mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-25 22:27:34 +00:00
Add GPG default key support for key encryption
If the option -r is not set, use the gpg default key to encrypt a tomb key
This commit is contained in:
parent
0644ebe951
commit
6352a1d417
@ -59,7 +59,7 @@ typeset -A results
|
||||
|
||||
tests=(dig forge lock badpass open close passwd chksum bind setkey recip-dig
|
||||
recip-forge recip-lock recip-open recip-close recip-passwd recip-resize
|
||||
recip-setkey shared shared-passwd shared-setkey)
|
||||
recip-setkey shared shared-passwd shared-setkey recip-default)
|
||||
|
||||
{ test $RESIZER = 1 } && { tests+=(resize) }
|
||||
{ test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
|
||||
@ -193,6 +193,23 @@ test-tomb-recip() {
|
||||
tt close recip
|
||||
}
|
||||
|
||||
test-tomb-default() {
|
||||
|
||||
notice "wiping all default.tomb* in /tmp"
|
||||
rm -f /tmp/default.tomb /tmp/default.tomb.key
|
||||
|
||||
notice "Testing tomb with the default recipient"
|
||||
res=0
|
||||
tt dig -s 20 /tmp/default.tomb
|
||||
{ test $? = 0 } || { res=1 }
|
||||
tt forge /tmp/default.tomb.key -g --ignore-swap --unsafe --use-urandom
|
||||
{ test $? = 0 } || { res=1 }
|
||||
tt lock /tmp/default.tomb -k /tmp/default.tomb.key \
|
||||
--ignore-swap --unsafe -g
|
||||
{ test $? = 0 } || { res=1 }
|
||||
{ test $res = 0 } && { results+=(recip-default SUCCESS) }
|
||||
}
|
||||
|
||||
test-tomb-shared() {
|
||||
|
||||
notice "wiping all shared.tomb* in /tmp"
|
||||
@ -364,6 +381,7 @@ startloops=(`sudo losetup -a |cut -d: -f1`)
|
||||
# isolated function (also called with source)
|
||||
test-tomb-create
|
||||
test-tomb-recip
|
||||
test-tomb-default
|
||||
test-tomb-shared
|
||||
|
||||
notice "Testing open with wrong password"
|
||||
|
44
tomb
44
tomb
@ -1236,32 +1236,36 @@ gen_key() {
|
||||
tombpasstmp=""
|
||||
|
||||
{ option_is_set -g } && {
|
||||
{ option_is_set -r } || {
|
||||
_failure "A GPG recipient needs to be specified using -r."
|
||||
}
|
||||
gpgopt=(--encrypt)
|
||||
|
||||
typeset -a recipients
|
||||
recipients=(${(s:,:)$(option_value -r)})
|
||||
[ "${#recipients}" -gt 1 ] && {
|
||||
if option_is_set --shared; then
|
||||
_warning "You are going to encrypt a tomb key with ${#recipients} recipients."
|
||||
_warning "It is your responsibility to check the fingerprint of these recipients."
|
||||
_warning "The fingerprints are:"
|
||||
for gpg_id in ${recipients[@]}; do
|
||||
_warning " `_fingerprint "$gpg_id"`"
|
||||
done
|
||||
else
|
||||
_failure "You need to use the option '--shared' to enable sharing support"
|
||||
fi
|
||||
}
|
||||
{ option_is_set -r } && {
|
||||
typeset -a recipients
|
||||
recipients=(${(s:,:)$(option_value -r)})
|
||||
[ "${#recipients}" -gt 1 ] && {
|
||||
if option_is_set --shared; then
|
||||
_warning "You are going to encrypt a tomb key with ${#recipients} recipients."
|
||||
_warning "It is your responsibility to check the fingerprint of these recipients."
|
||||
_warning "The fingerprints are:"
|
||||
for gpg_id in ${recipients[@]}; do
|
||||
_warning " `_fingerprint "$gpg_id"`"
|
||||
done
|
||||
else
|
||||
_failure "You need to use the option '--shared' to enable sharing support"
|
||||
fi
|
||||
}
|
||||
|
||||
{ is_valid_recipients $recipients } || {
|
||||
_failure "You set an invalid GPG ID."
|
||||
{ is_valid_recipients $recipients } || {
|
||||
_failure "You set an invalid GPG ID."
|
||||
}
|
||||
|
||||
gpgopt+=(`_recipients_arg "--hidden-recipient" $recipients`)
|
||||
} || {
|
||||
_message "No recipient specified, using default GPG key."
|
||||
gpgopt+=("--default-recipient-self")
|
||||
}
|
||||
|
||||
# Set gpg inputs and options
|
||||
gpgpass="$TOMBSECRET"
|
||||
gpgopt=(--encrypt `_recipients_arg "--hidden-recipient" $recipients`)
|
||||
opt=''
|
||||
} || {
|
||||
if [ "$1" = "" ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user