tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE
commit ba9c0481cca9f4db9baee0fe45473f6b3a1a1c71
parent 69f52bee25fcb280c53036169ca71fae3ebf7d95
Author: Jaromil <jaromil@dyne.org>
Date:   Mon, 20 Mar 2017 21:03:03 +0100

Merge pull request #250 from roddhjav/gpg-support

Options for GnuPG Key
Diffstat:

Mextras/test/runtests | 38+++++++++++++++++++++++++++++++++++++-


Mtomb | 87+++++++++++++++++++++++++++++++++++++++++++++----------------------------------


2 files changed, 87 insertions(+), 38 deletions(-)

diff --git a/extras/test/runtests b/extras/test/runtests
@@ -59,7 +59,7 @@ typeset -A results
 
 tests=(dig forge lock badpass open close passwd chksum bind setkey recip-dig 
 		recip-forge recip-lock recip-open recip-close recip-passwd recip-resize 
-		recip-setkey shared shared-passwd shared-setkey)
+		recip-setkey recip-default recip-hidden shared shared-passwd shared-setkey)
 
 { test $RESIZER = 1 } && { tests+=(resize) }
 { test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
@@ -193,6 +193,40 @@ test-tomb-recip() {
     tt close recip
 }
 
+test-tomb-recip-default() {
+
+	notice "wiping all default.tomb* in /tmp"
+	rm -f /tmp/default.tomb /tmp/default.tomb.key
+	
+	notice "Testing tomb with the default recipient"
+	res=0
+    tt dig -s 20 /tmp/default.tomb
+    { test $? = 0 } || { res=1 }
+    tt forge /tmp/default.tomb.key -g --ignore-swap --unsafe --use-urandom
+    { test $? = 0 } || { res=1 }
+	tt lock /tmp/default.tomb -k /tmp/default.tomb.key \
+        --ignore-swap --unsafe -g
+    { test $? = 0 } || { res=1 }
+    { test $res = 0 } && { results+=(recip-default SUCCESS) }
+}
+
+test-tomb-recip-hidden() {
+
+	notice "wiping all hidden.tomb* in /tmp"
+	rm -f /tmp/hidden.tomb /tmp/hidden.tomb.key
+	
+	notice "Testing tomb with hidden recipient"
+	res=0
+    tt dig -s 20 /tmp/hidden.tomb
+    { test $? = 0 } || { res=1 }
+    tt forge /tmp/hidden.tomb.key -g -R $gpgid_1 --ignore-swap --unsafe --use-urandom
+    { test $? = 0 } || { res=1 }
+	tt lock /tmp/hidden.tomb -k /tmp/hidden.tomb.key \
+        --ignore-swap --unsafe -g -R $gpgid_1
+    { test $? = 0 } || { res=1 }
+    { test $res = 0 } && { results+=(recip-hidden SUCCESS) }
+}
+
 test-tomb-shared() {
 
 	notice "wiping all shared.tomb* in /tmp"
@@ -364,6 +398,8 @@ startloops=(`sudo losetup -a |cut -d: -f1`)
 # isolated function (also called with source)
 test-tomb-create
 test-tomb-recip
+test-tomb-recip-default
+test-tomb-recip-hidden
 test-tomb-shared
 
 notice "Testing open with wrong password"
diff --git a/tomb b/tomb
@@ -654,6 +654,7 @@ usage() {
     _print " -f     force operation (i.e. even if swap is active)"
     _print " -g     use a GnuPG key to encrypt a tomb key"
     _print " -r     provide GnuPG recipients (separated by coma)"
+    _print " -R     provide GnuPG hidden recipients (separated by coma)"
     _print " --shared active sharing feature"
     [[ $KDF == 1 ]] && {
         _print " --kdf  forge keys armored against dictionary attacks"
@@ -995,27 +996,27 @@ gpg_decrypt() {
     local gpgpass="$1\n$TOMBKEY"
     local tmpres ret
     typeset -a gpgopt
-    gpgpopt=(--passphrase-fd 0)
+    gpgpopt=(--batch --no-tty --passphrase-fd 0)
 
     { option_is_set -g } && {
         gpgpass="$TOMBKEY"
-        gpgpopt=()
+        gpgpopt=(--yes)
         
         # GPG option '--try-secret-key' exist since GPG 2.1
-        { option_is_set -r } && [[ $gpgver =~ "2.1." ]] && {
+        { option_is_set -R } && [[ $gpgver =~ "2.1." ]] && {
             typeset -a recipients
-            recipients=(${(s:,:)$(option_value -r)})
-            { ! is_valid_recipients $recipients } && {
+            recipients=(${(s:,:)$(option_value -R)})
+            { is_valid_recipients $recipients } || {
                  _failure "You set an invalid GPG ID."
             }
-            gpgpopt=(`_recipients_arg "--try-secret-key" $recipients`)
+            gpgpopt+=(`_recipients_arg "--try-secret-key" $recipients`)
         }
     }
     
     [[ $gpgver == "1.4.11" ]] && {
         _verbose "GnuPG is version 1.4.11 - adopting status fix."
         TOMBSECRET=`print - "$gpgpass" | \
-            gpg --batch ${gpgpopt[@]} --no-tty --no-options`
+            gpg --decrypt ${gpgpopt[@]} --no-options`
         ret=$?
         unset gpgpass
         return $ret
@@ -1024,7 +1025,7 @@ gpg_decrypt() {
     _tmp_create
     tmpres=$TOMBTMP
     TOMBSECRET=`print - "$gpgpass" | \
-        gpg --batch ${gpgpopt[@]} --no-tty --no-options \
+        gpg --decrypt ${gpgpopt[@]} --no-options  \
             --status-fd 2 --no-mdc-warning --no-permission-warning \
             --no-secmem-warning 2> $tmpres`
     unset gpgpass
@@ -1230,38 +1231,50 @@ gen_key() {
     local algopt="`option_value -o`"
     local algo="${algopt:-AES256}"
     local gpgpass opt
+    local recipients_opt
     typeset -a gpgopt
     # here user is prompted for key password
     tombpass=""
     tombpasstmp=""
 
     { option_is_set -g } && {
-        { option_is_set -r } || {
-            _failure "A GPG recipient needs to be specified using -r."
-        }
+        gpgopt=(--encrypt)
 
-        typeset -a recipients
-        recipients=(${(s:,:)$(option_value -r)})
-        [ "${#recipients}" -gt 1 ] && {
-            if option_is_set --shared; then
-                _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
-                _warning "It is your responsibility to check the fingerprint of these recipients."
-                _warning "The fingerprints are:"
-                for gpg_id in ${recipients[@]}; do
-                    _warning "    `_fingerprint "$gpg_id"`"
-                done
-            else
-                _failure "You need to use the option '--shared' to enable sharing support"
-            fi
-        }
-        
-        { is_valid_recipients $recipients } || {
-            _failure "You set an invalid GPG ID."
+        { option_is_set -r || option_is_set -R } && {
+            typeset -a recipients
+            { option_is_set -r } && {
+                recipients=(${(s:,:)$(option_value -r)})
+                recipients_opt="--recipient"
+            } || {
+                recipients=(${(s:,:)$(option_value -R)})
+                recipients_opt="--hidden-recipient"
+            }
+                
+            [ "${#recipients}" -gt 1 ] && {
+                if option_is_set --shared; then
+                    _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
+                    _warning "It is your responsibility to check the fingerprint of these recipients."
+                    _warning "The fingerprints are:"
+                    for gpg_id in ${recipients[@]}; do
+                        _warning "    `_fingerprint "$gpg_id"`"
+                    done
+                else
+                    _failure "You need to use the option '--shared' to enable sharing support"
+                fi
+            }
+            
+            { is_valid_recipients $recipients } || {
+                _failure "You set an invalid GPG ID."
+            }
+            
+            gpgopt+=(`_recipients_arg "$recipients_opt" $recipients`)
+        } || {
+            _message "No recipient specified, using default GPG key."
+            gpgopt+=("--default-recipient-self")
         }
         
         # Set gpg inputs and options
         gpgpass="$TOMBSECRET"
-        gpgopt=(--encrypt `_recipients_arg "--hidden-recipient" $recipients`)
         opt=''
     } || {
         if [ "$1" = "" ]; then
@@ -2750,19 +2763,19 @@ main() {
     main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g)
     subcommands_opts[__default]=""
     # -o in open and mount is used to pass alternate mount options
-    subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: "
+    subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: R: "
     subcommands_opts[mount]=${subcommands_opts[open]}
 
     subcommands_opts[create]="" # deprecated, will issue warning
 
     # -o in forge and lock is used to pass an alternate cipher.
-    subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: -shared "
+    subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: R: -shared "
     subcommands_opts[dig]="-ignore-swap s: -size=s "
-    subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: "
-    subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
+    subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: R: "
+    subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
     subcommands_opts[engrave]="k: "
 
-    subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
+    subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
     subcommands_opts[close]=""
     subcommands_opts[help]=""
     subcommands_opts[slam]=""
@@ -2772,14 +2785,14 @@ main() {
     subcommands_opts[search]=""
 
     subcommands_opts[help]=""
-    subcommands_opts[bury]="k: -tomb-pwd: r: "
-    subcommands_opts[exhume]="k: -tomb-pwd: r: "
+    subcommands_opts[bury]="k: -tomb-pwd: r: R: "
+    subcommands_opts[exhume]="k: -tomb-pwd: r: R: "
     # subcommands_opts[decompose]=""
     # subcommands_opts[recompose]=""
     # subcommands_opts[install]=""
     subcommands_opts[askpass]=""
     subcommands_opts[source]=""
-    subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: r: "
+    subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: r: R: "
     subcommands_opts[check]="-ignore-swap "
     #    subcommands_opts[translate]=""