aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-12-19 12:05:53 -0200
committerSilvio Rhatto <rhatto@riseup.net>2016-12-19 12:05:53 -0200
commite3273d8ead6ee0da307097febeb27a38e8cc3593 (patch)
tree44d4677fc051daa7a3c41cdf2026651de9d8b61b
parent85c61ed6857676f4ca259ff73845f3d3c6dab7d2 (diff)
downloadkeyringer-e3273d8ead6ee0da307097febeb27a38e8cc3593.tar.gz
keyringer-e3273d8ead6ee0da307097febeb27a38e8cc3593.tar.bz2
Adds pwgen action
-rwxr-xr-xlib/keyringer/actions/pwgen35
-rw-r--r--lib/keyringer/completions/bash/keyringer4
-rw-r--r--lib/keyringer/completions/zsh/_keyringer4
-rw-r--r--share/man/keyringer.1.mdwn10
4 files changed, 49 insertions, 4 deletions
diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen
new file mode 100755
index 0000000..45d2bf9
--- /dev/null
+++ b/lib/keyringer/actions/pwgen
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+#
+# Generates passphrases.
+#
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# Parameters
+SIZE="$3"
+FILE="$2"
+
+# Generates a random passphrase
+function keyringer_pwgen {
+ ENTROPY_BYTES=${1:-20} # in bytes
+ ENTROPY_SOURCE="${ENTROPY_SOURCE:-/dev/urandom}"
+
+ # Strip possible newlines if output is wrapped.
+ # Also strip trailing = signs as they add nothing to the password's entropy.
+ head -c $ENTROPY_BYTES $ENTROPY_SOURCE | base64 | tr -d '\n='
+ echo
+}
+
+# Check
+if [ -z "$FILE" ]; then
+ echo "Usage: keyringer <keyring> $BASENAME <secret> [size]"
+ exit 1
+elif [ ! -z "$SIZE" ] && ! echo $SIZE | egrep -q '^[0-9]+$'; then
+ echo "$SIZE is not a number"
+ exit 1
+fi
+
+# Encrypt and store a randomly-generated secret
+keyringer_pwgen $SIZE | keyringer_exec encrypt "$BASEDIR" "$FILE"
diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer
index ccc8fb9..10b852e 100644
--- a/lib/keyringer/completions/bash/keyringer
+++ b/lib/keyringer/completions/bash/keyringer
@@ -93,7 +93,7 @@ _keyringer() {
recipients)
opts="ls edit"
;;
- ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp)
+ ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp)
cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
;;
@@ -128,7 +128,7 @@ _keyringer() {
# TODO
opts="$(_keyringer_git_complete ${prev} ${cur})"
;;
- encrypt|encrypt-batch)
+ encrypt|encrypt-batch|pwgen)
cur="$(_keyringer_path_complete ${cur})"
opts="`compgen -o default "${cur}"`"
;;
diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer
index ff74933..7562352 100644
--- a/lib/keyringer/completions/zsh/_keyringer
+++ b/lib/keyringer/completions/zsh/_keyringer
@@ -49,7 +49,7 @@ _keyringer() {
recipients)
compadd "$@" ls edit
;;
- ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp)
+ ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp)
words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash
compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null)
;;
@@ -83,7 +83,7 @@ _keyringer() {
git)
compadd "$@" $(_keyringer_git_complete $words[4] $words[5])
;;
- encrypt|encrypt-batch)
+ encrypt|encrypt-batch|pwgen)
_files
;;
*)
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index 8f024d1..afe7e99 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -163,6 +163,16 @@ open <*secret*>
After the application exits, keyringer encrypts the temporary decrypted file
again into the secret file and deletes the temporary file.
+pwgen <*secret*> [*size*]
+: Generates a random passphrase and stores into *secret* pathname with optional
+ entropy size in bytes. Default size is 20.
+
+ Passphrases will be slightly bigger than size due to base64 conversion.
+
+ With this action you can generate and store a passphrase without need to see
+ it. Combined with clip or sclip action provides an hygienic way to handle
+ secrets.
+
recrypt <*secret*>
: Re-encrypts a secret by decrypting it and encrypting it again. Useful when users are added
into the recipient configuration. If no *secret* is given, all secrets in the repository