diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2010-11-18 17:40:08 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2010-11-18 17:40:08 -0200 |
| commit | 1b1b13f1269a8218b72cd7dc6931d8fd82792057 (patch) | |
| tree | 131011f94068ee9492eb9a5275d64bb019816bb9 | |
| parent | a908a9b46ad83bbbbe9f3a742d1bb4dd59305182 (diff) | |
| download | keyringer-1b1b13f1269a8218b72cd7dc6931d8fd82792057.tar.gz keyringer-1b1b13f1269a8218b72cd7dc6931d8fd82792057.tar.bz2 | |
Initial recipients check support
| -rw-r--r-- | lib/keyringer/functions | 39 | ||||
| -rwxr-xr-x | share/keyringer/recipients | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 9c8dfd7..4a02fd9 100644 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -172,6 +172,7 @@ function keyringer_set_env { ACTIONS="`dirname $0`" BASENAME="`basename $0`" BASEDIR="$1" + SUBCOMMAND="$2" KEYDIR="$BASEDIR/keys" RECIPIENTS="$BASEDIR/config/recipients" OPTIONS="$BASEDIR/config/options" @@ -202,6 +203,9 @@ function keyringer_set_env { exit 1 fi + # Check recipients file + keyringer_check_recipients $SUBCOMMAND + # Ensure that keydir exists mkdir -p "$KEYDIR" && chmod 700 "$KEYDIR" } @@ -255,6 +259,41 @@ function keyringer_action_usage { fi } +# Check recipients +function keyringer_check_recipients { + if [ "$1" == "edit" ]; then + # Don't check recipients at edit mode. + return + fi + + for recipient in $(cat "$RECIPIENTS" | grep -v '^#' | awk '{ print $2 }'); do + size=$(echo "$recipient" | wc -c) + if (( $size < 41 )); then + echo "Fatal: please set the full GPG signature hash for key ID $recipient:" + cat <<-EOF + +Recipients file can't have 32-bit keyids (e.g. DEADBEEF or DECAF123). These +are trivial to spoof. With a few gigs of disk space and a day of time on +cheap, readily-available hardware, it's possible to build keys to match every +possible 32-bit keyid. The search space just isn't big enough. + +If you're going to specify keys by keyid, they should be specified by full +160-bit OpenPGP fingerprint. It would be very bad if someone spoofed a keyID +and caused another participant in a keyringer instance to reencrypt a secret +store to the spoofed key in addition to your own. +EOF + exit 1 + else + gpg --list-key $recipient &> /dev/null + if [ "$?" != "0" ]; then + echo "Fatal: no such key $recipient on your GPG keyring." + echo "Please check for this key or fix the recipient file." + exit 1 + fi + fi + done +} + # Setup environment if [ "$(basename "$0")" != "keyringer" ]; then keyringer_set_env $* diff --git a/share/keyringer/recipients b/share/keyringer/recipients index c9dbdbb..2fe2ddf 100755 --- a/share/keyringer/recipients +++ b/share/keyringer/recipients @@ -14,6 +14,7 @@ if [ "$COMMAND" == "ls" ]; then cat "$RECIPIENTS" elif [ "$COMMAND" == "edit" ]; then "$EDITOR" "$RECIPIENTS" + keyringer_check_recipients else printf "%s: No such command %s\n" "$BASENAME" "$COMMAND" exit 1 |