aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-12-21 10:19:25 -0200
committerSilvio Rhatto <rhatto@riseup.net>2016-12-21 10:19:25 -0200
commite597eb9acfab30157abefe6317387f6297d3e869 (patch)
tree2bc0beb9fb4d903a8f80d3cdef98af2b51443ae2
parente8b1c968d9f1ddd2b10b7a6e584b0f1329debea9 (diff)
parentea9326628e6e872798a96063fccd76d964a75583 (diff)
downloadkeyringer-e597eb9acfab30157abefe6317387f6297d3e869.tar.gz
keyringer-e597eb9acfab30157abefe6317387f6297d3e869.tar.bz2
Merge branch 'develop'
-rw-r--r--ChangeLog14
-rw-r--r--development.mdwn7
-rw-r--r--index.mdwn6
-rwxr-xr-xkeyringer2
-rwxr-xr-xlib/keyringer/actions/preferences2
-rwxr-xr-xlib/keyringer/actions/pwgen35
-rwxr-xr-xlib/keyringer/actions/sclip9
-rw-r--r--lib/keyringer/completions/bash/keyringer4
-rw-r--r--lib/keyringer/completions/zsh/_keyringer4
-rwxr-xr-xlib/keyringer/functions14
-rw-r--r--share/man/keyringer.114
-rw-r--r--share/man/keyringer.1.mdwn10
12 files changed, 105 insertions, 16 deletions
diff --git a/ChangeLog b/ChangeLog
index 45bae61..6f0c59b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2016-12-21 - 0.5.0 - Silvio Rhatto <rhatto@riseup.net>
+
+ Fixes keyringer_check_expiration failure if a public key is listed multiple
+ times (#77 and Debian #847964)
+
+ Make keyringer_check_expiration not fail on subkeys which do not have an
+ expiration date (#76 and Debian #847963)
+
+ Adds pwgen action
+
+ Fixes sclip clipboard overwrite procedure
+
+ Adds XDOTOOL_NEXT_WINDOW config into sclip
+
2016-11-17 - 0.4.1 - Silvio Rhatto <rhatto@riseup.net>
Adds sclip into completions
diff --git a/development.mdwn b/development.mdwn
index 3a1ed34..2349c84 100644
--- a/development.mdwn
+++ b/development.mdwn
@@ -49,9 +49,14 @@ Run lintian (or [add it to your pbuilder hooks](http://askubuntu.com/questions/1
lintian --info --display-info --pedantic --color auto build-area/keyringer_$VERSION*.changes
-Then go back to the develop branch:
+Then go back to the develop branch and push everything:
git checkout develop
+ git push --all
+
+Cleanup symlink:
+
+ rm ../keyringer_$VERSION.orig.tar.bz2
Notes:
diff --git a/index.mdwn b/index.mdwn
index 9af057f..e2a98d9 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -21,7 +21,7 @@ Installation
Just clone
- git clone https//git.fluxo.info/keyringer
+ git clone https://git.fluxo.info/keyringer
And then leave it somewhere, optionally adding it to your `$PATH` environment variable
or package it to your preferred distro.
@@ -216,8 +216,8 @@ Keyringer's basic concepts are as follows:
one encrypted file that contains one line for each secret, e.g. a single file called
secrets with lines such as:
- emma : root : secret1
- emma - /dev/hda : : secret2
+ emma : root : secret1
+ emma - /dev/hda : : secret2
Or you may also have a different encrypted file for each secret, e.g. a file called
`emma.root` that contains the root passphrase for the server named `emma` and
diff --git a/keyringer b/keyringer
index 84b25a4..c9e3d8d 100755
--- a/keyringer
+++ b/keyringer
@@ -140,7 +140,7 @@ function keyringer_dispatch {
# Config
NAME="keyringer"
-KEYRINGER_VERSION="0.4.1"
+KEYRINGER_VERSION="0.5.0"
CONFIG_VERSION="0.1"
CONFIG_BASE="$HOME/.$NAME"
CONFIG="$CONFIG_BASE/config"
diff --git a/lib/keyringer/actions/preferences b/lib/keyringer/actions/preferences
index 6e36ef4..ffabc4c 100755
--- a/lib/keyringer/actions/preferences
+++ b/lib/keyringer/actions/preferences
@@ -30,7 +30,7 @@ fi
if [ "$COMMAND" == "ls" ]; then
cat "$PREFERENCES"
elif [ "$COMMAND" == "edit" ]; then
- "$EDITOR" "$PREFERENCES"
+ $EDITOR "$PREFERENCES"
elif [ "$COMMAND" == "add" ]; then
shift 2
[[ -n $* ]] && echo $* >> "$PREFERENCES"
diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen
new file mode 100755
index 0000000..45d2bf9
--- /dev/null
+++ b/lib/keyringer/actions/pwgen
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+#
+# Generates passphrases.
+#
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# Parameters
+SIZE="$3"
+FILE="$2"
+
+# Generates a random passphrase
+function keyringer_pwgen {
+ ENTROPY_BYTES=${1:-20} # in bytes
+ ENTROPY_SOURCE="${ENTROPY_SOURCE:-/dev/urandom}"
+
+ # Strip possible newlines if output is wrapped.
+ # Also strip trailing = signs as they add nothing to the password's entropy.
+ head -c $ENTROPY_BYTES $ENTROPY_SOURCE | base64 | tr -d '\n='
+ echo
+}
+
+# Check
+if [ -z "$FILE" ]; then
+ echo "Usage: keyringer <keyring> $BASENAME <secret> [size]"
+ exit 1
+elif [ ! -z "$SIZE" ] && ! echo $SIZE | egrep -q '^[0-9]+$'; then
+ echo "$SIZE is not a number"
+ exit 1
+fi
+
+# Encrypt and store a randomly-generated secret
+keyringer_pwgen $SIZE | keyringer_exec encrypt "$BASEDIR" "$FILE"
diff --git a/lib/keyringer/actions/sclip b/lib/keyringer/actions/sclip
index e4c88fa..6016f2b 100755
--- a/lib/keyringer/actions/sclip
+++ b/lib/keyringer/actions/sclip
@@ -11,13 +11,18 @@ source "$LIB" || exit 1
shift
keyringer $KEYRING xclip $*
+# Se window switch combo
+if [ -z "$XDOTOOL_NEXT_WINDOW" ]; then
+ XDOTOOL_NEXT_WINDOW="alt+Tab"
+fi
+
# Move to the next window
if which xdotool &> /dev/null; then
- xdotool key alt+Tab
+ xdotool key $XDOTOOL_NEXT_WINDOW
fi
# Sleep
sleep 5
# Overwrite clipboard
-cat $RANDOM | sha256sum | base64 -d | xclip
+echo $RANDOM | sha256sum | base64 | xclip
diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer
index ccc8fb9..10b852e 100644
--- a/lib/keyringer/completions/bash/keyringer
+++ b/lib/keyringer/completions/bash/keyringer
@@ -93,7 +93,7 @@ _keyringer() {
recipients)
opts="ls edit"
;;
- ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp)
+ ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp)
cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
;;
@@ -128,7 +128,7 @@ _keyringer() {
# TODO
opts="$(_keyringer_git_complete ${prev} ${cur})"
;;
- encrypt|encrypt-batch)
+ encrypt|encrypt-batch|pwgen)
cur="$(_keyringer_path_complete ${cur})"
opts="`compgen -o default "${cur}"`"
;;
diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer
index ff74933..7562352 100644
--- a/lib/keyringer/completions/zsh/_keyringer
+++ b/lib/keyringer/completions/zsh/_keyringer
@@ -49,7 +49,7 @@ _keyringer() {
recipients)
compadd "$@" ls edit
;;
- ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp)
+ ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp)
words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash
compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null)
;;
@@ -83,7 +83,7 @@ _keyringer() {
git)
compadd "$@" $(_keyringer_git_complete $words[4] $words[5])
;;
- encrypt|encrypt-batch)
+ encrypt|encrypt-batch|pwgen)
_files
;;
*)
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 09b004d..bd87fd6 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -703,7 +703,7 @@ function keyringer_check_expiration {
seconds="`date +%s`"
# Check the main key
- expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`"
+ expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | head -n1 | cut -d : -f 7`"
# TODO: Time to expire can be configured via repository options.
ahead="$((86400 * 30 + $seconds))"
@@ -722,8 +722,14 @@ function keyringer_check_expiration {
fi
# Check the subkeys
- expiry=""
- for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do
+ local subkey=""
+ for subkey in $(gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub); do
+ local expiry=$(cut -d : -f 7 <<< "$subkey")
+
+ if [[ -z "$expiry" ]]; then
+ not_expired=1
+ fi
+
if [[ "$seconds" -lt "$expiry" ]]; then
not_expired="1"
@@ -734,7 +740,7 @@ function keyringer_check_expiration {
done
# All subkeys are expired
- if [ ! -z "$expiry" ] && [ "$not_expired" != "1" ]; then
+ if [ ! -z "$subkey" ] && [ "$not_expired" != "1" ]; then
echo "Fatal: key $recipient has no keys suitable for encryption: all subkeys expired."
exit 1
fi
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
index 74bcf1f..fe17968 100644
--- a/share/man/keyringer.1
+++ b/share/man/keyringer.1
@@ -222,6 +222,20 @@ After the application exits, keyringer encrypts the temporary decrypted
file again into the secret file and deletes the temporary file.
.RE
.TP
+.B pwgen <\f[I]secret\f[]> [\f[I]size\f[]]
+Generates a random passphrase and stores into \f[I]secret\f[] pathname
+with optional entropy size in bytes.
+Default size is 20.
+.RS
+.PP
+Passphrases will be slightly bigger than size due to base64 conversion.
+.PP
+With this action you can generate and store a passphrase without need to
+see it.
+Combined with clip or sclip action provides an hygienic way to handle
+secrets.
+.RE
+.TP
.B recrypt <\f[I]secret\f[]>
Re\-encrypts a secret by decrypting it and encrypting it again.
Useful when users are added into the recipient configuration.
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index 8f024d1..afe7e99 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -163,6 +163,16 @@ open <*secret*>
After the application exits, keyringer encrypts the temporary decrypted file
again into the secret file and deletes the temporary file.
+pwgen <*secret*> [*size*]
+: Generates a random passphrase and stores into *secret* pathname with optional
+ entropy size in bytes. Default size is 20.
+
+ Passphrases will be slightly bigger than size due to base64 conversion.
+
+ With this action you can generate and store a passphrase without need to see
+ it. Combined with clip or sclip action provides an hygienic way to handle
+ secrets.
+
recrypt <*secret*>
: Re-encrypts a secret by decrypting it and encrypting it again. Useful when users are added
into the recipient configuration. If no *secret* is given, all secrets in the repository