mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-26 06:46:30 +00:00
Improve key encryption/decryption using GPG key.
Decryption/Encryption works without these improvment, however, there are needed in order to have clean key (without empty line). Moreover, tests showed not doing cause troubles when changing the GPG key used to encrypt a tomb key.
This commit is contained in:
parent
8f8dc0a0d4
commit
5a35ab9668
61
tomb
61
tomb
@ -947,14 +947,24 @@ gpg_decrypt() {
|
|||||||
# fix for gpg 1.4.11 where the --status-* options don't work ;^/
|
# fix for gpg 1.4.11 where the --status-* options don't work ;^/
|
||||||
local gpgver=$(gpg --version --no-permission-warning | awk '/^gpg/ {print $3}')
|
local gpgver=$(gpg --version --no-permission-warning | awk '/^gpg/ {print $3}')
|
||||||
local gpgpass="$1\n$TOMBKEY"
|
local gpgpass="$1\n$TOMBKEY"
|
||||||
local gpgstatus
|
local tmpres ret
|
||||||
local tmpres
|
typeset -a gpgopt
|
||||||
|
gpgpopt=(--passphrase-fd 0)
|
||||||
|
|
||||||
|
{ option_is_set -r } && {
|
||||||
|
local gpgkey=`option_value -r`
|
||||||
|
_verbose "using $gpgkey to decrypt a tomb key"
|
||||||
|
{ ! is_valid_recipients "$gpgkey" } && {
|
||||||
|
_failure "You set an invalid GPG ID."
|
||||||
|
}
|
||||||
|
gpgpass="$TOMBKEY"
|
||||||
|
gpgpopt=()
|
||||||
|
}
|
||||||
|
|
||||||
[[ $gpgver == "1.4.11" ]] && {
|
[[ $gpgver == "1.4.11" ]] && {
|
||||||
_verbose "GnuPG is version 1.4.11 - adopting status fix."
|
_verbose "GnuPG is version 1.4.11 - adopting status fix."
|
||||||
|
|
||||||
TOMBSECRET=`print - "$gpgpass" | \
|
TOMBSECRET=`print - "$gpgpass" | \
|
||||||
gpg --batch --passphrase-fd 0 --no-tty --no-options`
|
gpg --batch ${gpgpopt[@]} --no-tty --no-options`
|
||||||
ret=$?
|
ret=$?
|
||||||
unset gpgpass
|
unset gpgpass
|
||||||
return $ret
|
return $ret
|
||||||
@ -963,12 +973,10 @@ gpg_decrypt() {
|
|||||||
_tmp_create
|
_tmp_create
|
||||||
tmpres=$TOMBTMP
|
tmpres=$TOMBTMP
|
||||||
TOMBSECRET=`print - "$gpgpass" | \
|
TOMBSECRET=`print - "$gpgpass" | \
|
||||||
gpg --batch --passphrase-fd 0 --no-tty --no-options \
|
gpg --batch ${gpgpopt[@]} --no-tty --no-options \
|
||||||
--status-fd 2 --no-mdc-warning --no-permission-warning \
|
--status-fd 2 --no-mdc-warning --no-permission-warning \
|
||||||
--no-secmem-warning 2> $tmpres`
|
--no-secmem-warning 2> $tmpres`
|
||||||
|
|
||||||
unset gpgpass
|
unset gpgpass
|
||||||
|
|
||||||
ret=1
|
ret=1
|
||||||
for i in ${(f)"$(cat $tmpres)"}; do
|
for i in ${(f)"$(cat $tmpres)"}; do
|
||||||
_verbose "$i"
|
_verbose "$i"
|
||||||
@ -1158,11 +1166,24 @@ gen_key() {
|
|||||||
# -o is the --cipher-algo to use (string taken by GnuPG)
|
# -o is the --cipher-algo to use (string taken by GnuPG)
|
||||||
local algopt="`option_value -o`"
|
local algopt="`option_value -o`"
|
||||||
local algo="${algopt:-AES256}"
|
local algo="${algopt:-AES256}"
|
||||||
|
local gpgpass opt
|
||||||
|
typeset -a gpgopt
|
||||||
# here user is prompted for key password
|
# here user is prompted for key password
|
||||||
tombpass=""
|
tombpass=""
|
||||||
tombpasstmp=""
|
tombpasstmp=""
|
||||||
|
|
||||||
{ ! option_is_set -r } && {
|
{ option_is_set -r } && {
|
||||||
|
local gpgkey=`option_value -r`
|
||||||
|
_verbose "using $gpgkey to encrypt a tomb key"
|
||||||
|
{ is_valid_recipients "$gpgkey" } || {
|
||||||
|
_failure "You set an invalid GPG ID."
|
||||||
|
}
|
||||||
|
|
||||||
|
# Set gpg inputs and options
|
||||||
|
gpgpass="$TOMBSECRET"
|
||||||
|
gpgopt=(--encrypt --recipient "$gpgkey")
|
||||||
|
opt=''
|
||||||
|
} || {
|
||||||
if [ "$1" = "" ]; then
|
if [ "$1" = "" ]; then
|
||||||
while true; do
|
while true; do
|
||||||
# 3 tries to write two times a matching password
|
# 3 tries to write two times a matching password
|
||||||
@ -1219,26 +1240,20 @@ gen_key() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
print $header
|
print $header
|
||||||
|
|
||||||
|
# Set gpg inputs and options
|
||||||
|
gpgpass="${tombpass}\n$TOMBSECRET"
|
||||||
|
gpgopt=(--passphrase-fd 0 --symmetric)
|
||||||
|
opt='-n'
|
||||||
}
|
}
|
||||||
|
|
||||||
_tmp_create
|
_tmp_create
|
||||||
local tmpres=$TOMBTMP
|
local tmpres=$TOMBTMP
|
||||||
|
print $opt - "$gpgpass" \
|
||||||
if option_is_set -r; then
|
|
||||||
local gpgkey="`option_value -r`"
|
|
||||||
{ is_valid_recipients "$gpgkey" } || {
|
|
||||||
_failure "You set an invalid GPG ID."
|
|
||||||
}
|
|
||||||
print -n - "${tombpass}\n$TOMBSECRET" \
|
|
||||||
| gpg --openpgp --force-mdc --cipher-algo ${algo} --batch \
|
| gpg --openpgp --force-mdc --cipher-algo ${algo} --batch \
|
||||||
--no-options --no-tty --recipient "$gpgkey" \
|
--no-options --no-tty ${gpgopt[@]} \
|
||||||
--status-fd 2 -o - --encrypt --armor 2> $tmpres
|
--status-fd 2 -o - --armor 2> $tmpres
|
||||||
else
|
unset gpgpass
|
||||||
print -n - "${tombpass}\n$TOMBSECRET" \
|
|
||||||
| gpg --openpgp --force-mdc --cipher-algo ${algo} --batch \
|
|
||||||
--no-options --no-tty --passphrase-fd 0 \
|
|
||||||
--status-fd 2 -o - --symmetric --armor 2> $tmpres
|
|
||||||
fi
|
|
||||||
# check result of gpg operation
|
# check result of gpg operation
|
||||||
for i in ${(f)"$(cat $tmpres)"}; do
|
for i in ${(f)"$(cat $tmpres)"}; do
|
||||||
_verbose "$i"
|
_verbose "$i"
|
||||||
|
Loading…
Reference in New Issue
Block a user