summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexandre Pujol <alexandre@pujol.io>2017-02-03 17:55:06 (GMT)
committer Alexandre Pujol <alexandre@pujol.io>2017-02-03 23:57:52 (GMT)
commit6f89dbd2fec992e6b386fc048e7a0fe89dccc38a (patch)
tree5adfe066362b115fdcad070b4c11c5604218cfaf
parent15164f5578a34a85a5821a331045cd2c11d369bd (diff)
Add '--shared' in order to activate sharing support.
Sharing feature is a very sensitive action, the user needs to trust the GPG public key it is going to share its tomb. This is why this feature needs to be explicitly activated using in more the flag --shared on the key encryption commands.
-rwxr-xr-xextras/test/runtests8
-rwxr-xr-xtomb27
2 files changed, 28 insertions, 7 deletions
diff --git a/extras/test/runtests b/extras/test/runtests
index e3af55a..c25ec23 100755
--- a/extras/test/runtests
+++ b/extras/test/runtests
@@ -200,7 +200,7 @@ test-tomb-shared() {
res=0
tt dig -s 20 /tmp/shared.tomb
{ test $? = 0 } || { res=1 }
- tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
+ tt forge /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 --shared \
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \
@@ -214,17 +214,17 @@ test-tomb-shared() {
notice "Testing changing recipients on a shared Tomb"
tt passwd -k /tmp/shared.tomb.key -r $gpgid_1,$gpgid_2 \
- -R $gpgid_2,$gpgid_1
+ -R $gpgid_2,$gpgid_1 --shared
{ test $? = 0 } && { results+=(shared-passwd SUCCESS) }
notice "Testing setkey on a shared Tomb"
rm -f /tmp/new.shared.tomb.key
res=0
- tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 \
+ tt forge /tmp/new.shared.tomb.key -r $gpgid_1,$gpgid_2 --shared\
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \
- -r $gpgid_2,$gpgid_1
+ -r $gpgid_2,$gpgid_1 --shared
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(shared-setkey SUCCESS) }
}
diff --git a/tomb b/tomb
index d7ad4b5..15ff175 100755
--- a/tomb
+++ b/tomb
@@ -864,6 +864,14 @@ _recipients_arg() {
return 0
}
+# $1 is a GPG key recipient
+# Print the fingerprint of the GPG key
+_fingerprint() {
+ local recipient="$1"
+ gpg --with-colons --fingerprint "$recipient" | grep fpr | head -1 | cut -d ':' -f 10 | sed 's/.\{4\}/& /g'
+}
+
+
# $1 is the encrypted key contents we are checking
is_valid_key() {
local key="$1" # Unique argument is an encrypted key to test
@@ -1210,6 +1218,19 @@ gen_key() {
recipients=(${(s:,:)$(option_value -r)})
}
+ [ "${#recipients}" -gt 1 ] && {
+ if option_is_set --shared; then
+ _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
+ _warning "It is your responsibility to check the fingerprint of these recipients."
+ _warning "The fingerprints are:"
+ for gpg_id in ${recipients[@]}; do
+ _warning " `_fingerprint "$gpg_id"`"
+ done
+ else
+ _failure "You need to use the option '--shared' to enable sharing support"
+ fi
+ }
+
{ is_valid_recipients $recipients } || {
_failure "You set an invalid GPG ID."
}
@@ -2698,13 +2719,13 @@ main() {
subcommands_opts[create]="" # deprecated, will issue warning
# -o in forge and lock is used to pass an alternate cipher.
- subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: "
+ subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: -shared "
subcommands_opts[dig]="-ignore-swap s: -size=s "
subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: "
- subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: "
+ subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
subcommands_opts[engrave]="k: "
- subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: "
+ subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
subcommands_opts[close]=""
subcommands_opts[help]=""
subcommands_opts[slam]=""