summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexandre Pujol <alexandre@pujol.io>2017-02-09 18:57:34 (GMT)
committer Alexandre Pujol <alexandre@pujol.io>2017-02-09 18:57:34 (GMT)
commit528140738a26991b55186c856cea22cf580df38a (patch)
tree5e7bd24c72abea85504c3ee63c02447b6fe3470e
parentbfe5bb97073dc6f4f0d7f10235c2082808714ccc (diff)
Add -g/--gpgkey option to tell tomb to use GPG key to encrypt a tomb key
Option -r is now only used to provide the recipient Option -R removed, the new recipient can be given by the -r option.
-rwxr-xr-xextras/test/runtests37
-rw-r--r--[-rwxr-xr-x]tomb56
2 files changed, 43 insertions, 50 deletions
diff --git a/extras/test/runtests b/extras/test/runtests
index c25ec23..4847f45 100755
--- a/extras/test/runtests
+++ b/extras/test/runtests
@@ -122,15 +122,15 @@ test-tomb-recip() {
{ test $? = 0 } && { results+=(recip-dig SUCCESS) }
notice "Testing tomb with recipient creation: forge"
- tt forge $tomb_key -r $gpgid_1 --ignore-swap --unsafe --use-urandom
+ tt forge $tomb_key -g -r $gpgid_1 --ignore-swap --unsafe --use-urandom
{ test $? = 0 } && { results+=(recip-forge SUCCESS) }
notice "Testing tomb with recipient creation: lock"
- tt lock $tomb -k $tomb_key -r $gpgid_1 --ignore-swap --unsafe
+ tt lock $tomb -k $tomb_key -g -r $gpgid_1 --ignore-swap --unsafe
{ test $? = 0 } && { results+=(recip-lock SUCCESS) }
notice "Testing tomb with recipient opening: open"
- tt open $tomb -k $tomb_key -r $gpgid_1
+ tt open $tomb -k $tomb_key -g
{ test $? = 0 } && { results+=(recip-open SUCCESS) }
notice "Testing tomb with recipient closing: close"
@@ -144,7 +144,7 @@ test-tomb-recip() {
sudo rm -f /tmp/recip.steg.key
tt --unsafe --tomb-pwd ${dummypass} bury -k /tmp/recip.tomb.key \
- /tmp/recip.jpg -r "$gpgid_1"
+ /tmp/recip.jpg -g -r "$gpgid_1"
{ test $? = 0 } && { results+=(recip-stgin SUCCESS) }
tt --unsafe --tomb-pwd ${dummypass} exhume -k /tmp/recip.steg.key \
@@ -152,40 +152,40 @@ test-tomb-recip() {
{ test $? = 0 } && { results+=(recip-stgout SUCCESS) }
tt --unsafe --tomb-pwd ${dummypass} open -k /tmp/recip.steg.key \
- /tmp/recip.tomb -r "$gpgid_1"
+ /tmp/recip.tomb -g
{ test $? = 0 } && { results+=(recip-stgopen SUCCESS) }
${T} close recip
notice "test using open -k image.jpeg"
tt --unsafe --tomb-pwd ${dummypass} open -k /tmp/recip.jpg \
- /tmp/recip.tomb -r "$gpgid_1"
+ /tmp/recip.tomb -g
{ test $? = 0 } && { results+=(recip-stgimpl SUCCESS) }
tt close recip
}
notice "Testing tomb with recipient changing gpg key: passwd"
res=0
- tt passwd -k $tomb_key -r $gpgid_1 -R $gpgid_2
+ tt passwd -k $tomb_key -g -r $gpgid_2
{ test $? = 0 } || { res=1 }
- tt open $tomb -k $tomb_key -r $gpgid_2
+ tt open $tomb -k $tomb_key -g
{ test $? = 0 } || { res=1 }
tt close recip
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(recip-passwd SUCCESS) }
notice "Testing tomb with recipient resizing a tomb: resize"
- tt resize -s 30 $tomb -k $tomb_key -r $gpgid_2
+ tt resize -s 30 $tomb -k $tomb_key -g -r $gpgid_2
{ test $? = 0 } && { results+=(recip-resize SUCCESS) }
notice "Testing tomb with recipient setting a new key: setkey"
sudo rm -f /tmp/new.recip.tomb.key
res=0
- tt forge /tmp/new.recip.tomb.key -r $gpgid_2 \
+ tt forge /tmp/new.recip.tomb.key -g -r $gpgid_2 \
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
- tt setkey -k /tmp/new.recip.tomb.key $tomb_key $tomb -r $gpgid_2
+ tt setkey -k /tmp/new.recip.tomb.key $tomb_key $tomb -g -r $gpgid_2
{ test $? = 0 } || { res=1 }
- tt open -k /tmp/new.recip.tomb.key $tomb -r $gpgid_2
+ tt open -k /tmp/new.recip.tomb.key $tomb -g
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(recip-setkey SUCCESS) }
tt close recip
@@ -200,31 +200,30 @@ test-tomb-shared() {
res=0
tt dig -s 20 /tmp/shared.tomb
{ test $? = 0 } || { res=1 }
- tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 --shared \
+ tt forge /tmp/shared.tomb.key -g -r $gpgid_1,$gpgid_2 --shared \
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \
- --ignore-swap --unsafe -r $gpgid_1
+ --ignore-swap --unsafe -g -r $gpgid_1
{ test $? = 0 } || { res=1 }
- tt open /tmp/shared.tomb -k /tmp/shared.tomb.key -r $gpgid_1
+ tt open /tmp/shared.tomb -k /tmp/shared.tomb.key -g
{ test $? = 0 } || { res=1 }
tt close shared
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(shared SUCCESS) }
notice "Testing changing recipients on a shared Tomb"
- tt passwd -k /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
- -R $gpgid_2,$gpgid_1 --shared
+ tt passwd -k /tmp/shared.tomb.key -g -r $gpgid_2,$gpgid_1 --shared
{ test $? = 0 } && { results+=(shared-passwd SUCCESS) }
notice "Testing setkey on a shared Tomb"
rm -f /tmp/new.shared.tomb.key
res=0
- tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 --shared\
+ tt forge /tmp/new.shared.tomb.key -g -r $gpgid_1,$gpgid_2 --shared\
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \
- -r $gpgid_2,$gpgid_1 --shared
+ -g -r $gpgid_2,$gpgid_1 --shared
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(shared-setkey SUCCESS) }
}
diff --git a/tomb b/tomb
index 1732ab1..bb7b111 100755..100644
--- a/tomb
+++ b/tomb
@@ -651,8 +651,8 @@ usage() {
_print " -n don't process the hooks found in tomb"
_print " -o options passed to commands: open, lock, forge (see man)"
_print " -f force operation (i.e. even if swap is active)"
- _print " -r GnuPG users IDs to encrypt a tomb key (separated by ,)"
- _print " -R new recipients to use (separated by ,)"
+ _print " -g use a GnuPG key to encrypt a tomb key"
+ _print " -r provide GnuPG recipients (separated by coma)"
_print " --shared active sharing feature"
[[ $KDF == 1 ]] && {
_print " --kdf forge keys armored against dictionary attacks"
@@ -939,7 +939,7 @@ _load_key() {
[[ -z $keyfile ]] && {
_failure "This operation requires a key file to be specified using the -k option." }
- if option_is_set -r; then
+ if option_is_set -g; then
_verbose "load_key key encrypted with a GnuPG Key"
_message "Key encrypted with a GnuPG Key"
TOMBKEYFILE=$keyfile
@@ -993,12 +993,7 @@ gpg_decrypt() {
typeset -a gpgopt
gpgpopt=(--passphrase-fd 0)
- { option_is_set -r } && {
- typeset -a recipients
- recipients=(${(s:,:)$(option_value -r)})
- { ! is_valid_recipients $recipients } && { ! option_is_set -f } && {
- _failure "You set an invalid GPG ID."
- }
+ { option_is_set -g } && {
gpgpass="$TOMBKEY"
gpgpopt=()
}
@@ -1064,7 +1059,7 @@ get_lukskey() {
# key needs to be exhumed from an image
elif [[ -r $TOMBKEYFILE && $(file $TOMBKEYFILE) =~ "JP.G" ]]; then
- if option_is_set -r; then
+ if option_is_set -g; then
# When using a GPG key, the tomb key is buried using a steganography password
if option_is_set --tomb-pwd; then
_password="`option_value --tomb-pwd`"
@@ -1102,7 +1097,7 @@ ask_key_password() {
_verbose "no password needed, using secret bytes from stdin"
return 0 }
- if option_is_set -r; then
+ if option_is_set -g; then
_verbose "no password needed, using GPG key"
get_lukskey
return $?
@@ -1164,7 +1159,7 @@ change_passwd() {
_check_swap # Ensure swap is secure, if any
_load_key # Try loading key from option -k and set TOMBKEYFILE
- { option_is_set -r } && {
+ { option_is_set -g } && {
_message "Commanded to change GnuPG key for tomb key ::1 key::" $TOMBKEYFILE
} || {
_message "Commanded to change password for tomb key ::1 key::" $TOMBKEYFILE
@@ -1182,7 +1177,7 @@ change_passwd() {
fi
[[ $? == 0 ]] || _failure "No valid password supplied."
- { option_is_set -r } && {
+ { option_is_set -g } && {
_success "Changing GnuPG key for ::1 key file::" $TOMBKEYFILE
} || {
_success "Changing password for ::1 key file::" $TOMBKEYFILE
@@ -1203,7 +1198,7 @@ change_passwd() {
# Copy the new key as the original keyfile name
cp -f "${tmpnewkey}" $TOMBKEYFILE
- { option_is_set -r } && {
+ { option_is_set -g } && {
_success "Your GnuPG key was successfully changed"
} || {
_success "Your passphrase was successfully updated."
@@ -1226,14 +1221,13 @@ gen_key() {
tombpass=""
tombpasstmp=""
- { option_is_set -r } && {
- typeset -a recipients
- { option_is_set -R } && {
- recipients=(${(s:,:)$(option_value -R)})
- } || {
- recipients=(${(s:,:)$(option_value -r)})
+ { option_is_set -g } && {
+ { option_is_set -r } || {
+ _failure "A GPG recipient needs to be specified using -r."
}
-
+
+ typeset -a recipients
+ recipients=(${(s:,:)$(option_value -r)})
[ "${#recipients}" -gt 1 ] && {
if option_is_set --shared; then
_warning "You are going to encrypt a tomb key with ${#recipients} recipients."
@@ -1370,7 +1364,7 @@ bury_key() {
}
_success "Encoding key ::1 tomb key:: inside image ::2 image file::" $TOMBKEY $imagefile
- { option_is_set -r } && {
+ { option_is_set -g } && {
_message "Using GnuPG Key ID"
} || {
_message "Please confirm the key password for the encoding"
@@ -1386,7 +1380,7 @@ bury_key() {
# if using a GPG key, we test if the user can decrypt the tomb
# with its key and we ask for a steganography password.
- { option_is_set --tomb-pwd } && { ! option_is_set -r } && {
+ { option_is_set --tomb-pwd } && { ! option_is_set -g } && {
local tombpwd="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $tombpwd
ask_key_password "$tombpwd"
@@ -1397,10 +1391,10 @@ bury_key() {
_warning "Wrong password/GnuPG ID supplied."
_failure "You shall not bury a key whose password is unknown to you." }
- if option_is_set -r && option_is_set --tomb-pwd; then
+ if option_is_set -g && option_is_set --tomb-pwd; then
TOMBPASSWORD="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $TOMBPASSWORD
- elif option_is_set -r; then
+ elif option_is_set -g; then
tombpass=""
tombpasstmp=""
while true; do
@@ -1663,7 +1657,7 @@ forge_key() {
_message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \
$destkey $algo
- [[ $KDF == 1 ]] && { ! option_is_set -r } && {
+ [[ $KDF == 1 ]] && { ! option_is_set -g } && {
_message "Using KDF to protect the key password (`option_value --kdf` rounds)"
}
@@ -1686,7 +1680,7 @@ forge_key() {
# Here the global variable TOMBSECRET contains the naked secret
- { option_is_set -r } && {
+ { option_is_set -g } && {
{ option_is_set --shared } && {
_success "Using GnuPG keys to encrypt and share your key: ::1 tomb key::" $TOMBKEYFILE
} || {
@@ -1970,7 +1964,7 @@ mount_tomb() {
# take the name only, strip extensions
_verbose "Tomb name: ::1 tomb name:: (to be engraved)" $TOMBNAME
- { option_is_set --tomb-pwd } && { ! option_is_set -r } && {
+ { option_is_set --tomb-pwd } && { ! option_is_set -g } && {
tomb_pwd="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
ask_key_password "$tomb_pwd"
@@ -2739,10 +2733,10 @@ main() {
# can only use the non-abbreviated long-option version like:
# -force and NOT -f
#
- main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe)
+ main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g)
subcommands_opts[__default]=""
# -o in open and mount is used to pass alternate mount options
- subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: "
+ subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: "
subcommands_opts[mount]=${subcommands_opts[open]}
subcommands_opts[create]="" # deprecated, will issue warning
@@ -2754,7 +2748,7 @@ main() {
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
subcommands_opts[engrave]="k: "
- subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
+ subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
subcommands_opts[close]=""
subcommands_opts[help]=""
subcommands_opts[slam]=""