summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexandre Pujol <alexandre@pujol.io>2017-03-03 21:19:04 (GMT)
committer Alexandre Pujol <alexandre@pujol.io>2017-03-03 21:19:04 (GMT)
commitc793e0b1321518ca8a19b81a781fd83b6846a492 (patch)
treee1d022a4c13b7d84c54ac5831eb164ff531291d3
parent6352a1d417e4eadc5e81c1666073300e4c5610aa (diff)
Add support for non hidden and hidden recipient
Use -r to provide non-hidden recipient, Use -R to provide hidden recipient.
-rwxr-xr-xextras/test/runtests24
-rwxr-xr-xtomb39
2 files changed, 45 insertions, 18 deletions
diff --git a/extras/test/runtests b/extras/test/runtests
index 444d7cc..56a5aa5 100755
--- a/extras/test/runtests
+++ b/extras/test/runtests
@@ -59,7 +59,7 @@ typeset -A results
tests=(dig forge lock badpass open close passwd chksum bind setkey recip-dig
recip-forge recip-lock recip-open recip-close recip-passwd recip-resize
- recip-setkey shared shared-passwd shared-setkey recip-default)
+ recip-setkey recip-default recip-hidden shared shared-passwd shared-setkey)
{ test $RESIZER = 1 } && { tests+=(resize) }
{ test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
@@ -193,7 +193,7 @@ test-tomb-recip() {
tt close recip
}
-test-tomb-default() {
+test-tomb-recip-default() {
notice "wiping all default.tomb* in /tmp"
rm -f /tmp/default.tomb /tmp/default.tomb.key
@@ -210,6 +210,23 @@ test-tomb-default() {
{ test $res = 0 } && { results+=(recip-default SUCCESS) }
}
+test-tomb-recip-hidden() {
+
+ notice "wiping all hidden.tomb* in /tmp"
+ rm -f /tmp/hidden.tomb /tmp/hidden.tomb.key
+
+ notice "Testing tomb with hidden recipient"
+ res=0
+ tt dig -s 20 /tmp/hidden.tomb
+ { test $? = 0 } || { res=1 }
+ tt forge /tmp/hidden.tomb.key -g -R $gpgid_1 --ignore-swap --unsafe --use-urandom
+ { test $? = 0 } || { res=1 }
+ tt lock /tmp/hidden.tomb -k /tmp/hidden.tomb.key \
+ --ignore-swap --unsafe -g -R $gpgid_1
+ { test $? = 0 } || { res=1 }
+ { test $res = 0 } && { results+=(recip-hidden SUCCESS) }
+}
+
test-tomb-shared() {
notice "wiping all shared.tomb* in /tmp"
@@ -381,7 +398,8 @@ startloops=(`sudo losetup -a |cut -d: -f1`)
# isolated function (also called with source)
test-tomb-create
test-tomb-recip
-test-tomb-default
+test-tomb-recip-default
+test-tomb-recip-hidden
test-tomb-shared
notice "Testing open with wrong password"
diff --git a/tomb b/tomb
index 027a061..011fc89 100755
--- a/tomb
+++ b/tomb
@@ -654,6 +654,7 @@ usage() {
_print " -f force operation (i.e. even if swap is active)"
_print " -g use a GnuPG key to encrypt a tomb key"
_print " -r provide GnuPG recipients (separated by coma)"
+ _print " -R provide GnuPG hidden recipients (separated by coma)"
_print " --shared active sharing feature"
[[ $KDF == 1 ]] && {
_print " --kdf forge keys armored against dictionary attacks"
@@ -1002,10 +1003,10 @@ gpg_decrypt() {
gpgpopt=()
# GPG option '--try-secret-key' exist since GPG 2.1
- { option_is_set -r } && [[ $gpgver =~ "2.1." ]] && {
+ { option_is_set -R } && [[ $gpgver =~ "2.1." ]] && {
typeset -a recipients
- recipients=(${(s:,:)$(option_value -r)})
- { ! is_valid_recipients $recipients } && {
+ recipients=(${(s:,:)$(option_value -R)})
+ { is_valid_recipients $recipients } || {
_failure "You set an invalid GPG ID."
}
gpgpopt=(`_recipients_arg "--try-secret-key" $recipients`)
@@ -1230,6 +1231,7 @@ gen_key() {
local algopt="`option_value -o`"
local algo="${algopt:-AES256}"
local gpgpass opt
+ local recipients_opt
typeset -a gpgopt
# here user is prompted for key password
tombpass=""
@@ -1237,10 +1239,17 @@ gen_key() {
{ option_is_set -g } && {
gpgopt=(--encrypt)
-
- { option_is_set -r } && {
+
+ { option_is_set -r || option_is_set -R } && {
typeset -a recipients
- recipients=(${(s:,:)$(option_value -r)})
+ { option_is_set -r } && {
+ recipients=(${(s:,:)$(option_value -r)})
+ recipients_opt="--recipient"
+ } || {
+ recipients=(${(s:,:)$(option_value -R)})
+ recipients_opt="--hidden-recipient"
+ }
+
[ "${#recipients}" -gt 1 ] && {
if option_is_set --shared; then
_warning "You are going to encrypt a tomb key with ${#recipients} recipients."
@@ -1258,7 +1267,7 @@ gen_key() {
_failure "You set an invalid GPG ID."
}
- gpgopt+=(`_recipients_arg "--hidden-recipient" $recipients`)
+ gpgopt+=(`_recipients_arg "$recipients_opt" $recipients`)
} || {
_message "No recipient specified, using default GPG key."
gpgopt+=("--default-recipient-self")
@@ -2754,19 +2763,19 @@ main() {
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g)
subcommands_opts[__default]=""
# -o in open and mount is used to pass alternate mount options
- subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: "
+ subcommands_opts[open]="n -nohook=n k: -kdf: o: -ignore-swap -tomb-pwd: r: R: "
subcommands_opts[mount]=${subcommands_opts[open]}
subcommands_opts[create]="" # deprecated, will issue warning
# -o in forge and lock is used to pass an alternate cipher.
- subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: -shared "
+ subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: R: -shared "
subcommands_opts[dig]="-ignore-swap s: -size=s "
- subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: "
- subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
+ subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: R: "
+ subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
subcommands_opts[engrave]="k: "
- subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: -shared "
+ subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
subcommands_opts[close]=""
subcommands_opts[help]=""
subcommands_opts[slam]=""
@@ -2776,14 +2785,14 @@ main() {
subcommands_opts[search]=""
subcommands_opts[help]=""
- subcommands_opts[bury]="k: -tomb-pwd: r: "
- subcommands_opts[exhume]="k: -tomb-pwd: r: "
+ subcommands_opts[bury]="k: -tomb-pwd: r: R: "
+ subcommands_opts[exhume]="k: -tomb-pwd: r: R: "
# subcommands_opts[decompose]=""
# subcommands_opts[recompose]=""
# subcommands_opts[install]=""
subcommands_opts[askpass]=""
subcommands_opts[source]=""
- subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: r: "
+ subcommands_opts[resize]="-ignore-swap s: -size=s k: -tomb-pwd: r: R: "
subcommands_opts[check]="-ignore-swap "
# subcommands_opts[translate]=""