aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog10
-rw-r--r--index.mdwn20
-rwxr-xr-xkeyringer2
-rwxr-xr-xlib/keyringer/actions/find2
-rwxr-xr-xlib/keyringer/functions15
-rw-r--r--share/man/keyringer.18
-rw-r--r--share/man/keyringer.1.mdwn8
7 files changed, 38 insertions, 27 deletions
diff --git a/ChangeLog b/ChangeLog
index 6d53db7..5b1c53e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2014-03-22 - 0.3.3 - Silvio Rhatto <rhatto@riseup.net>
+
+ Use --recv-keys instead of --refresh-keys
+
+ Use -iname at find action
+
+ Removing --prune from git gc
+
+ Spell checking as suggested by Debian #741644
+
2014-03-14 - 0.3.2 - Silvio Rhatto <rhatto@riseup.net>
Subkey expiration date check shall not happen with expired keys
diff --git a/index.mdwn b/index.mdwn
index ee3870a..f9df557 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -26,7 +26,7 @@ Just clone
And then leave it somewhere, optionally adding it to your `$PATH` environment variable
or package it to your preferred distro.
-If you're using debian `jessie` or `unstable`, just run
+If you're using Debian `jessie` or `unstable`, just run
apt-get install keyringer
@@ -60,7 +60,7 @@ want to checkout it, use
Managing recipients
-------------------
-Your next step is tell keyringer the GPG key ids to encrypt files to:
+Your next step is tell keyringer the OpenPGP key IDs to encrypt files to:
keyringer <keyring> recipients edit [recipient-name]
keyringer <keyring> recipients ls
@@ -168,11 +168,11 @@ Concepts
Basic idea is:
- - Encrypt screts using multiple users's gpg public keys and commit the output in a git repo.
+ - Encrypt screts using multiple users's OpenPGP public keys and commit the output in a git repository.
- Let users keep it in sync with the repository and the secrets are shared :)
-For "secrets" it's meant anything as the script work with stdin and output things to
+Secrets can be any regular file as the script work with stdin and output things to
files, so it can be passphrases, private keys or other kind of information.
With theses scripts, the workflow is more or less like this:
@@ -180,7 +180,7 @@ With theses scripts, the workflow is more or less like this:
- You have a git repo for secret keys.
- You run the "encrypt" command and paste your private key to this
- command (so no plaintext disk write).
+ command (so no plaintext is written to disk).
- The encrypt command writes an encrypted file to the repo.
@@ -189,15 +189,17 @@ With theses scripts, the workflow is more or less like this:
- Optionally, other users pulls the changes but they dont need to
decrypt anything until they need to use the keys.
-So it's just gpg-encrypted data atop of a git repository (one can think of a
-kind of distributed encrypted filesystem).
+In summary, keyringer data store is basically gpg-encrypted data atop of a git
+repository (one can think of a kind of distributed encrypted filesystem).
Git was chosen to host encrypted info mostly for two reasos: easy to distribute
and its the only VCS known to make easier repository history manipulation.
One possible drawback: the repo has pubkey information attached, which can be
-linked to real ppl (and then disclose the information about who has access to a
-given key), but it's possible to:
+linked to real people (and then disclose the information about who has access to a
+given key).
+
+To mitigate that, it's possible to:
- Keep the repo just atop of an encrypted and non-public place.
diff --git a/keyringer b/keyringer
index 7ea9752..6a1eda5 100755
--- a/keyringer
+++ b/keyringer
@@ -138,7 +138,7 @@ function keyringer_dispatch {
# Config
NAME="keyringer"
-KEYRINGER_VERSION="0.3.2"
+KEYRINGER_VERSION="0.3.3"
CONFIG_VERSION="0.1"
CONFIG_BASE="$HOME/.$NAME"
CONFIG="$CONFIG_BASE/config"
diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find
index 9b18d66..21afc7a 100755
--- a/lib/keyringer/actions/find
+++ b/lib/keyringer/actions/find
@@ -15,5 +15,5 @@ shift
ARGS="`echo "$*" | sed -e "s|^/*||"`"
# Run find command
-cd "$KEYDIR/$RELATIVE_PATH" && find | grep -i "$ARGS" | sed -e 's|^./||g'
+cd "$KEYDIR/$RELATIVE_PATH" && find -iname "*$ARGS*" | sed -e 's|^./||g'
cd "$CWD"
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 832385e..f1af951 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -429,10 +429,10 @@ function keyringer_get_file {
elif [ ! -f "$KEYDIR/$FILE" ]; then
# Try to find a similar file
count=0
- candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`)
+ candidates=(`keyringer_exec find "$BASEDIR" "$1*.asc"`)
if [ ! -z "$candidates" ]; then
- echo "Could not find exact match \"$1\", please chose one of the following secrets:"
+ echo "Could not find exact match for \"$1\", please choose one of the following secrets:"
echo ""
for candidate in ${candidates[@]}; do
@@ -544,7 +544,7 @@ function keyringer_check_repository {
# Git maintenance operations
echo "Running git maintenance operations..."
keyringer_exec git "$BASEDIR" fsck
- keyringer_exec git "$BASEDIR" gc --prune=all
+ keyringer_exec git "$BASEDIR" gc
echo ""
# Sync the repository
@@ -572,7 +572,7 @@ function keyringer_refresh_keys {
local recipient="$1"
echo "Trying to refresh key $recipient..."
- gpg --batch --refresh-keys "$recipient"
+ gpg --batch --recv-keys "$recipient"
}
# Check recipient size
@@ -581,7 +581,7 @@ function keyringer_check_recipient_size {
local size=$(echo "$recipient" | wc -c)
if (( $size < 41 )); then
- echo "Fatal: please set the full GPG signature hash for key ID $recipient:"
+ echo "Fatal: please set the full OpenPGP fingerprint for key ID $recipient:"
cat <<-EOF
Please provide a full OpenPGP fingerprint, for example:
@@ -652,7 +652,6 @@ function keyringer_check_recipients {
# Check key expiration
keyringer_check_expiration "$recipient"
-
done
}
@@ -671,8 +670,8 @@ function keyringer_check_recipient_key {
fi
echo ""
else
- echo "Fatal: no such key $recipient on your GPG keyring."
- echo "Please check for this key or fix the recipient file."
+ echo "Fatal: no such key $recipient on your GnuPG keyring."
+ echo "Please retrieve this key yourself or fix the recipient file."
exit 1
fi
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
index 29c618b..f460cbf 100644
--- a/share/man/keyringer.1
+++ b/share/man/keyringer.1
@@ -16,8 +16,8 @@ It also supports encryption to multiple recipients and groups of
recipients, to allow a workgroup to share access to a single repository
while restricting some secrets to subsets of the group.
.PP
-Secrets are encrypted using GPG and added to a Git tree so that they can
-be synced with remote branches later.
+Secrets are encrypted using OpenPGP and added to a Git tree so that they
+can be synced with remote branches later.
.SH ACTIONS
.PP
Keyringer has three types of actions:
@@ -219,7 +219,7 @@ password-store convention.
.RE
.TP
.B xclip <\f[I]secret\f[]>
-Alis to clip action.
+Alias to clip action.
.RS
.RE
.SH CONFIGURATION ACTIONS
@@ -286,7 +286,7 @@ file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[].
.PP
Each line in a recipients file has entries in the format
\[aq]john\@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq], where
-\f[I]john\@doe.com\f[] is an alias for the GPG public key whose
+\f[I]john\@doe.com\f[] is an alias for the OpenPGP public key whose
fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[]
.PP
All lines starting with the hash (#) character are interpreted as
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index 84895c2..adbaaa2 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -20,8 +20,8 @@ re-encrypt secrets. It also supports encryption to multiple recipients
and groups of recipients, to allow a workgroup to share access to a single
repository while restricting some secrets to subsets of the group.
-Secrets are encrypted using GPG and added to a Git tree so that they can be
-synced with remote branches later.
+Secrets are encrypted using OpenPGP and added to a Git tree so that they
+can be synced with remote branches later.
# ACTIONS
@@ -160,7 +160,7 @@ clip <*secret*>
: Copy the first line of a secret to the clipboard, following password-store convention.
xclip <*secret*>
-: Alis to clip action.
+: Alias to clip action.
# CONFIGURATION ACTIONS
@@ -209,7 +209,7 @@ recipients <*ls*|*edit*> <*recipients-file*>
Each line in a recipients file has entries in the format
'john@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where *john@doe.com*
- is an alias for the GPG public key whose fingerprint is
+ is an alias for the OpenPGP public key whose fingerprint is
*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*
All lines starting with the hash (#) character are interpreted as comments.