mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-11 07:30:56 +00:00
Add '--shared' in order to activate sharing support.
Sharing feature is a very sensitive action, the user needs to trust the GPG public key it is going to share its tomb. This is why this feature needs to be explicitly activated using in more the flag --shared on the key encryption commands.
This commit is contained in:
parent
15164f5578
commit
6f89dbd2fe
@ -200,7 +200,7 @@ test-tomb-shared() {
|
||||
res=0
|
||||
tt dig -s 20 /tmp/shared.tomb
|
||||
{ test $? = 0 } || { res=1 }
|
||||
tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
|
||||
tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 --shared \
|
||||
--ignore-swap --unsafe --use-urandom
|
||||
{ test $? = 0 } || { res=1 }
|
||||
tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \
|
||||
@ -214,17 +214,17 @@ test-tomb-shared() {
|
||||
|
||||
notice "Testing changing recipients on a shared Tomb"
|
||||
tt passwd -k /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
|
||||
-R $gpgid_2,$gpgid_1
|
||||
-R $gpgid_2,$gpgid_1 --shared
|
||||
{ test $? = 0 } && { results+=(shared-passwd SUCCESS) }
|
||||
|
||||
notice "Testing setkey on a shared Tomb"
|
||||
rm -f /tmp/new.shared.tomb.key
|
||||
res=0
|
||||
tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 \
|
||||
tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 --shared\
|
||||
--ignore-swap --unsafe --use-urandom
|
||||
{ test $? = 0 } || { res=1 }
|
||||
tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \
|
||||
-r $gpgid_2,$gpgid_1
|
||||
-r $gpgid_2,$gpgid_1 --shared
|
||||
{ test $? = 0 } || { res=1 }
|
||||
{ test $res = 0 } && { results+=(shared-setkey SUCCESS) }
|
||||
}
|
||||
|
27
tomb
27
tomb
@ -864,6 +864,14 @@ _recipients_arg() {
|
||||
return 0
|
||||
}
|
||||
|
||||
# $1 is a GPG key recipient
|
||||
# Print the fingerprint of the GPG key
|
||||
_fingerprint() {
|
||||
local recipient="$1"
|
||||
gpg --with-colons --fingerprint "$recipient" | grep fpr | head -1 | cut -d ':' -f 10 | sed 's/.\{4\}/& /g'
|
||||
}
|
||||
|
||||
|
||||
# $1 is the encrypted key contents we are checking
|
||||
is_valid_key() {
|
||||
local key="$1" # Unique argument is an encrypted key to test
|
||||
@ -1210,6 +1218,19 @@ gen_key() {
|
||||
recipients=(${(s:,:)$(option_value -r)})
|
||||
}
|
||||
|
||||
[ "${#recipients}" -gt 1 ] && {
|
||||
if option_is_set --shared; then
|
||||
_warning "You are going to encrypt a tomb key with ${#recipients} recipients."
|
||||
_warning "It is your responsibility to check the fingerprint of these recipients."
|
||||
_warning "The fingerprints are:"
|
||||
for gpg_id in ${recipients[@]}; do
|
||||
_warning " `_fingerprint "$gpg_id"`"
|
||||
done
|
||||
else
|
||||
_failure "You need to use the option '--shared' to enable sharing support"
|
||||
fi
|
||||
}
|
||||
|
||||
{ is_valid_recipients $recipients } || {
|
||||
_failure "You set an invalid GPG ID."
|
||||
}
|
||||
@ -2698,13 +2719,13 @@ main() {
|
||||
subcommands_opts[create]="" # deprecated, will issue warning
|
||||
|
||||
# -o in forge and lock is used to pass an alternate cipher.
|
||||
subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: "
|
||||
subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: -shared "
|
||||
subcommands_opts[dig]="-ignore-swap s: -size=s "
|
||||
subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: "
|
||||
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: "
|
||||
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
|
||||
subcommands_opts[engrave]="k: "
|
||||
|
||||
subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: "
|
||||
subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
|
||||
subcommands_opts[close]=""
|
||||
subcommands_opts[help]=""
|
||||
subcommands_opts[slam]=""
|
||||
|
Loading…
Reference in New Issue
Block a user