simplify all complex commands with interactive inputs

[siphyshu]

currently the vault keys save command has two options:

• symmetric / no-symmetric
• private / no-private

instead, a simple --algo [rsa | ecc] option can be supplied

the command should automatically infer the metadata as well as expect the correct arguments

@gitmank thoughts?

[gitmank]

My reasoning is that there is no scenario where you will be specifying both flags:

• using --symmetric makes --private and --no-private unnecessary
• using --private or --no-private makes -symmetric and --no-symmetric unnecessary

additionally, while importing another person's RSA public key to your vault, specifying --algo RSA is not sufficient, but specifying --no-private is sufficient to deduce that the key is asymmetric + public

@siphyshu if you're okay with this logic, can we close the issue :D

[siphyshu]

Some of that makes sense.

However, now that i think of it, we can most likely completely do away with all four args as well as the proposed --algo arg.

We can just read the keys to determine if they're public or private (because they declare themselves in the first and last line).

• RSA private key start like "-----BEGIN RSA PRIVATE KEY-----".
• RSA public key can be detected by their larger size
• ECC keys can potentially be detected by their smaller size (not so sure about this one, confirmation needed)

My motive of proposing this is to make the tool simple to use. This can be done by reducing / simplifying the number of arguments needed to use a command. Tell me if you have any improvements or alternatives to this solution.

[gitmank]

I'd like to have 0 arguments for the command as well. Let's keep these optional flags, but also try to figure out how we can detect all the metadata we need for external keys 👍

[siphyshu]

Yep alright. I'll try to build this functionality, until then let's keep this open.

[gitmank]

I've had some time to think about this:

My motive of proposing this is to make the tool simple to use. This can be done by reducing / simplifying the number of arguments needed to use a command. Tell me if you have any improvements or alternatives to this solution.

• going from making 1 option -> 0 options is not worth the effort for a command that is intended to be used very rarely, especially when we'll end up guessing the key type by parsing the file
• we can't rely on user input from the arguments as well, there will be errors and we'll end up with incomplete metadata
• we can't support passwords for private keys without adding yet another argument
• there is the issue of users adding only one key from a keypair, while the tool needs both to encrypt and sign

Considering all this, I feel we should just delete this command and only allow generated keys in the tool.
What do you say @siphyshu ?

[siphyshu]

Granted, all valid points. We can disallow adding keypairs for the user.

However, what could be an alternate provision to easily manage and save only other people's public keys? @gitmank

[gitmank]

vault profile create <globally unique username> to publish a primary key associated to the user. Other keys can be referenced like repos on GitHub

mank/default, mank/testecc etc.

running something like vault encrypt rsa <file> siphyshu <out> should fetch siphyshu/default public key and create an archive.

[siphyshu]

yep, seems like an acceptable solution.

a few questions to expand upon:

1. how would you save a key for a profile
2. can multiple keys be added for a single user?
3. in vault encrypt rsa how would it differentiate whether one's reffering to a key alias or a profile? eg. in vault encrypt rsa x.png siphyshu, siphyshu can both be a valid user or a alias for a managed key.

[gitmank]

I'm changing this issue to simplify all commands like we discussed today.