Add '--shared' in order to activate sharing support.

Sharing feature is a very sensitive action, the user needs to trust the
GPG public key it is going to share its tomb. This is why this feature
needs to be explicitly activated using in more the flag --shared
on the key encryption commands.
This commit is contained in:
Alexandre Pujol 2017-02-03 17:55:06 +00:00
parent 15164f5578
commit 6f89dbd2fe
2 changed files with 28 additions and 7 deletions

View File

@ -200,7 +200,7 @@ test-tomb-shared() {
res=0
tt dig -s 20 /tmp/shared.tomb
{ test $? = 0 } || { res=1 }
tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 --shared \
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \
@ -214,17 +214,17 @@ test-tomb-shared() {
notice "Testing changing recipients on a shared Tomb"
tt passwd -k /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
-R $gpgid_2,$gpgid_1
-R $gpgid_2,$gpgid_1 --shared
{ test $? = 0 } && { results+=(shared-passwd SUCCESS) }
notice "Testing setkey on a shared Tomb"
rm -f /tmp/new.shared.tomb.key
res=0
tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 \
tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 --shared\
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \
-r $gpgid_2,$gpgid_1
-r $gpgid_2,$gpgid_1 --shared
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(shared-setkey SUCCESS) }
}

27
tomb
View File

@ -864,6 +864,14 @@ _recipients_arg() {
return 0
}
# $1 is a GPG key recipient
# Print the fingerprint of the GPG key
_fingerprint() {
local recipient="$1"
gpg --with-colons --fingerprint "$recipient" | grep fpr | head -1 | cut -d ':' -f 10 | sed 's/.\{4\}/& /g'
}
# $1 is the encrypted key contents we are checking
is_valid_key() {
local key="$1" # Unique argument is an encrypted key to test
@ -1210,6 +1218,19 @@ gen_key() {
recipients=(${(s:,:)$(option_value -r)})
}
[ "${#recipients}" -gt 1 ] && {
if option_is_set --shared; then
_warning "You are going to encrypt a tomb key with ${#recipients} recipients."
_warning "It is your responsibility to check the fingerprint of these recipients."
_warning "The fingerprints are:"
for gpg_id in ${recipients[@]}; do
_warning " `_fingerprint "$gpg_id"`"
done
else
_failure "You need to use the option '--shared' to enable sharing support"
fi
}
{ is_valid_recipients $recipients } || {
_failure "You set an invalid GPG ID."
}
@ -2698,13 +2719,13 @@ main() {
subcommands_opts[create]="" # deprecated, will issue warning
# -o in forge and lock is used to pass an alternate cipher.
subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: "
subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: -shared "
subcommands_opts[dig]="-ignore-swap s: -size=s "
subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: "
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: "
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
subcommands_opts[engrave]="k: "
subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: "
subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
subcommands_opts[close]=""
subcommands_opts[help]=""
subcommands_opts[slam]=""