aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrhatto <rhatto@ratten.fluxo.info>2014-03-17 18:33:49 -0300
committerrhatto <rhatto@ratten.fluxo.info>2014-03-17 18:33:49 -0300
commite5f6e907fc5f08ec83beb27bb8358c477acc5b9c (patch)
tree33828414169c13a2a0266ebc2bc3aa5443f6a54c
parentf2b6656b05fae5f3adccaa371d085c6fd6c82b8c (diff)
parentdccfd2ba85988f52584ad6cb4ff91ab6aa6007bd (diff)
downloadkeyringer-e5f6e907fc5f08ec83beb27bb8358c477acc5b9c.tar.gz
keyringer-e5f6e907fc5f08ec83beb27bb8358c477acc5b9c.tar.bz2
Merge branch 'master' into canary
-rw-r--r--index.mdwn20
-rwxr-xr-xlib/keyringer/functions8
-rw-r--r--share/man/keyringer.1.mdwn8
3 files changed, 19 insertions, 17 deletions
diff --git a/index.mdwn b/index.mdwn
index ee3870a..f9df557 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -26,7 +26,7 @@ Just clone
And then leave it somewhere, optionally adding it to your `$PATH` environment variable
or package it to your preferred distro.
-If you're using debian `jessie` or `unstable`, just run
+If you're using Debian `jessie` or `unstable`, just run
apt-get install keyringer
@@ -60,7 +60,7 @@ want to checkout it, use
Managing recipients
-------------------
-Your next step is tell keyringer the GPG key ids to encrypt files to:
+Your next step is tell keyringer the OpenPGP key IDs to encrypt files to:
keyringer <keyring> recipients edit [recipient-name]
keyringer <keyring> recipients ls
@@ -168,11 +168,11 @@ Concepts
Basic idea is:
- - Encrypt screts using multiple users's gpg public keys and commit the output in a git repo.
+ - Encrypt screts using multiple users's OpenPGP public keys and commit the output in a git repository.
- Let users keep it in sync with the repository and the secrets are shared :)
-For "secrets" it's meant anything as the script work with stdin and output things to
+Secrets can be any regular file as the script work with stdin and output things to
files, so it can be passphrases, private keys or other kind of information.
With theses scripts, the workflow is more or less like this:
@@ -180,7 +180,7 @@ With theses scripts, the workflow is more or less like this:
- You have a git repo for secret keys.
- You run the "encrypt" command and paste your private key to this
- command (so no plaintext disk write).
+ command (so no plaintext is written to disk).
- The encrypt command writes an encrypted file to the repo.
@@ -189,15 +189,17 @@ With theses scripts, the workflow is more or less like this:
- Optionally, other users pulls the changes but they dont need to
decrypt anything until they need to use the keys.
-So it's just gpg-encrypted data atop of a git repository (one can think of a
-kind of distributed encrypted filesystem).
+In summary, keyringer data store is basically gpg-encrypted data atop of a git
+repository (one can think of a kind of distributed encrypted filesystem).
Git was chosen to host encrypted info mostly for two reasos: easy to distribute
and its the only VCS known to make easier repository history manipulation.
One possible drawback: the repo has pubkey information attached, which can be
-linked to real ppl (and then disclose the information about who has access to a
-given key), but it's possible to:
+linked to real people (and then disclose the information about who has access to a
+given key).
+
+To mitigate that, it's possible to:
- Keep the repo just atop of an encrypted and non-public place.
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 832385e..5936ff0 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -544,7 +544,7 @@ function keyringer_check_repository {
# Git maintenance operations
echo "Running git maintenance operations..."
keyringer_exec git "$BASEDIR" fsck
- keyringer_exec git "$BASEDIR" gc --prune=all
+ keyringer_exec git "$BASEDIR" gc
echo ""
# Sync the repository
@@ -581,7 +581,7 @@ function keyringer_check_recipient_size {
local size=$(echo "$recipient" | wc -c)
if (( $size < 41 )); then
- echo "Fatal: please set the full GPG signature hash for key ID $recipient:"
+ echo "Fatal: please set the full OpenPGP fingerprint for key ID $recipient:"
cat <<-EOF
Please provide a full OpenPGP fingerprint, for example:
@@ -671,8 +671,8 @@ function keyringer_check_recipient_key {
fi
echo ""
else
- echo "Fatal: no such key $recipient on your GPG keyring."
- echo "Please check for this key or fix the recipient file."
+ echo "Fatal: no such key $recipient on your OpenPGP keyring."
+ echo "Please retrieve this key yourself or fix the recipient file."
exit 1
fi
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index 84895c2..adbaaa2 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -20,8 +20,8 @@ re-encrypt secrets. It also supports encryption to multiple recipients
and groups of recipients, to allow a workgroup to share access to a single
repository while restricting some secrets to subsets of the group.
-Secrets are encrypted using GPG and added to a Git tree so that they can be
-synced with remote branches later.
+Secrets are encrypted using OpenPGP and added to a Git tree so that they
+can be synced with remote branches later.
# ACTIONS
@@ -160,7 +160,7 @@ clip <*secret*>
: Copy the first line of a secret to the clipboard, following password-store convention.
xclip <*secret*>
-: Alis to clip action.
+: Alias to clip action.
# CONFIGURATION ACTIONS
@@ -209,7 +209,7 @@ recipients <*ls*|*edit*> <*recipients-file*>
Each line in a recipients file has entries in the format
'john@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where *john@doe.com*
- is an alias for the GPG public key whose fingerprint is
+ is an alias for the OpenPGP public key whose fingerprint is
*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*
All lines starting with the hash (#) character are interpreted as comments.