summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexandre Pujol <alexandre@pujol.io>2017-03-24 20:08:33 (GMT)
committer Alexandre Pujol <alexandre@pujol.io>2017-03-24 20:08:33 (GMT)
commitd720e4b2ce0cd739aa599a53b093e5f75703da26 (patch)
treea20ba4d32b0feef054567aceac52b4c03eeb4a9e
parent6c2077fee1b3a2257a1da3560f185630405d5f4b (diff)
Remove --shared flag when sharing a tomb key. See #252
-rwxr-xr-xextras/test/runtests8
-rwxr-xr-xtomb36
2 files changed, 16 insertions, 28 deletions
diff --git a/extras/test/runtests b/extras/test/runtests
index 56a5aa5..6618d4b 100755
--- a/extras/test/runtests
+++ b/extras/test/runtests
@@ -236,7 +236,7 @@ test-tomb-shared() {
res=0
tt dig -s 20 /tmp/shared.tomb
{ test $? = 0 } || { res=1 }
- tt forge /tmp/shared.tomb.key -g -r $gpgid_1,$gpgid_2 --shared \
+ tt forge /tmp/shared.tomb.key -g -r $gpgid_1,$gpgid_2 \
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \
@@ -249,17 +249,17 @@ test-tomb-shared() {
{ test $res = 0 } && { results+=(shared SUCCESS) }
notice "Testing changing recipients on a shared Tomb"
- tt passwd -k /tmp/shared.tomb.key -g -r $gpgid_2,$gpgid_1 --shared
+ tt passwd -k /tmp/shared.tomb.key -g -r $gpgid_2,$gpgid_1
{ test $? = 0 } && { results+=(shared-passwd SUCCESS) }
notice "Testing setkey on a shared Tomb"
rm -f /tmp/new.shared.tomb.key
res=0
- tt forge /tmp/new.shared.tomb.key -g -r $gpgid_1,$gpgid_2 --shared\
+ tt forge /tmp/new.shared.tomb.key -g -r $gpgid_1,$gpgid_2 \
--ignore-swap --unsafe --use-urandom
{ test $? = 0 } || { res=1 }
tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \
- -g -r $gpgid_2,$gpgid_1 --shared
+ -g -r $gpgid_2,$gpgid_1
{ test $? = 0 } || { res=1 }
{ test $res = 0 } && { results+=(shared-setkey SUCCESS) }
}
diff --git a/tomb b/tomb
index 9284c0e..636f80d 100755
--- a/tomb
+++ b/tomb
@@ -655,7 +655,6 @@ usage() {
_print " -g use a GnuPG key to encrypt a tomb key"
_print " -r provide GnuPG recipients (separated by coma)"
_print " -R provide GnuPG hidden recipients (separated by coma)"
- _print " --shared active sharing feature"
[[ $KDF == 1 ]] && {
_print " --kdf forge keys armored against dictionary attacks"
}
@@ -1249,23 +1248,17 @@ gen_key() {
recipients=(${(s:,:)$(option_value -R)})
recipients_opt="--hidden-recipient"
}
-
- [ "${#recipients}" -gt 1 ] && {
- if option_is_set --shared; then
- _warning "You are going to encrypt a tomb key with ${#recipients} recipients."
- _warning "It is your responsibility to check the fingerprint of these recipients."
- _warning "The fingerprints are:"
- for gpg_id in ${recipients[@]}; do
- _warning " `_fingerprint "$gpg_id"`"
- done
- else
- _failure "You need to use the option '--shared' to enable sharing support"
- fi
- }
{ is_valid_recipients $recipients } || {
_failure "You set an invalid GPG ID."
}
+
+ _warning "You are going to encrypt a tomb key with ${#recipients} recipient(s)."
+ _warning "It is your responsibility to check these fingerprints."
+ _warning "The fingerprints are:"
+ for gpg_id in ${recipients[@]}; do
+ _warning " `_fingerprint "$gpg_id"`"
+ done
gpgopt+=(`_recipients_arg "$recipients_opt" $recipients`)
} || {
@@ -1639,13 +1632,12 @@ dig_tomb() {
# Step two -- Create a detached key to lock a tomb with
#
-# Synopsis: forge_key [destkey|-k destkey] [-o cipher] [-r gpgid] [--shared]
+# Synopsis: forge_key [destkey|-k destkey] [-o cipher] [-r|-R gpgid]
#
# Arguments:
# -k path to destination keyfile
# -o Use an alternate algorithm
# -r GPG recipients to be used
-# --shared Activate sharing capability
#
forge_key() {
# can be specified both as simple argument or using -k
@@ -1708,11 +1700,7 @@ forge_key() {
# Here the global variable TOMBSECRET contains the naked secret
{ option_is_set -g } && {
- { option_is_set --shared } && {
- _success "Using GnuPG keys to encrypt and share your key: ::1 tomb key::" $TOMBKEYFILE
- } || {
- _success "Using the GnuPG key ::1:: to encrypt the key: ::2 tomb key::" `option_value -r` $TOMBKEYFILE
- }
+ _success "Using GnuPG key(s) to encrypt your key: ::1 tomb key::" $TOMBKEYFILE
} || {
_success "Choose the password of your key: ::1 tomb key::" $TOMBKEYFILE
}
@@ -2769,13 +2757,13 @@ main() {
subcommands_opts[create]="" # deprecated, will issue warning
# -o in forge and lock is used to pass an alternate cipher.
- subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: R: -shared "
+ subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: R: "
subcommands_opts[dig]="-ignore-swap s: -size=s "
subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: R: "
- subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
+ subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: "
subcommands_opts[engrave]="k: "
- subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -shared "
+ subcommands_opts[passwd]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: "
subcommands_opts[close]=""
subcommands_opts[help]=""
subcommands_opts[slam]=""