From c8ede9797a9b5c37d22f0d55232caf62738123d8 Mon Sep 17 00:00:00 2001
From: drduh <github@duh.to>
Date: Tue, 26 Mar 2024 16:56:11 -0700
Subject: [PATCH] Encrypted index config option

---
 README.md | 5 +++--
 purse.sh  | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 147eeb5..0f9cb3f 100644
--- a/README.md
+++ b/README.md
@@ -72,8 +72,9 @@ Variable | Description | Default | Values
 `PURSE_LEN` | default generated password length | `14` | any valid integer
 `PURSE_COPY` | copy password to clipboard before write | unset (disabled) | `1` or `true` to enable
 `PURSE_DAILY` | create daily backup archive on write | unset (disabled) | `1` or `true` to enable
-`PURSE_CHARS` | character set for passwords | `[:alnum:]!?@#$%^&*();:+=` | any valid characters
+`PURSE_ENCIX` | also encrypte index for additional privacy ; 2 YubiKey touches will be required for separate decryption operations | unset (disabled) | `1` or `true` to enable
 `PURSE_COMMENT` | **unencrypted** comment to include in index and safe files | unset | any valid string
+`PURSE_CHARS` | character set for passwords | `[:alnum:]!?@#$%^&*();:+=` | any valid characters
 `PURSE_DEST` | password output destination, will set to `screen` without clipboard | `clipboard` | `clipboard` or `screen`
 `PURSE_ECHO` | character used to echo password input | `*` | any valid character
 `PURSE_SAFE` | safe directory name | `safe` | any valid string
@@ -82,6 +83,6 @@ Variable | Description | Default | Values
 
 **Note** For additional privacy, the recipient key ID is **not** included in metadata (GnuPG `throw-keyids` option).
 
-The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script, however 2 YubiKey touches will be required (for 2 separate decryption operations).
+
 
 See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GnuPG options.
diff --git a/purse.sh b/purse.sh
index a55b15a..205c47e 100755
--- a/purse.sh
+++ b/purse.sh
@@ -17,6 +17,7 @@ clip_dest="${PURSE_DEST:=clipboard}"   # set to 'screen' to print to stdout
 clip_timeout="${PURSE_TIME:=10}"       # seconds to clear clipboard/screen
 comment="${PURSE_COMMENT:=}"           # *unencrypted* comment in files
 daily_backup="${PURSE_DAILY:=}"        # daily backup archive on write
+encrypt_index="${PURSE_ENCIX:=}"       # also keep index encrypted
 pass_copy="${PURSE_COPY:=}"            # copy password before write
 pass_echo="${PURSE_ECHO:=*}"           # show "*" when typing passwords
 pass_len="${PURSE_LEN:=14}"            # default password length
@@ -290,7 +291,6 @@ fi
 username=""
 password=""
 action=""
-encrypt_index=""
 
 if [[ -n "${1+x}" ]] ; then action="${1}" ; fi