Removed detailed errors from stderr reporting by default.

BernardIgiri · BernardIgiri · commit 5ea9422fbae1 · 2017-12-08T15:35:15.000-05:00
diff --git a/README.md b/README.md
@@ -4,13 +4,11 @@ CfgCrypt or config crypt is a cli tool to encrypt values in a text configuration
 
 ## Concept
 
- The basic idea is that you write your configuration file in whatever text format you prefer. Then you run cfgcrypt on the file to encrypt the variables you want hidden. From there your application base 64 decodes the encrypted text, and runs AES 128 decryption, in CBC mode, with PKCS7 padding, using the key from the generated key file. The iv for the decryption is included in the first set of bytes.
-
- So that cfgcrypt knows what to encrypt you must give it a prefix and a postfix string that will delimit the values that you wish to encrypt. These values will be encrypted in-place. If an encryption key is not passed to the utility then one will be randomly generated and placed next to the encrypted file with 0600 file permissions and a ".key" file extension pre-pended to the original file's name.
+ Write your configuration file in whatever text format you prefer, then wrap any values that you would like to keep secret in prefix and postfix delimiters that occur no where else in your file. Then you run cfgcrypt with your delimiters on the file to encrypt the variables you want hidden. From there your application decodes the secret values using the configuration file and a key file.
 
  ## Decryption logic
 
- Pseudo-code example of decryption process:
+ Pseudo-code example of decryption process for CBC encryption:
 
  ```
  configData = io.ReadConfigFile(fileName)
@@ -52,5 +50,4 @@ godep go build
 ## Future development
 
 I'm considering the following upgrades:
-- Support for more encryption modes/algorithms
-- Safer error messages to avoid leaking any security details (not certain if necessary)
+-   Support for more encryption modes/algorithms
diff --git a/main.go b/main.go
@@ -20,6 +20,7 @@ func main() {
 	prefix := cli.String("prefix", "#{{", "Prefix string denoting start of value to be encrypted")
 	postfix := cli.String("postfix", "}}#", "Post string denoting end of value to be encrypted")
 	force := cli.Bool("force", false, "Overwrite key file if found")
+	debug := cli.Bool("debug", false, "Display detailed error messages")
 	if len(os.Args) < 2 {
 		os.Stderr.WriteString("Not enough arguments\n")
 		explainUsage(cli)
@@ -36,7 +37,12 @@ func main() {
 	}
 	err := textValueEncryptor.EncryptTextFile(textfile, *prefix, *postfix, *encodedKey, *force)
 	if err != nil {
-		msg := fmt.Sprintf("Error encrypting file \"%s\":\n%s\n", textfile, err.Error())
+		var msg string
+		if debug != nil && *debug == true {
+			msg = fmt.Sprintf("Error encrypting file \"%s\":\n%s\n", textfile, err.Error())
+		} else {
+			msg = fmt.Sprintf("Error encrypting file \"%s\" For more details enable debug mode.\n", textfile)
+		}
 		os.Stderr.WriteString(msg)
 		os.Exit(1)
 	}
