Add '--shared' in order to activate sharing support.

Sharing feature is a very sensitive action, the user needs to trust the
GPG public key it is going to share its tomb. This is why this feature
needs to be explicitly activated using in more the flag --shared
on the key encryption commands.

extras/test/runtests

@@ -200,7 +200,7 @@ test-tomb-shared() {
     res=0
     tt dig -s 20 /tmp/shared.tomb
     { test $? = 0 } || { res=1 }
-    tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
+    tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 --shared \
         --ignore-swap --unsafe --use-urandom 
     { test $? = 0 } || { res=1 }
     tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \
@@ -214,17 +214,17 @@ test-tomb-shared() {
     
     notice "Testing changing recipients on a shared Tomb"
     tt passwd -k /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
-        -R $gpgid_2,$gpgid_1
+        -R $gpgid_2,$gpgid_1 --shared
     { test $? = 0 } && { results+=(shared-passwd SUCCESS) }
     
     notice "Testing setkey on a shared Tomb"
     rm -f /tmp/new.shared.tomb.key
     res=0
-    tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 \
+    tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 --shared\
         --ignore-swap --unsafe --use-urandom
     { test $? = 0 } || { res=1 }
     tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \
-        -r $gpgid_2,$gpgid_1
+        -r $gpgid_2,$gpgid_1 --shared
     { test $? = 0 } || { res=1 }
     { test $res = 0 } && { results+=(shared-setkey SUCCESS) }
 }

tomb

@@ -864,6 +864,14 @@ _recipients_arg() {
     return 0
 }
 
+# $1 is a GPG key recipient
+# Print the fingerprint of the GPG key
+_fingerprint() {
+    local recipient="$1"
+    gpg --with-colons --fingerprint "$recipient" | grep fpr | head -1 | cut -d ':' -f 10 | sed 's/.\{4\}/& /g'
+}
+
+
 # $1 is the encrypted key contents we are checking
 is_valid_key() {
     local key="$1"       # Unique argument is an encrypted key to test
@@ -1210,6 +1218,19 @@ gen_key() {
             recipients=(${(s:,:)$(option_value -r)})
         }
         
+        [ "${#recipients}" -gt 1 ] && {
+            if option_is_set --shared; then
+                _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
+                _warning "It is your responsibility to check the fingerprint of these recipients."
+                _warning "The fingerprints are:"
+                for gpg_id in ${recipients[@]}; do
+                    _warning "    `_fingerprint "$gpg_id"`"
+                done
+            else
+                _failure "You need to use the option '--shared' to enable sharing support"
+            fi
+        }
+        
         { is_valid_recipients $recipients } || {
             _failure "You set an invalid GPG ID."
         }
@@ -2698,13 +2719,13 @@ main() {
     subcommands_opts[create]="" # deprecated, will issue warning
 
     # -o in forge and lock is used to pass an alternate cipher.
-    subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: "
+    subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: -shared "
     subcommands_opts[dig]="-ignore-swap s: -size=s "
     subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: "
-    subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: "
+    subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
     subcommands_opts[engrave]="k: "
 
-    subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: "
+    subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
     subcommands_opts[close]=""
     subcommands_opts[help]=""
     subcommands_opts[slam]=""