feat: add recovery key support for E2EE agents, including configuration and documentation updates
This commit is contained in:
+28
-9
@@ -9,6 +9,7 @@ package main
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
@@ -23,11 +24,12 @@ import (
|
||||
|
||||
func main() {
|
||||
var (
|
||||
homeserver string
|
||||
username string
|
||||
password string
|
||||
token string
|
||||
storePath string
|
||||
homeserver string
|
||||
username string
|
||||
password string
|
||||
token string
|
||||
storePath string
|
||||
pickleKeyHex string
|
||||
)
|
||||
|
||||
root := &cobra.Command{
|
||||
@@ -62,9 +64,18 @@ Requires the bot's access token and password (for UIA during key upload).`,
|
||||
client.DeviceID = whoami.DeviceID
|
||||
fmt.Printf("→ Device ID: %s\n", client.DeviceID)
|
||||
|
||||
// Initialize crypto
|
||||
sum := sha256.Sum256([]byte(token))
|
||||
pickleKey := sum[:]
|
||||
// Initialize crypto — use explicit pickle key if provided, else sha256(token)
|
||||
var pickleKey []byte
|
||||
if pickleKeyHex != "" {
|
||||
var err error
|
||||
pickleKey, err = hex.DecodeString(pickleKeyHex)
|
||||
if err != nil {
|
||||
return fmt.Errorf("decode pickle-key hex: %w", err)
|
||||
}
|
||||
} else {
|
||||
sum := sha256.Sum256([]byte(token))
|
||||
pickleKey = sum[:]
|
||||
}
|
||||
|
||||
dbPath := filepath.Join(storePath, "crypto.db")
|
||||
if err := os.MkdirAll(filepath.Dir(dbPath), 0700); err != nil {
|
||||
@@ -91,7 +102,7 @@ Requires the bot's access token and password (for UIA during key upload).`,
|
||||
}
|
||||
|
||||
fmt.Println("→ Generating and uploading cross-signing keys...")
|
||||
_, _, err = olmMachine.GenerateAndUploadCrossSigningKeysWithPassword(ctx, password, "")
|
||||
recoveryKey, _, err := olmMachine.GenerateAndUploadCrossSigningKeysWithPassword(ctx, password, "")
|
||||
if err != nil {
|
||||
// If keys already exist, try to just sign our device
|
||||
fmt.Printf(" Note: %v\n", err)
|
||||
@@ -101,6 +112,13 @@ Requires the bot's access token and password (for UIA during key upload).`,
|
||||
|
||||
fmt.Println("✓ Cross-signing keys uploaded successfully")
|
||||
fmt.Printf("✓ Device %s is now verified by %s\n", client.DeviceID, userID)
|
||||
fmt.Println()
|
||||
fmt.Println("─── IMPORTANT: Save the recovery key ───")
|
||||
fmt.Printf("SSSS_RECOVERY_KEY_%s=%s\n", strings.ToUpper(strings.ReplaceAll(username, "-", "_")), recoveryKey)
|
||||
fmt.Println()
|
||||
fmt.Println("Add this to your .env file and set recovery_key_env in the agent's config.yaml:")
|
||||
fmt.Println(" encryption:")
|
||||
fmt.Printf(" recovery_key_env: SSSS_RECOVERY_KEY_%s\n", strings.ToUpper(strings.ReplaceAll(username, "-", "_")))
|
||||
return nil
|
||||
},
|
||||
}
|
||||
@@ -110,6 +128,7 @@ Requires the bot's access token and password (for UIA during key upload).`,
|
||||
root.Flags().StringVar(&password, "password", "", "Bot password (for UIA auth)")
|
||||
root.Flags().StringVar(&token, "token", "", "Bot access token")
|
||||
root.Flags().StringVar(&storePath, "store", "./data/verify-crypto/", "Crypto store path")
|
||||
root.Flags().StringVar(&pickleKeyHex, "pickle-key", "", "Hex-encoded pickle key (must match agent's pickle key if sharing crypto store)")
|
||||
_ = root.MarkFlagRequired("homeserver")
|
||||
_ = root.MarkFlagRequired("username")
|
||||
_ = root.MarkFlagRequired("password")
|
||||
|
||||
Reference in New Issue
Block a user