summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexandre Pujol <alexandre@pujol.io>2017-03-03 20:36:50 (GMT)
committer Alexandre Pujol <alexandre@pujol.io>2017-03-03 20:36:50 (GMT)
commit6352a1d417e4eadc5e81c1666073300e4c5610aa (patch)
tree7d15ac4551531645bdf3a7581af094f39aa9c6e8
parent0644ebe9516d41f36e256518004b669b7cfcb0ed (diff)
Add GPG default key support for key encryption
If the option -r is not set, use the gpg default key to encrypt a tomb key
-rwxr-xr-xextras/test/runtests20
-rwxr-xr-xtomb46
2 files changed, 44 insertions, 22 deletions
diff --git a/extras/test/runtests b/extras/test/runtests
index 6560358..444d7cc 100755
--- a/extras/test/runtests
+++ b/extras/test/runtests
@@ -59,7 +59,7 @@ typeset -A results
tests=(dig forge lock badpass open close passwd chksum bind setkey recip-dig
recip-forge recip-lock recip-open recip-close recip-passwd recip-resize
- recip-setkey shared shared-passwd shared-setkey)
+ recip-setkey shared shared-passwd shared-setkey recip-default)
{ test $RESIZER = 1 } && { tests+=(resize) }
{ test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
@@ -193,6 +193,23 @@ test-tomb-recip() {
tt close recip
}
+test-tomb-default() {
+
+ notice "wiping all default.tomb* in /tmp"
+ rm -f /tmp/default.tomb /tmp/default.tomb.key
+
+ notice "Testing tomb with the default recipient"
+ res=0
+ tt dig -s 20 /tmp/default.tomb
+ { test $? = 0 } || { res=1 }
+ tt forge /tmp/default.tomb.key -g --ignore-swap --unsafe --use-urandom
+ { test $? = 0 } || { res=1 }
+ tt lock /tmp/default.tomb -k /tmp/default.tomb.key \
+ --ignore-swap --unsafe -g
+ { test $? = 0 } || { res=1 }
+ { test $res = 0 } && { results+=(recip-default SUCCESS) }
+}
+
test-tomb-shared() {
notice "wiping all shared.tomb* in /tmp"
@@ -364,6 +381,7 @@ startloops=(`sudo losetup -a |cut -d: -f1`)
# isolated function (also called with source)
test-tomb-create
test-tomb-recip
+test-tomb-default
test-tomb-shared
notice "Testing open with wrong password"
diff --git a/tomb b/tomb
index 1dc49a1..027a061 100755
--- a/tomb
+++ b/tomb
@@ -1236,32 +1236,36 @@ gen_key() {
tombpasstmp=""
{ option_is_set -g } && {
- { option_is_set -r } || {
- _failure "A GPG recipient needs to be specified using -r."
- }
-
- typeset -a recipients
- recipients=(${(s:,:)$(option_value -r)})
- [ "${#recipients}" -gt 1 ] && {
- if option_is_set --shared; then
- _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
- _warning "It is your responsibility to check the fingerprint of these recipients."
- _warning "The fingerprints are:"
- for gpg_id in ${recipients[@]}; do
- _warning " `_fingerprint "$gpg_id"`"
- done
- else
- _failure "You need to use the option '--shared' to enable sharing support"
- fi
- }
+ gpgopt=(--encrypt)
- { is_valid_recipients $recipients } || {
- _failure "You set an invalid GPG ID."
+ { option_is_set -r } && {
+ typeset -a recipients
+ recipients=(${(s:,:)$(option_value -r)})
+ [ "${#recipients}" -gt 1 ] && {
+ if option_is_set --shared; then
+ _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
+ _warning "It is your responsibility to check the fingerprint of these recipients."
+ _warning "The fingerprints are:"
+ for gpg_id in ${recipients[@]}; do
+ _warning " `_fingerprint "$gpg_id"`"
+ done
+ else
+ _failure "You need to use the option '--shared' to enable sharing support"
+ fi
+ }
+
+ { is_valid_recipients $recipients } || {
+ _failure "You set an invalid GPG ID."
+ }
+
+ gpgopt+=(`_recipients_arg "--hidden-recipient" $recipients`)
+ } || {
+ _message "No recipient specified, using default GPG key."
+ gpgopt+=("--default-recipient-self")
}
# Set gpg inputs and options
gpgpass="$TOMBSECRET"
- gpgopt=(--encrypt `_recipients_arg "--hidden-recipient" $recipients`)
opt=''
} || {
if [ "$1" = "" ]; then