From 6352a1d417e4eadc5e81c1666073300e4c5610aa Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 3 Mar 2017 20:36:50 +0000 Subject: [PATCH] Add GPG default key support for key encryption If the option -r is not set, use the gpg default key to encrypt a tomb key --- extras/test/runtests | 20 ++++++++++++++++++- tomb | 46 ++++++++++++++++++++++++-------------------- 2 files changed, 44 insertions(+), 22 deletions(-) diff --git a/extras/test/runtests b/extras/test/runtests index 6560358..444d7cc 100755 --- a/extras/test/runtests +++ b/extras/test/runtests @@ -59,7 +59,7 @@ typeset -A results tests=(dig forge lock badpass open close passwd chksum bind setkey recip-dig recip-forge recip-lock recip-open recip-close recip-passwd recip-resize - recip-setkey shared shared-passwd shared-setkey) + recip-setkey shared shared-passwd shared-setkey recip-default) { test $RESIZER = 1 } && { tests+=(resize) } { test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) } @@ -193,6 +193,23 @@ test-tomb-recip() { tt close recip } +test-tomb-default() { + + notice "wiping all default.tomb* in /tmp" + rm -f /tmp/default.tomb /tmp/default.tomb.key + + notice "Testing tomb with the default recipient" + res=0 + tt dig -s 20 /tmp/default.tomb + { test $? = 0 } || { res=1 } + tt forge /tmp/default.tomb.key -g --ignore-swap --unsafe --use-urandom + { test $? = 0 } || { res=1 } + tt lock /tmp/default.tomb -k /tmp/default.tomb.key \ + --ignore-swap --unsafe -g + { test $? = 0 } || { res=1 } + { test $res = 0 } && { results+=(recip-default SUCCESS) } +} + test-tomb-shared() { notice "wiping all shared.tomb* in /tmp" @@ -364,6 +381,7 @@ startloops=(`sudo losetup -a |cut -d: -f1`) # isolated function (also called with source) test-tomb-create test-tomb-recip +test-tomb-default test-tomb-shared notice "Testing open with wrong password" diff --git a/tomb b/tomb index 1dc49a1..027a061 100755 --- a/tomb +++ b/tomb @@ -1236,32 +1236,36 @@ gen_key() { tombpasstmp="" { option_is_set -g } && { - { option_is_set -r } || { - _failure "A GPG recipient needs to be specified using -r." - } - - typeset -a recipients - recipients=(${(s:,:)$(option_value -r)}) - [ "${#recipients}" -gt 1 ] && { - if option_is_set --shared; then - _warning "You are going to encrypt a tomb key with ${#recipients} recipients." - _warning "It is your responsibility to check the fingerprint of these recipients." - _warning "The fingerprints are:" - for gpg_id in ${recipients[@]}; do - _warning " `_fingerprint "$gpg_id"`" - done - else - _failure "You need to use the option '--shared' to enable sharing support" - fi - } + gpgopt=(--encrypt) - { is_valid_recipients $recipients } || { - _failure "You set an invalid GPG ID." + { option_is_set -r } && { + typeset -a recipients + recipients=(${(s:,:)$(option_value -r)}) + [ "${#recipients}" -gt 1 ] && { + if option_is_set --shared; then + _warning "You are going to encrypt a tomb key with ${#recipients} recipients." + _warning "It is your responsibility to check the fingerprint of these recipients." + _warning "The fingerprints are:" + for gpg_id in ${recipients[@]}; do + _warning " `_fingerprint "$gpg_id"`" + done + else + _failure "You need to use the option '--shared' to enable sharing support" + fi + } + + { is_valid_recipients $recipients } || { + _failure "You set an invalid GPG ID." + } + + gpgopt+=(`_recipients_arg "--hidden-recipient" $recipients`) + } || { + _message "No recipient specified, using default GPG key." + gpgopt+=("--default-recipient-self") } # Set gpg inputs and options gpgpass="$TOMBSECRET" - gpgopt=(--encrypt `_recipients_arg "--hidden-recipient" $recipients`) opt='' } || { if [ "$1" = "" ]; then