summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2013-11-14 22:57:59 -0200
committerSilvio Rhatto <rhatto@riseup.net>2013-11-14 22:57:59 -0200
commitbf99499751482886833ad7ce77930ba9a12b8a86 (patch)
treefa0626b6758a3dd0644d1f701d8b6349250b1ace
parent4705d861b56fbec26ac0dee8749b74dade3c25c1 (diff)
downloadkeyringer-bf99499751482886833ad7ce77930ba9a12b8a86.tar.gz
keyringer-bf99499751482886833ad7ce77930ba9a12b8a86.tar.bz2
Support for encrypting a whole tree (closes #21)
-rw-r--r--ChangeLog4
-rwxr-xr-xlib/keyringer/actions/encrypt71
-rwxr-xr-xlib/keyringer/functions4
-rw-r--r--share/man/keyringer.1.mdwn8
4 files changed, 65 insertions, 22 deletions
diff --git a/ChangeLog b/ChangeLog
index 69d58bb..b55493d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2013-11-14 - Silvio Rhatto <rhatto@riseup.net>
+
+ Support for encrypting a whole tree (closes #21)
+
2013-11-14 - 0.2.8 Silvio Rhatto <rhatto@riseup.net>
Updated development workflow and version scheme
diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt
index aadb9fa..0a40bc1 100755
--- a/lib/keyringer/actions/encrypt
+++ b/lib/keyringer/actions/encrypt
@@ -17,6 +17,24 @@ function keyringer_usage_encrypt_batch {
keyringer_usage_encrypt $*
}
+# Encrypt a file into the datastore
+function keyringer_encrypt {
+ local file="$1"
+ shift
+
+ if [ -z "$1" ]; then
+ return 1
+ fi
+
+ if [ "$*" != "-" ]; then
+ echo "Encrypting $*..."
+ fi
+
+ mkdir -p "$KEYDIR/`dirname "$file"`"
+ $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$file" "$*"
+ printf "\n"
+}
+
# Usage
if [ -z "$2" ]; then
keyringer_action_usage
@@ -26,26 +44,31 @@ fi
# Aditional parameters
if [ ! -z "$3" ]; then
# Set secret name and original file
- FILE="$2"
+ BASEPATH="$2"
shift 2
UNENCRYPTED_FILE="$*"
- # Get original file EXTENSION
- FILENAME="$(basename "$UNENCRYPTED_FILE")"
- EXTENSION="${FILENAME##*.}"
-
- # Append file extension in the secret name
- #
- # Useful when opening files and the application needs the
- # extension to guess the file type.
- if ! echo $FILE | grep -q -e "\.$EXTENSION$"; then
- FILE="$FILE.$EXTENSION"
+ if [ ! -d "$UNENCRYPTED_FILE" ] && echo "$UNENCRYPTED_FILE" | grep -q -e '\.'; then
+ # Get original file EXTENSION
+ FILENAME="$(basename "$UNENCRYPTED_FILE")"
+ EXTENSION="${FILENAME##*.}"
+
+ # Append file extension in the secret name
+ #
+ # Useful when opening files and the application needs the
+ # extension to guess the file type.
+ if ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then
+ echo "Appending '$EXTENSION' into secret name..."
+ FILE="$BASEPATH.$EXTENSION"
+ fi
+ else
+ FILE="$BASEPATH"
fi
keyringer_get_new_file $FILE
- if [ ! -f "$UNENCRYPTED_FILE" ]; then
- echo "Error: cannot encrypt $UNENCRYPTED_FILE: file not found."
+ if [ ! -e "$UNENCRYPTED_FILE" ]; then
+ echo "Error: cannot encrypt $UNENCRYPTED_FILE: path not found."
exit 1
fi
else
@@ -57,9 +80,7 @@ fi
# Set recipients file
keyringer_set_recipients "$FILE"
-# Encrypt
-mkdir -p "$KEYDIR/`dirname $FILE`"
-
+# Verbosity
if [ "$BASENAME" == "encrypt" ]; then
# Only display directions if we're running encrypt, not encrypt-batch
if [ "$UNENCRYPTED_FILE" == "-" ]; then
@@ -67,7 +88,23 @@ if [ "$BASENAME" == "encrypt" ]; then
fi
fi
-$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$FILE" "$UNENCRYPTED_FILE"
+# Encrypt
+if [ "$UNENCRYPTED_FILE" != "-" ] && [ -d "$UNENCRYPTED_FILE" ]; then
+ # Time to go recursive
+ BASEPATH="`basename $FILE .asc`"
+ FILEPATH="`dirname "$UNENCRYPTED_FILE"`"
+ find $UNENCRYPTED_FILE | while read file; do
+ if [ ! -d "$file" ]; then
+ dir="`dirname "$file" | sed -e "s|^$FILEPATH|$BASEPATH|g"`"
+ keyringer_get_new_file `basename "$file"`
+ keyringer_encrypt "$dir/$FILE" $file
+ fi
+ done
+
+ FILE="$OLD_FILE"
+else
+ keyringer_encrypt $FILE $UNENCRYPTED_FILE
+fi
err="$?"
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 4c06198..dd31676 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -431,10 +431,10 @@ function keyringer_get_new_file {
fi
# Sanitize and complete file name
- FILE="`echo $FILE | sed -e s/[^A-Za-z0-9.\/\-]/_/g`"
+ FILE="`echo $FILE | sed -e 's/[^A-Za-z0-9.\/\-]/_/g'`"
# Warn user about file name change
- if [ "`basename $*`" != "`basename $FILE`" ]; then
+ if [ "`basename "$*"`" != "`basename $FILE`" ]; then
echo "Sanitizing destination filename to `basename $FILE`"
fi
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index ee035e3..876f774 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -94,10 +94,12 @@ edit <*secret*>
encrypt <*secret*> [*file*]
: Encrypts content from standard input or *file* into *secret* pathname. No spaces
- are supported in the *secret* name.
+ are supported in the *secret* name. If *file* is actually a folder, keyringer
+ will recursivelly encrypt all it's contents.
-encrypt-batch <*secret*>
-: Encrypt content, batch mode.
+encrypt-batch <*secret*> [*file*]
+: Encrypt content, batch mode. Behavior is identical to *encrypt* action, but less
+ verbose. Useful inside scripts.
genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*]
: Wrapper to generate encryption key-pairs, useful for automated key deployment.