mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-22 12:35:13 +00:00
Add GPG recipient support when generating a new tomb key
This commit is contained in:
parent
db7109da4a
commit
902860fd9f
123
tomb
123
tomb
@ -1139,72 +1139,79 @@ gen_key() {
|
||||
tombpass=""
|
||||
tombpasstmp=""
|
||||
|
||||
if [ "$1" = "" ]; then
|
||||
while true; do
|
||||
# 3 tries to write two times a matching password
|
||||
tombpass=`ask_password "Type the new password to secure your key"`
|
||||
if [[ $? != 0 ]]; then
|
||||
_failure "User aborted."
|
||||
fi
|
||||
if [ -z $tombpass ]; then
|
||||
_failure "You set empty password, which is not possible."
|
||||
fi
|
||||
tombpasstmp=$tombpass
|
||||
tombpass=`ask_password "Type the new password to secure your key (again)"`
|
||||
if [[ $? != 0 ]]; then
|
||||
_failure "User aborted."
|
||||
fi
|
||||
if [ "$tombpasstmp" = "$tombpass" ]; then
|
||||
break;
|
||||
fi
|
||||
unset tombpasstmp
|
||||
unset tombpass
|
||||
done
|
||||
else
|
||||
tombpass="$1"
|
||||
_verbose "gen_key takes tombpass from CLI argument: ::1 tomb pass::" $tombpass
|
||||
fi
|
||||
|
||||
header=""
|
||||
[[ $KDF == 1 ]] && {
|
||||
{ option_is_set --kdf } && {
|
||||
# KDF is a new key strenghtening technique against brute forcing
|
||||
# see: https://github.com/dyne/Tomb/issues/82
|
||||
itertime="`option_value --kdf`"
|
||||
# removing support of floating points because they can't be type checked well
|
||||
if [[ "$itertime" != <-> ]]; then
|
||||
unset tombpass
|
||||
{ ! option_is_set -r } && {
|
||||
if [ "$1" = "" ]; then
|
||||
while true; do
|
||||
# 3 tries to write two times a matching password
|
||||
tombpass=`ask_password "Type the new password to secure your key"`
|
||||
if [[ $? != 0 ]]; then
|
||||
_failure "User aborted."
|
||||
fi
|
||||
if [ -z $tombpass ]; then
|
||||
_failure "You set empty password, which is not possible."
|
||||
fi
|
||||
tombpasstmp=$tombpass
|
||||
tombpass=`ask_password "Type the new password to secure your key (again)"`
|
||||
if [[ $? != 0 ]]; then
|
||||
_failure "User aborted."
|
||||
fi
|
||||
if [ "$tombpasstmp" = "$tombpass" ]; then
|
||||
break;
|
||||
fi
|
||||
unset tombpasstmp
|
||||
_warning "Wrong argument for --kdf: must be an integer number (iteration seconds)."
|
||||
_failure "Depending on the speed of machines using this tomb, use 1 to 10, or more"
|
||||
return 1
|
||||
fi
|
||||
# --kdf takes one parameter: iter time (on present machine) in seconds
|
||||
local -i microseconds
|
||||
microseconds=$(( itertime * 1000000 ))
|
||||
_success "Using KDF, iteration time: ::1 microseconds::" $microseconds
|
||||
_message "generating salt"
|
||||
pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
|
||||
_message "calculating iterations"
|
||||
pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
|
||||
_message "encoding the password"
|
||||
# We use a length of 64bytes = 512bits (more than needed!?)
|
||||
tombpass=`tomb-kdb-pbkdf2 $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
||||
unset tombpass
|
||||
done
|
||||
else
|
||||
tombpass="$1"
|
||||
_verbose "gen_key takes tombpass from CLI argument: ::1 tomb pass::" $tombpass
|
||||
fi
|
||||
|
||||
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
||||
header=""
|
||||
[[ $KDF == 1 ]] && {
|
||||
{ option_is_set --kdf } && {
|
||||
# KDF is a new key strenghtening technique against brute forcing
|
||||
# see: https://github.com/dyne/Tomb/issues/82
|
||||
itertime="`option_value --kdf`"
|
||||
# removing support of floating points because they can't be type checked well
|
||||
if [[ "$itertime" != <-> ]]; then
|
||||
unset tombpass
|
||||
unset tombpasstmp
|
||||
_warning "Wrong argument for --kdf: must be an integer number (iteration seconds)."
|
||||
_failure "Depending on the speed of machines using this tomb, use 1 to 10, or more"
|
||||
return 1
|
||||
fi
|
||||
# --kdf takes one parameter: iter time (on present machine) in seconds
|
||||
local -i microseconds
|
||||
microseconds=$(( itertime * 1000000 ))
|
||||
_success "Using KDF, iteration time: ::1 microseconds::" $microseconds
|
||||
_message "generating salt"
|
||||
pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
|
||||
_message "calculating iterations"
|
||||
pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
|
||||
_message "encoding the password"
|
||||
# We use a length of 64bytes = 512bits (more than needed!?)
|
||||
tombpass=`tomb-kdb-pbkdf2 $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
||||
|
||||
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
||||
}
|
||||
}
|
||||
print $header
|
||||
}
|
||||
|
||||
|
||||
print $header
|
||||
|
||||
_tmp_create
|
||||
local tmpres=$TOMBTMP
|
||||
|
||||
print -n - "${tombpass}\n$TOMBSECRET" \
|
||||
| gpg --openpgp --force-mdc --cipher-algo ${algo} --batch \
|
||||
--no-options --no-tty --passphrase-fd 0 \
|
||||
--status-fd 2 -o - -c -a 2> $tmpres
|
||||
if option_is_set -r; then
|
||||
print -n - "${tombpass}\n$TOMBSECRET" \
|
||||
| gpg --openpgp --force-mdc --cipher-algo ${algo} --batch \
|
||||
--no-options --no-tty --recipient `option_value -r` \
|
||||
--status-fd 2 -o - --encrypt --armor 2> $tmpres
|
||||
else
|
||||
print -n - "${tombpass}\n$TOMBSECRET" \
|
||||
| gpg --openpgp --force-mdc --cipher-algo ${algo} --batch \
|
||||
--no-options --no-tty --passphrase-fd 0 \
|
||||
--status-fd 2 -o - --symmetric --armor 2> $tmpres
|
||||
fi
|
||||
# check result of gpg operation
|
||||
for i in ${(f)"$(cat $tmpres)"}; do
|
||||
_verbose "$i"
|
||||
|
Loading…
Reference in New Issue
Block a user