Add flags to enable decryption of a single file

Boolean flag -decrypt along with string flag -key which accepts base64
encoded private key. Followed by the file path to decrypt. Alternatively
you can omit the file path and provide it via stdin.

Author: george-angel

strongbox.go

@@ -34,10 +34,14 @@ var (
 	// flags
 	flagGitConfig = flag.Bool("git-config", false, "Configure git for strongbox use")
 	flagGenKey    = flag.String("gen-key", "", "Generate a new key and add it to your strongbox keyring")
-	flagClean     = flag.String("clean", "", "intended to be called internally by git")
-	flagSmudge    = flag.String("smudge", "", "intended to be called internally by git")
-	flagDiff      = flag.String("diff", "", "intended to be called internally by git")
-	flagVersion   = flag.Bool("version", false, "Strongbox version")
+	flagDecrypt   = flag.Bool("decrypt", false, "Decrypt single resource")
+	flagKey       = flag.String("key", "", "Private key to use to decrypt")
+
+	flagClean  = flag.String("clean", "", "intended to be called internally by git")
+	flagSmudge = flag.String("smudge", "", "intended to be called internally by git")
+	flagDiff   = flag.String("diff", "", "intended to be called internally by git")
+
+	flagVersion = flag.Bool("version", false, "Strongbox version")
 
 	version = ""
 )
@@ -46,6 +50,8 @@ func usage() {
 	fmt.Fprintf(os.Stderr, "Usage:\n\n")
 	fmt.Fprintf(os.Stderr, "\tstrongbox -git-config\n")
 	fmt.Fprintf(os.Stderr, "\tstrongbox -gen-key key-name\n")
+	fmt.Fprintf(os.Stderr, "\tstrongbox -decrypt\n")
+	fmt.Fprintf(os.Stderr, "\tstrongbox -key\n")
 	fmt.Fprintf(os.Stderr, "\tstrongbox -version\n")
 	os.Exit(2)
 }
@@ -78,11 +84,6 @@ func main() {
 		return
 	}
 
-	// only a single flag has been set
-	if flag.NFlag() != 1 {
-		usage()
-	}
-
 	if *flagGitConfig {
 		gitConfig()
 		return
@@ -93,6 +94,14 @@ func main() {
 		return
 	}
 
+	if *flagDecrypt {
+		if *flagKey == "" {
+			log.Fatalf("Must provide a key when using -decrypt")
+		}
+		decryptCLI()
+		return
+	}
+
 	if *flagClean != "" {
 		clean(os.Stdin, os.Stdout, *flagClean)
 		return
@@ -107,6 +116,29 @@ func main() {
 	}
 }
 
+func decryptCLI() {
+	var fn string
+	if flag.Arg(0) == "" {
+		// no file passed, try to read stdin
+		fn = "/dev/stdin"
+	} else {
+		fn = flag.Arg(0)
+	}
+	fb, err := ioutil.ReadFile(fn)
+	if err != nil {
+		log.Fatalf("Unable to read file to decrypt %v", err)
+	}
+	dk, err := decode([]byte(*flagKey))
+	if err != nil {
+		log.Fatalf("Unable to decode private key %v", err)
+	}
+	out, err := decrypt(fb, dk)
+	if err != nil {
+		log.Fatalf("Unable to decrupt %v", err)
+	}
+	fmt.Printf("%s", out)
+}
+
 func gitConfig() {
 	args := [][]string{
 		{"config", "--global", "--replace-all", "filter.strongbox.clean", "strongbox -clean %f"},