diff --git a/cmd/notary/integration_test.go b/cmd/notary/integration_test.go index 6046a5852..49b8403c2 100644 --- a/cmd/notary/integration_test.go +++ b/cmd/notary/integration_test.go @@ -329,9 +329,9 @@ func TestClientKeyGenerationRotation(t *testing.T) { assert.True(t, strings.Contains(string(output), target)) } -// Tests import/export root+signing keys - repo with imported keys should be +// Tests backup/restore root+signing keys - repo with restored keys should be // able to publish successfully -func TestClientKeyImportExportRootAndSigning(t *testing.T) { +func TestClientKeyBackupAndRestore(t *testing.T) { // -- setup -- cleanup := setUp(t) defer cleanup() @@ -374,15 +374,15 @@ func TestClientKeyImportExportRootAndSigning(t *testing.T) { zipfile := tempfiles[0] + ".zip" defer os.Remove(zipfile) - // export then import all keys - _, err = runCommand(t, dirs[0], "key", "export", zipfile) + // backup then restore all keys + _, err = runCommand(t, dirs[0], "key", "backup", zipfile) assert.NoError(t, err) - _, err = runCommand(t, dirs[1], "key", "import", zipfile) + _, err = runCommand(t, dirs[1], "key", "restore", zipfile) assert.NoError(t, err) assertNumKeys(t, dirs[1], 1, 4, !rootOnHardware()) // all keys should be there - // can list and publish to both repos using imported keys + // can list and publish to both repos using restored keys for _, gun := range []string{"gun1", "gun2"} { output, err := runCommand(t, dirs[1], "-s", server.URL, "list", gun) assert.NoError(t, err) @@ -392,11 +392,11 @@ func TestClientKeyImportExportRootAndSigning(t *testing.T) { t, dirs[1], server.URL, gun, target+"2", tempfiles[1]) } - // export then import keys for one gun - _, err = runCommand(t, dirs[0], "key", "export", zipfile, "-g", "gun1") + // backup and restore keys for one gun + _, err = runCommand(t, dirs[0], "key", "backup", zipfile, "-g", "gun1") assert.NoError(t, err) - _, err = runCommand(t, dirs[2], "key", "import", zipfile) + _, err = runCommand(t, dirs[2], "key", "restore", zipfile) assert.NoError(t, err) // this function is declared is in the build-tagged setup files @@ -429,7 +429,7 @@ func exportRoot(t *testing.T, exportTo string) string { }() _, err = runCommand( - t, tempDir, "key", "export-root", oldRoot[0], exportTo) + t, tempDir, "key", "export", oldRoot[0], exportTo) assert.NoError(t, err) return oldRoot[0] @@ -479,7 +479,7 @@ func TestClientKeyImportExportRootOnly(t *testing.T) { } // import the key - _, err = runCommand(t, tempDir, "key", "import-root", tempFile.Name()) + _, err = runCommand(t, tempDir, "key", "import", tempFile.Name()) assert.NoError(t, err) // if there is hardware available, root will only be on hardware, and not diff --git a/cmd/notary/keys.go b/cmd/notary/keys.go index aab55651b..5e804eb01 100644 --- a/cmd/notary/keys.go +++ b/cmd/notary/keys.go @@ -23,11 +23,11 @@ func init() { cmdKey.AddCommand(cmdKeyList) cmdKey.AddCommand(cmdKeyGenerateRootKey) - cmdKeyExport.Flags().StringVarP(&keysExportGUN, "gun", "g", "", "Globally Unique Name to export keys for") - cmdKey.AddCommand(cmdKeyExport) + cmdKeysBackup.Flags().StringVarP(&keysExportGUN, "gun", "g", "", "Globally Unique Name to export keys for") + cmdKey.AddCommand(cmdKeysBackup) cmdKey.AddCommand(cmdKeyExportRoot) cmdKeyExportRoot.Flags().BoolVarP(&keysExportRootChangePassphrase, "change-passphrase", "p", false, "Set a new passphrase for the key being exported") - cmdKey.AddCommand(cmdKeyImport) + cmdKey.AddCommand(cmdKeysRestore) cmdKey.AddCommand(cmdKeyImportRoot) cmdKey.AddCommand(cmdRotateKey) } @@ -55,39 +55,39 @@ var cmdRotateKey = &cobra.Command{ var cmdKeyGenerateRootKey = &cobra.Command{ Use: "generate [ algorithm ]", Short: "Generates a new root key with a given algorithm.", - Long: "Generates a new root key with a given algorithm. If a hardware smartcard is available, the key will be stored both on hardware and on disk. Please make sure to back up the key that is written to disk, and to then take the on-disk key offline.", + Long: "Generates a new root key with a given algorithm. If hardware key storage (e.g. a Yubikey) is available, the key will be stored both on hardware and on disk (so that it can be backed up). Please make sure to back up and then remove this on-key disk immediately afterwards.", Run: keysGenerateRootKey, } var keysExportGUN string -var cmdKeyExport = &cobra.Command{ - Use: "export [ filename ]", - Short: "Exports keys to a ZIP file.", - Long: "Exports a collection of keys. The keys are reencrypted with a new passphrase. The output is a ZIP file. If the --gun option is passed, only signing keys and no root keys will be exported. Does not work on keys that are only in hardware (smartcards).", - Run: keysExport, +var cmdKeysBackup = &cobra.Command{ + Use: "backup [ zipfilename ]", + Short: "Backs up all your on-disk keys to a ZIP file.", + Long: "Backs up all of your accessible of keys. The keys are reencrypted with a new passphrase. The output is a ZIP file. If the --gun option is passed, only signing keys and no root keys will be backed up. Does not work on keys that are only in hardware (e.g. Yubikeys).", + Run: keysBackup, } var keysExportRootChangePassphrase bool var cmdKeyExportRoot = &cobra.Command{ - Use: "export-root [ keyID ] [ filename ]", - Short: "Exports given root key to a file.", - Long: "Exports a root key, without reencrypting. The output is a PEM file. Does not work on keys that are only in hardware (smartcards).", + Use: "export [ keyID ] [ pemfilename ]", + Short: "Export a root key on disk to a PEM file.", + Long: "Exports a single root key on disk, without reencrypting. The output is a PEM file. Does not work on keys that are only in hardware (e.g. Yubikeys).", Run: keysExportRoot, } -var cmdKeyImport = &cobra.Command{ - Use: "import [ filename ]", - Short: "Imports keys from a ZIP file.", - Long: "Imports one or more keys from a ZIP file. If a hardware smartcard is available, the root key will be imported into the smartcard but not to disk.", - Run: keysImport, +var cmdKeysRestore = &cobra.Command{ + Use: "restore [ zipfilename ]", + Short: "Restore multiple keys from a ZIP file.", + Long: "Restores one or more keys from a ZIP file. If hardware key storage (e.g. a Yubikey) is available, root keys will be imported into the hardware, but not backed up to disk in the same location as the other, non-root keys.", + Run: keysRestore, } var cmdKeyImportRoot = &cobra.Command{ - Use: "import-root [ filename ]", - Short: "Imports root key.", - Long: "Imports a root key from a PEM file. If a hardware smartcard is available, the root key will be imported into the smartcard but not to disk.", + Use: "import [ pemfilename ]", + Short: "Imports a root key from a PEM file.", + Long: "Imports a single root key from a PEM file. If a hardware key storage (e.g. Yubikey) is available, the root key will be imported into the hardware but not backed up on disk again.", Run: keysImportRoot, } @@ -251,8 +251,8 @@ func keysGenerateRootKey(cmd *cobra.Command, args []string) { cmd.Printf("Generated new %s root key with keyID: %s\n", algorithm, pubKey.ID()) } -// keysExport exports a collection of keys to a ZIP file -func keysExport(cmd *cobra.Command, args []string) { +// keysBackup exports a collection of keys to a ZIP file +func keysBackup(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("Must specify output filename for export") @@ -330,8 +330,8 @@ func keysExportRoot(cmd *cobra.Command, args []string) { } } -// keysImport imports keys from a ZIP file -func keysImport(cmd *cobra.Command, args []string) { +// keysRestore imports keys from a ZIP file +func keysRestore(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("Must specify input filename for import")