aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xfirma51
1 files changed, 32 insertions, 19 deletions
diff --git a/firma b/firma
index 41b9695..69569e7 100755
--- a/firma
+++ b/firma
@@ -88,6 +88,28 @@ function DeclareGpgVars {
}
+function CheckPassphrase {
+ #-------------------------------------------------------------
+ # check if a passphrase is valid
+ #
+ # parameter(s): none
+ # depends on function(s): none
+ # returns: 0 if valid password, 1 if invalid
+ #-------------------------------------------------------------
+ if [[ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" || \
+ -z "$PASSPHRASE" || \
+ "$(echo "$PASSPHRASE" | wc -c)" -lt "25" || \
+ -z "$(echo "$PASSPHRASE" | tr -dc '[[:lower:]]')" || \
+ -z "$(echo "$PASSPHRASE" | tr -dc '[[:upper:]]')" || \
+ -z "$(echo "$PASSPHRASE" | tr -dc '[[:digit:]]')" || \
+ "$(echo "$PASSPHRASE" | tr -dc '[:punct:]' | wc -c)" -lt "1" || \
+ "$(echo "$PASSPHRASE" | fold -w1 | uniq -cd | grep -v '^ \{6\}[234] ')" ]]; then
+ return_code=1
+ return $return_code
+ fi
+}
+
+
function CheckFirmaConfigFile {
#-------------------------------------------------------------
# check firma.conf parameters
@@ -162,14 +184,7 @@ function CheckListConfigFile {
if [[ ! -d "$LIST_HOMEDIR" || ! -f "$LIST_HOMEDIR/pubring.gpg" || ! -f "$LIST_HOMEDIR/secring.gpg" ]]; then
LogMessage "FATAL: $LIST_NAME: GPG home directory ("$LIST_HOMEDIR") or the GPG keyrings could not be found. Quitting."
return_code=1
- elif [[ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" || \
- -z "$PASSPHRASE" || \
- "$(echo "$PASSPHRASE" | wc -c)" -lt "25" || \
- -z "$(echo "$PASSPHRASE" | tr -dc '[[:lower:]]')" || \
- -z "$(echo "$PASSPHRASE" | tr -dc '[[:upper:]]')" || \
- -z "$(echo "$PASSPHRASE" | tr -dc '[[:digit:]]')" || \
- "$(echo "$PASSPHRASE" | tr -dc '[:punct:]' | wc -c)" -lt "5" || \
- "$(echo "$PASSPHRASE" | fold -w1 | uniq -cd | grep -v '^ \{6\}[234] ')" ]]; then
+ elif ! CheckPassphrase; then
LogMessage "FATAL: $LIST_NAME: List passphrase is empty or does not meet the minimum complexity requirements. Quitting."
return_code=1
elif [[ -z "$($GPG --list-secret-keys --with-colons --fixed-list-mode "<$LIST_ADDRESS>" 2> /dev/null)" ]]; then
@@ -927,13 +942,15 @@ function NewList {
answer="$(echo $answer | tr '[:lower:]' '[:upper:]')"
if [[ -z "$answer" || "$answer" == "Y" || "$answer" == "YES" ]]; then
PASSPHRASE="$(RandomString 62)"
+ while ! CheckPassphrase; do
+ PASSPHRASE="$(RandomString 62)"
+ done
break
elif [[ "$answer" == "N" || "$answer" == "NO" ]]; then
read -resp " Passphrase to protect the list's secret key (you'll type it once): " PASSPHRASE
- if [[ -z "$PASSPHRASE" ]]; then
- echo "You choosed an empty passphrase. Then firma will choose one for you."
- PASSPHRASE="$(RandomString 62)"
- fi
+ while ! CheckPassphrase; do
+ read -resp " Passphrase doesn't fit all the requirements, please choose another: " PASSPHRASE
+ done
break
else
echo " Please answer either yes or no."
@@ -1026,8 +1043,7 @@ EOF
echo " Please choose a key import method:"
echo " 1 - Fetch the keys from a keyserver"
- echo " 2 - Read keys from stdin"
- echo " 3 - Key material stored in a file"
+ echo " 2 - Key material stored in a file"
while true; do
read -rep " Please enter your choice: " answer
@@ -1036,13 +1052,10 @@ EOF
method="keyserver $answer"
break
elif [[ "$answer" == "2" ]]; then
- method="stdin"
- break
- elif [[ "$answer" == "3" ]]; then
method="file"
break
else
- echo " Invalid answer. Choose either 1, 2 or 3."
+ echo " Invalid answer. Choose either 1 or 2."
fi
done
@@ -1745,7 +1758,7 @@ function RandomString {
# 1 if string size is greater than 62
#-------------------------------------------------------------
- local n alpha="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+ local n alpha="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.,;:?!"
if [[ -z "$1" ]]; then
n=6