tink icon indicating copy to clipboard operation
tink copied to clipboard
verified publisher icon tink-crypto

tinkey rotate-keyset command requires different output file than input

Open ropnop opened this issue 4 years ago • 2 comments

Help us help you

Please tell us more about your Tink deployment.

Done!

Describe the bug

According to the Tinkey docs, the rotate-keyset command should be able to take the same filename as the --in and --out parameters. I believe this is the expected behavior as it should just add a key and change the primary in the existing keyset. However using the supplied command results in an error saying the keyset file already exists and to choose another file

To Reproduce

$ tinkey rotate-keyset --key-template AES128_GCM --in test-keyset.cfg --out test-keyset.cfg --master-key-uri $MASTER_KEY_ID
Argument wrong!
org.kohsuke.args4j.CmdLineException: test-keyset.cfg exists, please choose another file

Expected behavior

I would expect the existing keyset file to be appended to and Tinkey not to complain that the file already exists

Version information

tinkey installed from homebrew:

$ brew info tinkey
google/tink/tinkey: stable 1.6.0
A command line tool to generate and manipulate keysets for the Tink cryptography library
https://github.com/google/tink/tree/master/tools/tinkey
/usr/local/Cellar/tinkey/1.6.0 (4 files, 16.9MB) *
  Built from source on 2021-05-25 at 16:10:10
From: https://github.com/google/tink/blob/HEAD/tinkey.rb

ropnop avatar May 25 '21 21:05 ropnop

Thanks for the bug report. I'll fix this.

thaidn avatar May 25 '21 23:05 thaidn

Any updates on this? I'm also experiencing this whenever I use the same file for --in and --out

 --out path/to/keyset.json              : The output filename, must not exist,
                                          to write the keyset to or standard
                                          output if not specified

sangmin7648 avatar Dec 15 '21 19:12 sangmin7648

I agree that the example in the documentation is not working, I will change that.

But I think I'd like to keep the behavior as it is now, and not allow the command to overwrite the keyset. Because I want to minimize the possibility that the user looses their keyset because of something weird happening when the keyset is written to disk.

If a user wants to overwrite their keyset, they can create a new, temporary file and then move that file to the right place.

juergw avatar Dec 12 '22 14:12 juergw

Also, the usage of "rotate-keyset" is not recommended. It is better to use "add-key" and then later do a "promote-key". I will also change that in the documentation.

The reason for this is is simple: if you have more than one server, then one server will start to encrypt with the new key before the other server knows how to decrypt with that key. So a new key should only be set primary after all servers have that key in their keyset.

juergw avatar Dec 12 '22 14:12 juergw

I added a comment to the Tinkey documentation here: https://github.com/google/tink/commit/682cfd278339c5e60a7518d67fdc9cdce8db2217.

juergw avatar Jan 24 '23 08:01 juergw