this change uses an hidden global variable within tomb to store the
decrypted key material, avoiding using one tempfile in RAM, avoiding
running the decryption more than once (which means sanity for KDF
usage) and overall simplifying the code also avoiding duplicates.
The tomb mount is now readable by the opening uid only (711 r-x--x--x);
directory access is preserved to allow sharing access to certain subdirs.
Review and fix contributed by Morten Langlo
refactoring of the code using ask_key_password for better support
of dev-mode password supplied from CLI. This also fixes all uses of
passwd command to change a key's password.
ultimately removing the case in which we guess if the key is near
the tomb: that is not anymore in documentation and we stop encouraging
to keep the key near the tomb.
a grave bug has been affecting 1.3 and 1.3.1 releases, which makes keys
created with those versions incompatible with other Tomb versions.
This bug is now fixed and Tomb should be able again to open old tombs.
A script to sanitize keys will be released soon.
Backup simply encodes a QRCode that can be print on paper and
hidden in books or so, to keep phisical backups of keys.
The QR can be simply scanned with any smartphone, saved into a file
and reused as a key.
With the advent of a proper test suite many bugs were found and
squashed both in the way KDF and steghide were used.
Key validation func is_valid_key() now attempts recovery for keys
that have broken headers or are naked text (back-compat to old exhume).
KDF and steg now work correctly.
GnuPG 1 changes behaviour across 1.4.11 and 12 minor versions
when it comes to --status-fd and messaging on stderr/stdout.
This is a fix to make sure that gpg output is parsed correctly
last minute bug slipped in: it doesn't recognizes correct passwords
in some strange situations where gnupg doesn't returns correctly
(for instance when a .gnupg dir is not found in home)
This commit doesn't changes anything substantial in the code,
but reorganizes it in foldable units (we use folding.el) and
fixes its markup for literate code documentation using our own
fork of shocco.
now keys are verified in load_key() honoring commanline args
ask_key_password() will challenge user verifying using gnupg
drop_key() should be called after key has been used
this commit removes quite som duplicate code in password handling.
This commit re-organizes all the source distribution contents to
present users with the simple script, while moving the rest in extras.
Also autoconf/automake scripts were removed, back to minimalism.
The rationale of this change is that Tomb really only consists of a
script and users with no extra needs should just be presented with
it with no need for anything else. Any other thing on top of the Tomb
script is an extra and can be even distributed separately or integrated
in distributions.