From 6f89dbd2fec992e6b386fc048e7a0fe89dccc38a Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 3 Feb 2017 17:55:06 +0000 Subject: [PATCH] Add '--shared' in order to activate sharing support. Sharing feature is a very sensitive action, the user needs to trust the GPG public key it is going to share its tomb. This is why this feature needs to be explicitly activated using in more the flag --shared on the key encryption commands. --- extras/test/runtests | 8 ++++---- tomb | 27 ++++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/extras/test/runtests b/extras/test/runtests index e3af55a..c25ec23 100755 --- a/extras/test/runtests +++ b/extras/test/runtests @@ -200,7 +200,7 @@ test-tomb-shared() { res=0 tt dig -s 20 /tmp/shared.tomb { test $? = 0 } || { res=1 } - tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \ + tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 --shared \ --ignore-swap --unsafe --use-urandom { test $? = 0 } || { res=1 } tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \ @@ -214,17 +214,17 @@ test-tomb-shared() { notice "Testing changing recipients on a shared Tomb" tt passwd -k /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \ - -R $gpgid_2,$gpgid_1 + -R $gpgid_2,$gpgid_1 --shared { test $? = 0 } && { results+=(shared-passwd SUCCESS) } notice "Testing setkey on a shared Tomb" rm -f /tmp/new.shared.tomb.key res=0 - tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 \ + tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 --shared\ --ignore-swap --unsafe --use-urandom { test $? = 0 } || { res=1 } tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \ - -r $gpgid_2,$gpgid_1 + -r $gpgid_2,$gpgid_1 --shared { test $? = 0 } || { res=1 } { test $res = 0 } && { results+=(shared-setkey SUCCESS) } } diff --git a/tomb b/tomb index d7ad4b5..15ff175 100755 --- a/tomb +++ b/tomb @@ -864,6 +864,14 @@ _recipients_arg() { return 0 } +# $1 is a GPG key recipient +# Print the fingerprint of the GPG key +_fingerprint() { + local recipient="$1" + gpg --with-colons --fingerprint "$recipient" | grep fpr | head -1 | cut -d ':' -f 10 | sed 's/.\{4\}/& /g' +} + + # $1 is the encrypted key contents we are checking is_valid_key() { local key="$1" # Unique argument is an encrypted key to test @@ -1210,6 +1218,19 @@ gen_key() { recipients=(${(s:,:)$(option_value -r)}) } + [ "${#recipients}" -gt 1 ] && { + if option_is_set --shared; then + _warning "You are going to encrypt a tomb key with ${#recipients} recipients." + _warning "It is your responsibility to check the fingerprint of these recipients." + _warning "The fingerprints are:" + for gpg_id in ${recipients[@]}; do + _warning " `_fingerprint "$gpg_id"`" + done + else + _failure "You need to use the option '--shared' to enable sharing support" + fi + } + { is_valid_recipients $recipients } || { _failure "You set an invalid GPG ID." } @@ -2698,13 +2719,13 @@ main() { subcommands_opts[create]="" # deprecated, will issue warning # -o in forge and lock is used to pass an alternate cipher. - subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: " + subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: -shared " subcommands_opts[dig]="-ignore-swap s: -size=s " subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: " - subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: " + subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared " subcommands_opts[engrave]="k: " - subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: " + subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared " subcommands_opts[close]="" subcommands_opts[help]="" subcommands_opts[slam]=""