aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2010-11-18 17:40:08 -0200
committerSilvio Rhatto <rhatto@riseup.net>2010-11-18 17:40:08 -0200
commit1b1b13f1269a8218b72cd7dc6931d8fd82792057 (patch)
tree131011f94068ee9492eb9a5275d64bb019816bb9
parenta908a9b46ad83bbbbe9f3a742d1bb4dd59305182 (diff)
downloadkeyringer-1b1b13f1269a8218b72cd7dc6931d8fd82792057.tar.gz
keyringer-1b1b13f1269a8218b72cd7dc6931d8fd82792057.tar.bz2
Initial recipients check support
-rw-r--r--lib/keyringer/functions39
-rwxr-xr-xshare/keyringer/recipients1
2 files changed, 40 insertions, 0 deletions
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 9c8dfd7..4a02fd9 100644
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -172,6 +172,7 @@ function keyringer_set_env {
ACTIONS="`dirname $0`"
BASENAME="`basename $0`"
BASEDIR="$1"
+ SUBCOMMAND="$2"
KEYDIR="$BASEDIR/keys"
RECIPIENTS="$BASEDIR/config/recipients"
OPTIONS="$BASEDIR/config/options"
@@ -202,6 +203,9 @@ function keyringer_set_env {
exit 1
fi
+ # Check recipients file
+ keyringer_check_recipients $SUBCOMMAND
+
# Ensure that keydir exists
mkdir -p "$KEYDIR" && chmod 700 "$KEYDIR"
}
@@ -255,6 +259,41 @@ function keyringer_action_usage {
fi
}
+# Check recipients
+function keyringer_check_recipients {
+ if [ "$1" == "edit" ]; then
+ # Don't check recipients at edit mode.
+ return
+ fi
+
+ for recipient in $(cat "$RECIPIENTS" | grep -v '^#' | awk '{ print $2 }'); do
+ size=$(echo "$recipient" | wc -c)
+ if (( $size < 41 )); then
+ echo "Fatal: please set the full GPG signature hash for key ID $recipient:"
+ cat <<-EOF
+
+Recipients file can't have 32-bit keyids (e.g. DEADBEEF or DECAF123). These
+are trivial to spoof. With a few gigs of disk space and a day of time on
+cheap, readily-available hardware, it's possible to build keys to match every
+possible 32-bit keyid. The search space just isn't big enough.
+
+If you're going to specify keys by keyid, they should be specified by full
+160-bit OpenPGP fingerprint. It would be very bad if someone spoofed a keyID
+and caused another participant in a keyringer instance to reencrypt a secret
+store to the spoofed key in addition to your own.
+EOF
+ exit 1
+ else
+ gpg --list-key $recipient &> /dev/null
+ if [ "$?" != "0" ]; then
+ echo "Fatal: no such key $recipient on your GPG keyring."
+ echo "Please check for this key or fix the recipient file."
+ exit 1
+ fi
+ fi
+ done
+}
+
# Setup environment
if [ "$(basename "$0")" != "keyringer" ]; then
keyringer_set_env $*
diff --git a/share/keyringer/recipients b/share/keyringer/recipients
index c9dbdbb..2fe2ddf 100755
--- a/share/keyringer/recipients
+++ b/share/keyringer/recipients
@@ -14,6 +14,7 @@ if [ "$COMMAND" == "ls" ]; then
cat "$RECIPIENTS"
elif [ "$COMMAND" == "edit" ]; then
"$EDITOR" "$RECIPIENTS"
+ keyringer_check_recipients
else
printf "%s: No such command %s\n" "$BASENAME" "$COMMAND"
exit 1