diff options
| -rw-r--r-- | ChangeLog | 16 | ||||
| -rw-r--r-- | Makefile | 13 | ||||
| l--------- | README.md (renamed from README) | 0 | ||||
| -rw-r--r-- | development.mdwn | 15 | ||||
| -rw-r--r-- | ikiwiki.setup | 216 | ||||
| -rw-r--r-- | index.mdwn | 6 | ||||
| -rwxr-xr-x | keyringer | 2 | ||||
| -rwxr-xr-x | lib/keyringer/actions/mv | 3 | ||||
| -rwxr-xr-x | lib/keyringer/actions/sclip | 23 | ||||
| -rwxr-xr-x | lib/keyringer/functions | 29 | ||||
| -rw-r--r-- | share/man/keyringer.1 | 54 |
11 files changed, 324 insertions, 53 deletions
@@ -1,3 +1,19 @@ +2016-11-09 - 0.4.0 - Silvio Rhatto <rhatto@riseup.net> + + Adopts Semantic Versioning + + Do not rely on git-flow + + Adds sclip action + + Ensure destination path exists at mv action + + Allow @ at file names + + Slightly more interactive keyringer_get_file + + Updates URLs and static site generation. + 2015-03-30 - 0.3.8 - Silvio Rhatto <rhatto@riseup.net> Eliminates hardcoded bash path, reported and fixed by @@ -34,7 +34,7 @@ install_bin: $(INSTALL) -D --mode=0755 keyringer $(DESTDIR)/$(PREFIX)/bin/keyringer install_doc: - $(INSTALL) -D --mode=0644 index.mdwn $(DESTDIR)/$(PREFIX)/share/doc/$(PACKAGE)/README + $(INSTALL) -D --mode=0644 index.mdwn $(DESTDIR)/$(PREFIX)/share/doc/$(PACKAGE)/README.md $(INSTALL) -D --mode=0644 LICENSE $(DESTDIR)/$(PREFIX)/share/doc/$(PACKAGE)/LICENSE install_man: @@ -64,8 +64,9 @@ release: # https://github.com/nvie/gitflow/pull/160 # https://github.com/nvie/gitflow/issues/50 #git flow release finish -s -m "Keyringer $(VERSION)" $(VERSION) - git flow release finish -s $(VERSION) + #git flow release finish -s $(VERSION) git checkout master + git merge develop @make tarball gpg --use-agent --armor --detach-sign --output $(ARCHIVE)/keyringer-$(VERSION).tar.bz2.asc $(ARCHIVE)/keyringer-$(VERSION).tar.bz2 scp $(ARCHIVE)/keyringer-$(VERSION).tar.bz2* keyringer:/var/sites/keyringer/releases/ @@ -81,3 +82,11 @@ debian: dch -e git commit -a -m "Updating debian/changelog" git-buildpackage --git-tag-only --git-sign-tags + +web: + @ikiwiki --setup ikiwiki.setup + +web_deploy: + @rsync -avz --delete www/ blog:/var/sites/keyringer/www/ + +publish: web web_deploy diff --git a/development.mdwn b/development.mdwn index db67119..49a224c 100644 --- a/development.mdwn +++ b/development.mdwn @@ -8,20 +8,16 @@ Index Coding standards ---------------- +* Uses Semantic Versioning. * Respect the existing coding style. * Be clear: easy audability must be one of keyringer's requirements. -Development workflow --------------------- - -We use [git-flow](https://github.com/nvie/gitflow) for the development workflow. - Release workflow ---------------- Go to develop branch and start a new release - git flow release start VERSION + git checkout develop Prepare the source code: @@ -33,6 +29,10 @@ Create and upload a new release: make release +Tag the release: + + git tag -s $(VERSION) -m "Keyringer $(VERSION)" + Update the debian branch: make debian @@ -74,7 +74,7 @@ Test environment Setup: - keyringer test init ~/code/tests/keyringer + keyringer test init ~/temp/tests/keyringer Teardown: @@ -99,3 +99,4 @@ References * [Generating pristine tarballs from git repositories](http://joeyh.name/blog/entry/generating_pristine_tarballs_from_git_repositories/). * [Debian Packaging](https://wiki.debian.org/Packaging). * [Debian Upstream Guide](https://wiki.debian.org/UpstreamGuide). +* [DanielKahnGillmor/preferred_packaging - Debian Wiki](https://wiki.debian.org/DanielKahnGillmor/preferred_packaging). diff --git a/ikiwiki.setup b/ikiwiki.setup new file mode 100644 index 0000000..f316524 --- /dev/null +++ b/ikiwiki.setup @@ -0,0 +1,216 @@ +#!/usr/bin/perl +# Configuration file for ikiwiki. +# Passing this to ikiwiki --setup will make ikiwiki generate wrappers and +# build the wiki. +# +# Remember to re-run ikiwiki --setup any time you edit this file. + +use IkiWiki::Setup::Standard { + wikiname => "Keyringer: encrypted and distributed secret sharing software", + adminuser => ["keyringer", ], + adminemail => 'rhatto@keyringer.pw', + + # Be sure to customise these.. + srcdir => ".", + destdir => "www", + + url => "https://keyringer.pw", + cgiurl => "https://keyringer.pw/ikiwiki.cgi", + #templatedir => "/usr/share/ikiwiki/templates", + #underlaydir => "/usr/share/ikiwiki/basewiki", + + # Subversion stuff. + #rcs => "svn", + #historyurl => "http://svn.example.org/trunk/[[file]]", + #diffurl => "http://svn.example.org/trunk/[[file]]?root=wiki&r1=[[r1]]&r2=[[r2]]", + #svnrepo => "/svn/wiki", + #svnpath => "trunk", + + # Git stuff. + rcs => "git", + historyurl => "https://git.fluxo.info/keyringer/log/[[file]]", + diffurl => 'https://git.fluxo.info/keyringer/commit/[[file]]?id=[[sha1_commit]]', + #gitorigin_branch => "origin", + #gitmaster_branch => "master", + # See https://ikiwiki.info/tips/laptop_wiki_with_git/ + gitorigin_branch => '', + + # Tla stuff. + #rcs => "tla" + #historyurl => ??, + #diffurl => ??, + + # Mercurial stuff. + #rcs => "mercurial", + #historyurl => "http://localhost:8000/log/tip/[[file]]", # hg serve'd local repository + #diffurl => "http://localhost:8000/?fd=[[r2]];file=[[file]]", + + # Bazaar stuff. + #rcs => "bzr", + #historyurl => "", + #diffurl => "http://example.com/revision?start_revid=[[r2]]#[[file]]-s", # using loggerhead + + # Monotone stuff + #rcs => "monotone", + #mtnkey => "web\@machine.company.com", + #historyurl => "http://viewmtn.example.com/branch/head/filechanges/com.example.branch/[[file]]", + #diffurl => "http://viewmtn.example.com/revision/diff/[[r1]]/with/[[r2]]/[[file]]", + # Set if you want the wiki to sync on update and commit. + #mtnsync => 0, + # The path to your workspace (defaults to the srcdir itself) + # e.g. use if your srcdir is a subdirectory of the workspace. + #mtnrootdir => "path/to/root/of/workspace", + + wrappers => [ + #{ + # # The cgi wrapper. + # cgi => 0, + # wrapper => "/var/sites/rhatto/ikiwiki/ikiwiki.cgi", + # wrappermode => "06550", + # wrappergroup => "www-data", + #}, + #{ + # # The svn post-commit wrapper. + # # Note that this will overwrite any existing + # # post-commit hook script, which may not be + # # what you want. + # wrapper => "/svn/wikirepo/hooks/post-commit", + # wrappermode => "04755", + # # Log to syslog since svn post-commit hooks + # # hide output and errors. + # syslog => 1, + #}, + #{ + # # The git post-update wrapper. + # # Note that this will overwrite any existing + # # post-update hook script, which may not be + # # what you want. + # wrapper => "/var/git/repositories/rhatto.git/hooks/post-update", + # wrappermode => "06550", + # wrappergroup => "git", + #}, + #{ + # # The monotone netsync hook. + # wrapper => "path/to/root/of/workspace/_MTN/ikiwiki-netsync-hook", + # wrappermode => "06755", + #}, + ], + + # Default to generating rss feeds for pages with feeds? + rss => 1, + # Default to generating atom feeds for pages with feeds? + #atom => 1, + # Allow generating feeds even if not generated by default? + #allowrss => 1, + #allowatom => 1, + # Urls to ping with XML-RPC when feeds are updated + #pingurl => [qw{http://rpc.technorati.com/rpc/ping}], + # Include discussion links on all pages? + discussion => 0, + # To exclude files matching a regexp from processing. This adds to + # the default exclude list. + #exclude => qr/\.wav$/, + exclude => qr/www/, + # To change the extension used for generated html files. + #htmlext => 'htm', + # Time format (for strftime) + #timeformat => '%c', + # Locale to use. Must be a UTF-8 locale. + #locale => 'en_US.UTF-8', + # Only send cookies over SSL connections. + #sslcookie => 1, + # Logging settings: + #verbose => 1, + syslog => 0, + # To link to user pages in a subdirectory of the wiki. + #userdir => "users", + # To create output files named page.html rather than page/index.html. + #usedirs => 0, + # Simple spam prevention: require an account-creation password. + #account_creation_password => "guesswhat", + # Cost of generating a password using Authen::Passphrase::BlowfishCrypt + #password_cost => 8, + # Uncomment to force ikiwiki to run with a particular umask. + umask => 002, + # Default settings for the recentchanges page. + #recentchangespage => "recentchanges", + #recentchangesnum => 100, + # Use new '!'-prefixed preprocessor directive syntax + #prefix_directives => 0, + # Attempt to make hardlinks to source files instead of copying them. + # Useful if the wiki contains large media files. + #hardlink => 1, + # Enable use of multimarkdown features in .mdwn files. + #multimarkdown => 1, + + # To add plugins, list them here. + #add_plugins => [qw{goodstuff search wikitext camelcase + # htmltidy fortune sidebar map rst anonok}], + add_plugins => [qw{goodstuff sidebar}], + # If you want to disable any of the default plugins, list them here. + #disable_plugins => [qw{inline htmlscrubber passwordauth openid}], + disable_plugins => [qw{openid editpage}], + # To add a directory to the perl search path, use this. + #libdir => "/home/me/.ikiwiki/", + + # To override environment variable settings, you can list values here. + #ENV => { + # TZ => "America/New_York", + # PATH => "/home/me/bin:/usr/local/bin:/usr/bin:/bin", + #}, + + # For use with the tag plugin, make all tags be located under a + # base page. + #tagbase => "tag", + + # For use with the search plugin if the omega cgi is located + # somewhere else. + #omega_cgi => "/usr/lib/cgi-bin/omega/omega", + + # For use with the openid plugin, to give an url to a page users + # can use to signup for an OpenID. + #openidsignup => "http://myopenid.com/", + + # For use with the mirrorlist plugin, a list of mirrors. + #mirrorlist => { + # mirror1 => "http://hostname1", + # mirror2 => "http://hostname2/mirror", + #}, + + # For use with the anonok plugin, a PageSpec specifying what + # pages anonymous users can edit + #anonok_pagespec => "*", + + # For use with the aggregate plugin, to allow aggregation to be + # triggered via the web. + #aggregate_webtrigger => 1, + + # For use with the pinger plugin, how many seconds to wait before + # timing out. + #pinger_timeout => 15. + + # For use with the amazon S3 plugin, your public access key id. + #amazon_s3_key_id => 'XXXXXXXXXXXXXXXXXXXX', + # And a file holding your secret key. This file *must* not be + # readable by others! + #amazon_s3_key_file => "/home/me/.hide/.s3_key + # The globally unique name of the bucket to use to store the wiki. + #amazon_s3_bucket => "mywiki", + # A prefix to prepend to each page name. + #amazon_s3_prefix => "wiki/", + # Uncomment to use the S3 European datacenter. + #amazon_s3_location => "EU", + # Uncomment if you need to store each index file twice. + #amazon_s3_dupindex => 1, + + # For use with the attachment plugin, a program that returns + # nonzero if its standard input contains an virus. + #virus_checker => "clamdscan -", + + # See https://ikiwiki.info/plugins/po/ + #po_master_language => 'en|English', + #po_slave_languages => [ 'pt|Portuguese' ], + + # See http://ikiwiki.info/plugins/rsync/ + #rsync_command => 'rsync -qa --delete . keyringer:/var/sites/keyringer/www/', +} @@ -7,7 +7,7 @@ commands to encrypt, decrypt, recrypt, create key pairs, etc. - Manpage: [keyringer.1](share/man/keyringer.1) - License: [GPLv3+](LICENSE) - Issue tracker: [https://keyringer.pw/trac](https://keyringer.pw/trac) -- Tor hidden service: [http://wewbqck6m3ffkn44.onion](http://wewbqck6m3ffkn44.onion) +- Tor hidden service: [http://4qt45wbulqipigwa.onion](http://4qt45wbulqipigwa.onion) - Releases: [https://keyringer.pw/releases](releases) - Contact: rhatto at riseup.net @@ -21,12 +21,12 @@ Installation Just clone - git clone git://git.sarava.org/keyringer.git + git clone https//git.fluxo.info/keyringer And then leave it somewhere, optionally adding it to your `$PATH` environment variable or package it to your preferred distro. -If you're using Debian `jessie` or `unstable`, just run +If you're using Debian `jessie` or newer, just run apt-get install keyringer @@ -140,7 +140,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.3.8" +KEYRINGER_VERSION="0.4.0" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/lib/keyringer/actions/mv b/lib/keyringer/actions/mv index 2324145..e31eb85 100755 --- a/lib/keyringer/actions/mv +++ b/lib/keyringer/actions/mv @@ -24,5 +24,8 @@ if ! echo "$ORIG" | grep -q '*' && [ ! -e "$KEYDIR/$RELATIVE_PATH/$ORIG" ]; then exit 1 fi +# Ensure destination path exists +mkdir -p "`dirname $KEYDIR/$RELATIVE_PATH/$DEST`" + # Run move command keyringer_exec git "$BASEDIR" mv "keys/$RELATIVE_PATH/$ORIG" "keys/$FILE" diff --git a/lib/keyringer/actions/sclip b/lib/keyringer/actions/sclip new file mode 100755 index 0000000..e4c88fa --- /dev/null +++ b/lib/keyringer/actions/sclip @@ -0,0 +1,23 @@ +#!/usr/bin/env bash +# +# Decrypt secret header to clipboard, sleep and cleanup. +# + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# Clip password +shift +keyringer $KEYRING xclip $* + +# Move to the next window +if which xdotool &> /dev/null; then + xdotool key alt+Tab +fi + +# Sleep +sleep 5 + +# Overwrite clipboard +cat $RANDOM | sha256sum | base64 -d | xclip diff --git a/lib/keyringer/functions b/lib/keyringer/functions index ab519b2..09b004d 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -430,16 +430,18 @@ function keyringer_get_option { function keyringer_get_file { FILE="$(keyringer_filename "$RELATIVE_PATH/$1")" - if [ -z "$FILE" ]; then - keyringer_action_usage - exit 1 - elif [ ! -f "$KEYDIR/$FILE" ]; then + if [ ! -f "$KEYDIR/$FILE" ]; then # Try to find a similar file + FILE="" count=0 candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`) if [ ! -z "$candidates" ]; then - echo "Could not find exact match for \"$1\", please choose one of the following secrets:" + if [ ! -z "$1" ]; then + echo "Could not find exact match for \"$1\"" + fi + + echo "Choose one of the following or type a pattern:" echo "" for candidate in ${candidates[@]}; do @@ -452,15 +454,20 @@ function keyringer_get_file { if [[ "$option" =~ ^[0-9]+$ ]] && [ ! -z "${candidates[$option]}" ]; then FILE="$(keyringer_filename "$RELATIVE_PATH/${candidates[$option]}")" - else - echo "Invalid option" - exit 1 + elif [ ! -z "$option" ]; then + keyringer_get_file $option fi else - echo "File not found: $KEYDIR/$FILE" - exit 1 + echo "Nothing matches $option, try again." + keyringer_get_file fi fi + + # Probably Ctrl-D was hit + if [ -z "$FILE" ]; then + echo "" + exit + fi } # Get a new file argument @@ -473,7 +480,7 @@ function keyringer_get_new_file { fi # Sanitize and complete file name - FILE="`echo $FILE | sed -e 's/[^A-Za-z0-9.\/\-]/_/g'`" + FILE="`echo $FILE | sed -e 's/[^A-Za-z0-9@.\/\-]/_/g'`" # Warn user about file name change if [ "`basename "$*"`" != "`basename $FILE`" ]; then diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 13de085..39669b6 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -1,7 +1,7 @@ -.TH KEYRINGER 1 "Oct 25, 2013" "Keyringer User Manual" +.TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" "" .SH NAME .PP -keyringer - encrypted and distributed secret sharing software +keyringer \- encrypted and distributed secret sharing software .SH SYNOPSIS .PP keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]... @@ -10,8 +10,8 @@ keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]... Keyringer lets you manage and share secrets using GnuPG and Git in a distributed fashion. .PP -It has custom commands to create key-pairs and to encrypt, decrypt and -re-encrypt secrets. +It has custom commands to create key\-pairs and to encrypt, decrypt and +re\-encrypt secrets. It also supports encryption to multiple recipients and groups of recipients, to allow a workgroup to share access to a single repository while restricting some secrets to subsets of the group. @@ -87,14 +87,14 @@ Remove an empty folder inside the repository \f[I]keys\f[] folder. .TP .B tree <\f[I]path\f[]> List contents from the toplevel repository \f[I]keys\f[] folder or from -relative paths if \f[I]path\f[] is specified using a tree-like format. +relative paths if \f[I]path\f[] is specified using a tree\-like format. Like the ls wrapper, this is a wrapper around the \f[I]TREE(1)\f[] command. .RS .RE .TP .B shell -Run keyringer on interactive mode from a built-in command-line prompt +Run keyringer on interactive mode from a built\-in command\-line prompt where all other actions can be called and are operated from the current selected keyring. .RS @@ -138,7 +138,7 @@ read from the standard input and encrypting again. .RS .RE .TP -.B append-batch <\f[I]secret\f[]> +.B append\-batch <\f[I]secret\f[]> Append contents into a secret, batch mode. .RS .RE @@ -177,11 +177,11 @@ Rename a secret. .B edit <\f[I]secret\f[]> Edit a secret by temporarily decrypting it, opening the decrypted copy into the text editor defined by the \f[I]$EDITOR\f[] environment -variable and then re-encrypting it. +variable and then re\-encrypting it. .RS .PP Please make sure to use an -\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[]. \f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[] * EDITOR\f[] +\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[].\f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[] * EDITOR\f[] is set to VIM and disables the \f[I]\&.viminfo\f[] file. .RE .TP @@ -194,30 +194,26 @@ encrypt all it\[aq]s contents. .RS .RE .TP -.B encrypt-batch <\f[I]secret\f[]> [\f[I]file\f[]] +.B encrypt\-batch <\f[I]secret\f[]> [\f[I]file\f[]] Encrypt content, batch mode. Behavior is identical to \f[I]encrypt\f[] action, but less verbose. Useful inside scripts. .RS .RE .TP -.B genkeys -<\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509-self\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]> -[\f[I]options\f[]] -Wrapper to generate encryption key-pairs, useful for automated key +.B genkeys <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509\-self\f[]|\f[I]ssl\f[]|\f[I]ssl\-self\f[]> [\f[I]options\f[]] +Wrapper to generate encryption key\-pairs, useful for automated key deployment. .RS .RE .TP -.B genpair -<\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509-self\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]> -[\f[I]options\f[]] +.B genpair <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509\-self\f[]|\f[I]ssl\f[]|\f[I]ssl\-self\f[]> [\f[I]options\f[]] Alias for \f[I]genkeys\f[] action. .RS .RE .TP .B open <\f[I]secret\f[]> -Decrypt a secret into a temporary folder and open it using xdg-open, +Decrypt a secret into a temporary folder and open it using xdg\-open, which tries to figure out the file type and then calls the associated application. .RS @@ -227,16 +223,16 @@ file again into the secret file and deletes the temporary file. .RE .TP .B recrypt <\f[I]secret\f[]> -Re-encrypts a secret by decrypting it and encrypting it again. +Re\-encrypts a secret by decrypting it and encrypting it again. Useful when users are added into the recipient configuration. If no \f[I]secret\f[] is given, all secrets in the repository are -re-encrypted. +re\-encrypted. .RS .RE .TP .B clip <\f[I]secret\f[]> Copy the first line of a secret to the clipboard, following -password-store convention. +password\-store convention. .RS .RE .TP @@ -287,7 +283,7 @@ Alias for usage action. .RS .RE .TP -.B recipients <\f[I]ls\f[]|\f[I]edit\f[]> <\f[I]recipients-file\f[]> +.B recipients <\f[I]ls\f[]|\f[I]edit\f[]> <\f[I]recipients\-file\f[]> List, create or edit recipients configuration. .RS .PP @@ -296,13 +292,13 @@ used by keyringer when encrypting secrets and associated with email aliases. .PP Keyringer uses a default recipients file, but specifying a custom -\f[I]recipients-file\f[] pathname will override this default. +\f[I]recipients\-file\f[] pathname will override this default. .PP For instance, if a user encrypts a secret to a file in the keyring -repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients-file\f[] +repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[] under \f[I]accounting\f[] will be used. -Encrypting a secret into \f[I]accounting/bank-accounts\f[] will result -in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[] +Encrypting a secret into \f[I]accounting/bank\-accounts\f[] will result +in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank\-accounts.asc\f[] encrypted using the public keys listed in the config file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[]. .PP @@ -328,7 +324,7 @@ Create or edit a recipients file. Editing happens using the editor specified by the \f[C]$EDITOR\f[] environment variable. .PP -The required parameter \f[I]recipients-file\f[] is interpreted relative +The required parameter \f[I]recipients\-file\f[] is interpreted relative to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder. .RE .RE @@ -350,11 +346,11 @@ Metadata is not encrypted, meaning that an attacker with access to a keyringer repository can discover all public key IDs used for encryption, and which secrets are encrypted to which keys. This can be improved in the future by encrypting the repository -configuration with support for the \f[I]\-\-hidden-recipient\f[] GnuPG +configuration with support for the \f[I]\-\-hidden\-recipient\f[] GnuPG option and encrypted repository options. .PP To mitigate that, it\[aq]s possible to keep the repo just atop of an -encrypted and non-public place. +encrypted and non\-public place. .IP "2." 3 History is not rewritten by default when secrets are removed from a keyringer repository. |