/pkg/decrypt.go

@@ -1,19 +1,18 @@
 package pkg
 
 import (
-	"encoding/hex"
 	"encoding/json"
 
-	"github.com/rotisserie/eris"
 	"github.com/spf13/cobra"
 	"github.com/tkhq/go-sdk/pkg/enclave_encrypt"
 )
 
 // Filepath to write the export bundle to.
-var ExportBundlePath string
+var exportBundlePath string
 
 func init() {
-	decryptCmd.Flags().StringVar(&ExportBundlePath, "export-bundle-path", "/export_bundle.txt", "filepath to write the export bundle to.")
+	decryptCmd.Flags().StringVar(&exportBundlePath, "export-bundle-path", "/export_bundle.txt", "filepath to write the export bundle to.")
+	decryptCmd.Flags().StringVar(&plaintextPath, "plaintext-path", "", "filepath to write the plaintext from that will be decrypted.")
 
 	rootCmd.AddCommand(decryptCmd)
 }
@@ -22,14 +21,9 @@ var decryptCmd = &cobra.Command{
 	Use:   "decrypt",
 	Short: "Decrypt a ciphertext",
 	Long:  `Decrypt a ciphertext from a bundle exported from a Turnkey secure enclave.`,
-	PreRun: func(cmd *cobra.Command, args []string) {
-		if PlaintextPath == "" {
-			OutputError(eris.New("Filepath for plaintext must be specified"))
-		}
-	},
 	Run: func(cmd *cobra.Command, args []string) {
 		// read from export bundle path
-		exportBundle, err := readFile(ExportBundlePath)
+		exportBundle, err := readFile(exportBundlePath)
 		if err != nil {
 			OutputError(err)
 		}
@@ -56,15 +50,16 @@ var decryptCmd = &cobra.Command{
 		if err != nil {
 			OutputError(err)
 		}
-		plaintext := hex.EncodeToString(plaintextBytes)
 
-		// output the hex-encoded plaintext if no filepath is passed
-		if PlaintextPath == "" {
+		plaintext := string(plaintextBytes)
+
+		// output the plaintext if no filepath is passed
+		if plaintextPath == "" {
 			Output(plaintext)
 			return
 		}
 
-		err = writeFile(plaintext, PlaintextPath)
+		err = writeFile(plaintext, plaintextPath)
 		if err != nil {
 			OutputError(err)
 		}

src/cmd/turnkey/pkg/encrypt.go

@@ -11,23 +11,23 @@ import (
 )
 
 var (
-	// User is the user ID to import wallets and private keys with.
-	User string
+	// user is the user ID to import wallets and private keys with.
+	user string
 
 	// Filepath to write the import bundle to.
-	ImportBundlePath string
+	importBundlePath string
 
 	// Filepath to read the encrypted bundle from.
-	EncryptedBundlePath string
+	encryptedBundlePath string
 
 	// Filepath to read the plaintext from that will be encrypted.
-	PlaintextPath string
+	plaintextPath string
 )
 
 func init() {
-	encryptCmd.Flags().StringVar(&ImportBundlePath, "import-bundle-path", "/import_bundle.txt", "filepath to write the import bundle to.")
-	encryptCmd.Flags().StringVar(&EncryptedBundlePath, "encrypted-bundle-path", "/encrypted_bundle.txt", "filepath to read the encrypted bundle from.")
-	encryptCmd.Flags().StringVar(&PlaintextPath, "plaintext-path", "", "filepath to read the plaintext from that will be encrypted.")
+	encryptCmd.Flags().StringVar(&importBundlePath, "import-bundle-path", "/import_bundle.txt", "filepath to write the import bundle to.")
+	encryptCmd.Flags().StringVar(&encryptedBundlePath, "encrypted-bundle-path", "/encrypted_bundle.txt", "filepath to read the encrypted bundle from.")
+	encryptCmd.Flags().StringVar(&plaintextPath, "plaintext-path", "", "filepath to read the plaintext from that will be encrypted.")
 
 	rootCmd.AddCommand(encryptCmd)
 }
@@ -37,13 +37,13 @@ var encryptCmd = &cobra.Command{
 	Short: "Encrypt a plaintext",
 	Long:  `Encrypt a plaintext into a bundle to be imported to a Turnkey secure enclave.`,
 	PreRun: func(cmd *cobra.Command, args []string) {
-		if PlaintextPath == "" {
+		if plaintextPath == "" {
 			OutputError(eris.New("Filepath for plaintext must be specified"))
 		}
 	},
 	Run: func(cmd *cobra.Command, args []string) {
 		// read from import bundle path
-		importBundle, err := readFile(ImportBundlePath)
+		importBundle, err := readFile(importBundlePath)
 		if err != nil {
 			OutputError(err)
 		}
@@ -66,7 +66,7 @@ var encryptCmd = &cobra.Command{
 		}
 
 		// encrypt plaintext
-		plaintext, err := readFile(PlaintextPath)
+		plaintext, err := readFile(plaintextPath)
 		if err != nil {
 			OutputError(err)
 		}
@@ -87,7 +87,7 @@ var encryptCmd = &cobra.Command{
 		}
 
 		// write to encrypted bundle path
-		err = writeFile(string(encryptedBundleBytes), EncryptedBundlePath)
+		err = writeFile(string(encryptedBundleBytes), encryptedBundlePath)
 		if err != nil {
 			OutputError(err)
 		}

src/cmd/turnkey/pkg/generate.go

@@ -13,12 +13,15 @@ import (
 )
 
 // Filepath to write the target public key generated by `generate encryption-key`.
-var TargetPublicKeyPath string
+var targetPublicKeyPath string
 
 func init() {
-	rootCmd.AddCommand(generateCmd)
+	encryptionKeyCmd.Flags().StringVar(&targetPublicKeyPath, "target-public-key-path", "", "filepath to write the target public key to.")
+
 	generateCmd.AddCommand(apiKeyCmd)
 	generateCmd.AddCommand(encryptionKeyCmd)
+
+	rootCmd.AddCommand(generateCmd)
 }
 
 // generateCmd represents the base command for generating different kinds of keys
@@ -27,7 +30,7 @@ var generateCmd = &cobra.Command{
 	Short: "Generate keys",
 }
 
-// apiKeyCmd represents the command to generate an API key
+// Represents the command to generate an API key
 var apiKeyCmd = &cobra.Command{
 	Use:   "api-key",
 	Short: "Generate a Turnkey API key",
@@ -76,14 +79,14 @@ var apiKeyCmd = &cobra.Command{
 	},
 }
 
-// encryptionKeyCmd represents the command to generate an encryption key
+// Represents the command to generate an encryption key
 var encryptionKeyCmd = &cobra.Command{
 	Use:   "encryption-key",
 	Short: "Generate a Turnkey encryption key",
 	Long:  `Generate a new encryption key that can be used for encrypting text sent from Turnkey secure enclaves.`,
 	PreRun: func(cmd *cobra.Command, args []string) {
-		if Organization == "" {
-			OutputError(eris.New("please supply an organization ID (UUID)"))
+		if targetPublicKeyPath == "" {
+			OutputError(eris.New("target public key path must be specified"))
 		}
 	},
 	Run: func(cmd *cobra.Command, args []string) {
@@ -103,7 +106,7 @@ var encryptionKeyCmd = &cobra.Command{
 		}
 		targetPublicHex := hex.EncodeToString(targetPublic)
 
-		err = writeFile(targetPublicHex, TargetPublicKeyPath)
+		err = writeFile(targetPublicHex, targetPublicKeyPath)
 		if err != nil {
 			OutputError(err)
 		}

src/cmd/turnkey/pkg/private-keys.go

@@ -24,18 +24,23 @@ func init() {
 	privateKeysCreateCmd.Flags().StringSliceVar(&privateKeysCreateTags, "tag", make([]string, 0), "tag(s) to be applied to the private key")
 
 	privateKeyExportCmd.Flags().StringVar(&privateKeyNameOrID, "id", "", "name or ID of private key to export.")
-	privateKeyExportCmd.Flags().StringVar(&TargetPublicKeyPath, "target-public-key-path", "/target_public_key.txt", "filepath to read the target public key generated by `generate encryption-key`.")
-	privateKeyExportCmd.Flags().StringVar(&ExportBundlePath, "export-bundle-path", "/export_bundle.txt", "filepath to write the export bundle to.")
+	privateKeyExportCmd.Flags().StringVar(&targetPublicKeyPath, "target-public-key-path", "", "filepath to read the target public key generated by `generate encryption-key`.")
+	privateKeyExportCmd.Flags().StringVar(&exportBundlePath, "export-bundle-path", "", "filepath to write the export bundle to.")
 
-	privateKeyInitImportCmd.Flags().StringVar(&User, "user", "", "ID of user to importing the private key")
-	privateKeyInitImportCmd.Flags().StringVar(&ImportBundlePath, "import-bundle-path", "/import_bundle.txt", "filepath to write the import bundle to.")
+	privateKeyInitImportCmd.Flags().StringVar(&user, "user", "", "ID of user to importing the private key")
+	privateKeyInitImportCmd.Flags().StringVar(&importBundlePath, "import-bundle-path", "", "filepath to write the import bundle to.")
 
-	privateKeyImportCmd.Flags().StringVar(&User, "user", "", "ID of user to importing the private key")
+	privateKeyImportCmd.Flags().StringVar(&user, "user", "", "ID of user to importing the private key")
 	privateKeyImportCmd.Flags().StringVar(&privateKeysCreateName, "name", "", "name to be applied to the private key.")
-	privateKeyImportCmd.Flags().StringVar(&EncryptedBundlePath, "encrypted-bundle-path", "/encrypted_bundle.txt", "filepath to read the encrypted bundle from.")
+	privateKeyImportCmd.Flags().StringVar(&encryptedBundlePath, "encrypted-bundle-path", "", "filepath to read the encrypted bundle from.")
+	privateKeyImportCmd.Flags().StringSliceVar(&privateKeysCreateAddressFormats, "address-format", nil, "address format(s) for private key.  For a list of formats, use 'turnkey address-formats list'.")
+	privateKeyImportCmd.Flags().StringVar(&privateKeysCreateCurve, "curve", "", "curve to use for the generation of the private key.  For a list of available curves, use 'turnkey curves list'.")
 
 	privateKeysCmd.AddCommand(privateKeysCreateCmd)
 	privateKeysCmd.AddCommand(privateKeysListCmd)
+	privateKeysCmd.AddCommand(privateKeyExportCmd)
+	privateKeysCmd.AddCommand(privateKeyInitImportCmd)
+	privateKeysCmd.AddCommand(privateKeyImportCmd)
 
 	rootCmd.AddCommand(privateKeysCmd)
 }
@@ -156,14 +161,22 @@ var privateKeyExportCmd = &cobra.Command{
 		if privateKeyNameOrID == "" {
 			OutputError(eris.New("ID for private key must be specified"))
 		}
+
+		if targetPublicKeyPath == "" {
+			OutputError(eris.New("target public key path must be specified"))
+		}
+
+		if exportBundlePath == "" {
+			OutputError(eris.New("export bundle path must be specified"))
+		}
 	},
 	Run: func(cmd *cobra.Command, args []string) {
 		privateKey, err := lookupPrivateKey(privateKeyNameOrID)
 		if err != nil {
 			OutputError(eris.Wrap(err, "failed to lookup private key"))
 		}
 
-		targetPublicKey, err := readFile(TargetPublicKeyPath)
+		targetPublicKey, err := readFile(targetPublicKeyPath)
 		if err != nil {
 			OutputError(err)
 		}
@@ -195,7 +208,7 @@ var privateKeyExportCmd = &cobra.Command{
 		}
 
 		exportBundle := resp.Payload.Activity.Result.ExportPrivateKeyResult.ExportBundle
-		err = writeFile(*exportBundle, ExportBundlePath)
+		err = writeFile(*exportBundle, exportBundlePath)
 		if err != nil {
 			OutputError(eris.Wrap(err, "failed to write export bundle to file"))
 		}
@@ -209,9 +222,13 @@ var privateKeyInitImportCmd = &cobra.Command{
 	Use:   "init-import",
 	Short: "Initialize private key import",
 	PreRun: func(cmd *cobra.Command, args []string) {
-		if User == "" {
+		if user == "" {
 			OutputError(eris.New("ID for user importing private key must be specified"))
 		}
+
+		if importBundlePath == "" {
+			OutputError(eris.New("import bundle path must be specified"))
+		}
 	},
 	Run: func(cmd *cobra.Command, args []string) {
 		activity := string(models.ActivityTypeInitImportPrivateKey)
@@ -220,7 +237,7 @@ var privateKeyInitImportCmd = &cobra.Command{
 		params.SetBody(&models.InitImportPrivateKeyRequest{
 			OrganizationID: &Organization,
 			Parameters: &models.InitImportPrivateKeyIntent{
-				UserID: &User,
+				UserID: &user,
 			},
 			TimestampMs: util.RequestTimestamp(),
 			Type:        &activity,
@@ -240,7 +257,7 @@ var privateKeyInitImportCmd = &cobra.Command{
 		}
 
 		importBundle := resp.Payload.Activity.Result.InitImportPrivateKeyResult.ImportBundle
-		err = writeFile(*importBundle, ImportBundlePath)
+		err = writeFile(*importBundle, importBundlePath)
 		if err != nil {
 			OutputError(eris.Wrap(err, "failed to write import bundle to file"))
 		}
@@ -251,10 +268,14 @@ var privateKeyImportCmd = &cobra.Command{
 	Use:   "import",
 	Short: "Import a private key",
 	PreRun: func(cmd *cobra.Command, args []string) {
-		if User == "" {
+		if user == "" {
 			OutputError(eris.New("ID for user importing private key must be specified"))
 		}
 
+		if encryptedBundlePath == "" {
+			OutputError(eris.New("encrypted bundle path must be specified"))
+		}
+
 		if len(privateKeysCreateAddressFormats) < 1 {
 			OutputError(eris.New("must specify at least one address format"))
 		}
@@ -268,7 +289,7 @@ var privateKeyImportCmd = &cobra.Command{
 		}
 	},
 	Run: func(cmd *cobra.Command, args []string) {
-		encryptedBundle, err := readFile(EncryptedBundlePath)
+		encryptedBundle, err := readFile(encryptedBundlePath)
 		if err != nil {
 			OutputError(err)
 		}
@@ -297,7 +318,7 @@ var privateKeyImportCmd = &cobra.Command{
 		params.SetBody(&models.ImportPrivateKeyRequest{
 			OrganizationID: &Organization,
 			Parameters: &models.ImportPrivateKeyIntent{
-				UserID:          &User,
+				UserID:          &user,
 				PrivateKeyName:  &privateKeysCreateName,
 				EncryptedBundle: &encryptedBundle,
 				Curve:           &curve,

src/cmd/turnkey/pkg/root.go

@@ -36,8 +36,8 @@ var (
 	Organization string
 )
 
-// Turnkey Signer enclave's encryption public key.
-const signerPublicKey = "a6f01f9f37356f9c617659aafa55f6e0af8d169a8f054d153ab3201901fb63ecb04cf288fe433cc4e1aa0ce1632feac4ea26bf2f5a09dcfe5a42c398e06898710330f0572882f4dbdf0f5304b8fc8703acd69adca9a4bbf7f5d00d20a5e364b2569"
+// Turnkey Signer enclave's public key.
+const signerPublicKey = "04ca7c0d624c75de6f34af342e87a21e0d8c83efd1bd5b5da0c0177c147f744fba6f01f9f37356f9c617659aafa55f6e0af8d169a8f054d153ab3201901fb63ecb04cf288fe433cc4e1aa0ce1632feac4ea26bf2f5a09dcfe5a42c398e06898710330f0572882f4dbdf0f5304b8fc8703acd69adca9a4bbf7f5d00d20a5e364b2569"
 
 func init() {
 	rootCmd.PersistentFlags().StringVarP(&rootKeysDirectory, "keys-folder", "d", local.DefaultKeysDir(), "directory in which to locate keys")
@@ -230,21 +230,26 @@ func hexToPublicKey(hexString string) (*ecdsa.PublicKey, error) {
 		return nil, err
 	}
 
+	if len(publicKeyBytes) != 130 {
+		return nil, eris.New("invalid public key length")
+	}
+	encryptionPublicKeyBytes := publicKeyBytes[65:130]
+
 	// init curve instance
 	curve := elliptic.P256()
 
 	// curve's bitsize converted to length in bytes
 	byteLen := (curve.Params().BitSize + 7) / 8
 
 	// ensure the public key bytes have the correct length
-	if len(publicKeyBytes) != 1+2*byteLen {
-		return nil, eris.New("invalid public key length")
+	if len(encryptionPublicKeyBytes) != 1+2*byteLen {
+		return nil, eris.New("invalid encryption public key length")
 	}
 
 	// extract X and Y coordinates from the public key bytes
 	// ignore first byte (prefix)
-	x := new(big.Int).SetBytes(publicKeyBytes[1 : 1+byteLen])
-	y := new(big.Int).SetBytes(publicKeyBytes[1+byteLen:])
+	x := new(big.Int).SetBytes(encryptionPublicKeyBytes[1 : 1+byteLen])
+	y := new(big.Int).SetBytes(encryptionPublicKeyBytes[1+byteLen:])
 
 	return &ecdsa.PublicKey{
 		Curve: curve,