allow adding a raw key

cmd/dkl-local-server/state.go

@@ -24,6 +24,7 @@ type State struct {
 	Store struct {
 		DownloadToken string
 		KeyNames      []string
+		Salt          []byte
 	}
 
 	Clusters []ClusterState
@@ -157,6 +158,7 @@ func updateState() {
 	wState.Change(func(v *State) {
 		v.HasConfig = true
 		v.Store.KeyNames = keyNames
+		v.Store.Salt = secStore.Salt[:]
 		v.Clusters = clusters
 		v.Hosts = hosts
 		v.HostTemplates = hostTemplates

cmd/dkl-local-server/ws-store.go

@@ -8,8 +8,13 @@ import (
 	"novit.tech/direktil/local-server/secretstore"
 )
 
+type AddKeyReq struct {
+	NamedPassphrase `json:",inline"`
+	Hash            []byte `json:",omitempty"`
+}
+
 func wsStoreAddKey(req *restful.Request, resp *restful.Response) {
-	np := NamedPassphrase{}
+	np := AddKeyReq{}
 
 	err := req.ReadEntity(&np)
 	if err != nil {
@@ -24,8 +29,13 @@ func wsStoreAddKey(req *restful.Request, resp *restful.Response) {
 		return
 	}
 
-	if len(np.Passphrase) == 0 {
-		wsBadRequest(resp, "no passphrase given")
+	if len(np.Hash) == 0 && len(np.Passphrase) == 0 {
+		wsBadRequest(resp, "no hash or passphrase given")
+		return
+	}
+
+	if len(np.Hash) != 0 && len(np.Hash) != 32 {
+		wsBadRequest(resp, "hash of a wrong length")
 		return
 	}
 
@@ -36,7 +46,14 @@ func wsStoreAddKey(req *restful.Request, resp *restful.Response) {
 		}
 	}
 
-	secStore.AddKey(np.Name, np.Passphrase)
+	if len(np.Hash) != 0 {
+		hash := [32]byte{}
+		copy(hash[:], np.Hash[:32])
+		secStore.AddRawKey(np.Name, hash)
+	} else {
+		secStore.AddKey(np.Name, np.Passphrase)
+	}
+
 	defer updateState()
 
 	err = secStore.SaveTo(secKeysStorePath())