Add GPG default key support for key encryption

If the option -r is not set, use the gpg default key to encrypt
a tomb key

extras/test/runtests

@@ -59,7 +59,7 @@ typeset -A results
 
 tests=(dig forge lock badpass open close passwd chksum bind setkey recip-dig 
 		recip-forge recip-lock recip-open recip-close recip-passwd recip-resize 
-		recip-setkey shared shared-passwd shared-setkey)
+		recip-setkey shared shared-passwd shared-setkey recip-default)
 
 { test $RESIZER = 1 } && { tests+=(resize) }
 { test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
@@ -193,6 +193,23 @@ test-tomb-recip() {
     tt close recip
 }
 
+test-tomb-default() {
+
+	notice "wiping all default.tomb* in /tmp"
+	rm -f /tmp/default.tomb /tmp/default.tomb.key
+	
+	notice "Testing tomb with the default recipient"
+	res=0
+    tt dig -s 20 /tmp/default.tomb
+    { test $? = 0 } || { res=1 }
+    tt forge /tmp/default.tomb.key -g --ignore-swap --unsafe --use-urandom
+    { test $? = 0 } || { res=1 }
+	tt lock /tmp/default.tomb -k /tmp/default.tomb.key \
+        --ignore-swap --unsafe -g
+    { test $? = 0 } || { res=1 }
+    { test $res = 0 } && { results+=(recip-default SUCCESS) }
+}
+
 test-tomb-shared() {
 
 	notice "wiping all shared.tomb* in /tmp"
@@ -364,6 +381,7 @@ startloops=(`sudo losetup -a |cut -d: -f1`)
 # isolated function (also called with source)
 test-tomb-create
 test-tomb-recip
+test-tomb-default
 test-tomb-shared
 
 notice "Testing open with wrong password"

tomb

@@ -1236,32 +1236,36 @@ gen_key() {
     tombpasstmp=""
 
     { option_is_set -g } && {
-        { option_is_set -r } || {
+        gpgopt=(--encrypt)
-            _failure "A GPG recipient needs to be specified using -r."
-        }
-
-        typeset -a recipients
-        recipients=(${(s:,:)$(option_value -r)})
-        [ "${#recipients}" -gt 1 ] && {
-            if option_is_set --shared; then
-                _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
-                _warning "It is your responsibility to check the fingerprint of these recipients."
-                _warning "The fingerprints are:"
-                for gpg_id in ${recipients[@]}; do
-                    _warning "    `_fingerprint "$gpg_id"`"
-                done
-            else
-                _failure "You need to use the option '--shared' to enable sharing support"
-            fi
-        }
         
-        { is_valid_recipients $recipients } || {
+        { option_is_set -r } && {
-            _failure "You set an invalid GPG ID."
+            typeset -a recipients
+            recipients=(${(s:,:)$(option_value -r)})
+            [ "${#recipients}" -gt 1 ] && {
+                if option_is_set --shared; then
+                    _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
+                    _warning "It is your responsibility to check the fingerprint of these recipients."
+                    _warning "The fingerprints are:"
+                    for gpg_id in ${recipients[@]}; do
+                        _warning "    `_fingerprint "$gpg_id"`"
+                    done
+                else
+                    _failure "You need to use the option '--shared' to enable sharing support"
+                fi
+            }
+            
+            { is_valid_recipients $recipients } || {
+                _failure "You set an invalid GPG ID."
+            }
+            
+            gpgopt+=(`_recipients_arg "--hidden-recipient" $recipients`)
+        } || {
+            _message "No recipient specified, using default GPG key."
+            gpgopt+=("--default-recipient-self")
         }
         
         # Set gpg inputs and options
         gpgpass="$TOMBSECRET"
-        gpgopt=(--encrypt `_recipients_arg "--hidden-recipient" $recipients`)
         opt=''
     } || {
         if [ "$1" = "" ]; then