From aba0fa519110a7613b147091fb84368b84d66f84 Mon Sep 17 00:00:00 2001 From: Jaromil Date: Sun, 23 Nov 2014 16:58:43 +0100 Subject: [PATCH] Avoid using a tempfile on every key decryption A tempfile was often used by Tomb in order to parse the stderr output of gpg and detect if the password is correct or not. The tempfile was not holding any secret information (see #162) yet this is an improvement for Tomb's deniability since there is now much less going on in the temp firectory. --- tomb | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tomb b/tomb index 294a19b..0ad259d 100755 --- a/tomb +++ b/tomb @@ -848,6 +848,7 @@ gpg_decrypt() { # fix for gpg 1.4.11 where the --status-* options don't work ;^/ local gpgver=$(gpg --version --no-permission-warning | awk '/^gpg/ {print $3}') local gpgpass="$1\n$TOMBKEY" + local gpgstatus [[ $gpgver == "1.4.11" ]] && { _verbose "GnuPG is version 1.4.11 - adopting status fix." @@ -860,19 +861,16 @@ gpg_decrypt() { } || { # using status-file in gpg != 1.4.11 # TODO: use mkfifo - _tmp_create - statusfile=$TOMBTMP - TOMBSECRET=`print - "$gpgpass" | \ gpg --batch --passphrase-fd 0 --no-tty --no-options \ --status-fd 2 --no-mdc-warning --no-permission-warning \ - --no-secmem-warning 2> $statusfile` + --no-secmem-warning` 2>&1 | read -r -d'\n' gpgstatus unset gpgpass ret=1 - [[ "${mapfile[$statusfile]}" =~ "DECRYPTION_OKAY" ]] && { ret=0 } + [[ "${gpgstatus}" =~ "DECRYPTION_OKAY" ]] && { ret=0 } } @@ -1372,7 +1370,7 @@ forge_key() { # Do not overwrite any files accidentally [[ -r "$destkey" ]] && { _warning "Forging this key would overwrite an existing file. Operation aborted." - ls -lh $destkey + ls -lh $destkey } # Update algorithm if it was passed on the command line with -o { option_is_set -o } && { algopt="$(option_value -o)" }