summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexandre Pujol <alexandre@pujol.io>2017-02-09 20:59:10 (GMT)
committer Alexandre Pujol <alexandre@pujol.io>2017-02-09 20:59:10 (GMT)
commit4a7019715f119d0a1ec2c79e13c548b9244988d7 (patch)
treed4e1602f0c8e7d101383c99958c2ece7e9c11b4a
parentc63fcf2730507ad38f0fcb557cace64099310c17 (diff)
Use --hidden-recipient by default instead of --recipient.
Due to the hidden-recipient, GPG will try all the available keys. User can speed up this process providing the recipent using the -r option. Therefore, 'tomb open' optionaly support the -r option.
-rwxr-xr-x[-rw-r--r--]tomb19
1 files changed, 15 insertions, 4 deletions
diff --git a/tomb b/tomb
index ac920be..8f171d5 100644..100755
--- a/tomb
+++ b/tomb
@@ -858,11 +858,12 @@ is_valid_recipients() {
# $@ is the list of all the recipient used to encrypt a tomb key
# Print the recipient arg to be used in gpg.
_recipients_arg() {
+ local arg="$1"; shift
typeset -a recipients
recipients=($@)
for gpg_id in ${recipients[@]}; do
- print -R -n "--recipient $gpg_id "
+ print -R -n "$arg $gpg_id "
done
return 0
}
@@ -996,6 +997,16 @@ gpg_decrypt() {
{ option_is_set -g } && {
gpgpass="$TOMBKEY"
gpgpopt=()
+
+ # GPG option '--try-secret-key' exist since GPG 2.1
+ { option_is_set -r } && [[ $gpgver =~ "2.1." ]] && {
+ typeset -a recipients
+ recipients=(${(s:,:)$(option_value -r)})
+ { ! is_valid_recipients $recipients } && {
+ _failure "You set an invalid GPG ID."
+ }
+ gpgpopt=(`_recipients_arg "--try-secret-key" $recipients`)
+ }
}
[[ $gpgver == "1.4.11" ]] && {
@@ -1209,7 +1220,7 @@ change_passwd() {
# takes care to encrypt a key
-# honored options: --kdf --tomb-pwd -o -r -R
+# honored options: --kdf --tomb-pwd -o -g -r
gen_key() {
# $1 the password to use; if not set ask user
# -o is the --cipher-algo to use (string taken by GnuPG)
@@ -1247,7 +1258,7 @@ gen_key() {
# Set gpg inputs and options
gpgpass="$TOMBSECRET"
- gpgopt=(--encrypt `_recipients_arg $recipients`)
+ gpgopt=(--encrypt `_recipients_arg "--hidden-recipient" $recipients`)
opt=''
} || {
if [ "$1" = "" ]; then
@@ -2736,7 +2747,7 @@ main() {
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g)
subcommands_opts[__default]=""
# -o in open and mount is used to pass alternate mount options
- subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: "
+ subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: "
subcommands_opts[mount]=${subcommands_opts[open]}
subcommands_opts[create]="" # deprecated, will issue warning