commit aba0fa519110a7613b147091fb84368b84d66f84
parent 2c4fb4852ed46f9dade43fb2339f86a2da32675d
Author: Jaromil <jaromil@dyne.org>
Date: Sun, 23 Nov 2014 16:58:43 +0100
Avoid using a tempfile on every key decryption
A tempfile was often used by Tomb in order to parse the stderr output of
gpg and detect if the password is correct or not. The tempfile was not
holding any secret information (see #162) yet this is an improvement for
Tomb's deniability since there is now much less going on in the temp
firectory.
Diffstat:
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/tomb b/tomb
@@ -848,6 +848,7 @@ gpg_decrypt() {
# fix for gpg 1.4.11 where the --status-* options don't work ;^/
local gpgver=$(gpg --version --no-permission-warning | awk '/^gpg/ {print $3}')
local gpgpass="$1\n$TOMBKEY"
+ local gpgstatus
[[ $gpgver == "1.4.11" ]] && {
_verbose "GnuPG is version 1.4.11 - adopting status fix."
@@ -860,19 +861,16 @@ gpg_decrypt() {
} || { # using status-file in gpg != 1.4.11
# TODO: use mkfifo
- _tmp_create
- statusfile=$TOMBTMP
-
TOMBSECRET=`print - "$gpgpass" | \
gpg --batch --passphrase-fd 0 --no-tty --no-options \
--status-fd 2 --no-mdc-warning --no-permission-warning \
- --no-secmem-warning 2> $statusfile`
+ --no-secmem-warning` 2>&1 | read -r -d'\n' gpgstatus
unset gpgpass
ret=1
- [[ "${mapfile[$statusfile]}" =~ "DECRYPTION_OKAY" ]] && { ret=0 }
+ [[ "${gpgstatus}" =~ "DECRYPTION_OKAY" ]] && { ret=0 }
}
@@ -1372,7 +1370,7 @@ forge_key() {
# Do not overwrite any files accidentally
[[ -r "$destkey" ]] && {
_warning "Forging this key would overwrite an existing file. Operation aborted."
- ls -lh $destkey
+ ls -lh $destkey }
# Update algorithm if it was passed on the command line with -o
{ option_is_set -o } && { algopt="$(option_value -o)" }