Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-05 21:07:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add -g/--gpgkey option to tell tomb to use GPG key to encrypt a tomb key

Browse Source 
Option -r is now only used to provide the recipient
Option -R removed, the new recipient can be given by the -r option.
This commit is contained in:
Alexandre Pujol 2017-02-09 18:57:34 +00:00
parent bfe5bb9707
commit 528140738a
2 changed files with 43 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
extras/test/runtests
View File

@ -122,15 +122,15 @@ test-tomb-recip() {
{ test $? = 0 } && { results+=(recip-dig SUCCESS) }
notice "Testing tomb with recipient creation: forge"
tt forge $tomb_key -r $gpgid_1 --ignore-swap --unsafe --use-urandom
tt forge $tomb_key -g -r $gpgid_1 --ignore-swap --unsafe --use-urandom
{ test $? = 0 } && { results+=(recip-forge SUCCESS) }
notice "Testing tomb with recipient creation: lock"
tt lock $tomb -k $tomb_key -r $gpgid_1 --ignore-swap --unsafe
tt lock $tomb -k $tomb_key -g -r $gpgid_1 --ignore-swap --unsafe
{ test $? = 0 } && { results+=(recip-lock SUCCESS) }
notice "Testing tomb with recipient opening: open"
tt open $tomb -k $tomb_key -r $gpgid_1
tt open $tomb -k $tomb_key -g
{ test $? = 0 } && { results+=(recip-open SUCCESS) }
notice "Testing tomb with recipient closing: close"
@ -144,7 +144,7 @@ test-tomb-recip() {
sudo rm -f /tmp/recip.steg.key
tt --unsafe --tomb-pwd ${dummypass} bury -k /tmp/recip.tomb.key \
/tmp/recip.jpg -r "$gpgid_1"
/tmp/recip.jpg -g -r "$gpgid_1"
{ test $? = 0 } && { results+=(recip-stgin SUCCESS) }
tt --unsafe --tomb-pwd ${dummypass} exhume -k /tmp/recip.steg.key \
@ -152,40 +152,40 @@ test-tomb-recip() {
{ test $? = 0 } && { results+=(recip-stgout SUCCESS) }
tt --unsafe --tomb-pwd ${dummypass} open -k /tmp/recip.steg.key \
/tmp/recip.tomb -r "$gpgid_1"
/tmp/recip.tomb -g
{ test $? = 0 } && { results+=(recip-stgopen SUCCESS) }
${T} close recip
notice "test using open -k image.jpeg"
tt --unsafe --tomb-pwd ${dummypass} open -k /tmp/recip.jpg \
/tmp/recip.tomb -r "$gpgid_1"
/tmp/recip.tomb -g
{ test $? = 0 } && { results+=(recip-stgimpl SUCCESS) }
tt close recip
}
notice "Testing tomb with recipient changing gpg key: passwd"
res=0
tt passwd -k $tomb_key -r $gpgid_1 -R $gpgid_2
tt passwd -k $tomb_key -g -r $gpgid_2
{ test $? = 0 } || { res=1 }
tt open $tomb -k $tomb_key -r $gpgid_2
tt open $tomb -k $tomb_key -g
{ test $? = 0 } || { res=1 }
tt close recip
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(recip-passwd SUCCESS) }
notice "Testing tomb with recipient resizing a tomb: resize"
tt resize -s 30 $tomb -k $tomb_key -r $gpgid_2
tt resize -s 30 $tomb -k $tomb_key -g -r $gpgid_2
{ test $? = 0 } && { results+=(recip-resize SUCCESS) }
notice "Testing tomb with recipient setting a new key: setkey"
sudo rm -f /tmp/new.recip.tomb.key
res=0
tt forge /tmp/new.recip.tomb.key -r $gpgid_2 \
tt forge /tmp/new.recip.tomb.key -g -r $gpgid_2 \
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt setkey -k /tmp/new.recip.tomb.key $tomb_key $tomb -r $gpgid_2
tt setkey -k /tmp/new.recip.tomb.key $tomb_key $tomb -g -r $gpgid_2
{ test $? = 0 } || { res=1 }
tt open -k /tmp/new.recip.tomb.key $tomb -r $gpgid_2
tt open -k /tmp/new.recip.tomb.key $tomb -g
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(recip-setkey SUCCESS) }
tt close recip
@ -200,31 +200,30 @@ test-tomb-shared() {
res=0
tt dig -s 20 /tmp/shared.tomb
{ test $? = 0 } || { res=1 }
tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 --shared \
tt forge /tmp/shared.tomb.key -g -r $gpgid_1,$gpgid_2 --shared \
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \
--ignore-swap --unsafe -r $gpgid_1
--ignore-swap --unsafe -g -r $gpgid_1
{ test $? = 0 } || { res=1 }
tt open /tmp/shared.tomb -k /tmp/shared.tomb.key -r $gpgid_1
tt open /tmp/shared.tomb -k /tmp/shared.tomb.key -g
{ test $? = 0 } || { res=1 }
tt close shared
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(shared SUCCESS) }
notice "Testing changing recipients on a shared Tomb"
tt passwd -k /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
-R $gpgid_2,$gpgid_1 --shared
tt passwd -k /tmp/shared.tomb.key -g -r $gpgid_2,$gpgid_1 --shared
{ test $? = 0 } && { results+=(shared-passwd SUCCESS) }
notice "Testing setkey on a shared Tomb"
rm -f /tmp/new.shared.tomb.key
res=0
tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 --shared\
tt forge /tmp/new.shared.tomb.key -g -r $gpgid_1,$gpgid_2 --shared\
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \
-r $gpgid_2,$gpgid_1 --shared
-g -r $gpgid_2,$gpgid_1 --shared
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(shared-setkey SUCCESS) }
}

56
tomb Executable file → Normal file
View File

@ -651,8 +651,8 @@ usage() {
_print " -n don't process the hooks found in tomb"
_print " -o options passed to commands: open, lock, forge (see man)"
_print " -f force operation (i.e. even if swap is active)"
_print " -r GnuPG users IDs to encrypt a tomb key (separated by ,)"
_print " -R new recipients to use (separated by ,)"
_print " -g use a GnuPG key to encrypt a tomb key"
_print " -r provide GnuPG recipients (separated by coma)"
_print " --shared active sharing feature"
[[ $KDF == 1 ]] && {
_print " --kdf forge keys armored against dictionary attacks"
@ -939,7 +939,7 @@ _load_key() {
[[ -z $keyfile ]] && {
_failure "This operation requires a key file to be specified using the -k option." }
if option_is_set -r; then
if option_is_set -g; then
_verbose "load_key key encrypted with a GnuPG Key"
_message "Key encrypted with a GnuPG Key"
TOMBKEYFILE=$keyfile
@ -993,12 +993,7 @@ gpg_decrypt() {
typeset -a gpgopt
gpgpopt=(--passphrase-fd 0)
{ option_is_set -r } && {
typeset -a recipients
recipients=(${(s:,:)$(option_value -r)})
{ ! is_valid_recipients $recipients } && { ! option_is_set -f } && {
_failure "You set an invalid GPG ID."
}
{ option_is_set -g } && {
gpgpass="$TOMBKEY"
gpgpopt=()
}
@ -1064,7 +1059,7 @@ get_lukskey() {
# key needs to be exhumed from an image
elif [[ -r $TOMBKEYFILE && $(file $TOMBKEYFILE) =~ "JP.G" ]]; then
if option_is_set -r; then
if option_is_set -g; then
# When using a GPG key, the tomb key is buried using a steganography password
if option_is_set --tomb-pwd; then
_password="`option_value --tomb-pwd`"
@ -1102,7 +1097,7 @@ ask_key_password() {
_verbose "no password needed, using secret bytes from stdin"
return 0 }
if option_is_set -r; then
if option_is_set -g; then
_verbose "no password needed, using GPG key"
get_lukskey
return $?
@ -1164,7 +1159,7 @@ change_passwd() {
_check_swap # Ensure swap is secure, if any
_load_key # Try loading key from option -k and set TOMBKEYFILE
{ option_is_set -r } && {
{ option_is_set -g } && {
_message "Commanded to change GnuPG key for tomb key ::1 key::" $TOMBKEYFILE
} || {
_message "Commanded to change password for tomb key ::1 key::" $TOMBKEYFILE
@ -1182,7 +1177,7 @@ change_passwd() {
fi
[[ $? == 0 ]] || _failure "No valid password supplied."
{ option_is_set -r } && {
{ option_is_set -g } && {
_success "Changing GnuPG key for ::1 key file::" $TOMBKEYFILE
} || {
_success "Changing password for ::1 key file::" $TOMBKEYFILE
@ -1203,7 +1198,7 @@ change_passwd() {
# Copy the new key as the original keyfile name
cp -f "${tmpnewkey}" $TOMBKEYFILE
{ option_is_set -r } && {
{ option_is_set -g } && {
_success "Your GnuPG key was successfully changed"
} || {
_success "Your passphrase was successfully updated."
@ -1226,14 +1221,13 @@ gen_key() {
tombpass=""
tombpasstmp=""
{ option_is_set -r } && {
typeset -a recipients
{ option_is_set -R } && {
recipients=(${(s:,:)$(option_value -R)})
} || {
recipients=(${(s:,:)$(option_value -r)})
{ option_is_set -g } && {
{ option_is_set -r } || {
_failure "A GPG recipient needs to be specified using -r."
}
typeset -a recipients
recipients=(${(s:,:)$(option_value -r)})
[ "${#recipients}" -gt 1 ] && {
if option_is_set --shared; then
_warning "You are going to encrypt a tomb key with ${#recipients} recipients."
@ -1370,7 +1364,7 @@ bury_key() {
}
_success "Encoding key ::1 tomb key:: inside image ::2 image file::" $TOMBKEY $imagefile
{ option_is_set -r } && {
{ option_is_set -g } && {
_message "Using GnuPG Key ID"
} || {
_message "Please confirm the key password for the encoding"
@ -1386,7 +1380,7 @@ bury_key() {
# if using a GPG key, we test if the user can decrypt the tomb
# with its key and we ask for a steganography password.
{ option_is_set --tomb-pwd } && { ! option_is_set -r } && {
{ option_is_set --tomb-pwd } && { ! option_is_set -g } && {
local tombpwd="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $tombpwd
ask_key_password "$tombpwd"
@ -1397,10 +1391,10 @@ bury_key() {
_warning "Wrong password/GnuPG ID supplied."
_failure "You shall not bury a key whose password is unknown to you." }
if option_is_set -r && option_is_set --tomb-pwd; then
if option_is_set -g && option_is_set --tomb-pwd; then
TOMBPASSWORD="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $TOMBPASSWORD
elif option_is_set -r; then
elif option_is_set -g; then
tombpass=""
tombpasstmp=""
while true; do
@ -1663,7 +1657,7 @@ forge_key() {
_message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \
$destkey $algo
[[ $KDF == 1 ]] && { ! option_is_set -r } && {
[[ $KDF == 1 ]] && { ! option_is_set -g } && {
_message "Using KDF to protect the key password (`option_value --kdf` rounds)"
}
@ -1686,7 +1680,7 @@ forge_key() {
# Here the global variable TOMBSECRET contains the naked secret
{ option_is_set -r } && {
{ option_is_set -g } && {
{ option_is_set --shared } && {
_success "Using GnuPG keys to encrypt and share your key: ::1 tomb key::" $TOMBKEYFILE
} || {
@ -1970,7 +1964,7 @@ mount_tomb() {
# take the name only, strip extensions
_verbose "Tomb name: ::1 tomb name:: (to be engraved)" $TOMBNAME
{ option_is_set --tomb-pwd } && { ! option_is_set -r } && {
{ option_is_set --tomb-pwd } && { ! option_is_set -g } && {
tomb_pwd="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
ask_key_password "$tomb_pwd"
@ -2739,10 +2733,10 @@ main() {
# can only use the non-abbreviated long-option version like:
# -force and NOT -f
#
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe)
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g)
subcommands_opts[__default]=""
# -o in open and mount is used to pass alternate mount options
subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: "
subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: "
subcommands_opts[mount]=${subcommands_opts[open]}
subcommands_opts[create]="" # deprecated, will issue warning
@ -2754,7 +2748,7 @@ main() {
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
subcommands_opts[engrave]="k: "
subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
subcommands_opts[close]=""
subcommands_opts[help]=""
subcommands_opts[slam]=""