diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2016-12-19 12:05:53 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2016-12-19 12:05:53 -0200 |
| commit | e3273d8ead6ee0da307097febeb27a38e8cc3593 (patch) | |
| tree | 44d4677fc051daa7a3c41cdf2026651de9d8b61b | |
| parent | 85c61ed6857676f4ca259ff73845f3d3c6dab7d2 (diff) | |
| download | keyringer-e3273d8ead6ee0da307097febeb27a38e8cc3593.tar.gz keyringer-e3273d8ead6ee0da307097febeb27a38e8cc3593.tar.bz2 | |
Adds pwgen action
| -rwxr-xr-x | lib/keyringer/actions/pwgen | 35 | ||||
| -rw-r--r-- | lib/keyringer/completions/bash/keyringer | 4 | ||||
| -rw-r--r-- | lib/keyringer/completions/zsh/_keyringer | 4 | ||||
| -rw-r--r-- | share/man/keyringer.1.mdwn | 10 |
4 files changed, 49 insertions, 4 deletions
diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen new file mode 100755 index 0000000..45d2bf9 --- /dev/null +++ b/lib/keyringer/actions/pwgen @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +# +# Generates passphrases. +# + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# Parameters +SIZE="$3" +FILE="$2" + +# Generates a random passphrase +function keyringer_pwgen { + ENTROPY_BYTES=${1:-20} # in bytes + ENTROPY_SOURCE="${ENTROPY_SOURCE:-/dev/urandom}" + + # Strip possible newlines if output is wrapped. + # Also strip trailing = signs as they add nothing to the password's entropy. + head -c $ENTROPY_BYTES $ENTROPY_SOURCE | base64 | tr -d '\n=' + echo +} + +# Check +if [ -z "$FILE" ]; then + echo "Usage: keyringer <keyring> $BASENAME <secret> [size]" + exit 1 +elif [ ! -z "$SIZE" ] && ! echo $SIZE | egrep -q '^[0-9]+$'; then + echo "$SIZE is not a number" + exit 1 +fi + +# Encrypt and store a randomly-generated secret +keyringer_pwgen $SIZE | keyringer_exec encrypt "$BASEDIR" "$FILE" diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer index ccc8fb9..10b852e 100644 --- a/lib/keyringer/completions/bash/keyringer +++ b/lib/keyringer/completions/bash/keyringer @@ -93,7 +93,7 @@ _keyringer() { recipients) opts="ls edit" ;; - ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) + ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)" ;; @@ -128,7 +128,7 @@ _keyringer() { # TODO opts="$(_keyringer_git_complete ${prev} ${cur})" ;; - encrypt|encrypt-batch) + encrypt|encrypt-batch|pwgen) cur="$(_keyringer_path_complete ${cur})" opts="`compgen -o default "${cur}"`" ;; diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer index ff74933..7562352 100644 --- a/lib/keyringer/completions/zsh/_keyringer +++ b/lib/keyringer/completions/zsh/_keyringer @@ -49,7 +49,7 @@ _keyringer() { recipients) compadd "$@" ls edit ;; - ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) + ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null) ;; @@ -83,7 +83,7 @@ _keyringer() { git) compadd "$@" $(_keyringer_git_complete $words[4] $words[5]) ;; - encrypt|encrypt-batch) + encrypt|encrypt-batch|pwgen) _files ;; *) diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 8f024d1..afe7e99 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -163,6 +163,16 @@ open <*secret*> After the application exits, keyringer encrypts the temporary decrypted file again into the secret file and deletes the temporary file. +pwgen <*secret*> [*size*] +: Generates a random passphrase and stores into *secret* pathname with optional + entropy size in bytes. Default size is 20. + + Passphrases will be slightly bigger than size due to base64 conversion. + + With this action you can generate and store a passphrase without need to see + it. Combined with clip or sclip action provides an hygienic way to handle + secrets. + recrypt <*secret*> : Re-encrypts a secret by decrypting it and encrypting it again. Useful when users are added into the recipient configuration. If no *secret* is given, all secrets in the repository |